fix(agent): Properly set ephemeral-storage on kmod container when sli…

…m+autopilot are enabled (#1592)

charts/agent/Chart.yaml

@@ -30,4 +30,4 @@ sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
 type: application
-version: 1.20.0
+version: 1.20.1

charts/agent/templates/_helpers.tpl

@@ -93,11 +93,15 @@ Sysdig Agent resources
     {{- toYaml .Values.resources -}}
 {{- else if not (hasKey $resourceProfiles .Values.resourceProfile) }}
     {{- fail (printf "Invalid value for resourceProfile provided: %s" .Values.resourceProfile) }}
-{{- else if include "agent.gke.autopilot" . }}
+{{- else if and (include "agent.gke.autopilot" .) (not .Values.slim.enabled) }}
     {{- toYaml (dict "requests" (dict "cpu" "250m"
                                       "ephemeral-storage" .Values.gke.ephemeralStorage
                                       "memory" "512Mi")
                      "limits"   (get $resourceProfiles .Values.resourceProfile)) }}
+{{- else if (include "agent.gke.autopilot" .) }}
+    {{- toYaml (dict "requests" (dict "cpu" "250m"
+                                      "memory" "512Mi")
+                     "limits"   (get $resourceProfiles .Values.resourceProfile)) }}
 {{- else }}
     {{- toYaml (dict "requests" (get $resourceProfiles .Values.resourceProfile)
                      "limits"   (get $resourceProfiles .Values.resourceProfile)) }}

charts/agent/templates/daemonset.yaml

@@ -90,7 +90,12 @@ spec:
             readOnlyRootFilesystem: false
             allowPrivilegeEscalation: true
           resources:
-            {{ toYaml .Values.slim.resources | nindent 12 }}
+            {{- if (include "agent.gke.autopilot" .) }}
+              {{- $resources := merge .Values.slim.resources (dict "requests" (dict "ephemeral-storage" .Values.gke.ephemeralStorage))}}
+              {{- toYaml $resources | nindent 12 }}
+            {{- else }}
+              {{ toYaml .Values.slim.resources | nindent 12 }}
+            {{- end }}
           env:
           {{- if or (include "agent.ebpfEnabled" .) (include "agent.gke.autopilot" .) }}
             - name: SYSDIG_BPF_PROBE

charts/agent/tests/gke_test.yaml

@@ -9,6 +9,8 @@ tests:
       gke:
         autopilot: true
         createPriorityClass: true
+      slim:
+        enabled: false
     asserts:
       - containsDocument:
           kind: DaemonSet
@@ -29,6 +31,8 @@ tests:
         autopilot: true
         createPriorityClass: true
         ephemeralStorage: 256Mi
+      slim:
+        enabled: false
     asserts:
       - equal:
           path: spec.template.spec.containers[0].resources.requests.ephemeral-storage
@@ -101,3 +105,39 @@ tests:
             drift_killer:
               enabled: false
     template: templates/configmap.yaml
+
+  - it: Ensure ephemeral storage is set correctly on kmod container when slim mode is enabled
+    set:
+      gke:
+        autopilot: true
+        createPriorityClass: true
+      slim:
+        enabled: true
+    asserts:
+        - equal:
+            path: spec.template.spec.initContainers[0].resources.requests.ephemeral-storage
+            value: 500Mi
+    template: templates/daemonset.yaml
+
+  - it: Custom value for ephemeral-storage with slim mode enabled
+    set:
+      gke:
+        autopilot: true
+        createPriorityClass: true
+        ephemeralStorage: 603Mi
+      slim:
+        enabled: true
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[0].resources.requests.ephemeral-storage
+          value: 603Mi
+    template: templates/daemonset.yaml
+
+  - it: Ensure we are not setting the ephemeral storage on kmod container when slim mode is enabled and not autopilot
+    set:
+      slim:
+        enabled: true
+    asserts:
+      - notExists:
+          path: spec.template.spec.initContainers[0].resources.requests.ephemeral-storage
+    template: templates/daemonset.yaml