replace privileged w/ autopilot

charts/nr-k8s-otel-collector/README.md

@@ -102,6 +102,7 @@ daemonset:
 | deployment.resources | object | `{}` | Sets resources for the deployment. |
 | deployment.tolerations | list | `[]` | Sets deployment pod tolerations. Overrides `tolerations` and `global.tolerations` |
 | dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` |
+| gkeAutopilot | bool | `false` | If deploying to a GKE autopilot cluster, set to true |
 | image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. |
 | image.repository | string | `"newrelic/nr-otel-collector"` | OTel collector image to be deployed. You can use your own collector as long it accomplish the following requirements mentioned below. |
 | image.tag | string | `"0.7.1"` | Overrides the image tag whose default is the chart appVersion. |
@@ -115,7 +116,6 @@ daemonset:
 | podLabels | object | `{}` | Additional labels for chart pods |
 | podSecurityContext | object | `{}` | Sets all security contexts (at pod level). Can be configured also with `global.securityContext.pod` |
 | priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` |
-| privileged | bool | `true` | Run the integration with full access to the host filesystem and network. Running in this mode allows reporting fine-grained cpu, memory, process and network metrics for your nodes. |
 | rbac.create | bool | `true` | Specifies whether RBAC resources should be created |
 | receivers.filelog.enabled | bool | `true` | Specifies whether the `filelog` receiver is enabled |
 | receivers.hostmetrics.enabled | bool | `true` | Specifies whether the `hostmetrics` receiver is enabled |
@@ -163,6 +163,5 @@ Error scraping metrics	{"kind": "receiver", "name": "hostmetrics", "data_type":
 
 ## Maintainers
 
-* [juanjjaramillo](https://github.com/juanjjaramillo)
 * [csongnr](https://github.com/csongnr)
 * [dbudziwojskiNR](https://github.com/dbudziwojskiNR)

charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml

@@ -13,7 +13,7 @@ data:
     receivers:
       hostmetrics:
         # TODO (chris): this is a linux specific configuration
-        {{- if include "newrelic.common.privileged" . }}
+        {{- if not .Values.gkeAutopilot }}
         root_path: /hostfs
         {{- end }}
         collection_interval: {{ .Values.receivers.hostmetrics.scrapeInterval }}
@@ -66,7 +66,7 @@ data:
 
       kubeletstats:
         collection_interval: {{ .Values.receivers.kubeletstats.scrapeInterval }}
-        {{- if include "newrelic.common.privileged" . }}
+        {{- if not .Values.gkeAutopilot }}
         endpoint: "${KUBE_NODE_NAME}:10250"
         auth_type: "serviceAccount"
         insecure_skip_verify: true
@@ -564,13 +564,13 @@ data:
         {{- if or .Values.receivers.hostmetrics.enabled (or .Values.receivers.kubeletstats.enabled .Values.receivers.prometheus.enabled) }}
         metrics:
           receivers:
-            {{- if and .Values.receivers.hostmetrics.enabled (include "newrelic.common.privileged" .) }}
+            {{- if .Values.receivers.hostmetrics.enabled }}
             - hostmetrics
             {{- end }}
             {{- if .Values.receivers.kubeletstats.enabled }}
             - kubeletstats
             {{- end }}
-            {{- if and .Values.receivers.prometheus.enabled (include "newrelic.common.privileged" .) }}
+            {{- if .Values.receivers.prometheus.enabled }}
             - prometheus
             {{- end }}
           processors:

charts/nr-k8s-otel-collector/templates/daemonset.yaml

@@ -35,10 +35,6 @@ spec:
       {{- end }}
       containers:
         - name: otel-collector-daemonset
-          {{- with include "nrKubernetesOtel.daemonset.securityContext.container" . }}
-          securityContext:
-            {{- . | nindent 12 }}
-          {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args: ["--config", "/config/daemonset-config.yaml"]
@@ -73,26 +69,26 @@ spec:
                   key: {{ include "newrelic.common.license.secretKeyName" . }}
           volumeMounts:
             # TODO (chris): this is a linux specific configuration
-            {{- if include "newrelic.common.privileged" . }}
+            {{- if not .Values.gkeAutopilot }}
             - name: host-fs
               mountPath: /hostfs
               readOnly: true
+            {{- end }}
             - name: varlogpods
               mountPath: /var/log/pods
               readOnly: true
-            {{- end }}
             - name: daemonset-config
               mountPath: /config
       volumes:
         # TODO (chris): this is a linux specific configuration
-        {{- if include "newrelic.common.privileged" . }}
+        {{- if not .Values.gkeAutopilot }}
         - name: host-fs
           hostPath:
             path: /
+        {{- end }}
         - name: varlogpods
           hostPath:
             path: /var/log/pods
-        {{- end }}
         - name: daemonset-config
           configMap:
             name: {{ include "nrKubernetesOtel.daemonset.configMap.fullname" . }}

charts/nr-k8s-otel-collector/values.yaml

@@ -39,10 +39,9 @@ priorityClassName: ""
 # -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig`
 dnsConfig: {}
 
-# -- Run the integration with full access to the host filesystem and network.
-# Running in this mode allows reporting fine-grained cpu, memory, process and network metrics for your nodes.
-# @default -- `true`
-privileged: true
+# -- If deploying to a GKE autopilot cluster, set to true
+# @default -- `false`
+gkeAutopilot: false
 
 daemonset:
   # -- Sets daemonset pod node selector. Overrides `nodeSelector` and `global.nodeSelector`