From 3fe450683b654d6f52ae6e5b96ff3052e5b9746b Mon Sep 17 00:00:00 2001
From: Nick <jianchang@yunshan.net>
Date: Wed, 17 Apr 2024 15:16:56 +0800
Subject: [PATCH] add agent update

---
 charts/deepflow-agent/templates/RBAC.yaml     | 32 +++++++++++++++++++
 .../deepflow-agent/templates/daemonset.yaml   | 14 +++++---
 2 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/charts/deepflow-agent/templates/RBAC.yaml b/charts/deepflow-agent/templates/RBAC.yaml
index 9a104b6..3e08af0 100644
--- a/charts/deepflow-agent/templates/RBAC.yaml
+++ b/charts/deepflow-agent/templates/RBAC.yaml
@@ -43,5 +43,37 @@ subjects:
   apiGroup: ""
 roleRef:
   kind: ClusterRole
+  name: {{ include "deepflow-agent.fullname" . }}
+  apiGroup: ""
+---
+### DeepFlow Agent remote update is used only to update DeepFlow-Agent's daemonset and configmap
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "deepflow-agent.fullname" . }}-update
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  resourceNames: ['{{ include "deepflow-agent.fullname" . }}-config']
+  verbs: ["get", "list", "watch", "update", "patch"]
+- apiGroups: ["apps"]
+  resources:
+  - daemonsets
+  resourceNames: ['{{ include "deepflow-agent.fullname" . }}']
+  verbs: ["get", "list", "watch", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "deepflow-agent.fullname" . }}-update
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "deepflow-agent.fullname" . }}-update
+subjects:
+- kind: ServiceAccount
   name: {{ include "deepflow-agent.fullname" . }}
   apiGroup: ""
\ No newline at end of file
diff --git a/charts/deepflow-agent/templates/daemonset.yaml b/charts/deepflow-agent/templates/daemonset.yaml
index 7830ace..7ea9337 100644
--- a/charts/deepflow-agent/templates/daemonset.yaml
+++ b/charts/deepflow-agent/templates/daemonset.yaml
@@ -81,6 +81,10 @@ spec:
           env:
           - name: TZ
             value: {{ tpl .Values.timezone . }}
+          - name: K8S_NAMESPACE_FOR_DEEPFLOW
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
           - name: K8S_NODE_IP_FOR_DEEPFLOW
             valueFrom:
               fieldRef:
@@ -93,6 +97,11 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
+          - name: K8S_MEM_LIMIT_FOR_DEEPFLOW
+            valueFrom:
+              resourceFieldRef:
+                divisor: 1Mi
+                resource: limits.memory
           {{- if .Values.tke_sidecar }}
           - name: CTRL_NETWORK_INTERFACE
             value: "eth0"
@@ -105,11 +114,6 @@ spec:
               {{- else }}
                 fieldPath: status.podIP
               {{- end }}
-          - name: K8S_MEM_LIMIT_FOR_DEEPFLOW
-            valueFrom:
-              resourceFieldRef:
-                divisor: 1Mi
-                resource: limits.memory
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts: