helm: enable policyfilter by default

Policyfilter is the underlying mechanism for namespaced policies and pod
label filters. Enable it by default on helm, so that it is on by default
on k8s environments.

Because this feature targets only k8s environments (at leat for now),
the default value on the agent, we do not change the default value of
the agent flag.

Signed-off-by: Kornilios Kourtis <[email protected]>

docs/content/en/docs/reference/helm-chart.md

@@ -65,7 +65,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u
 | tetragon.commandOverride | list | `[]` |  |
 | tetragon.enableK8sAPI | bool | `true` |  |
 | tetragon.enableMsgHandlingLatency | bool | `false` |  |
-| tetragon.enablePolicyFilter | bool | `false` |  |
+| tetragon.enablePolicyFilter | bool | `true` |  |
 | tetragon.enablePolicyFilterDebug | bool | `false` |  |
 | tetragon.enableProcessCred | bool | `false` |  |
 | tetragon.enableProcessNs | bool | `false` |  |

install/kubernetes/README.md

@@ -48,7 +48,7 @@ Helm chart for Tetragon
 | tetragon.commandOverride | list | `[]` |  |
 | tetragon.enableK8sAPI | bool | `true` |  |
 | tetragon.enableMsgHandlingLatency | bool | `false` |  |
-| tetragon.enablePolicyFilter | bool | `false` |  |
+| tetragon.enablePolicyFilter | bool | `true` |  |
 | tetragon.enablePolicyFilterDebug | bool | `false` |  |
 | tetragon.enableProcessCred | bool | `false` |  |
 | tetragon.enableProcessNs | bool | `false` |  |

install/kubernetes/values.yaml

@@ -144,9 +144,8 @@ tetragon:
     address: "localhost"
     # -- The port at which to expose gops.
     port: 8118
-  # Enable policy filter. This is required for K8s namespace filtering.
-  # NB: this is currently a beta feature
-  enablePolicyFilter: false
+  # Enable policy filter. This is required for K8s namespace filtering and pod label filters.
+  enablePolicyFilter: True
   # Enable policy filter debug messages.
   enablePolicyFilterDebug: false
   # Enable latency monitoring in message handling