From a91bbf47a6ab7c0df3e86e82ca3c2425418ef921 Mon Sep 17 00:00:00 2001
From: Krisztian Litkey <krisztian.litkey@intel.com>
Date: Mon, 2 Dec 2024 13:44:26 +0200
Subject: [PATCH] helm: provide access to pod-resources kuelet socket.

Bind-mount kubelet pod-resources directory read-only to plugin
daemonset, to provide access to kubelet pod-resources socket.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
---
 deployment/helm/balloons/templates/daemonset.yaml       | 7 +++++++
 deployment/helm/template/templates/daemonset.yaml       | 7 +++++++
 deployment/helm/topology-aware/templates/daemonset.yaml | 7 +++++++
 3 files changed, 21 insertions(+)

diff --git a/deployment/helm/balloons/templates/daemonset.yaml b/deployment/helm/balloons/templates/daemonset.yaml
index 7a60a59bc..50f3a0d2d 100644
--- a/deployment/helm/balloons/templates/daemonset.yaml
+++ b/deployment/helm/balloons/templates/daemonset.yaml
@@ -117,6 +117,9 @@ spec:
             mountPath: /var/run/nri-resource-policy
           - name: nrisockets
             mountPath: /var/run/nri
+          - name: pod-resources-socket
+            mountPath: /var/lib/kubelet/pod-resources
+            readOnly: true
       {{- if .Values.podPriorityClassNodeCritical }}
       priorityClassName: system-node-critical
       {{- end }}
@@ -136,6 +139,10 @@ spec:
         hostPath:
           path: /var/run/nri
           type: DirectoryOrCreate
+      - name: pod-resources-socket
+        hostPath:
+          path: /var/lib/kubelet/pod-resources
+          type: DirectoryOrCreate
       {{- if .Values.nri.runtime.patchConfig }}
       - name: containerd-config
         hostPath:
diff --git a/deployment/helm/template/templates/daemonset.yaml b/deployment/helm/template/templates/daemonset.yaml
index 626ba2837..67b9d5687 100644
--- a/deployment/helm/template/templates/daemonset.yaml
+++ b/deployment/helm/template/templates/daemonset.yaml
@@ -110,6 +110,9 @@ spec:
             mountPath: /var/run/nri-resource-policy
           - name: nrisockets
             mountPath: /var/run/nri
+          - name: pod-resources-socket
+            mountPath: /var/lib/kubelet/pod-resources
+            readOnly: true
       {{- if .Values.podPriorityClassNodeCritical }}
       priorityClassName: system-node-critical
       {{- end }}
@@ -129,6 +132,10 @@ spec:
         hostPath:
           path: /var/run/nri
           type: DirectoryOrCreate
+      - name: pod-resources-socket
+        hostPath:
+          path: /var/lib/kubelet/pod-resources
+          type: DirectoryOrCreate
       {{- if .Values.nri.runtime.patchConfig }}
       - name: containerd-config
         hostPath:
diff --git a/deployment/helm/topology-aware/templates/daemonset.yaml b/deployment/helm/topology-aware/templates/daemonset.yaml
index d9cffa393..5e956518b 100644
--- a/deployment/helm/topology-aware/templates/daemonset.yaml
+++ b/deployment/helm/topology-aware/templates/daemonset.yaml
@@ -117,6 +117,9 @@ spec:
             mountPath: /var/run/nri-resource-policy
           - name: nrisockets
             mountPath: /var/run/nri
+          - name: pod-resources-socket
+            mountPath: /var/lib/kubelet/pod-resources
+            readOnly: true
       {{- if .Values.podPriorityClassNodeCritical }}
       priorityClassName: system-node-critical
       {{- end }}
@@ -136,6 +139,10 @@ spec:
         hostPath:
           path: /var/run/nri
           type: DirectoryOrCreate
+      - name: pod-resources-socket
+        hostPath:
+          path: /var/lib/kubelet/pod-resources
+          type: DirectoryOrCreate
       {{- if .Values.nri.runtime.patchConfig }}
       - name: containerd-config
         hostPath: