fix(bug): Ensure windows agent stability using hubble/legacy helm values

[BeegiiK]

Description

This PR aims to fix the stability of the retina windows agent. There were 4 causes identified and each commit resolves one respectively.

1. Invalid rendering of the namespace helm value (1st commit)

matmerr@matmerr-cloud-dev: ~/go/src/github.com/Azure/telescope
[06:56:29 PM][matmerr-aks-pktmon-11][matmerr/enable-ama]$ k logs -f retina-agent-win-7f7kb
Starting Retina Agent
starting Retina daemon with legacy control plane v0.0.17
2024/12/02 18:56:22 metricsInterval is deprecated, please use metricsIntervalDuration instead
init client-go
KUBECONFIG set, using kubeconfig:  C:\hpc\kubeconfig
Error: starting daemon: creating controller-runtime manager: error loading config file "C:\hpc\kubeconfig": yaml: invalid map key: map[interface {}]interface {}{".Values.namespace":interface {}(nil)}

2. Default operator value is enabled and will cause RBAC issues for the windows agents (2nd commit)

ts=2024-12-10T16:58:48.634Z level=info caller=hnsstats/hnsstats_windows.go:212 msg="Start hnsstats plugin..."
W1210 16:58:49.990792    7108 reflector.go:547] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:232: failed to list *v1alpha1.MetricsConfiguration: metricsconfigurations.retina.sh is forbidden: User "system:serviceaccount:kube-system:retina-agent" cannot list resource "metricsconfigurations" in API group "retina.sh" at the cluster scope

3. Telemetry enabled also causes the agent to panic if application insights is not defined. User can change the config map as desired but default values should not cause the agent to crash (3rd commit)

4. kubeconfig file cannot be found for the legacy chart values. Executing the setkubeconfigpath.ps1 was required for the container setup (4th commit)

beegii@bignamboi:~/src/retina$ k logs retina-agent-win-4tl7m -n kube-system
Starting Retina Agent
starting Retina daemon with legacy control plane v0.0.17
2024/12/11 18:40:15 metricsInterval is deprecated, please use metricsIntervalDuration instead
init client-go
KUBECONFIG set, using kubeconfig:  C:\hpc\kubeconfig
Error: starting daemon: creating controller-runtime manager: CreateFile C:\hpc\kubeconfig: The system cannot find the file specified.

Related Issue

#1122

Checklist

• I have read the contributing documentation.
• I signed and signed-off the commits (git commit -S -s ...). See this documentation on signing commits.
• I have correctly attributed the author(s) of the code.
• I have tested the changes locally.
• I have followed the project's style guidelines.
• I have updated the documentation, if necessary.
• I have added tests, if applicable.

Screenshots (if applicable) or Testing Completed

Each commit corresponding image was built and tested on the cluster to confirm each fix works!

Additional Notes

First three problems were experienced when deploying retina using the hubble path and the last issue was experienced when deploying retina using the legacy path

---

Please refer to the CONTRIBUTING.md file for more information on how to contribute to this project.

[vakalapa]

Put back these changes ?

[BeegiiK]

For the linux OS, the default hubble values work but for windows, they failed with these default values. We can either create new helm values for the windows OS specifically or leave it as is. I don't mind

The enableTelemetry requires application insights and leaving the default as false prevents the agent crashing if its not defined. If the consumer wants it enabled then they can simply update it.
The enablePodLevel causes RBAC issues with the retina-agent service account. As it's currently not supported on Windows, I think a default of false makes sense.

In legacy, both values are currently set to false.

[mereta]

You can define a default like this: {{ .Values.enablePodLevel | default false }}

[BeegiiK]

The original values exist but it's currently set to true which is causing the Windows agent to crash but not for Linux. It's not a matter of having a default boolean 😊

[vakalapa]

there is an issue with 1.30 and oidc with this approach. we should remove these changes for these k8s versions. cc @rbtr

[rbtr]

The custom kubeconfig is only required with containerd <1.7 and only AKS 1.27 (LTS) is still using that, maybe we remove it completely?

[BeegiiK]

I'm not sure what specific ask here is. Should the custom kubeconfig only be enabled for K8s version <= 1.30?

[BeegiiK]

I added the following code in both agent daemonsets (hubble/legacy) and windows.yaml manifest and the agent still crashes:

command:
            - powershell.exe
            - -command
            {{- if semverCompare ">=1.30" .Capabilities.KubeVersion.GitVersion }}
            - $env:CONTAINER_SANDBOX_MOUNT_POINT/controller.exe --config ./retina/config.yaml
            {{- else }}
            - .\setkubeconfigpath.ps1; ./controller.exe --config ./retina/config.yaml --kubeconfig ./kubeconfig
            {{- end }}