-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsysdig-agent-daemonset-v2.yaml
134 lines (134 loc) · 3.85 KB
/
sysdig-agent-daemonset-v2.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
### WARNING: this file is supported from Sysdig Agent 0.80.0
# apiVersion: extensions/v1beta1 # If you are in Kubernetes version 1.8 or less please use this line instead of the following one
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: sysdig-agent
labels:
app: sysdig-agent
spec:
selector:
matchLabels:
app: sysdig-agent
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: sysdig-agent
spec:
volumes:
- name: modprobe-d
hostPath:
path: /etc/modprobe.d
- name: osrel
hostPath:
path: /etc/os-release
type: FileOrCreate
- name: dshm
emptyDir:
medium: Memory
- name: dev-vol
hostPath:
path: /dev
- name: proc-vol
hostPath:
path: /proc
- name: boot-vol
hostPath:
path: /boot
- name: modules-vol
hostPath:
path: /lib/modules
- name: usr-vol
hostPath:
path: /usr
- name: run-vol
hostPath:
path: /run
- name: varrun-vol
hostPath:
path: /var/run
# Uncomment these lines if you'd like to map /root/ from the
# host into the container. This can be useful to map
# /root/.sysdig to pick up custom kernel modules.
#- name: host-root-vol
# hostPath:
# path: /root
- name: sysdig-agent-config
configMap:
name: sysdig-agent
optional: true
- name: sysdig-agent-secrets
secret:
secretName: sysdig-agent
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
# The following line is necessary for RBAC
serviceAccount: sysdig-agent
terminationGracePeriodSeconds: 5
containers:
- name: sysdig-agent
image: sysdig/agent
imagePullPolicy: Always
securityContext:
privileged: true
resources:
# Resources needed are subjective to the actual workload.
# Please refer to Sysdig Support for more info.
requests:
cpu: 600m
memory: 512Mi
limits:
cpu: 2000m
memory: 1536Mi
readinessProbe:
exec:
command: [ "test", "-e", "/opt/draios/logs/running" ]
initialDelaySeconds: 10
# This section is for eBPF support. Please refer to Sysdig Support before
# uncommenting, as eBPF is recommended for only a few configurations.
#env:
# - name: SYSDIG_BPF_PROBE
# value: ""
volumeMounts:
- mountPath: /etc/modprobe.d
name: modprobe-d
readOnly: true
- mountPath: /host/dev
name: dev-vol
readOnly: false
- mountPath: /host/proc
name: proc-vol
readOnly: true
- mountPath: /host/boot
name: boot-vol
readOnly: true
- mountPath: /host/lib/modules
name: modules-vol
readOnly: true
- mountPath: /host/usr
name: usr-vol
readOnly: true
- mountPath: /host/run
name: run-vol
- mountPath: /host/var/run
name: varrun-vol
- mountPath: /dev/shm
name: dshm
- mountPath: /opt/draios/etc/kubernetes/config
name: sysdig-agent-config
- mountPath: /opt/draios/etc/kubernetes/secrets
name: sysdig-agent-secrets
- mountPath: /host/etc/os-release
name: osrel
readOnly: true
# Uncomment these lines if you'd like to map /root/ from the
# host into the container. This can be useful to map
# /root/.sysdig to pick up custom kernel modules.
#- mountPath: /root
# name: host-root-vol