andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/sysdig/templates/daemonset.yaml

228 lines
7.3 KiB
YAML
Raw Normal View History

Generated changes
2020-09-25 18:35:57 +00:00
{{- if .Values.sysdig.accessKey }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "sysdig.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "sysdig.name" . }}
{{ include "sysdig.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "sysdig.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
name: {{ template "sysdig.fullname" .}}
labels:
app.kubernetes.io/name: {{ include "sysdig.name" . }}
{{ include "sysdig.labels" . | indent 8 }}
{{- if .Values.daemonset.annotations }}
annotations:
{{ toYaml .Values.daemonset.annotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "sysdig.serviceAccountName" .}}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
terminationGracePeriodSeconds: 5
{{- if .Values.daemonset.affinity }}
affinity:
{{ toYaml .Values.daemonset.affinity | indent 8 }}
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- if .Values.slim.enabled }}
initContainers:
- name: sysdig-agent-kmodule
image: {{ template "sysdig.image.kmodule" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
- ALL
privileged: true
runAsNonRoot: false
runAsUser: 0
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
resources:
{{ toYaml .Values.slim.resources | indent 12 }}
volumeMounts:
- mountPath: /etc/modprobe.d
name: modprobe-d
readOnly: true
- mountPath: /host/boot
name: boot-vol
readOnly: true
- mountPath: /host/lib/modules
name: modules-vol
readOnly: true
- mountPath: /host/usr
name: usr-vol
readOnly: true
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ template "sysdig.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.resources | indent 12 }}
securityContext:
capabilities:
drop:
- ALL
privileged: true
runAsNonRoot: false
runAsUser: 0
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
env:
{{- if .Values.ebpf.enabled }}
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
{{- if .Values.proxy.httpProxy }}
- name: http_proxy
value: {{ .Values.proxy.httpProxy }}
{{- end }}
{{- if .Values.proxy.httpsProxy }}
- name: https_proxy
value: {{ .Values.proxy.httpsProxy }}
{{- end }}
{{- if .Values.proxy.noProxy }}
- name: no_proxy
value: {{ .Values.proxy.noProxy }}
{{- end }}
{{- if .Values.timezone }}
- name: TZ
value: {{ .Values.timezone }}
{{- end }}
{{- range $key, $value := .Values.daemonset.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
readinessProbe:
exec:
command: [ "test", "-e", "/opt/draios/logs/running" ]
initialDelaySeconds: 10
livenessProbe:
exec:
command: [ "test", "-e", "/opt/draios/logs/running" ]
initialDelaySeconds: 10
volumeMounts:
{{- if not .Values.slim.enabled }}
- mountPath: /etc/modprobe.d
name: modprobe-d
readOnly: true
{{- end }}
- mountPath: /host/dev
name: dev-vol
readOnly: false
- mountPath: /host/proc
name: proc-vol
readOnly: true
{{- if not .Values.slim.enabled }}
- mountPath: /host/boot
name: boot-vol
readOnly: true
- mountPath: /host/lib/modules
name: modules-vol
readOnly: true
- mountPath: /host/usr
name: usr-vol
readOnly: true
{{- end }}
- mountPath: /host/run
name: run-vol
- mountPath: /host/var/run
name: varrun-vol
- mountPath: /dev/shm
name: dshm
- mountPath: /opt/draios/etc/kubernetes/config
name: sysdig-agent-config
- mountPath: /opt/draios/etc/kubernetes/secrets
name: sysdig-agent-secrets
{{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }}
- mountPath: /host/etc
name: etc-fs
readOnly: true
{{- end }}
{{- if .Values.customAppChecks }}
- mountPath: /opt/draios/lib/python/checks.custom.d
name: custom-app-checks-volume
{{- end }}
- mountPath: /host/etc/os-release
name: osrel
readOnly: true
{{- if .Values.extraVolumes.mounts }}
{{ toYaml .Values.extraVolumes.mounts | indent 12 }}
{{- end }}
volumes:
- name: modprobe-d
hostPath:
path: /etc/modprobe.d
- name: osrel
hostPath:
path: /etc/os-release
type: FileOrCreate
- name: dshm
emptyDir:
medium: Memory
- name: dev-vol
hostPath:
path: /dev
- name: proc-vol
hostPath:
path: /proc
- name: boot-vol
hostPath:
path: /boot
- name: modules-vol
hostPath:
path: /lib/modules
- name: usr-vol
hostPath:
path: /usr
- name: run-vol
hostPath:
path: /run
- name: varrun-vol
hostPath:
path: /var/run
{{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }}
- name: etc-fs
hostPath:
path: /etc
{{- end }}
- name: sysdig-agent-config
configMap:
name: {{ template "sysdig.fullname" . }}
optional: true
- name: sysdig-agent-secrets
secret:
secretName: {{ template "sysdig.fullname" . }}
{{- if .Values.customAppChecks }}
- name: custom-app-checks-volume
configMap:
name: {{ template "sysdig.fullname" . }}-custom-app-checks
{{- end }}
{{- if .Values.extraVolumes.volumes }}
{{ toYaml .Values.extraVolumes.volumes | indent 8 }}
{{- end }}
updateStrategy:
{{ toYaml .Values.daemonset.updateStrategy | indent 4 }}
{{- end }}