{{- if or .Values.agent.key .Values.agent.keysSecret }} {{- if and .Values.cluster.name .Values.zones }} {{ $opentelemetryIsEnabled := (or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) )}} {{- range $.Values.zones }} {{- $fullname := printf "%s-%s" (include "instana-agent.fullname" $) .name -}} {{- $tolerations := .tolerations -}} {{- $affinity := .affinity -}} {{- $mode := .mode -}} --- apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ $fullname }} namespace: {{ $.Release.Namespace }} labels: {{- include "instana-agent.commonLabels" $ | nindent 4 }} spec: selector: matchLabels: {{- include "instana-agent.selectorLabels" $ | nindent 6 }} updateStrategy: type: {{ $.Values.agent.updateStrategy.type }} {{- if eq $.Values.agent.updateStrategy.type "RollingUpdate" }} rollingUpdate: maxUnavailable: {{ $.Values.agent.updateStrategy.rollingUpdate.maxUnavailable }} {{- end }} template: metadata: labels: {{- if $.Values.agent.pod.labels }} {{- toYaml $.Values.agent.pod.labels | nindent 8 }} {{- end }} {{- include "instana-agent.commonLabels" $ | nindent 8 }} instana/agent-mode: {{ $.Values.agent.mode | default "APM" | quote }} annotations: {{- if $.Values.agent.pod.annotations }} {{- toYaml $.Values.agent.pod.annotations | nindent 8 }} {{- end }} # To ensure that changes to agent.configuration_yaml or agent.additional_backends trigger a Pod recreation, we keep a SHA here # Unfortunately, we cannot use the lookup function to check on the values in the configmap, otherwise we break Helm < 3.2 instana-configuration-hash: {{ $.Values.agent.configuration_yaml | cat ";" | cat ( join "," $.Values.agent.additionalBackends ) | sha1sum }} spec: serviceAccountName: {{ template "instana-agent.serviceAccountName" $ }} {{- if $.Values.agent.pod.nodeSelector }} nodeSelector: {{- range $key, $value := $.Values.agent.pod.nodeSelector }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} hostNetwork: true hostPID: true {{- if $.Values.agent.pod.priorityClassName }} priorityClassName: {{ $.Values.agent.pod.priorityClassName | quote }} {{- end }} dnsPolicy: ClusterFirstWithHostNet {{- if typeIs "[]interface {}" $.Values.agent.image.pullSecrets }} imagePullSecrets: {{- toYaml $.Values.agent.image.pullSecrets | nindent 8 }} {{- else if $.Values.agent.image.name | hasPrefix "containers.instana.io" }} imagePullSecrets: - name: containers-instana-io {{- end }} containers: - name: instana-agent image: {{ include "image" $.Values.agent.image | quote}} imagePullPolicy: {{ $.Values.agent.image.pullPolicy }} env: - name: INSTANA_ZONE value: {{ .name | quote }} {{- if $mode }} - name: INSTANA_AGENT_MODE value: {{ $mode | quote }} {{- end }} {{- include "instana-agent.commonEnv" $ | nindent 12 }} securityContext: privileged: true volumeMounts: - name: dev mountPath: /dev mountPropagation: HostToContainer - name: run mountPath: /run mountPropagation: HostToContainer - name: var-run mountPath: /var/run mountPropagation: HostToContainer {{- if not (or $.Values.openshift ($.Capabilities.APIVersions.Has "apps.openshift.io/v1")) }} - name: var-run-kubo mountPath: /var/vcap/sys/run/docker mountPropagation: HostToContainer - name: var-run-containerd mountPath: /var/vcap/sys/run/containerd mountPropagation: HostToContainer - name: var-containerd-config mountPath: /var/vcap/jobs/containerd/config mountPropagation: HostToContainer {{- end }} - name: sys mountPath: /sys mountPropagation: HostToContainer - name: var-log mountPath: /var/log mountPropagation: HostToContainer - name: var-lib mountPath: /var/lib mountPropagation: HostToContainer - name: var-data mountPath: /var/data mountPropagation: HostToContainer - name: machine-id mountPath: /etc/machine-id - name: configuration {{- if $.Values.agent.configuration.hotreloadEnabled }} mountPath: /root/ {{- else }} subPath: configuration.yaml mountPath: /root/configuration.yaml {{- end }} {{- if $.Values.agent.tls }} {{- if or $.Values.agent.tls.secretName (and $.Values.agent.tls.certificate $.Values.agent.tls.key) }} {{- include "instana-agent.tls-volumeMounts" $ | nindent 12 }} {{- end }} {{- end }} {{- include "instana-agent.commonVolumeMounts" $ | nindent 12 }} {{- if $.Values.agent.configuration.autoMountConfigEntries }} {{- include "volumeMountsForConfigFileInConfigMap" $ | nindent 12 }} {{- end }} {{- if or $.Values.kubernetes.deployment.enabled $.Values.k8s_sensor.deployment.enabled }} - name: configuration subPath: configuration-disable-kubernetes-sensor.yaml mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml {{- end }} {{- if $opentelemetryIsEnabled }} - name: configuration subPath: configuration-opentelemetry.yaml mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml {{- end }} {{- if $.Values.prometheus.remoteWrite.enabled }} - name: configuration subPath: configuration-prometheus-remote-write.yaml mountPath: /opt/instana/agent/etc/instana/configuration-prometheus-remote-write.yaml {{- end }} livenessProbe: {{- include "instana-agent.livenessProbe" $ | nindent 12 }} resources: requests: {{- include "instana-agent.resources" $.Values.agent.pod.requests | nindent 14 }} limits: {{- include "instana-agent.resources" $.Values.agent.pod.limits | nindent 14 }} ports: - containerPort: 42699 {{- if and (not $.Values.kubernetes.deployment.enabled) (not $.Values.k8s_sensor.deployment.enabled) }} {{- include "leader-elector.container" $ | nindent 8 }} {{- end }} {{ if $tolerations -}} tolerations: {{- toYaml $tolerations | nindent 8 }} {{- end }} {{ if $affinity -}} affinity: {{- toYaml $affinity | nindent 8 }} {{- end }} volumes: - name: dev hostPath: path: /dev - name: run hostPath: path: /run - name: var-run hostPath: path: /var/run {{- if not (or $.Values.openshift ($.Capabilities.APIVersions.Has "apps.openshift.io/v1")) }} # Systems based on the kubo BOSH release (that is, VMware TKGI and older PKS) do not keep the Docker # socket in /var/run/docker.sock , but rather in /var/vcap/sys/run/docker/docker.sock . # The Agent images will check if there is a Docker socket here and, if so, adjust the symlinking before # starting the Agent. See https://github.com/cloudfoundry-incubator/kubo-release/issues/329 - name: var-run-kubo hostPath: path: /var/vcap/sys/run/docker - name: var-run-containerd hostPath: path: /var/vcap/sys/run/containerd - name: var-containerd-config hostPath: path: /var/vcap/jobs/containerd/config {{- end }} - name: sys hostPath: path: /sys - name: var-log hostPath: path: /var/log - name: var-lib hostPath: path: /var/lib - name: var-data hostPath: path: /var/data - name: machine-id hostPath: path: /etc/machine-id {{- if $.Values.agent.tls }} {{- if or $.Values.agent.tls.secretName (and $.Values.agent.tls.certificate $.Values.agent.tls.key) }} {{- include "instana-agent.tls-volume" . | nindent 8 }} {{- end }} {{- end }} {{- include "instana-agent.commonVolumes" $ | nindent 8 }} {{ printf "\n" }} {{ end }} {{- end }} {{- end }}