apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-cluster-agent labels: {{ include "stackstate-k8s-agent.labels" . | indent 4 }} app.kubernetes.io/component: cluster-agent spec: replicas: {{ .Values.clusterAgent.replicaCount }} selector: matchLabels: app.kubernetes.io/component: cluster-agent app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} {{- with .Values.clusterAgent.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} template: metadata: annotations: {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }} {{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }} labels: app.kubernetes.io/component: cluster-agent app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }} spec: {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }} {{- if .Values.clusterAgent.priorityClassName }} priorityClassName: {{ .Values.clusterAgent.priorityClassName }} {{- end }} serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }} {{- if .Values.all.hardening.enabled}} terminationGracePeriodSeconds: 240 {{- end }} containers: - name: cluster-agent image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}" {{- if .Values.all.hardening.enabled}} lifecycle: preStop: exec: command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ] {{- end }} env: - name: STS_API_KEY valueFrom: secretKeyRef: name: {{ include "stackstate-k8s-agent.fullname" . }} key: sts-api-key - name: STS_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: name: {{ include "stackstate-k8s-agent.fullname" . }} key: sts-cluster-auth-token - name: KUBERNETES_HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: STS_HOSTNAME value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}" - name: LOG_LEVEL value: {{ .Values.clusterAgent.logLevel | quote }} {{- if .Values.checksAgent.enabled }} - name: STS_CLUSTER_CHECKS_ENABLED value: "true" - name: STS_EXTRA_CONFIG_PROVIDERS value: "kube_endpoints kube_services" - name: STS_EXTRA_LISTENERS value: "kube_endpoints kube_services" {{- end }} - name: STS_CLUSTER_NAME value: {{.Values.stackstate.cluster.name | quote }} - name: STS_SKIP_VALIDATE_CLUSTERNAME value: "true" - name: STS_COLLECT_KUBERNETES_METRICS value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }} - name: STS_COLLECT_KUBERNETES_TIMEOUT value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }} - name: STS_COLLECT_KUBERNETES_TOPOLOGY value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }} - name: STS_LEADER_ELECTION value: "true" - name: STS_LOG_LEVEL value: {{ .Values.clusterAgent.logLevel | quote }} - name: STS_CLUSTER_AGENT_CMD_PORT value: {{ .Values.clusterAgent.service.targetPort | quote }} - name: STS_STS_URL value: {{ include "stackstate-k8s-agent.stackstate.url" . }} {{- if .Values.clusterAgent.config.configMap.maxDataSize }} - name: STS_CONFIGMAP_MAX_DATASIZE value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }} {{- end}} {{- range $key, $value := .Values.global.extraEnv.open }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} {{- range $key, $value := .Values.global.extraEnv.secret }} - name: {{ $key }} valueFrom: secretKeyRef: name: {{ include "stackstate-k8s-agent.fullname" . }} key: {{ $key }} {{- end }} {{- if .Values.all.hardening.enabled}} securityContext: privileged: true runAsUser: 0 # root capabilities: add: [ "ALL" ] readOnlyRootFilesystem: false {{- else }} securityContext: privileged: false {{- end }} {{- with .Values.clusterAgent.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: logs mountPath: /var/log/stackstate-agent - name: config-override-volume mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml subPath: kubernetes_api_events_conf - name: config-override-volume mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml subPath: kubernetes_api_topology_conf readOnly: true {{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }} - name: config-override-volume mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml subPath: kube_state_metrics_core_conf readOnly: true {{- end }} {{- if .Values.clusterAgent.config.override }} {{- range .Values.clusterAgent.config.override }} - name: config-override-volume mountPath: {{ .path }}/{{ .name }} subPath: {{ .path | replace "/" "_"}}_{{ .name }} readOnly: true {{- end }} {{- end }} nodeSelector: {{ template "label.os" . }}: {{ .Values.targetSystem }} {{- with .Values.clusterAgent.nodeSelector }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.clusterAgent.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.clusterAgent.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: logs emptyDir: {} - name: config-override-volume configMap: name: {{ .Release.Name }}-cluster-agent