{{- if .Values.sysdig.accessKey }} apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "sysdig.fullname" . }} labels: app.kubernetes.io/name: {{ include "sysdig.name" . }} {{ include "sysdig.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "sysdig.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: name: {{ template "sysdig.fullname" .}} labels: app.kubernetes.io/name: {{ include "sysdig.name" . }} {{ include "sysdig.labels" . | indent 8 }} {{- if .Values.daemonset.annotations }} annotations: {{ toYaml .Values.daemonset.annotations | indent 8 }} {{- end }} spec: serviceAccountName: {{ template "sysdig.serviceAccountName" .}} {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet hostPID: true terminationGracePeriodSeconds: 5 {{- if .Values.daemonset.affinity }} affinity: {{ toYaml .Values.daemonset.affinity | indent 8 }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{ toYaml .Values.image.pullSecrets | indent 8 }} {{- end }} {{- if .Values.slim.enabled }} initContainers: - name: sysdig-agent-kmodule image: {{ template "sysdig.image.kmodule" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{ toYaml .Values.image.pullSecrets | indent 12 }} {{- end }} securityContext: capabilities: drop: - ALL privileged: true runAsNonRoot: false runAsUser: 0 readOnlyRootFilesystem: false allowPrivilegeEscalation: true resources: {{ toYaml .Values.slim.resources | indent 12 }} volumeMounts: - mountPath: /etc/modprobe.d name: modprobe-d readOnly: true - mountPath: /host/boot name: boot-vol readOnly: true - mountPath: /host/lib/modules name: modules-vol readOnly: true - mountPath: /host/usr name: usr-vol readOnly: true {{- end }} containers: - name: {{ .Chart.Name }} image: {{ template "sysdig.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{ toYaml .Values.resources | indent 12 }} securityContext: capabilities: drop: - ALL privileged: true runAsNonRoot: false runAsUser: 0 readOnlyRootFilesystem: false allowPrivilegeEscalation: true env: {{- if .Values.ebpf.enabled }} - name: SYSDIG_BPF_PROBE value: {{- end }} {{- if .Values.proxy.httpProxy }} - name: http_proxy value: {{ .Values.proxy.httpProxy }} {{- end }} {{- if .Values.proxy.httpsProxy }} - name: https_proxy value: {{ .Values.proxy.httpsProxy }} {{- end }} {{- if .Values.proxy.noProxy }} - name: no_proxy value: {{ .Values.proxy.noProxy }} {{- end }} {{- if .Values.timezone }} - name: TZ value: {{ .Values.timezone }} {{- end }} {{- range $key, $value := .Values.daemonset.env }} - name: "{{ $key }}" value: "{{ $value }}" {{- end }} readinessProbe: exec: command: [ "test", "-e", "/opt/draios/logs/running" ] initialDelaySeconds: 10 livenessProbe: exec: command: [ "test", "-e", "/opt/draios/logs/running" ] initialDelaySeconds: 10 volumeMounts: {{- if not .Values.slim.enabled }} - mountPath: /etc/modprobe.d name: modprobe-d readOnly: true {{- end }} - mountPath: /host/dev name: dev-vol readOnly: false - mountPath: /host/proc name: proc-vol readOnly: true {{- if not .Values.slim.enabled }} - mountPath: /host/boot name: boot-vol readOnly: true - mountPath: /host/lib/modules name: modules-vol readOnly: true - mountPath: /host/usr name: usr-vol readOnly: true {{- end }} - mountPath: /host/run name: run-vol - mountPath: /host/var/run name: varrun-vol - mountPath: /dev/shm name: dshm - mountPath: /opt/draios/etc/kubernetes/config name: sysdig-agent-config - mountPath: /opt/draios/etc/kubernetes/secrets name: sysdig-agent-secrets {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} - mountPath: /host/etc name: etc-fs readOnly: true {{- end }} {{- if .Values.customAppChecks }} - mountPath: /opt/draios/lib/python/checks.custom.d name: custom-app-checks-volume {{- end }} - mountPath: /host/etc/os-release name: osrel readOnly: true {{- if .Values.extraVolumes.mounts }} {{ toYaml .Values.extraVolumes.mounts | indent 12 }} {{- end }} volumes: - name: modprobe-d hostPath: path: /etc/modprobe.d - name: osrel hostPath: path: /etc/os-release type: FileOrCreate - name: dshm emptyDir: medium: Memory - name: dev-vol hostPath: path: /dev - name: proc-vol hostPath: path: /proc - name: boot-vol hostPath: path: /boot - name: modules-vol hostPath: path: /lib/modules - name: usr-vol hostPath: path: /usr - name: run-vol hostPath: path: /run - name: varrun-vol hostPath: path: /var/run {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} - name: etc-fs hostPath: path: /etc {{- end }} - name: sysdig-agent-config configMap: name: {{ template "sysdig.fullname" . }} optional: true - name: sysdig-agent-secrets secret: secretName: {{ template "sysdig.fullname" . }} {{- if .Values.customAppChecks }} - name: custom-app-checks-volume configMap: name: {{ template "sysdig.fullname" . }}-custom-app-checks {{- end }} {{- if .Values.extraVolumes.volumes }} {{ toYaml .Values.extraVolumes.volumes | indent 8 }} {{- end }} updateStrategy: {{ toYaml .Values.daemonset.updateStrategy | indent 4 }} {{- end }}