rancher-partner-charts/charts/stackstate/stackstate-k8s-agent/1.0.86/templates/checks-agent-deployment.yaml

{{- if .Values.checksAgent.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-checks-agent
  namespace: {{ .Release.Namespace }}
  labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }}
    app.kubernetes.io/component: checks-agent
  annotations:
{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }}
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: checks-agent
      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
  replicas: {{ .Values.checksAgent.replicas }}
{{- with .Values.checksAgent.strategy }}
  strategy:
    {{- toYaml . | nindent 4 }}
{{- end }}
  template:
    metadata:
      annotations:
        {{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }}
        {{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }}
{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 8 }}
      labels:
        app.kubernetes.io/component: checks-agent
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 8 }}
    spec:
      {{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }}
    {{- if .Values.all.hardening.enabled}}
      terminationGracePeriodSeconds: 240
    {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}"
          imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}"
        {{- if .Values.all.hardening.enabled}}
          lifecycle:
            preStop:
              exec:
                command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ]
        {{- end }}
          env:
          {{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 10 }}
          - name: KUBERNETES_HOSTNAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: STS_HOSTNAME
            value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}"
          - name: AGENT_VERSION
            value: {{ .Values.checksAgent.image.tag | quote }}
          - name: LOG_LEVEL
            value: {{ .Values.checksAgent.logLevel | quote }}
          - name: STS_APM_ENABLED
            value: "false"
          - name: STS_CLUSTER_AGENT_ENABLED
            value: {{ .Values.clusterAgent.enabled | quote }}
          {{- if .Values.clusterAgent.enabled }}
          - name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME
            value: {{ .Release.Name }}-cluster-agent
          {{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 10 }}
          {{- end }}
          - name: STS_CLUSTER_NAME
            value: {{ .Values.stackstate.cluster.name | quote }}
          - name: STS_SKIP_VALIDATE_CLUSTERNAME
            value: "true"
          - name: STS_CHECKS_TAG_CARDINALITY
            value: {{ .Values.checksAgent.checksTagCardinality | quote }}
          - name: STS_EXTRA_CONFIG_PROVIDERS
            value: "clusterchecks"
          - name: STS_HEALTH_PORT
            value: "5555"
          - name: STS_LEADER_ELECTION
            value: "false"
          - name: STS_LOG_LEVEL
            value: {{ .Values.checksAgent.logLevel | quote }}
          - name: STS_NETWORK_TRACING_ENABLED
            value: "false"
          - name: STS_PROCESS_AGENT_ENABLED
            value: "false"
          - name: STS_SKIP_SSL_VALIDATION
            value: {{ or .Values.global.skipSslValidation .Values.checksAgent.skipSslValidation | quote }}
          - name: STS_STS_URL
            value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
          {{- if .Values.global.proxy.url }}
          - name: STS_PROXY_HTTPS
            value: {{ .Values.global.proxy.url | quote }}
          - name: STS_PROXY_HTTP
            value: {{ .Values.global.proxy.url | quote }}
          {{- end }}
          {{- range $key, $value := .Values.global.extraEnv.open }}
          - name: {{ $key }}
            value: {{ $value | quote }}
          {{- end }}
          {{- range $key, $value := .Values.global.extraEnv.secret }}
          - name: {{ $key }}
            valueFrom:
              secretKeyRef:
                name: {{ include "stackstate-k8s-agent.fullname" . }}
                key: {{ $key }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: /health
              port: healthport
            failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }}
            initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }}
          readinessProbe:
            httpGet:
              path: /health
              port: healthport
            failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }}
            initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }}
          ports:
          - containerPort: 5555
            name: healthport
            protocol: TCP
        {{- if .Values.all.hardening.enabled}}
          securityContext:
            privileged: true
            runAsUser: 0  # root
            capabilities:
              add: [ "ALL" ]
            readOnlyRootFilesystem: false
        {{- else }}
          securityContext:
            privileged: false
        {{- end }}
        {{- with .Values.checksAgent.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
        {{- end }}
          volumeMounts:
          - name: confd-empty-volume
            mountPath: /etc/stackstate-agent/conf.d
# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run.
            readOnly: false
          {{- if .Values.checksAgent.config.override }}
          {{- range .Values.checksAgent.config.override }}
          - name: config-override-volume
            mountPath: {{ .path }}/{{ .name }}
            subPath: {{ .path | replace "/" "_"}}_{{ .name }}
            readOnly: true
          {{- end }}
          {{- end }}
      {{- if .Values.checksAgent.priorityClassName }}
      priorityClassName: {{ .Values.checksAgent.priorityClassName }}
      {{- end }}
      serviceAccountName: {{ .Release.Name }}-checks-agent
      nodeSelector:
        {{ template "label.os" . }}: {{ .Values.targetSystem }}
        {{- with .Values.checksAgent.nodeSelector }}
            {{- toYaml . | nindent 8 }}
        {{- end }}
    {{- with .Values.checksAgent.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.checksAgent.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
      - name: confd-empty-volume
        emptyDir: {}
      {{- if .Values.checksAgent.config.override }}
      - name: config-override-volume
        configMap:
          name: {{ .Release.Name }}-checks-agent
      {{- end }}
{{- end -}}