andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/stackstate/stackstate-k8s-agent/templates/_container-process-agent.yaml

161 lines
6.3 KiB
YAML
Raw Blame History

{{- define "container-process-agent" -}}
- name: process-agent
{{ if .Values.nodeAgent.containers.processAgent.image.registry }}
image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}"
{{ else }}
image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}"
{{- end }}
imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}"
ports:
- containerPort: 6063
env:
{{ include "stackstate-k8s-agent.apiKeyEnv" . | nindent 4 }}
- name: STS_KUBERNETES_KUBELET_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STS_HOSTNAME
value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}"
- name: AGENT_VERSION
value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }}
- name: STS_LOG_TO_CONSOLE
value: "true"
- name: HOST_PROC
value: "/host/proc"
- name: HOST_SYS
value: "/host/sys"
- name: HOST_ETC
value: "/host/etc"
- name: KUBERNETES
value: "true"
- name: STS_CLUSTER_AGENT_ENABLED
value: {{ .Values.clusterAgent.enabled | quote }}
{{- if .Values.clusterAgent.enabled }}
- name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME
value: {{ .Release.Name }}-cluster-agent
{{ include "stackstate-k8s-agent.clusterAgentAuthTokenEnv" . | nindent 4 }}
{{- end }}
- name: STS_CLUSTER_NAME
value: {{ .Values.stackstate.cluster.name | quote }}
- name: STS_SKIP_VALIDATE_CLUSTERNAME
value: "true"
- name: LOG_LEVEL
value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }}
- name: STS_LOG_LEVEL
value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }}
- name: STS_NETWORK_TRACING_ENABLED
value: {{ .Values.nodeAgent.networkTracing.enabled | quote }}
- name: STS_PROTOCOL_INSPECTION_ENABLED
value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }}
- name: STS_PROCESS_AGENT_ENABLED
value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }}
- name: STS_CONTAINER_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.container | quote }}
- name: STS_CONNECTION_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.connections | quote }}
- name: STS_PROCESS_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.process | quote }}
- name: GOMEMLIMIT
value: {{ .Values.processAgent.softMemoryLimit.goMemLimit | quote }}
- name: STS_HTTP_STATS_BUFFER_SIZE
value: {{ .Values.processAgent.softMemoryLimit.httpStatsBufferSize | quote }}
- name: STS_HTTP_OBSERVATIONS_BUFFER_SIZE
value: {{ .Values.processAgent.softMemoryLimit.httpObservationsBufferSize | quote }}
- name: STS_PROCESS_AGENT_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
- name: STS_SKIP_SSL_VALIDATION
value: {{ or .Values.global.skipSslValidation .Values.nodeAgent.skipSslValidation | quote }}
- name: STS_SKIP_KUBELET_TLS_VERIFY
value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }}
- name: STS_STS_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
- name: STS_HTTP_TRACING_ENABLED
value: {{ .Values.nodeAgent.httpTracing.enabled | quote }}
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- name: STS_CRI_SOCKET_PATH
value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
{{- end }}
{{- if .Values.global.proxy.url }}
- name: STS_PROXY_HTTPS
value: {{ .Values.global.proxy.url | quote }}
- name: STS_PROXY_HTTP
value: {{ .Values.global.proxy.url | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.open }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.secret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: {{ $key }}
{{- end }}
{{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- with .Values.nodeAgent.containers.processAgent.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- name: customcrisocket
mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
readOnly: true
{{- end }}
- name: crisocket
mountPath: /var/run/crio/crio.sock
readOnly: true
- name: containerdsocket
mountPath: /var/run/containerd/containerd.sock
readOnly: true
- name: sys-kernel-debug
mountPath: /sys/kernel/debug
# Having sys-kernel-debug as read only breaks specific monitors from receiving metrics
# readOnly: true
- name: dockersocket
mountPath: /var/run/docker.sock
readOnly: true
# The agent needs access to /etc to figure out what os it is running on.
- name: etcdir
mountPath: /host/etc
readOnly: true
- name: procdir
mountPath: /host/proc
# We have an agent option STS_DISABLE_BPF_JIT_HARDEN that write to /proc. this is a debug setting but if we want to use
# it, we have the option to make /proc writable.
readOnly: {{ .Values.nodeAgent.containers.processAgent.procVolumeReadOnly }}
- name: passwd
mountPath: /etc/passwd
readOnly: true
- name: cgroups
mountPath: /host/sys/fs/cgroup
readOnly: true
{{- if .Values.nodeAgent.config.override }}
{{- range .Values.nodeAgent.config.override }}
- name: config-override-volume
mountPath: {{ .path }}/{{ .name }}
subPath: {{ .path | replace "/" "_"}}_{{ .name }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.all.hardening.enabled}}
securityContext:
privileged: true
runAsUser: 0 # root
capabilities:
add: [ "ALL" ]
readOnlyRootFilesystem: false
{{- else }}
securityContext:
privileged: true
{{- end }}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink