cri-o/vendor/k8s.io/kubernetes/examples/sysdig-cloud/sysdig-daemonset.yaml

73 lines
2.4 KiB
YAML
Raw Normal View History

#Use this sysdig.yaml when Daemon Sets are enabled on Kubernetes (minimum version 1.1.1). Otherwise use the RC method.
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: sysdig-agent
labels:
app: sysdig-agent
spec:
template:
metadata:
labels:
name: sysdig-agent
spec:
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: dev-vol
hostPath:
path: /dev
- name: proc-vol
hostPath:
path: /proc
- name: boot-vol
hostPath:
path: /boot
- name: modules-vol
hostPath:
path: /lib/modules
- name: usr-vol
hostPath:
path: /usr
hostNetwork: true
hostPID: true
containers:
- name: sysdig-agent
image: sysdig/agent
securityContext:
privileged: true
env:
- name: ACCESS_KEY #REQUIRED - replace with your Sysdig Cloud access key
value: 8312341g-5678-abcd-4a2b2c-33bcsd655
# - name: TAGS #OPTIONAL
# value: linux:ubuntu,dept:dev,local:nyc
# - name: COLLECTOR #OPTIONAL - on-prem install only
# value: 192.168.183.200
# - name: SECURE #OPTIONAL - on-prem install only
# value: false
# - name: CHECK_CERTIFICATE #OPTIONAL - on-prem install only
# value: false
# - name: ADDITIONAL_CONF #OPTIONAL pass additional parameters to the agent such as authentication example provided here
# value: "k8s_uri: https://myacct:mypass@localhost:4430\nk8s_ca_certificate: k8s-ca.crt\nk8s_ssl_verify_certificate: true"
volumeMounts:
- mountPath: /host/var/run/docker.sock
name: docker-sock
readOnly: false
- mountPath: /host/dev
name: dev-vol
readOnly: false
- mountPath: /host/proc
name: proc-vol
readOnly: true
- mountPath: /host/boot
name: boot-vol
readOnly: true
- mountPath: /host/lib/modules
name: modules-vol
readOnly: true
- mountPath: /host/usr
name: usr-vol
readOnly: true