8e5b17cf13
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
77 lines
2.9 KiB
YAML
77 lines
2.9 KiB
YAML
#Use this sysdig.yaml when Daemon Sets are NOT enabled on Kubernetes (minimum version 1.1.1). If Daemon Sets are available, use the other example sysdig.yaml - that is the recommended method.
|
|
|
|
apiVersion: v1
|
|
kind: ReplicationController
|
|
metadata:
|
|
name: sysdig-agent
|
|
labels:
|
|
app: sysdig-agent
|
|
spec:
|
|
replicas: 100 #REQUIRED - replace with the maximum number of slave nodes in the cluster
|
|
template:
|
|
spec:
|
|
volumes:
|
|
- name: docker-sock
|
|
hostPath:
|
|
path: /var/run/docker.sock
|
|
- name: dev-vol
|
|
hostPath:
|
|
path: /dev
|
|
- name: proc-vol
|
|
hostPath:
|
|
path: /proc
|
|
- name: boot-vol
|
|
hostPath:
|
|
path: /boot
|
|
- name: modules-vol
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: usr-vol
|
|
hostPath:
|
|
path: /usr
|
|
hostNetwork: true
|
|
hostPID: true
|
|
containers:
|
|
- name: sysdig-agent
|
|
image: sysdig/agent
|
|
ports:
|
|
- containerPort: 6666
|
|
hostPort: 6666
|
|
securityContext:
|
|
privileged: true
|
|
env:
|
|
- name: ACCESS_KEY #REQUIRED - replace with your Sysdig Cloud access key
|
|
value: 8312341g-5678-abcd-4a2b2c-33bcsd655
|
|
# - name: K8S_DELEGATED_NODE #OPTIONAL - only necessary when connecting remotely to API server
|
|
# value: <DELEGATED NODE IP>
|
|
# - name: K8S_API_URI #OPTIONAL - only necessary when connecting remotely to API server
|
|
# value: "http[s]://[username:passwd@]host[:port]"
|
|
# - name: TAGS #OPTIONAL
|
|
# value: linux:ubuntu,dept:dev,local:nyc
|
|
# - name: COLLECTOR #OPTIONAL
|
|
# value: 192.168.183.200
|
|
# - name: SECURE #OPTIONAL
|
|
# value: false
|
|
# - name: CHECK_CERTIFICATE #OPTIONAL
|
|
# value: false
|
|
# - name: ADDITIONAL_CONF #OPTIONAL
|
|
# value: "app_checks:\n - name: nginx\n check_module: nginx\n pattern:\n comm: nginx\n conf:\n nginx_status_url: "http://localhost:{port}/nginx_status\""
|
|
volumeMounts:
|
|
- mountPath: /host/var/run/docker.sock
|
|
name: docker-sock
|
|
readOnly: false
|
|
- mountPath: /host/dev
|
|
name: dev-vol
|
|
readOnly: false
|
|
- mountPath: /host/proc
|
|
name: proc-vol
|
|
readOnly: true
|
|
- mountPath: /host/boot
|
|
name: boot-vol
|
|
readOnly: true
|
|
- mountPath: /host/lib/modules
|
|
name: modules-vol
|
|
readOnly: true
|
|
- mountPath: /host/usr
|
|
name: usr-vol
|
|
readOnly: true
|