|
|
@@ -0,0 +1,144 @@
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: DaemonSet
|
|
|
+metadata:
|
|
|
+ name: cloudwise-apm-euspace
|
|
|
+ namespace: cloudwise
|
|
|
+spec:
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app: cloudwise-apm-euspace
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ annotations:
|
|
|
+ container.apparmor.security.beta.kubernetes.io/cloudwise-apm-euspace: unconfined
|
|
|
+ name: cloudwise-apm-euspace
|
|
|
+ namespace: cloudwise
|
|
|
+ labels:
|
|
|
+ app: cloudwise-apm-euspace
|
|
|
+ spec:
|
|
|
+ hostPID: true
|
|
|
+ hostNetwork: true
|
|
|
+ nodeSelector:
|
|
|
+ kubernetes.io/os: linux
|
|
|
+ kubernetes.io/arch: amd64
|
|
|
+ containers:
|
|
|
+ - name: cloudwise-apm-euspace
|
|
|
+ image: harbor.cloudwise.com/apm/euspace-agent:1.6-dev-amd64
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ args: ["--listen", "0.0.0.0:8123", "--cgroupfs-root", "/host/sys/fs/cgroup","--run-in-container"]
|
|
|
+ ports:
|
|
|
+ - containerPort: 8123
|
|
|
+ name: http
|
|
|
+ securityContext:
|
|
|
+ privileged: true
|
|
|
+ runAsUser: 0
|
|
|
+ volumeMounts:
|
|
|
+ - name: sys-fs-cgroup
|
|
|
+ mountPath: /host/sys/fs/cgroup
|
|
|
+ readOnly: true
|
|
|
+ - name: sys-kernel-debug
|
|
|
+ mountPath: /sys/kernel/debug
|
|
|
+ readOnly: true
|
|
|
+ - name: host-usr
|
|
|
+ mountPath: /host/usr
|
|
|
+ readOnly: true
|
|
|
+ mountPropagation: HostToContainer
|
|
|
+ - name: host-var
|
|
|
+ mountPath: /host/var
|
|
|
+ readOnly: false
|
|
|
+ mountPropagation: HostToContainer
|
|
|
+ - name: host-run
|
|
|
+ mountPath: /host/run
|
|
|
+ readOnly: false
|
|
|
+ mountPropagation: HostToContainer
|
|
|
+ - name: host-tmp
|
|
|
+ mountPath: /host/tmp
|
|
|
+ readOnly: false
|
|
|
+ mountPropagation: HostToContainer
|
|
|
+ env:
|
|
|
+ - name: CONFIG_SERVER
|
|
|
+ value: ''
|
|
|
+ - name: DATA_SERVER
|
|
|
+ value: ''
|
|
|
+ - name: DISABLE_E2E_TRACING
|
|
|
+ value: 'false'
|
|
|
+ - name: DISABLE_STACK_TRACING
|
|
|
+ value: 'true'
|
|
|
+ - name: DISABLE_REG_HOST
|
|
|
+ value: 'false'
|
|
|
+ - name: CONSOLE_LOG
|
|
|
+ value: 'true'
|
|
|
+ - name: LOG_LEVEL
|
|
|
+ value: 'info'
|
|
|
+ - name: SEND
|
|
|
+ value: '1'
|
|
|
+ - name: INSECURE_SKIP_VERIFY
|
|
|
+ value: 'true'
|
|
|
+ - name: node_ip
|
|
|
+ valueFrom:
|
|
|
+ fieldRef:
|
|
|
+ fieldPath: status.hostIP
|
|
|
+ volumes:
|
|
|
+ - name: sys-fs-cgroup
|
|
|
+ hostPath:
|
|
|
+ path: /sys/fs/cgroup
|
|
|
+ - name: sys-kernel-debug
|
|
|
+ hostPath:
|
|
|
+ path: /sys/kernel/debug
|
|
|
+ - name: host-usr
|
|
|
+ hostPath:
|
|
|
+ path: /usr
|
|
|
+ type: Directory
|
|
|
+ - name: host-var
|
|
|
+ hostPath:
|
|
|
+ path: /var
|
|
|
+ type: Directory
|
|
|
+ - name: host-run
|
|
|
+ hostPath:
|
|
|
+ path: /run
|
|
|
+ type: Directory
|
|
|
+ - name: host-tmp
|
|
|
+ hostPath:
|
|
|
+ path: /tmp
|
|
|
+ type: Directory
|
|
|
+---
|
|
|
+kind: ClusterRole
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+metadata:
|
|
|
+ name: euspace-agent-role
|
|
|
+rules:
|
|
|
+ - apiGroups: [""]
|
|
|
+ resources:
|
|
|
+ - nodes
|
|
|
+ - namespaces
|
|
|
+ - configmaps
|
|
|
+ - services
|
|
|
+ - pods
|
|
|
+ - replicationcontrollers
|
|
|
+ verbs: ["get", "list", "watch"]
|
|
|
+ - apiGroups: ["apps"]
|
|
|
+ resources:
|
|
|
+ - daemonsets
|
|
|
+ - deployments
|
|
|
+ - replicasets
|
|
|
+ - statefulsets
|
|
|
+ verbs: ["get", "list", "watch"]
|
|
|
+ - apiGroups: ["extensions", "networking.k8s.io"]
|
|
|
+ resources: ["ingresses"]
|
|
|
+ verbs: ["get", "list", "watch"]
|
|
|
+ - apiGroups: ["route.openshift.io"]
|
|
|
+ resources: ["routes"]
|
|
|
+ verbs: ["get", "list", "watch"]
|
|
|
+---
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+kind: ClusterRoleBinding
|
|
|
+metadata:
|
|
|
+ name: cw-agent-view-binding
|
|
|
+subjects:
|
|
|
+ - kind: ServiceAccount
|
|
|
+ name: default
|
|
|
+ namespace: cloudwise
|
|
|
+roleRef:
|
|
|
+ kind: ClusterRole
|
|
|
+ name: euspace-agent-role
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|
Carl