apiVersion: apps/v1 kind: DaemonSet metadata: name: cloudwise-apm-euspace namespace: cloudwise spec: selector: matchLabels: app: cloudwise-apm-euspace template: metadata: annotations: container.apparmor.security.beta.kubernetes.io/cloudwise-apm-euspace: unconfined name: cloudwise-apm-euspace namespace: cloudwise labels: app: cloudwise-apm-euspace spec: hostPID: true hostNetwork: true nodeSelector: kubernetes.io/os: linux kubernetes.io/arch: amd64 containers: - name: cloudwise-apm-euspace image: harbor.cloudwise.com/apm/euspace-agent:1.6.1-dev-amd64 imagePullPolicy: IfNotPresent args: ["--listen", "0.0.0.0:8123", "--cgroupfs-root", "/host/sys/fs/cgroup","--run-in-container"] ports: - containerPort: 8123 name: http securityContext: privileged: true runAsUser: 0 volumeMounts: - name: sys-fs-cgroup mountPath: /host/sys/fs/cgroup readOnly: true - name: sys-kernel-debug mountPath: /sys/kernel/debug readOnly: true - name: host-usr mountPath: /host/usr readOnly: true mountPropagation: HostToContainer - name: host-var mountPath: /host/var readOnly: false mountPropagation: HostToContainer - name: host-run mountPath: /host/run readOnly: false mountPropagation: HostToContainer - name: host-tmp mountPath: /host/tmp readOnly: false mountPropagation: HostToContainer env: - name: CONFIG_SERVER value: '' - name: DATA_SERVER value: '' - name: LICENSE_KEY value: 'J45Engw88NeHUZ4Q7qNsK8L47FTH**QvgW113IEnsNaBNMR5zZ**oj/g!!!!' - name: MYSQL_DEFAULT value: 'mariadb' - name: DISABLE_E2E_TRACING value: 'false' - name: DISABLE_STACK_TRACING value: 'true' - name: DISABLE_REG_HOST value: 'false' - name: CONSOLE_LOG value: 'true' - name: LOG_LEVEL value: 'info' - name: SEND value: '1' - name: INSECURE_SKIP_VERIFY value: 'true' - name: node_ip valueFrom: fieldRef: fieldPath: status.hostIP - name: REGISTER_APP_TO_DOOP value: 'true' volumes: - name: sys-fs-cgroup hostPath: path: /sys/fs/cgroup - name: sys-kernel-debug hostPath: path: /sys/kernel/debug - name: host-usr hostPath: path: /usr type: Directory - name: host-var hostPath: path: /var type: Directory - name: host-run hostPath: path: /run type: Directory - name: host-tmp hostPath: path: /tmp type: Directory --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: euspace-agent-role rules: - apiGroups: [""] resources: - nodes - namespaces - configmaps - services - pods - replicationcontrollers verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: - daemonsets - deployments - replicasets - statefulsets verbs: ["get", "list", "watch"] - apiGroups: ["extensions", "networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch"] - apiGroups: ["route.openshift.io"] resources: ["routes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cw-agent-view-binding subjects: - kind: ServiceAccount name: default namespace: cloudwise roleRef: kind: ClusterRole name: euspace-agent-role apiGroup: rbac.authorization.k8s.io