apiVersion: v1
kind: Namespace
metadata:
  name: cloudwise
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: cloudwise-apm-euspace
  namespace: cloudwise
spec:
  selector:
    matchLabels:
      app: cloudwise-apm-euspace
  template:
    metadata:
      annotations:
        container.apparmor.security.beta.kubernetes.io/cloudwise-apm-euspace: unconfined
      name: cloudwise-apm-euspace
      namespace: cloudwise
      labels:
        app: cloudwise-apm-euspace
    spec:
      hostPID: true
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: amd64
      containers:
        - name: cloudwise-apm-euspace
          image: harbor.cloudwise.com/apm/euspace_dev:1.2
          imagePullPolicy: Always
        # imagePullPolicy: IfNotPresent  
          args: ["--listen", "0.0.0.0:8123", "--cgroupfs-root", "/host/sys/fs/cgroup","--run-in-container"]
          ports:
            - containerPort: 8123
              name: http
          securityContext:
            privileged: true
            runAsUser: 0
          volumeMounts:
            - name: sys-fs-cgroup
              mountPath: /host/sys/fs/cgroup
              readOnly: true
            - name: sys-kernel-debug
              mountPath: /sys/kernel/debug
              readOnly: true
            - name: host-usr
              mountPath: /host/usr
              readOnly: true
              mountPropagation: HostToContainer
            - name: host-var
              mountPath: /host/var
              readOnly: false
              mountPropagation: HostToContainer
            - name: host-run
              mountPath: /host/run
              readOnly: false
              mountPropagation: HostToContainer
            - name: host-tmp
              mountPath: /host/tmp
              readOnly: false
              mountPropagation: HostToContainer    
          env:
            - name: SEND
              value: '1'
            - name: TRACES_ENDPOINT
              value: 'http://10.0.16.250:18080/docp/api/v2/data/receive'
            - name: FILTER_PID
              value: ''
            - name: DISABLE_STACK_TRACING
              value: 'true'
      volumes:
        - name: sys-fs-cgroup
          hostPath:
            path: /sys/fs/cgroup
        - name: sys-kernel-debug
          hostPath:
            path: /sys/kernel/debug
        - name: host-usr
          hostPath:
            path: /usr  
            type: Directory
        - name: host-var
          hostPath:
            path: /var
            type: Directory
        - name: host-run
          hostPath:
            path: /run
            type: Directory
        - name: host-tmp
          hostPath:
            path: /tmp
            type: Directory   
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: euspace-agent-role
rules:
  - apiGroups: [""]
    resources:
      - nodes
      - namespaces
      - configmaps
      - services
      - pods
      - replicationcontrollers
    verbs: ["get", "list", "watch"]
  - apiGroups: ["apps"]
    resources:
      - daemonsets
      - deployments
      - replicasets
      - statefulsets
    verbs: ["get", "list", "watch"]
  - apiGroups: ["extensions", "networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["route.openshift.io"]
    resources: ["routes"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cw-agent-view-binding
subjects:
  - kind: ServiceAccount
    name: default
    namespace: cloudwise
roleRef:
  kind: ClusterRole
  name: euspace-agent-role
  apiGroup: rbac.authorization.k8s.io