diff --git a/.gitignore b/.gitignore index 5d7ab3b..497f226 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,7 @@ .venv +inventory secret.txt vaultfile.yaml -inventory +group_vars/cluster*.yaml +*-bundle*.yaml +.DS_store diff --git a/README.md b/README.md index 97e6c3a..8fcc2cd 100644 --- a/README.md +++ b/README.md @@ -103,49 +103,73 @@ The group_vars directory contains YAML files that have to be named as the groups |nia_version|Node Image Analyzer Image tag| |nia_api_endpoint|Node Image Analyzer api endpoint| |nia_collector_endpoint|Node Image Analyzer collector endpoint| - -### Vault -The vault file will contain a single variable that will be the SysDig account access key for the SaaS backend. - -|Parameter Name| Description| -|---|---| |sysdig_access_key|a variable containing the account access key| +### Sysdig Access Key +The sysdig access key can be insered in multiple ways. you can define the key in a Vault file that will be encrypted. this is the most secure way to store your password. +you can also insert the key directly in the group_vars, in this case the key can be also specific for each cluster. + > you can find this parameter in your personal settings in the Sysdig SaaS or in the Agent Installation section -The vault file should look like this: +The vault file should look like this before the encryption: ```yaml sysdig_access_key: XXXXXX-YOUR-AGENT-KEY-XXXXXX ``` -To create it, you can simply run: - -```bash -ansible-vault encrypt_string --name=sysdig_access_key > ./vaultfile.yaml -``` - -> you will be asked to insert the ansible vault password and after that will be reading plaintext input from stdin. (ctrl-d to end input, twice if your content does not already have a newline) - #### Vault -You can define a secret.txt where the ansible-vault password will be stored, __make sure that only you can access this file!__ +The vault file will contain a single variable that will be the SysDig account access key for the SaaS backend. + +You can define a secret.txt where the ansible-vault password will be stored, __make sure that only you can access this file!__ or you can simply use the `--ask-vault-password` to prompt the password when necessary. ```bash echo "YOUR_SUPER_SECRET_PASSWORD" > secret.txt ``` -At this point you can do: +At this point you can create the `vaultfile.yaml` file: ```bash -ansible-vault encrypt_string --vault-password-file=secret.txt --name=sysdig_access_key XXXXXX-YOUR-AGENT-KEY-XXXXXX > vaultfile.yaml +ansible-vault create vaultfile.yaml --vault-password-file=secret.txt +``` + +#### Group Vars +You can specify in the `group_vars` group file the `sysdig_access_key` simply by defining the variable like in the exampple below: + +```yaml +# cluster1.yaml.example +... +sysdig_access_key: XXXXXX-YOUR-AGENT-KEY-XXXXXX +... ``` ## Run ansible to install sysdig At this point you can start the installation process simply by running: +```bash +ansible-playbook sysdig-agent.install.yml +``` + +if you use the vault: + ```bash ansible-playbook sysdig-agent.install.yml --vault-password-file=secret.txt ``` +### Dry Run +> this execution option is reserved to Kubernetes & Openshift **only** also you can not use the vault metod. + +You can run the playbook in k8s "*Dry-Run*" fashion, with this option on the specified clusters __will not be executed any command__ directly. Instead, the execution will generate a bundle file for each Cluster. In the case of a K8s Cluster the file will be called k8s-bundle-CLUSTER_NAME.yaml. In the case of an Openshift Cluster, the file will be called openshift-bundle-CLUSTER_NAME.yaml. + + +start the execution of the dry-run with this command: +```bash +ansible-playbook sysdig-agent.install.dry-run.yml --extra-vars 'dry_run=True' +``` + +in case of OCP Cluster you have tu run manually: +```bash +oc adm policy add-scc-to-user privileged system:serviceaccount:{{ sysdig_agent_namespace }}:sysdig-agent +``` + ## Contacts If you have questions or suggestions feel free to contact us: diff --git a/group_vars/cluster1.yaml.example b/group_vars/cluster1.yaml.example index 92a8374..8701710 100644 --- a/group_vars/cluster1.yaml.example +++ b/group_vars/cluster1.yaml.example @@ -7,6 +7,7 @@ cluster_name: example-1 agent_version: latest sysdig_agent_namespace: sysdig-agent kube_config_path: /home/myansibleuser/.kube/config +sysdig_access_key: XXXXXX-YOUR-AGENT-KEY-XXXXXX # Resources needed are subjective to the actual workload. # Please refer to Sysdig Support for more info. # See also: https://docs.sysdig.com/en/tuning-sysdig-agent.html diff --git a/roles/install-sysdig-agent/defaults/main.yml b/roles/install-sysdig-agent/defaults/main.yml index de57ad5..15d36dc 100644 --- a/roles/install-sysdig-agent/defaults/main.yml +++ b/roles/install-sysdig-agent/defaults/main.yml @@ -13,4 +13,5 @@ resources_limits_cpu: 1000m resources_limits_memory: 1024Mi # Node Image Analyzer default variables nia_enabled: False -nia_version: latest \ No newline at end of file +nia_version: latest +dry_run: false \ No newline at end of file diff --git a/roles/install-sysdig-agent/handlers/main.yml b/roles/install-sysdig-agent/handlers/main.yml index fb9c08b..971fa0f 100644 --- a/roles/install-sysdig-agent/handlers/main.yml +++ b/roles/install-sysdig-agent/handlers/main.yml @@ -1,2 +1,19 @@ --- # handlers file for install-sysdig-agent +- name: Restart sysdig-agent pods + kubernetes.core.k8s: + kind: Pod + namespace: "{{ sysdig_agent_namespace }}" + state: absent + kubeconfig: "{{ kube_config_path }}" + label_selectors: + - 'app=sysdig-agent' + +- name: Restart sysdig NIA pods + kubernetes.core.k8s: + kind: Pod + namespace: "{{ sysdig_agent_namespace }}" + state: absent + kubeconfig: "{{ kube_config_path }}" + label_selectors: + - 'app=sysdig-node-analyzer' \ No newline at end of file diff --git a/roles/install-sysdig-agent/tasks/agent-install-k8s-dry-run.yml b/roles/install-sysdig-agent/tasks/agent-install-k8s-dry-run.yml new file mode 100644 index 0000000..9571660 --- /dev/null +++ b/roles/install-sysdig-agent/tasks/agent-install-k8s-dry-run.yml @@ -0,0 +1,65 @@ +--- + +- name: Delete old bundles + delegate_to: localhost + file: + path: "k8s-bundle-{{ group_names[0] }}.yaml" + state: absent + +- name: Creating new bundle + delegate_to: localhost + file: + path: "k8s-bundle-{{ group_names[0] }}.yaml" + state: touch + +- name: Create {{ sysdig_agent_namespace }} namespace + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-namespace.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + +- name: Create Service Account for sysdig agent + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-serviceaccount.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + +- name: Create ClusterRole for sysdig-agent account + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-clusterrole.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + +- name: Create ClusterRoleBinding for cluster-reader for sysdig-agent account + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-clusterrolebinding.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + +- name: Create secret for sysdig-agent + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-secret.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + +- name: Configure agent configmap, service and daemonset + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', '{{item}}.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + loop: + - sysdig-agent-configmap + - sysdig-agent-service + - sysdig-agent-daemonset-v2 + +- name: Configure NIA configmap and daemonset + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', '{{item}}.yaml.j2')}}" + dest: "k8s-bundle-{{ group_names[0] }}.yaml" + loop: + - sysdig-node-image-analyzer-configmap + - sysdig-node-image-analyzer-daemonset + - sysdig-node-benchmark-runner-configmap + - sysdig-node-host-analyzer-configmap + when: nia_enabled diff --git a/roles/install-sysdig-agent/tasks/agent-install-k8s.yml b/roles/install-sysdig-agent/tasks/agent-install-k8s.yml index d1c5bf6..01c4f42 100644 --- a/roles/install-sysdig-agent/tasks/agent-install-k8s.yml +++ b/roles/install-sysdig-agent/tasks/agent-install-k8s.yml @@ -56,23 +56,26 @@ state: present kubeconfig: "{{ kube_config_path }}" -- name: Debug Agent ConfigMap - debug: - msg: "{{ ((lookup('template', 'sysdig-agent-configmap.yaml.j2') | from_yaml).data | from_yaml )['dragent.yaml'] | from_yaml }}" - verbosity: 3 +- name: Configure agent configmap + kubernetes.core.k8s: + resource_definition: "{{ lookup('template', 'sysdig-agent-configmap.yaml.j2')}}" + namespace: "{{ sysdig_agent_namespace }}" + state: present + kubeconfig: "{{ kube_config_path }}" + notify: + - Restart sysdig-agent pods -- name: Configure agent configmap, service and daemonset +- name: Configure agent service and daemonset kubernetes.core.k8s: resource_definition: "{{ lookup('template', '{{ item }}.yaml.j2')}}" namespace: "{{ sysdig_agent_namespace }}" state: present kubeconfig: "{{ kube_config_path }}" loop: - - sysdig-agent-configmap - sysdig-agent-service - sysdig-agent-daemonset-v2 -- name: Configure NIA configmap and daemonset +- name: Configure NIA configmaps kubernetes.core.k8s: resource_definition: "{{ lookup('template', '{{ item }}.yaml.j2')}}" namespace: "{{ sysdig_agent_namespace }}" @@ -80,7 +83,16 @@ kubeconfig: "{{ kube_config_path }}" loop: - sysdig-node-image-analyzer-configmap - - sysdig-node-image-analyzer-daemonset - sysdig-node-benchmark-runner-configmap - sysdig-node-host-analyzer-configmap when: nia_enabled + notify: + - Restart sysdig NIA pods + +- name: Configure NIA daemonset + kubernetes.core.k8s: + resource_definition: "{{ lookup('template', 'sysdig-node-image-analyzer-daemonset.yaml.j2')}}" + namespace: "{{ sysdig_agent_namespace }}" + state: present + kubeconfig: "{{ kube_config_path }}" + when: nia_enabled diff --git a/roles/install-sysdig-agent/tasks/agent-install-ocp-dry-run.yml b/roles/install-sysdig-agent/tasks/agent-install-ocp-dry-run.yml new file mode 100644 index 0000000..f38f574 --- /dev/null +++ b/roles/install-sysdig-agent/tasks/agent-install-ocp-dry-run.yml @@ -0,0 +1,65 @@ +--- + +- name: Delete old bundles + delegate_to: localhost + file: + path: "openshift-bundle-{{ group_names[0] }}.yaml" + state: absent + +- name: Creating new bundle + delegate_to: localhost + file: + path: "openshift-bundle-{{ group_names[0] }}.yaml" + state: touch + +- name: Create {{ sysdig_agent_namespace }} namespace + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-namespace.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + +- name: Create Service Account for sysdig agent + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-serviceaccount.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + +- name: Create RoleBinding for privileged scc for sysdig-agent account + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-privileged-rolebinding.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + +- name: Create ClusterRoleBinding for cluster-reader for sysdig-agent account + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'cluster-reader-sysdig-agent-clusterrolebinding.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + +- name: Create secret for sysdig-agent + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', 'sysdig-agent-secret.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + +- name: Configure agent configmap, service and daemonset + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', '{{item}}.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + loop: + - sysdig-agent-configmap + - sysdig-agent-service + - sysdig-agent-daemonset-v2 + +- name: Configure NIA configmap and daemonset + delegate_to: localhost + lineinfile: + line: "{{ lookup('template', '{{item}}.yaml.j2')}}" + dest: "openshift-bundle-{{ group_names[0] }}.yaml" + loop: + - sysdig-node-image-analyzer-configmap + - sysdig-node-image-analyzer-daemonset + - sysdig-node-benchmark-runner-configmap + - sysdig-node-host-analyzer-configmap + when: nia_enabled diff --git a/roles/install-sysdig-agent/tasks/agent-install-ocp.yml b/roles/install-sysdig-agent/tasks/agent-install-ocp.yml index aa5f06f..a67fe31 100644 --- a/roles/install-sysdig-agent/tasks/agent-install-ocp.yml +++ b/roles/install-sysdig-agent/tasks/agent-install-ocp.yml @@ -60,18 +60,26 @@ state: present kubeconfig: "{{ kube_config_path }}" -- name: Configure agent configmap, service and daemonset +- name: Configure agent configmap + kubernetes.core.k8s: + resource_definition: "{{ lookup('template', 'sysdig-agent-configmap.yaml.j2')}}" + namespace: "{{ sysdig_agent_namespace }}" + state: present + kubeconfig: "{{ kube_config_path }}" + notify: + - Restart sysdig-agent pods + +- name: Configure agent service and daemonset kubernetes.core.k8s: resource_definition: "{{ lookup('template', '{{ item }}.yaml.j2')}}" namespace: "{{ sysdig_agent_namespace }}" state: present kubeconfig: "{{ kube_config_path }}" loop: - - sysdig-agent-configmap - sysdig-agent-service - sysdig-agent-daemonset-v2 -- name: Configure NIA configmap and daemonset +- name: Configure NIA configmaps kubernetes.core.k8s: resource_definition: "{{ lookup('template', '{{ item }}.yaml.j2')}}" namespace: "{{ sysdig_agent_namespace }}" @@ -79,7 +87,16 @@ kubeconfig: "{{ kube_config_path }}" loop: - sysdig-node-image-analyzer-configmap - - sysdig-node-image-analyzer-daemonset - sysdig-node-benchmark-runner-configmap - sysdig-node-host-analyzer-configmap + when: nia_enabled + notify: + - Restart sysdig NIA pods + +- name: Configure NIA daemonset + kubernetes.core.k8s: + resource_definition: "{{ lookup('template', 'sysdig-node-image-analyzer-daemonset.yaml.j2')}}" + namespace: "{{ sysdig_agent_namespace }}" + state: present + kubeconfig: "{{ kube_config_path }}" when: nia_enabled \ No newline at end of file diff --git a/roles/install-sysdig-agent/tasks/main.yml b/roles/install-sysdig-agent/tasks/main.yml index 8fa1cac..9386cbe 100644 --- a/roles/install-sysdig-agent/tasks/main.yml +++ b/roles/install-sysdig-agent/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: debug dry_run + debug: + var: dry_run + verbosity: 3 - name: Install agent as Docker container include_tasks: agent-install-dockerd.yml @@ -6,7 +10,13 @@ - name: Install agent on K8S include_tasks: agent-install-k8s.yml - when: ('k8s' in group_names) + when: ('k8s' in group_names) and + (dry_run == False) + +- name: Install agent on K8S Dry-Run + include_tasks: agent-install-k8s-dry-run.yml + when: ('k8s' in group_names) and + (dry_run) - name: Install agent as Systemd daemon include_tasks: agent-install-systemd.yml @@ -14,4 +24,10 @@ - name: Install agent on OCP cluster include_tasks: agent-install-ocp.yml - when: ('ocp' in group_names) + when: ('ocp' in group_names) and + (dry_run == False) + +- name: Install agent on OCP Cluster Dry-Run + include_tasks: agent-install-ocp-dry-run.yml + when: ('ocp' in group_names) and + (dry_run) \ No newline at end of file diff --git a/roles/install-sysdig-agent/templates/cluster-reader-sysdig-agent-clusterrolebinding.yaml.j2 b/roles/install-sysdig-agent/templates/cluster-reader-sysdig-agent-clusterrolebinding.yaml.j2 index 5d8d81d..d5a44ca 100644 --- a/roles/install-sysdig-agent/templates/cluster-reader-sysdig-agent-clusterrolebinding.yaml.j2 +++ b/roles/install-sysdig-agent/templates/cluster-reader-sysdig-agent-clusterrolebinding.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cluster-reader + namespace: {{ sysdig_agent_namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-clusterrole.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-clusterrole.yaml.j2 index c67853e..3d7304a 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-clusterrole.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-clusterrole.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: sysdig-agent + namespace: {{ sysdig_agent_namespace }} rules: - apiGroups: - "" diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-clusterrolebinding.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-clusterrolebinding.yaml.j2 index f4e2199..98d863e 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-clusterrolebinding.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-clusterrolebinding.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: sysdig-agent + namespace: {{ sysdig_agent_namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-configmap.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-configmap.yaml.j2 index 69817ad..3f8cf99 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-configmap.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-configmap.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: v1 kind: ConfigMap metadata: name: sysdig-agent + namespace: {{ sysdig_agent_namespace }} data: dragent.yaml: |- configmap: true @@ -26,4 +28,7 @@ data: new_k8s: true k8s_cluster_name: {{ cluster_name }} ####################################### + {% if custom_configuration != None %} {{ custom_configuration | to_yaml(indent=6) }} + {% endif %} + diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-daemonset-v2.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-daemonset-v2.yaml.j2 index 1cb1839..47c1956 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-daemonset-v2.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-daemonset-v2.yaml.j2 @@ -1,6 +1,8 @@ +--- apiVersion: apps/v1 kind: DaemonSet metadata: + namespace: {{ sysdig_agent_namespace }} name: sysdig-agent labels: app: sysdig-agent diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-namespace.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-namespace.yaml.j2 new file mode 100644 index 0000000..452514e --- /dev/null +++ b/roles/install-sysdig-agent/templates/sysdig-agent-namespace.yaml.j2 @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ sysdig_agent_namespace }} \ No newline at end of file diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-privileged-rolebinding.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-privileged-rolebinding.yaml.j2 index 5c08521..61f6c81 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-privileged-rolebinding.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-privileged-rolebinding.yaml.j2 @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-secret.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-secret.yaml.j2 index 74e8c08..6947a91 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-secret.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-secret.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: v1 data: access-key: {{ sysdig_access_key | b64encode }} kind: Secret metadata: name: sysdig-agent + namespace: {{ sysdig_agent_namespace }} type: Opaque diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-service.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-service.yaml.j2 index 2ae968c..7d3f9bf 100644 --- a/roles/install-sysdig-agent/templates/sysdig-agent-service.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-agent-service.yaml.j2 @@ -1,7 +1,9 @@ +--- kind: Service apiVersion: v1 metadata: name: sysdig-agent + namespace: {{ sysdig_agent_namespace }} labels: app: sysdig-agent spec: diff --git a/roles/install-sysdig-agent/templates/sysdig-agent-serviceaccount.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-agent-serviceaccount.yaml.j2 new file mode 100644 index 0000000..8e1af39 --- /dev/null +++ b/roles/install-sysdig-agent/templates/sysdig-agent-serviceaccount.yaml.j2 @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ sysdig_agent_namespace }} + namespace: sysdig-agent diff --git a/roles/install-sysdig-agent/templates/sysdig-node-benchmark-runner-configmap.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-node-benchmark-runner-configmap.yaml.j2 index 16bb506..4a5e17f 100644 --- a/roles/install-sysdig-agent/templates/sysdig-node-benchmark-runner-configmap.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-node-benchmark-runner-configmap.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: v1 kind: ConfigMap metadata: name: sysdig-benchmark-runner + namespace: {{ sysdig_agent_namespace }} data: debug: "false" diff --git a/roles/install-sysdig-agent/templates/sysdig-node-host-analyzer-configmap.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-node-host-analyzer-configmap.yaml.j2 index e853b4f..e89afd3 100644 --- a/roles/install-sysdig-agent/templates/sysdig-node-host-analyzer-configmap.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-node-host-analyzer-configmap.yaml.j2 @@ -1,6 +1,8 @@ +--- apiVersion: v1 kind: ConfigMap metadata: + namespace: {{ sysdig_agent_namespace }} name: sysdig-host-analyzer data: debug: "false" diff --git a/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-configmap.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-configmap.yaml.j2 index 8c85b7f..de361e3 100644 --- a/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-configmap.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-configmap.yaml.j2 @@ -1,7 +1,9 @@ +--- apiVersion: v1 kind: ConfigMap metadata: name: sysdig-image-analyzer + namespace: {{ sysdig_agent_namespace }} data: debug: "false" diff --git a/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-daemonset.yaml.j2 b/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-daemonset.yaml.j2 index 1d326b7..c2eb567 100644 --- a/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-daemonset.yaml.j2 +++ b/roles/install-sysdig-agent/templates/sysdig-node-image-analyzer-daemonset.yaml.j2 @@ -1,8 +1,10 @@ +--- # apiVersion: extensions/v1beta1 # If you are in Kubernetes version 1.8 or less please use this line instead of the following one apiVersion: apps/v1 kind: DaemonSet metadata: name: sysdig-node-analyzer + namespace: {{ sysdig_agent_namespace }} labels: app: sysdig-node-analyzer spec: diff --git a/sysdig-agent.install.dry-run.yml b/sysdig-agent.install.dry-run.yml new file mode 100644 index 0000000..2394850 --- /dev/null +++ b/sysdig-agent.install.dry-run.yml @@ -0,0 +1,6 @@ +--- +- name: Sysdig Installation + hosts: k8s,ocp + gather_facts: false + roles: + - install-sysdig-agent \ No newline at end of file