-
Notifications
You must be signed in to change notification settings - Fork 72
/
daemonset.yaml
143 lines (143 loc) · 4.39 KB
/
daemonset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "netdata.name" . }}-slave
labels:
app: {{ template "netdata.name" . }}
chart: {{ template "netdata.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
role: slave
spec:
selector:
matchLabels:
app: {{ template "netdata.name" . }}
release: {{ .Release.Name }}
role: slave
template:
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/netdata-slave: unconfined
labels:
app: {{ template "netdata.name" . }}
release: {{ .Release.Name }}
role: slave
{{- with .Values.slave.podLabels }}
{{ toYaml . | trim | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.slave.podAnnotations }}
{{ toYaml . | trim | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount.name }}
restartPolicy: Always
hostPID: true
hostIPC: true
hostNetwork: true
initContainers:
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: "{{ .Values.sysctlImage.repository }}:{{ .Values.sysctlImage.tag }}"
command:
{{ toYaml .Values.sysctlImage.command | indent 12 }}
securityContext:
runAsNonRoot: false
privileged: true
runAsUser: 0
resources:
{{ toYaml .Values.sysctlImage.resources | indent 12 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range $key, $value := .Values.slave.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
lifecycle:
postStart:
exec:
command: ["/bin/sh","-c","python -c 'import uuid; import socket; print(uuid.uuid3(uuid.NAMESPACE_DNS, socket.gethostname()))' > /var/lib/netdata/registry/netdata.public.unique.id"]
preStop:
exec:
command: ["/bin/sh","-c","killall netdata; while killall -0 netdata; do sleep 1; done"]
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /api/v1/info
port: http
timeoutSeconds: 1
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/v1/info
port: http
timeoutSeconds: 1
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: proc
readOnly: true
mountPath: /host/proc
- name: run
mountPath: /var/run/docker.sock
- name: sys
mountPath: /host/sys
{{- range $name, $config := .Values.slave.configs }}
{{- if $config.enabled }}
- name: config
mountPath: {{ $config.path }}
subPath: {{ $name }}
{{- end }}
{{- end }}
securityContext:
capabilities:
add:
- SYS_PTRACE
- SYS_ADMIN
resources:
{{ toYaml .Values.slave.resources | indent 12 }}
{{- with .Values.slave.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.slave.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.slave.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: proc
hostPath:
path: /proc
- name: run
hostPath:
path: /var/run/docker.sock
- name: sys
hostPath:
path: /sys
- name: config
configMap:
name: netdata-conf-slave
dnsPolicy: ClusterFirstWithHostNet