kubernetes/examples/sysdig-cloud/sysdig-daemonset.yaml

#Use this sysdig.yaml when Daemon Sets are enabled on Kubernetes (minimum version 1.1.1). Otherwise use the RC method.

apiVersion: extensions/v1beta1
kind: DaemonSet                     
metadata:
  name: sysdig-agent
  labels:
    app: sysdig-agent
spec:
  template:
    metadata:
      labels:
        name: sysdig-agent
    spec:
      volumes:
      - name: docker-sock
        hostPath:
         path: /var/run/docker.sock
         type: Socket
      - name: dev-vol
        hostPath:
         path: /dev
      - name: proc-vol
        hostPath:
         path: /proc
      - name: boot-vol
        hostPath:
         path: /boot
      - name: modules-vol
        hostPath:
         path: /lib/modules
      - name: usr-vol
        hostPath:
          path: /usr
      hostNetwork: true
      hostPID: true
      containers:
      - name: sysdig-agent
        image: sysdig/agent
        securityContext:
         privileged: true
        env:
        - name: ACCESS_KEY                                  #REQUIRED - replace with your Sysdig Cloud access key
          value: 8312341g-5678-abcd-4a2b2c-33bcsd655
#        - name: TAGS                                       #OPTIONAL
#          value: linux:ubuntu,dept:dev,local:nyc 
#        - name: COLLECTOR                                  #OPTIONAL - on-prem install only
#          value: 192.168.183.200 
#        - name: SECURE                                     #OPTIONAL - on-prem install only       
#          value: false
#        - name: CHECK_CERTIFICATE                          #OPTIONAL - on-prem install only
#          value: false
#        - name: ADDITIONAL_CONF                            #OPTIONAL pass additional parameters to the agent such as authentication example provided here
#          value: "k8s_uri: https://myacct:mypass@localhost:4430\nk8s_ca_certificate: k8s-ca.crt\nk8s_ssl_verify_certificate: true"
        volumeMounts:
        - mountPath: /host/var/run/docker.sock
          name: docker-sock
          readOnly: false
        - mountPath: /host/dev
          name: dev-vol
          readOnly: false
        - mountPath: /host/proc
          name: proc-vol
          readOnly: true
        - mountPath: /host/boot
          name: boot-vol
          readOnly: true
        - mountPath: /host/lib/modules
          name: modules-vol
          readOnly: true
        - mountPath: /host/usr
          name: usr-vol
          readOnly: true