mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-03 23:40:03 +00:00
941e8729b8
Before this change this example would result in: $ kubectl create -f sysdig.yml The DaemonSet "sysdig-agent" is invalid. spec.template.metadata.labels: Invalid value: null: `selector` does not match template `labels`
73 lines
2.4 KiB
YAML
73 lines
2.4 KiB
YAML
#Use this sysdig.yaml when Daemon Sets are enabled on Kubernetes (minimum version 1.1.1). Otherwise use the RC method.
|
|
|
|
apiVersion: extensions/v1beta1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: sysdig-agent
|
|
labels:
|
|
app: sysdig-agent
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: sysdig-agent
|
|
spec:
|
|
volumes:
|
|
- name: docker-sock
|
|
hostPath:
|
|
path: /var/run/docker.sock
|
|
- name: dev-vol
|
|
hostPath:
|
|
path: /dev
|
|
- name: proc-vol
|
|
hostPath:
|
|
path: /proc
|
|
- name: boot-vol
|
|
hostPath:
|
|
path: /boot
|
|
- name: modules-vol
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: usr-vol
|
|
hostPath:
|
|
path: /usr
|
|
hostNetwork: true
|
|
hostPID: true
|
|
containers:
|
|
- name: sysdig-agent
|
|
image: sysdig/agent
|
|
securityContext:
|
|
privileged: true
|
|
env:
|
|
- name: ACCESS_KEY #REQUIRED - replace with your Sysdig Cloud access key
|
|
value: 8312341g-5678-abcd-4a2b2c-33bcsd655
|
|
# - name: TAGS #OPTIONAL
|
|
# value: linux:ubuntu,dept:dev,local:nyc
|
|
# - name: COLLECTOR #OPTIONAL - on-prem install only
|
|
# value: 192.168.183.200
|
|
# - name: SECURE #OPTIONAL - on-prem install only
|
|
# value: false
|
|
# - name: CHECK_CERTIFICATE #OPTIONAL - on-prem install only
|
|
# value: false
|
|
# - name: ADDITIONAL_CONF #OPTIONAL pass additional parameters to the agent such as authentication example provided here
|
|
# value: "k8s_uri: https://myacct:mypass@localhost:4430\nk8s_ca_certificate: k8s-ca.crt\nk8s_ssl_verify_certificate: true"
|
|
volumeMounts:
|
|
- mountPath: /host/var/run/docker.sock
|
|
name: docker-sock
|
|
readOnly: false
|
|
- mountPath: /host/dev
|
|
name: dev-vol
|
|
readOnly: false
|
|
- mountPath: /host/proc
|
|
name: proc-vol
|
|
readOnly: true
|
|
- mountPath: /host/boot
|
|
name: boot-vol
|
|
readOnly: true
|
|
- mountPath: /host/lib/modules
|
|
name: modules-vol
|
|
readOnly: true
|
|
- mountPath: /host/usr
|
|
name: usr-vol
|
|
readOnly: true
|