mirror of
https://github.com/kubescape/kubescape.git
synced 2026-02-14 18:09:55 +00:00
161 lines
4.3 KiB
YAML
161 lines
4.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: node-agent
|
|
namespace: kubescape
|
|
uid: 7d7340d8-0f58-473d-8bba-b07d602bc60e
|
|
spec:
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: kubescape
|
|
app.kubernetes.io/name: node-agent
|
|
tier: ks-control-plane
|
|
template:
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
alt-name: node-agent
|
|
app: node-agent
|
|
app.kubernetes.io/instance: kubescape
|
|
app.kubernetes.io/name: node-agent
|
|
helm.sh/chart: kubescape-relevancy-2.0.10
|
|
otel: enabled
|
|
tier: ks-control-plane
|
|
spec:
|
|
automountServiceAccountToken: true
|
|
containers:
|
|
- env:
|
|
- name: KS_LOGGER_LEVEL
|
|
value: debug
|
|
- name: KS_LOGGER_NAME
|
|
value: zap
|
|
- name: OTEL_COLLECTOR_SVC
|
|
value: otel-collector:4317
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: spec.nodeName
|
|
- name: CONFIG_ENV_VAR
|
|
value: /etc/node-agent/configuration/ConfigurationFile.json
|
|
- name: NodeName
|
|
image: quay.io/kubescape/sniffer:v0.1.58-relevancy
|
|
imagePullPolicy: IfNotPresent
|
|
name: node-agent
|
|
resources: {}
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- SYS_RESOURCE
|
|
- SYS_ADMIN
|
|
runAsUser: 0
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /etc/node-agent/configuration
|
|
name: configmap-volume
|
|
- mountPath: /root/.falco
|
|
name: root-falco-fs
|
|
- mountPath: /host/proc
|
|
name: proc-fs
|
|
- mountPath: /sys/kernel/debug
|
|
name: debugfs
|
|
- mountPath: /host/var/run/docker.sock
|
|
name: docker-socket
|
|
- mountPath: /host/run/containerd/containerd.sock
|
|
name: containerd-socket
|
|
- mountPath: /host/run/crio/crio.sock
|
|
name: crio-socket
|
|
dnsPolicy: ClusterFirst
|
|
initContainers:
|
|
- env:
|
|
- name: FALCO_BPF_PROBE
|
|
image: docker.io/falcosecurity/falco-driver-loader:0.32.2
|
|
imagePullPolicy: IfNotPresent
|
|
name: falco-driver-loader
|
|
resources: {}
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /root/.falco
|
|
name: root-falco-fs
|
|
- mountPath: /host/proc
|
|
name: proc-fs
|
|
readOnly: true
|
|
- mountPath: /host/boot
|
|
name: boot-fs
|
|
readOnly: true
|
|
- mountPath: /host/lib/modules
|
|
name: lib-modules
|
|
- mountPath: /host/usr
|
|
name: usr-fs
|
|
readOnly: true
|
|
- mountPath: /host/etc
|
|
name: etc-fs
|
|
readOnly: true
|
|
restartPolicy: Always
|
|
schedulerName: default-scheduler
|
|
securityContext: {}
|
|
serviceAccount: node-agent-service-account
|
|
serviceAccountName: node-agent-service-account
|
|
terminationGracePeriodSeconds: 30
|
|
volumes:
|
|
- configMap:
|
|
defaultMode: 420
|
|
name: node-agent-config-map
|
|
name: configmap-volume
|
|
- emptyDir: {}
|
|
name: root-falco-fs
|
|
- hostPath:
|
|
path: /boot
|
|
type: ""
|
|
name: boot-fs
|
|
- hostPath:
|
|
path: /lib/modules
|
|
type: ""
|
|
name: lib-modules
|
|
- hostPath:
|
|
path: /usr
|
|
type: ""
|
|
name: usr-fs
|
|
- hostPath:
|
|
path: /etc
|
|
type: ""
|
|
name: etc-fs
|
|
- hostPath:
|
|
path: /dev
|
|
type: ""
|
|
name: dev-fs
|
|
- hostPath:
|
|
path: /var/run/docker.sock
|
|
type: ""
|
|
name: docker-socket
|
|
- hostPath:
|
|
path: /run/containerd/containerd.sock
|
|
type: ""
|
|
name: containerd-socket
|
|
- hostPath:
|
|
path: /run/crio/crio.sock
|
|
type: ""
|
|
name: crio-socket
|
|
- hostPath:
|
|
path: /proc
|
|
type: ""
|
|
name: proc-fs
|
|
- hostPath:
|
|
path: /sys/kernel/debug
|
|
type: ""
|
|
name: debugfs
|
|
updateStrategy:
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
status:
|
|
currentNumberScheduled: 0
|
|
desiredNumberScheduled: 0
|
|
numberMisscheduled: 0
|
|
numberReady: 0
|
|
observedGeneration: 2
|