apiVersion: v1 kind: ServiceAccount metadata: name: nodeagent namespace: sds --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nodeagent roleRef: name: nodeagent kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: nodeagent namespace: sds kind: ServiceAccount --- apiVersion: apps/v1 kind: DaemonSet metadata: name: node-agent namespace: sds labels: platform.edge.ncr.com/component: nodeagent spec: selector: matchLabels: platform.edge.ncr.com/component: nodeagent template: metadata: labels: platform.edge.ncr.com/component: nodeagent spec: serviceAccountName: nodeagent automountServiceAccountToken: true priorityClassName: edge-p1-critical-infra containers: - name: nodeagent image: bzl://cmd/sds/nodeagent:container_push ports: - name: metrics containerPort: 9080 env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: DEVICE_SYSTEM_LOG_LEVEL valueFrom: configMapKeyRef: name: device-system-config key: DEVICE_SYSTEM_LOG_LEVEL optional: true resources: limits: cpu: "100m" memory: "100Mi" requests: cpu: "50m" memory: "100Mi" imagePullPolicy: IfNotPresent imagePullSecrets: - name: edge-docker-pull-secret --- apiVersion: v1 kind: ConfigMap metadata: name: nodeagent-plugins namespace: sds data: breakglass: "true" cniplugin: "true" dhclient: "true" # todo - remove at n-2 edgeconfigsync: "true" grub: "true" iptables: "true" netplan: "true" nodefirewall: "true" nodepatcher: "true" ntp: "true" remoteagentconfig: "true" staticpodscheduler: "true" suspendAll: "false" # Suspend all plugins (overwrites all other settings) swapcfg: "true" thinclientconfig: "false" thinclientconfigmapwatcher: "false" thinclientsecretwatcher: "false" trafficshaping: "true"