1apiVersion: apps/v1
2kind: DaemonSet
3metadata:
4 name: node-agent
5 namespace: sds
6 labels:
7 platform.edge.ncr.com/component: nodeagent
8spec:
9 selector:
10 matchLabels:
11 platform.edge.ncr.com/component: nodeagent
12 template:
13 metadata:
14 labels:
15 platform.edge.ncr.com/component: nodeagent
16 spec:
17 hostNetwork: true
18 hostPID: true
19 initContainers:
20 - name: control-plane-guardian-image-init
21 image: bzl://cmd/sds/controlplaneguardian:container_push
22 args: ["version"]
23 - name: control-plane-promoter-image-init
24 image: bzl://cmd/sds/controlplanepromoter:container_push
25 args: ["version"]
26 - name: device-agent
27 image: bzl://cmd/sds/devices/device-agent:container_push
28 args:
29 - --start=false
30 - name: etcd-manager-image-init
31 image: bzl://cmd/sds/etcd/manager:container_push
32 args: ["version"]
33 - name: k8s-admission
34 image: bzl://cmd/sds/admission/controller:container_push
35 args: ["version"]
36 - name: k8s-admission-init
37 image: bzl://cmd/sds/admission/init:container_push
38 args: ["version"]
39 - name: lan-outage-detector-image-init
40 image: bzl://cmd/sds/lanoutage/detector:container_push
41 args: ["version"]
42 - name: lan-outage-scheduler-image-init
43 image: bzl://cmd/sds/lanoutage/scheduler:container_push
44 args: ["version"]
45 containers:
46 - name: nodeagent
47 image: bzl://cmd/sds/nodeagent:container_push
48 envFrom: []
49 env:
50 - name: CONTROL_PLANE_GUARDIAN_IMAGE
51 value: bzl://cmd/sds/controlplaneguardian:container_push
52 - name: CONTROL_PLANE_PROMOTER_IMAGE
53 value: bzl://cmd/sds/controlplanepromoter:container_push
54 - name: LAN_OUTAGE_DETECTOR_IMAGE
55 value: bzl://cmd/sds/lanoutage/detector:container_push
56 - name: LAN_OUTAGE_SCHEDULER_IMAGE
57 value: bzl://cmd/sds/lanoutage/scheduler:container_push
58 - name: ETCD_MANAGER_IMAGE
59 value: bzl://cmd/sds/etcd/manager:container_push
60 - name: K8S_ADMISSION_IMAGE
61 value: bzl://cmd/sds/admission/controller:container_push
62 - name: K8S_ADMISSION_INIT_IMAGE
63 value: bzl://cmd/sds/admission/init:container_push
64 - name: ADMISSION_WEBHOOK_NAME
65 value: admission
66 - name: DEVICE_AGENT_IMAGE
67 value: bzl://cmd/sds/devices/device-agent:container_push
68 volumeMounts:
69 - name: root
70 readOnly: true # Mount root system as read only
71 mountPath: /host
72 - name: etc-volume
73 mountPath: /host-etc
74 - name: rofs-volume
75 readOnly: true
76 mountPath: /host-rofs
77 - name: network-service-ips
78 readOnly: true
79 mountPath: /run/network-service-ips
80 - name: gateway-cni-script
81 readOnly: false
82 mountPath: /opt/cni/bin/gateway
83 - name: calico-config-list
84 readOnly: false
85 mountPath: /etc/cni/net.d/10-calico.conflist
86 - name: fw-dir
87 readOnly: false
88 mountPath: /etc/ien-fw/ipv4/dynamic
89 - name: xtables-lock
90 mountPath: /run/xtables.lock
91 - name: dhcp-dir
92 readOnly: false
93 mountPath: /etc/dhcp/
94 - name: boot
95 readOnly: false
96 mountPath: /host-boot
97 - name: bin-dir
98 readOnly: true
99 mountPath: /usr/local/bin
100 - name: data-volume
101 mountPath: /host-data
102 - name: dbus-socket
103 mountPath: /var/run/dbus/system_bus_socket
104 - name: kubernetes-manifests
105 mountPath: /etc/kubernetes/manifests
106 - name: zynstra-config
107 mountPath: /zynstra/config
108 - name: run-systemd
109 mountPath: /run/systemd
110 securityContext:
111 capabilities:
112 add:
113 - CAP_DAC_OVERRIDE # Root permissions to read/write to files on IEN
114 # TODO: we should look to replace chroot with dbus - https://github.com/ncrvoyix-swt-retail/edge-infra/pull/6348
115 - CAP_SYS_CHROOT # Allows chroot (for use by os.exec commands)
116 - CAP_NET_ADMIN # required for tc and netlink
117 drop:
118 - all # Drop all linux capabilities
119 privileged: true
120 volumes:
121 - name: bin-dir
122 hostPath:
123 type: Directory
124 path: /usr/local/bin
125 - name: boot
126 hostPath:
127 type: DirectoryOrCreate
128 path: /boot
129 - name: calico-config-list
130 hostPath:
131 type: File
132 path: /etc/cni/net.d/10-calico.conflist
133 - name: data-volume
134 hostPath:
135 type: DirectoryOrCreate
136 path: /data
137 - name: dbus-socket
138 hostPath:
139 type: Socket
140 path: /var/run/dbus/system_bus_socket
141 - name: dhcp-dir
142 hostPath:
143 type: ""
144 path: /etc/dhcp/
145 - name: etc-volume
146 hostPath:
147 type: Directory
148 path: /etc
149 - name: fw-dir
150 hostPath:
151 type: DirectoryOrCreate
152 path: /etc/ien-fw/ipv4/dynamic
153 - name: gateway-cni-script
154 hostPath:
155 type: FileOrCreate
156 path: /opt/cni/bin/gateway
157 - name: kubernetes-manifests
158 hostPath:
159 type: Directory
160 path: /etc/kubernetes/manifests
161 - name: network-service-ips
162 configMap:
163 name: network-service-ips
164 optional: true
165 - name: rofs-volume
166 hostPath:
167 type: Directory
168 path: /rofs
169 - name: root
170 hostPath:
171 path: /
172 - name: run-systemd
173 hostPath:
174 type: Directory
175 path: /run/systemd
176 - name: xtables-lock
177 hostPath:
178 type: FileOrCreate
179 path: /run/xtables.lock
180 - name: zynstra-config
181 hostPath:
182 type: Directory
183 path: /zynstra/config
View as plain text