Text file src/edge-infra.dev/pkg/sds/ien/k8s/controllers/nodeagent/plugins/staticpodscheduler/templates/manifests/device-agent.yaml

Documentation: edge-infra.dev/pkg/sds/ien/k8s/controllers/nodeagent/plugins/staticpodscheduler/templates/manifests

     1apiVersion: v1
     2kind: Pod
     3metadata:
     4  name: device-agent
     5  namespace: device-system
     6  labels:
     7    platform.edge.ncr.com/component: device-agent
     8spec:
     9  hostNetwork: true
    10  hostPID: true
    11  priorityClassName: system-node-critical
    12  containers:
    13  - name: device-agent
    14    image: {{ .Image }}
    15    ports:
    16    - name: metrics
    17      protocol: TCP
    18      containerPort: 9093
    19    env:
    20    - name: LOG_LEVEL
    21      value: {{ .DeviceSystemLogLevel }}
    22    - name: KUBECONFIG
    23      value: /root/.kube/config
    24    - name: HOSTNAME
    25      value: {{ .NodeName }}
    26    - name: HOSTIP
    27      value: {{ .NodeIP }}
    28    resources:
    29      limits:
    30        memory: 150Mi
    31      requests:
    32        cpu: 25m
    33        memory: 25Mi
    34    volumeMounts:
    35    - name: kubeconfig
    36      mountPath: /root/.kube/config
    37    - name: kube-sys-cgroup-fs
    38      mountPath: /sys/fs
    39    - name: kube-sys-devices-fs
    40      mountPath: /sys/devices
    41    - name: kube-dev-devices-fs
    42      mountPath: /dev
    43    - name: containerd-socket
    44      mountPath: /run/containerd/containerd.sock
    45    - name: device-plugins
    46      mountPath: /var/lib/kubelet/device-plugins
    47    - name: deviceclasses
    48      mountPath: /etc/deviceclasses.json
    49    - name: devicesets
    50      mountPath: /etc/devicesets.json
    51    - name: devicerules
    52      mountPath: /etc/devicerules.json
    53    securityContext:
    54      privileged: true
    55      capabilities:
    56        add:
    57        - NET_ADMIN # Allows device-agent to listen to host netlink socket for udev rich events
    58        - SYS_ADMIN # Allows device-agent to carry out cgroup operations on host for container permissions
    59        - CAP_SYS_CHROOT # Allows device-agent to carry out cmd execution to container namespaces
    60        drop:
    61        - all # Drop all linux capabilities
    62  volumes:
    63  - name: kubeconfig
    64    hostPath:
    65      type: File
    66      path: /etc/kubernetes/admin.conf
    67  - name: containerd-socket
    68    hostPath:
    69      type: Socket
    70      path: /run/containerd/containerd.sock
    71  - name: device-plugins
    72    hostPath:
    73      type: Directory
    74      path: /var/lib/kubelet/device-plugins
    75  - name: deviceclasses
    76    hostPath:
    77      type: FileOrCreate
    78      path: /zynstra/config/deviceclasses.json
    79  - name: devicesets
    80    hostPath:
    81      type: FileOrCreate
    82      path: /zynstra/config/devicesets.json
    83  - name: devicerules
    84    hostPath:
    85      type: FileOrCreate
    86      path: /zynstra/config/devicerules.json
    87  - name: kube-dev-devices-fs
    88    hostPath:
    89      path: /dev
    90  - name: kube-sys-cgroup-fs
    91    hostPath:
    92      path: /sys/fs
    93  - name: kube-sys-devices-fs
    94    hostPath:
    95      path: /sys/devices

View as plain text