apiVersion: v1
kind: Pod
metadata:
  name: device-agent
  namespace: device-system
  labels:
    platform.edge.ncr.com/component: device-agent
spec:
  hostNetwork: true
  hostPID: true
  priorityClassName: system-node-critical
  containers:
  - name: device-agent
    image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/deviceagent
    ports:
    - name: metrics
      protocol: TCP
      containerPort: 9093
    env:
    - name: LOG_LEVEL
      value: info
    - name: KUBECONFIG
      value: /root/.kube/config
    - name: HOSTNAME
      value: desired-host
    - name: HOSTIP
      value: 1.2.3.4
    resources:
      limits:
        memory: 150Mi
      requests:
        cpu: 25m
        memory: 25Mi
    volumeMounts:
    - name: kubeconfig
      mountPath: /root/.kube/config
    - name: kube-sys-cgroup-fs
      mountPath: /sys/fs
    - name: kube-sys-devices-fs
      mountPath: /sys/devices
    - name: kube-dev-devices-fs
      mountPath: /dev
    - name: containerd-socket
      mountPath: /run/containerd/containerd.sock
    - name: device-plugins
      mountPath: /var/lib/kubelet/device-plugins
    - name: deviceclasses
      mountPath: /etc/deviceclasses.json
    - name: devicesets
      mountPath: /etc/devicesets.json
    - name: devicerules
      mountPath: /etc/devicerules.json
    securityContext:
      privileged: true
      capabilities:
        add:
        - NET_ADMIN # Allows device-agent to listen to host netlink socket for udev rich events
        - SYS_ADMIN # Allows device-agent to carry out cgroup operations on host for container permissions
        - CAP_SYS_CHROOT # Allows device-agent to carry out cmd execution to container namespaces
        drop:
        - all # Drop all linux capabilities
  volumes:
  - name: kubeconfig
    hostPath:
      type: File
      path: /etc/kubernetes/admin.conf
  - name: containerd-socket
    hostPath:
      type: Socket
      path: /run/containerd/containerd.sock
  - name: device-plugins
    hostPath:
      type: Directory
      path: /var/lib/kubelet/device-plugins
  - name: deviceclasses
    hostPath:
      type: FileOrCreate
      path: /zynstra/config/deviceclasses.json
  - name: devicesets
    hostPath:
      type: FileOrCreate
      path: /zynstra/config/devicesets.json
  - name: devicerules
    hostPath:
      type: FileOrCreate
      path: /zynstra/config/devicerules.json
  - name: kube-dev-devices-fs
    hostPath:
      path: /dev
  - name: kube-sys-cgroup-fs
    hostPath:
      path: /sys/fs
  - name: kube-sys-devices-fs
    hostPath:
      path: /sys/devices