apiVersion: v1 kind: Namespace metadata: name: node-exporter annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} --- apiVersion: v1 kind: ServiceAccount metadata: name: node-exporter labels: app: node-exporter app.kubernetes.io/version: 1.5.0 namespace: node-exporter annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: node-exporter labels: app: node-exporter app.kubernetes.io/version: 1.5.0 annotations: configmanagement.gke.io/cluster-selector: not-foreman pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a rules: - resources: - tokenreviews apiGroups: - authentication.k8s.io verbs: - create - resources: - subjectaccessreviews apiGroups: - authorization.k8s.io verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: node-exporter labels: app: node-exporter app.kubernetes.io/version: 1.5.0 annotations: configmanagement.gke.io/cluster-selector: not-foreman pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a roleRef: name: node-exporter kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: node-exporter namespace: node-exporter kind: ServiceAccount --- apiVersion: v1 kind: Service metadata: name: node-exporter labels: app: node-exporter app.kubernetes.io/version: 1.5.0 namespace: node-exporter annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: selector: app: node-exporter app.kubernetes.io/version: 1.5.0 ports: - name: https port: 9100 targetPort: https clusterIP: None --- apiVersion: apps/v1 kind: DaemonSet metadata: name: node-exporter labels: app: node-exporter app.kubernetes.io/version: 1.5.0 namespace: node-exporter annotations: linkerd.io/inject: disabled pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: selector: matchLabels: app: node-exporter app.kubernetes.io/version: 1.5.0 template: metadata: labels: app: node-exporter app.kubernetes.io/version: 1.5.0 annotations: kubectl.kubernetes.io/default-container: node-exporter pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: node-exporter pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: serviceAccountName: node-exporter hostNetwork: true hostPID: true nodeSelector: kubernetes.io/os: linux containers: - name: kube-rbac-proxy image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/quay.io/brancz/kube-rbac-proxy@sha256:a7f54a7419540e5d38c9e5a9e47c3fc1bd560c207eb663de95652900d6b8abb9 args: - --logtostderr - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:9100/ ports: - name: https hostPort: 9100 containerPort: 9100 env: - name: IP valueFrom: fieldRef: fieldPath: status.podIP resources: limits: cpu: "20m" memory: 40Mi requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 - name: node-exporter image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/quay.io/prometheus/node-exporter@sha256:4333a79a5979e776bd814af62e473f4e8eb204953b20234fdf011409e9c794a4 args: - --web.listen-address=127.0.0.1:9100 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.udev.data=/host/root/run - --no-collector.wifi - --no-collector.hwmon - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$ - --collector.cpu.info - --collector.cpufreq - --collector.netdev.address-info resources: limits: cpu: "250m" memory: 384Mi requests: cpu: 100m memory: 192Mi volumeMounts: - name: sys readOnly: true mountPath: /host/sys mountPropagation: HostToContainer - name: root readOnly: true mountPath: /host/root mountPropagation: HostToContainer securityContext: allowPrivilegeEscalation: false volumes: - name: root hostPath: path: / - name: sys hostPath: path: /sys tolerations: - operator: Exists securityContext: runAsNonRoot: true runAsUser: 65534 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 10%