apiVersion: v1
kind: Namespace
metadata:
  name: node-exporter
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: node-exporter
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: node-exporter
  labels:
    app: node-exporter
    app.kubernetes.io/version: 1.5.0
  namespace: node-exporter
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: node-exporter
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-exporter
  labels:
    app: node-exporter
    app.kubernetes.io/version: 1.5.0
  annotations:
    configmanagement.gke.io/cluster-selector: not-foreman
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: node-exporter
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
rules:
- resources:
  - tokenreviews
  apiGroups:
  - authentication.k8s.io
  verbs:
  - create
- resources:
  - subjectaccessreviews
  apiGroups:
  - authorization.k8s.io
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: node-exporter
  labels:
    app: node-exporter
    app.kubernetes.io/version: 1.5.0
  annotations:
    configmanagement.gke.io/cluster-selector: not-foreman
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: node-exporter
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
roleRef:
  name: node-exporter
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: node-exporter
  namespace: node-exporter
  kind: ServiceAccount
---
apiVersion: v1
kind: Service
metadata:
  name: node-exporter
  labels:
    app: node-exporter
    app.kubernetes.io/version: 1.5.0
  namespace: node-exporter
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: node-exporter
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  selector:
    app: node-exporter
    app.kubernetes.io/version: 1.5.0
  ports:
  - name: https
    port: 9100
    targetPort: https
  clusterIP: None
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-exporter
  labels:
    app: node-exporter
    app.kubernetes.io/version: 1.5.0
  namespace: node-exporter
  annotations:
    linkerd.io/inject: disabled
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: node-exporter
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  selector:
    matchLabels:
      app: node-exporter
      app.kubernetes.io/version: 1.5.0
  template:
    metadata:
      labels:
        app: node-exporter
        app.kubernetes.io/version: 1.5.0
      annotations:
        kubectl.kubernetes.io/default-container: node-exporter
        pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
        pallet.edge.ncr.com/name: node-exporter
        pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
        pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
        pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
        pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
    spec:
      serviceAccountName: node-exporter
      hostNetwork: true
      hostPID: true
      nodeSelector:
        kubernetes.io/os: linux
      containers:
      - name: kube-rbac-proxy
        image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/quay.io/brancz/kube-rbac-proxy@sha256:a7f54a7419540e5d38c9e5a9e47c3fc1bd560c207eb663de95652900d6b8abb9
        args:
        - --logtostderr
        - --secure-listen-address=[$(IP)]:9100
        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - --upstream=http://127.0.0.1:9100/
        ports:
        - name: https
          hostPort: 9100
          containerPort: 9100
        env:
        - name: IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        resources:
          limits:
            cpu: "20m"
            memory: 40Mi
          requests:
            cpu: 10m
            memory: 20Mi
        securityContext:
          allowPrivilegeEscalation: false
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
      - name: node-exporter
        image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/quay.io/prometheus/node-exporter@sha256:4333a79a5979e776bd814af62e473f4e8eb204953b20234fdf011409e9c794a4
        args:
        - --web.listen-address=127.0.0.1:9100
        - --path.sysfs=/host/sys
        - --path.rootfs=/host/root
        - --path.udev.data=/host/root/run
        - --no-collector.wifi
        - --no-collector.hwmon
        - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
        - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$
        - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$
        - --collector.cpu.info
        - --collector.cpufreq
        - --collector.netdev.address-info
        resources:
          limits:
            cpu: "250m"
            memory: 384Mi
          requests:
            cpu: 100m
            memory: 192Mi
        volumeMounts:
        - name: sys
          readOnly: true
          mountPath: /host/sys
          mountPropagation: HostToContainer
        - name: root
          readOnly: true
          mountPath: /host/root
          mountPropagation: HostToContainer
        securityContext:
          allowPrivilegeEscalation: false
      volumes:
      - name: root
        hostPath:
          path: /
      - name: sys
        hostPath:
          path: /sys
      tolerations:
      - operator: Exists
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 10%