daemonset.yaml

Documentation: edge-infra.dev/third_party/k8s/node-exporter/base

     1apiVersion: apps/v1
     2kind: DaemonSet
     3metadata:
     4  name: node-exporter
     5  labels: 
     6    app: node-exporter
     7spec:
     8  selector:
     9    matchLabels:
    10      app: node-exporter
    11  template:
    12    metadata:
    13      annotations:
    14        kubectl.kubernetes.io/default-container: node-exporter
    15      labels: 
    16        app: node-exporter
    17    spec:
    18      containers:
    19      - args:
    20        - --web.listen-address=127.0.0.1:9100
    21        - --path.sysfs=/host/sys
    22        - --path.rootfs=/host/root
    23        - --path.udev.data=/host/root/run/udev/data
    24        - --no-collector.wifi
    25        - --no-collector.hwmon
    26        - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
    27        - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$
    28        - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$
    29        - --collector.cpu.info
    30        - --collector.cpufreq
    31        - --collector.netdev.address-info
    32        image: bzl://hack/deps:node_exporter_container_push
    33        name: node-exporter
    34        resources:
    35          limits:
    36            cpu: 250m
    37            memory: 384Mi
    38          requests:
    39            cpu: 100m
    40            memory: 192Mi
    41        securityContext:
    42          allowPrivilegeEscalation: false
    43        volumeMounts:
    44        - mountPath: /host/sys
    45          mountPropagation: HostToContainer
    46          name: sys
    47          readOnly: true
    48        - mountPath: /host/root
    49          mountPropagation: HostToContainer
    50          name: root
    51          readOnly: true
    52      - args:
    53        - --secure-listen-address=[$(IP)]:9100
    54        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    55        - --upstream=http://127.0.0.1:9100/
    56        env:
    57        - name: IP
    58          valueFrom:
    59            fieldRef:
    60              fieldPath: status.podIP
    61        image: bzl://hack/deps:kube_rbac_proxy_container_push
    62        name: kube-rbac-proxy
    63        ports:
    64        - containerPort: 9100
    65          hostPort: 9100
    66          name: https
    67        resources:
    68          limits:
    69            cpu: 20m
    70            memory: 40Mi
    71          requests:
    72            cpu: 10m
    73            memory: 20Mi
    74        securityContext:
    75          allowPrivilegeEscalation: false
    76          runAsGroup: 65532
    77          runAsNonRoot: true
    78          runAsUser: 65532
    79      hostNetwork: true
    80      hostPID: true
    81      nodeSelector:
    82        kubernetes.io/os: linux
    83      securityContext:
    84        runAsNonRoot: true
    85        runAsUser: 65534
    86      serviceAccountName: node-exporter
    87      tolerations:
    88      - operator: Exists
    89      volumes:
    90      - hostPath:
    91          path: /sys
    92        name: sys
    93      - hostPath:
    94          path: /
    95        name: root
    96  updateStrategy:
    97    rollingUpdate:
    98      maxUnavailable: 10%
    99    type: RollingUpdate
View as plain text