mirror of
https://github.com/lensapp/lens.git
synced 2025-05-20 05:10:56 +00:00
15d586d574
There is no need to use a hostPort or the hostNetwork; avoiding hostPort allocation improves compatibility with other cluster monitoring and avoiding hostNetwork ensures public-facing clusters don't have an exploitable ports.
71 lines
1.9 KiB
YAML
71 lines
1.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: node-exporter
|
|
namespace: lens-metrics
|
|
spec:
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels:
|
|
name: node-exporter
|
|
phase: prod
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: node-exporter
|
|
phase: prod
|
|
annotations:
|
|
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
hostPID: true
|
|
containers:
|
|
- name: node-exporter
|
|
image: docker.io/kontenapharos/prometheus-node-exporter:v0.18.0
|
|
args:
|
|
- --path.procfs=/host/proc
|
|
- --path.sysfs=/host/sys
|
|
- --path.rootfs=/host/root
|
|
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker|var/lib/containers/.+)($|/)
|
|
- --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
|
|
ports:
|
|
- name: metrics
|
|
containerPort: 9100
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 50Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 100Mi
|
|
volumeMounts:
|
|
- name: proc
|
|
mountPath: /host/proc
|
|
readOnly: true
|
|
- name: sys
|
|
mountPath: /host/sys
|
|
readOnly: true
|
|
- name: root
|
|
mountPath: /host/root
|
|
readOnly: true
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
volumes:
|
|
- name: proc
|
|
hostPath:
|
|
path: /proc
|
|
- name: sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: root
|
|
hostPath:
|
|
path: /
|