apiVersion: v1
kind: Namespace
metadata:
  name: kubeowler
  labels:
    app.kubernetes.io/name: kubeowler
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kubeowler-node-inspector
  namespace: kubeowler
  labels:
    app: kubeowler-node-inspector
spec:
  selector:
    matchLabels:
      app: kubeowler-node-inspector
  template:
    metadata:
      labels:
        app: kubeowler-node-inspector
    spec:
      hostNetwork: false
      hostPID: true
      tolerations:
        - operator: Exists
      containers:
        - name: inspector
          image: docker.io/ghostwritten/kubeowler-node-inspector:v0.1.2
          imagePullPolicy: IfNotPresent
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          resources:
            requests:
              cpu: "10m"
              memory: "32Mi"
            limits:
              cpu: "100m"
              memory: "64Mi"
          securityContext:
            runAsNonRoot: false
            runAsUser: 0
            readOnlyRootFilesystem: false
            allowPrivilegeEscalation: false
            seLinuxOptions:
              type: "spc_t"
            capabilities:
              drop:
                - ALL
          volumeMounts:
            - name: host-root
              mountPath: /host
              readOnly: true
      volumes:
        - name: host-root
          hostPath:
            path: /
            type: Directory