# You will need to configure glouton-credentials with account and
# registration key.
---
apiVersion: v1
kind: Secret
metadata:
  name: glouton-credentials
type:
stringData:
  GLOUTON_BLEEMEO_ACCOUNT_ID: YOUR_ACCOUNT_ID
  GLOUTON_BLEEMEO_REGISTRATION_KEY: YOUR_REGISTRATION_KEY
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: glouton-config
data:
  99-local.conf: |
    # Add Glouton customization here
    df:
      path_ignore:
      # some ignore usefull for minikube. Anyway on minikube data are stored
      # in /mnt/sda1 which is not exlucded
      - /mnt/sda1/var/lib  # minikube real path for /var/lib
      - /var/lib  # minikube bind-mount lots of /var/lib sub-path
      - /etc/     # minikube bind-mount path in /etc
      - /tmp      # minikube bind-mount path in /tmp
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: glouton
  namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: glouton
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: glouton
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: glouton
subjects:
- kind: ServiceAccount
  name: glouton
  namespace: default
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: glouton
  namespace: default
  labels:
    app: glouton
spec:
  selector:
    matchLabels:
      app: glouton
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: glouton
    spec:
      tolerations:
      # this toleration is to have the daemonset runnable on master nodes
      # remove it if your masters can't run pods
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      serviceAccountName: glouton
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      hostPID: true
      containers:
      - image: bleemeo/bleemeo-agent
        name: glouton
        ports:
        - name: http
          containerPort: 8015
        securityContext:
          privileged: true
        volumeMounts:
        - name: lib-glouton
          mountPath: /var/lib/glouton
        - name: hostroot
          mountPath: /hostroot
          readOnly: true
        # We used another folder than "conf.d" because we want to merge existing
        # file from conf.d and file coming from Kubernetes glouton-config.
        - name: glouton-config
          mountPath: /etc/glouton/conf-k8s.d/
        env:
        - name: GLOUTON_CONFIG_FILES
          value: "/etc/glouton/glouton.conf,/etc/glouton/conf.d,/etc/glouton/conf-k8s.d"
        - name: GLOUTON_KUBERNETES_ENABLED
          value: "True"
        - name: GLOUTON_KUBERNETES_NODENAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        envFrom:
        - secretRef:
            name: glouton-credentials
      volumes:
      - name: lib-glouton
        hostPath:
          path: /var/lib/glouton
      # Note: glouton will use this hostPath to access Docker or containerd socket
      - name: hostroot
        hostPath:
          path: /
      - name: glouton-config
        configMap:
          name: glouton-config