# You will need to configure glouton-credentials with account and # registration key. --- apiVersion: v1 kind: Secret metadata: name: glouton-credentials type: stringData: GLOUTON_BLEEMEO_ACCOUNT_ID: ${GLOUTON_BLEEMEO_ACCOUNT_ID} GLOUTON_BLEEMEO_REGISTRATION_KEY: ${GLOUTON_BLEEMEO_REGISTRATION_KEY} --- apiVersion: v1 kind: ConfigMap metadata: name: glouton-config data: 99-local.conf: | # We recommend using another Kubernetes YAML file to make change of glouton-config. # This will allow to use latest version of this k8s.yaml file without needs to merge your # local change in the newer version. # Example: have another file "glouton-custom.yaml" which only contains a glouton-config ConfigMap # then apply with: # curl -s https://packages.bleemeo.com/bleemeo-agent/kubernetes/k8s.yaml | envsubst | kubectl apply -f -,./glouton-custom.yaml # Note: it's not a typo. The "-,./glouton-custom.yaml" is correct: we read from stdin ("-") then from the file. --- apiVersion: v1 kind: ServiceAccount metadata: name: glouton namespace: default --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: glouton rules: - apiGroups: - "" - apps resources: - pods - nodes - namespaces - replicasets verbs: - get - list - apiGroups: - "" resources: - endpoints verbs: - get --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: glouton roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: glouton subjects: - kind: ServiceAccount name: glouton namespace: default --- kind: DaemonSet apiVersion: apps/v1 metadata: name: glouton namespace: default labels: app: glouton spec: selector: matchLabels: app: glouton updateStrategy: type: RollingUpdate template: metadata: labels: app: glouton spec: tolerations: # this toleration is to have the daemonset runnable on control plane nodes # remove it if your control plane nodes can't run pods - key: node-role.kubernetes.io/control-plane effect: NoSchedule - key: node-role.kubernetes.io/etcd effect: NoExecute # this toleration is to have the daemonset runnable on master nodes # remove it if your masters can't run pods # "master nodes" was the previous name for "control plane nodes" before Kubernetes ~1.24 - key: node-role.kubernetes.io/master effect: NoSchedule serviceAccountName: glouton terminationGracePeriodSeconds: 60 hostNetwork: true hostPID: true containers: - image: bleemeo/bleemeo-agent:latest name: glouton ports: - name: http containerPort: 8015 securityContext: privileged: true volumeMounts: - name: lib-glouton mountPath: /var/lib/glouton - name: hostroot mountPath: /hostroot readOnly: true # See any mount done after Glouton start mountPropagation: HostToContainer # We used another folder than "conf.d" because we want to merge existing # file from conf.d and file coming from Kubernetes glouton-config. - name: glouton-config mountPath: /etc/glouton/conf-k8s.d/ env: - name: GLOUTON_CONFIG_FILES value: "/etc/glouton/glouton.conf,/etc/glouton/glouton-k8s-default.conf,/etc/glouton/conf.d,/etc/glouton/conf-k8s.d" - name: GLOUTON_KUBERNETES_ENABLE value: "True" - name: GLOUTON_KUBERNETES_CLUSTERNAME value: "${GLOUTON_KUBERNETES_CLUSTERNAME}" - name: GLOUTON_KUBERNETES_NODENAME valueFrom: fieldRef: fieldPath: spec.nodeName envFrom: - secretRef: name: glouton-credentials resources: requests: cpu: 0.05 memory: 100Mi volumes: - name: lib-glouton hostPath: path: /var/lib/glouton # Note: glouton will use this hostPath to access Docker or containerd socket - name: hostroot hostPath: path: / - name: glouton-config configMap: name: glouton-config