apiVersion: v1
kind: ServiceAccount
metadata:
  name: skywalking-rover
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: skywalking-rover
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: skywalking-rover
subjects:
  - kind: ServiceAccount
    name: skywalking-rover
    namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: skywalking-rover
rules:
  - apiGroups: [""]
    resources: ["pods", "nodes", "services"]
    verbs: ["get", "watch", "list"]
---

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: skywalking-rover
spec:
  selector:
    matchLabels:
      name: skywalking-rover
  template:
    metadata:
      labels:
        name: skywalking-rover
    spec:
      serviceAccountName: skywalking-rover
      serviceAccount: skywalking-rover
      containers:
        - name: skywalking-rover
          # SkyWalking Rover image path
          image: apache/skywalking-rover:0.4.0
          imagePullPolicy: Always
          securityContext:
            capabilities:
              add:
                - SYS_PTRACE
                - SYS_ADMIN
            privileged: true
          volumeMounts:
            - name: host
              mountPath: /host
              readOnly: true
          env:
            - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ACTIVE
              value: "true"
            - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: ROVER_BACKEND_ADDR
              # backend OAP address
              value: skywalking-oap.istio-system:11800
            - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_ACTIVE
              value: "false"
            - name: ROVER_HOST_MAPPING
              value: /host
            - name: ROVER_LOGGER_LEVEL
              value: DEBUG
            - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_SERVICE_NAME
              value: '{{.Pod.LabelValue "service.istio.io/canonical-revision,app.kubernetes.io/version,version" | equalsOrDefault "latest" "-" }}|{{.Pod.LabelValue "service.istio.io/canonical-name,app.kubernetes.io/name,app" }}|{{.Pod.Namespace}}|{{- with $istioProxy := .Pod.FindContainer "istio-proxy" }}{{$istioProxy.EnvValue "TSB_CLUSTER,ISTIO_META_CLUSTER_ID"}}{{- end }}|-'
            - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_SERVICE_NAME
              value: '{{.Pod.LabelValue "service.istio.io/canonical-revision,app.kubernetes.io/version,version" | equalsOrDefault "latest" "-" }}|{{.Pod.LabelValue "service.istio.io/canonical-name,app.kubernetes.io/name,app" }}|{{.Pod.Namespace}}|{{- with $istioProxy := .Pod.FindContainer "istio-proxy" }}{{$istioProxy.EnvValue "TSB_CLUSTER,ISTIO_META_CLUSTER_ID"}}{{- end }}|-'
      hostPID: true
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      volumes:
        - name: host
          hostPath:
            path: /
            type: Directory