--- apiVersion: v1 kind: ServiceAccount metadata: name: pulse-agent namespace: apps-fuku --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: pulse-agent-read rules: - apiGroups: [""] resources: ["nodes", "pods"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: pulse-agent-read subjects: - kind: ServiceAccount name: pulse-agent namespace: apps-fuku roleRef: kind: ClusterRole name: pulse-agent-read apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: DaemonSet metadata: name: pulse-agent namespace: apps-fuku spec: selector: matchLabels: app: pulse-agent template: metadata: labels: app: pulse-agent spec: serviceAccountName: pulse-agent containers: - name: pulse-agent image: rcourtman/pulse:5.1.13 command: ["/opt/pulse/bin/pulse-agent-linux-amd64"] args: - --enable-kubernetes env: - name: PULSE_URL value: "https://pulse.fukurokuju.dev" - name: PULSE_TOKEN valueFrom: secretKeyRef: name: pulse-agent-secrets key: PULSE_TOKEN - name: PULSE_AGENT_ID value: "k8s-cluster" - name: PULSE_ENABLE_HOST value: "true" - name: HOST_PROC value: "/host/proc" - name: HOST_SYS value: "/host/sys" - name: HOST_ETC value: "/host/etc" - name: PULSE_KUBE_INCLUDE_ALL_PODS value: "true" - name: PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS value: "true" securityContext: privileged: true resources: requests: cpu: 50m memory: 128Mi limits: memory: 512Mi volumeMounts: - name: host-proc mountPath: /host/proc readOnly: true - name: host-sys mountPath: /host/sys readOnly: true - name: host-root mountPath: /host/root readOnly: true volumes: - name: host-proc hostPath: path: /proc - name: host-sys hostPath: path: /sys - name: host-root hostPath: path: / tolerations: - operator: Exists