Skip to content

C
charts
Commit d3eb54cf by Jorge Salamero Sanz Committed by Denise
Options

Initial version of Sysdig chart

parent 9d4d8852
Showing with 917 additions and 0 deletions
charts/sysdig/v1.4.22/CHANGELOG.md 0 → 100644
# Change Log
This file documents all notable changes to Sysdig Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).
## v1.4.22
### Minor changes
* Use the latest image from Agent (0.93.0) by default.
## v1.4.21
* Add 'How to upgrade to last version' to the README
## v1.4.20
### Minor changes
* Fixes compatibility errors introduced in v1.4.19.
## v1.4.19
### Minor changes
* Fixes compatibility with kubernetes 1.16.
## v1.4.18
### Minor changes
* Use the latest image from Agent (0.92.3) by default.
## v1.4.17
### Minor changes
* Use the latest image from Agent (0.92.2) by default.
## v1.4.16
### Minor changes
* Allow the DaemonSet to schedule using affinity rules
## v1.4.15
### Minor changes
* Add configmaps and secrets to the resources we can read
* Add support for priorityClassName, httpProxy, timezone and any env variable settings
## v1.4.14
### Minor changes
* Update REAMED.md to fix the example in how to use the `sysdig.settings.tags` in the command line with `--set`
## v1.4.13
### Minor changes
* Use the latest image from Agent (0.92.1) by default.
* Increase `resources.requests` and `resources.limits` to match the [values
provided by Sysdig's agent team.](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml#L70)
## v1.4.12
### Minor changes
* Use the latest image from Agent (0.92.0) by default.
## v1.4.11
### Minor Changes
* Add nestorsalceda as an approver in the OWNERS file
## v1.4.10
### Minor Changes
* Use the latest image from Agent (0.90.3) by default.
## v1.4.9
### Minor Changes
* Use the latest image from Agent (0.90.2) by default.
## v1.4.8
### Minor Changes
* Add a volume with the os release information.
* Use the latest image from Agent (0.90.1) by default.
## v1.4.7
### Minor Changes
* Add apiVersion to Chart.yaml.
## v1.4.6
### Minor Changes
* Dont allow to change the value of `new_k8s` flag.
## v1.4.5
### Minor Changes
* Enable `new_k8s` flag by default. This allows kube state metrics to be
automatically detected, monitored, and displayed in Sysdig Monitor.
## v1.4.4
### Minor Changes
* Use the latest image from Agent (0.89.5) by default.
* Add `persistentvolumes` and `persistentvolumeclaims` to ClusterRole
## v1.4.3
### Minor Changes
* Provide an empty value to `sysdig.accessKey` key.
## v1.4.2
### Minor Changes
* Use the latest image from Agent (0.89.4) by default.
* Use latest shovel logo.
## v1.4.0
### Major Changes
* Use the latest image from Agent (0.89.0) by default.
* eBPF support added.
## v1.3.2
### Minor Changes
* Provide sane defaults resources for the Sysdig Agent.
* Use RollingUpdate strategy by default.
## v1.3.1
### Minor Changes
* Revert v1.2.1 changes. The agent automatically restarts when detects a change in the configuration.
## v1.3.0
### Major Changes
* Use a lower pod termination grace period for avoiding data gaps when pod fails to terminate quickly.
* Check running file on readinessProbe instead of relaying on logs.
* Mount /run and /var/run instead of Docker socket. It allows to access CRI / containerd socket.
* Avoid floating references for the image.
## v1.2.2
### Minor Changes
* Fix value in the agent tags example.
## v1.2.1
### Minor Changes
* Add checksum annotations to DaemonSet so that rolling upgrades works when a ConfigMap changes.
## v1.2.0
### Major Changes
* Allow to use other Docker registries (ECR, Quay ...) to download the Sysdig agent image.
## v1.1.0
### Major Changes
* Add support for uploading custom app checks for Sysdig agent
## v1.0.4
### Minor Changes
* Update README file with instructions for setting up the agent with On-Premise deployments
## v1.0.3
### Minor Changes
* Fixed error in ClusterRoleBinding's roleRef
## v1.0.2
### Minor Changes
* Fix readinessProbe in daemonset's pod spec
## v1.0.1
### Minor Changes
* Add dnsPolicy to daemonset. Its value is ClusterFirstWithHostNet
* Fix link target for retrieving Sysdig Monitor Access Key in README
## v1.0.0
### Major Changes
* Run Sysdig agent as [daemonset v2.0](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml).
* Fix value's naming in order to follow [best practices](https://docs.helm.sh/chart_best_practices/#naming-conventions).
* Use a secure.enabled flag for enabling Sysdig Secure.
* Allow rbac resource creation or use existing serviceAccountName.
* Use required function for retrieving sysdig.accessKey. This ensures that key is present.
charts/sysdig/v1.4.22/Chart.yaml 0 → 100755
apiVersion: v1
name: sysdig
version: 1.4.22
appVersion: 0.93.0
description: Sysdig Monitor and Secure agent
keywords:
- monitoring
- security
- alerting
- metric
- troubleshooting
- run-time
home: https://www.sysdig.com/
icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
maintainers:
- name: lachie83
email: lachlan@deis.com
- name: bencer
email: jorge.salamero@sysdig.com
- name: nestorsalceda
email: nestor.salceda@sysdig.com
charts/sysdig/v1.4.22/DESIGN.md 0 → 100644
# Design and Known Issues Justification Document
## Goal
The goal of this file is to document and give some context about some issues that
forced me to take some decisions in this Chart.
## Loading Custom App Checks using a ConfigMap and a Yaml file
In Helm, we are not able to add an external file to a Chart deployment, in fact,
there is an [issue](https://github.com/helm/helm/issues/3276) about this.
This means that external files like SSL certificates or pluggable files, like
Falco rules or Custom App Checks, should be managed using Helm exclusively. You
can see comments in [first Falco pull request](https://github.com/helm/charts/pull/5853).
And the way to manage them using Helm is to pass file contents as values to Chart
deployment. A nice tip is using a Yaml file and pass to deployment command line
using the -f flag.
## OpenShift support
Right now, there are an issue in [OpenShift](https://github.com/openshift/origin/issues/20788)
and other in [Helm](https://github.com/helm/helm/issues/4533) that makes a bit
cumbersome the OpenShift support for this Chart.
Eventually, they will be fixed. But meanwhile a workaround is to create a
serviceAccount using the `oc` utility. Also manage permissions for creating privileged
containers and allowing hostPath mount with `oc` and deploy the Chart with the
`serviceAccount.name` created with `oc`.
You can see more details about this workaround on [Sysdig Documentation about OpenShift](https://sysdigdocs.atlassian.net/wiki/spaces/Platform/pages/256671843/).
charts/sysdig/v1.4.22/OWNERS 0 → 100644
approvers:
- bencer
- nestorsalceda
reviewers:
- bencer
- nestorsalceda
charts/sysdig/v1.4.22/app-readme.md 0 → 100644
# Sysdig Secure DevOps Platform
Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams embed security, maximize availability, and validate compliance. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility.
## Embed security
* Detect vulnerabilities and misconfigurations with a single workflow
* Block threats without impacting performance using K8s controls
* Conduct forensics even after the container is gone
## Maximize availability
* Prevent issues by monitoring performance and capacity
* Accelerate troubleshooting with a single source of truth
* Scale Prometheus monitoring across clusters and clouds
## Validate compliance
* Verify configuration meets CIS best practices
* Ensure application compliance with NIST, PCI
* Enable audit by correlating Kubernetes activity
Learn more at [sysdig.com](https://sysdig.com/)
charts/sysdig/v1.4.22/questions.yml 0 → 100644
labels:
io.rancher.certified: partner
io.cattle.role: cluster
rancher_min_version: 2.3.0
questions:
#image configurations
- variable: defaultImage
default: true
description: "Use default Sysdig image or specify a custom one"
label: Use Default Sysdig Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: image.repository
default: "ranchercharts/sysdig"
description: "Sysdig Image Name"
type: string
label: Sysdig Image Name
- variable: image.tag
default: "0.93.0"
description: "Sysdig Image Tag"
type: string
label: Sysdig Image Tag
#agent configurations
- variable: sysdig.accessKey
default: ""
description: "You need your Sysdig accessKey before running agents"
type: string
required: true
label: Sysdig accessKey
- variable: sysdig.backend
default: "Sysdig SaaS"
description: "Where is Sysdig backend hosted on"
type: enum
label: Sysdig Backend
group: "Agent Configuration"
required: true
options:
- "sysdig-saas"
- "self-hosted"
- variable: sysdig.settings.collector
required: true
default: "collector.sysdigcloud.com"
description: "The host of the Sysdig collector the agent sends data to, only set this option if you need the agent to send data to a custom backend"
type: string
label: Sysdig Collector
group: "Agent Configuration"
show_if: "sysdig.backed=self-hosted"
- variable: sysdig.settings.collector_port
required: true
default: "6443"
description: "The port where the Sysdig collector listens to"
type: string
label: Sysdig Collector Port
group: "Agent Configuration"
show_if: "sysdig.backed=self-hosted"
- variable: sysdig.settings.ssl
required: true
default: true
description: "Use SSL to connect to the Sysdig collector"
type: boolean
label: Sysdig Collector SSL
group: "Agent Configuration"
show_if: "sysdig.backed=self-hosted"
- variable: sysdig.settings.ssl_verify_certificate
required: true
default: true
description: "Validate SSL certificate from the Sysdig collector"
type: boolean
label: Sysdig Collector Verify SSL Certificate
group: "Agent Configuration"
show_if: "sysdig.backed=self-hosted&&sysdig.settings.ssl=true"
- variable: sysdig.settings.tags
default: ""
description: "Agent tags, separated by commas. For example: 'linux:ubuntu,dept:dev,local:nyc'"
type: string
label: Agent Tags
group: "Agent Configuration"
- variable: ebpf.enabled
default: false
description: "Enable eBPF support for Sysdig agent instead of kernel module"
type: boolean
label: Enable eBPF
group: "Agent Configuration"
#proxy configurations
- variable: proxy.httpProxy
default: ""
description: "An http URL to use as a proxy for http requests"
type: string
label: Proxy for HTTP Requests
group: "Proxy Configuration"
- variable: proxy.httpsProxy
default: ""
description: "An http URL to use as a proxy for https requests"
type: string
label: Proxy for HTTPS Requests
group: "Proxy Configuration"
- variable: proxy.noProxy
default: ""
description: "A space-separated list of URLs for which no proxy should be used"
type: string
label: No Proxy List (separated by a space)
group: "Proxy Configuration"
charts/sysdig/v1.4.22/scripts/appchecks2helm 0 → 100755
#!/bin/bash
echo "customAppChecks:"
for app_check in "$@"
do
echo -e " $(basename $app_check): |-"
while IFS= read -r line
do
echo -e " $line"
done <"$app_check"
done
charts/sysdig/v1.4.22/templates/NOTES.txt 0 → 100644
Sysdig Monitor agents are spinning up on each node in your cluster. After a few
seconds, you should see your hosts appearing in the Explore tab:
https://app.sysdigcloud.com/#/explore/overview/l:10
No further action should be required.
charts/sysdig/v1.4.22/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "sysdig.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "sysdig.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "sysdig.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "sysdig.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "sysdig.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Sysdig Agent image name
*/}}
{{- define "sysdig.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
charts/sysdig/v1.4.22/templates/clusterrole.yaml 0 → 100644
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: {{ template "sysdig.fullname" .}}
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
rules:
- apiGroups:
- ""
resources:
- pods
- replicationcontrollers
- services
- events
- limitranges
- namespaces
- nodes
- resourcequotas
- persistentvolumes
- persistentvolumeclaims
- configmaps
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- ingresses
- replicasets
verbs:
- get
- list
- watch
{{- end }}
charts/sysdig/v1.4.22/templates/clusterrolebinding.yaml 0 → 100644
{{- if .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: {{ template "sysdig.fullname" .}}
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
subjects:
- kind: ServiceAccount
name: {{ template "sysdig.serviceAccountName" .}}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "sysdig.fullname" .}}
apiGroup: rbac.authorization.k8s.io
{{- end }}
charts/sysdig/v1.4.22/templates/configmap-custom-app-checks.yaml 0 → 100644
{{- if .Values.customAppChecks }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sysdig.fullname" . }}-custom-app-checks
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
{{- range $file, $content := .Values.customAppChecks }}
{{ $file }}: |-
{{ $content | indent 4}}
{{- end }}
{{- end }}
charts/sysdig/v1.4.22/templates/configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sysdig.fullname" . }}
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
dragent.yaml: |
new_k8s: true
{{- if .Values.secure.enabled }}
security:
enabled: true
commandlines_capture:
enabled: true
memdump:
enabled: true
{{- end }}
{{- if .Values.sysdig.settings }}
{{ toYaml .Values.sysdig.settings | indent 4 }}
{{- end }}
charts/sysdig/v1.4.22/templates/daemonset.yaml 0 → 100644
{{- if .Values.sysdig.accessKey }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "sysdig.fullname" . }}
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
matchLabels:
app: {{ template "sysdig.fullname" .}}
template:
metadata:
name: {{ template "sysdig.fullname" .}}
labels:
app: {{ template "sysdig.fullname" .}}
spec:
serviceAccountName: {{ template "sysdig.serviceAccountName" .}}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
terminationGracePeriodSeconds: 5
{{- if .Values.daemonset.affinity }}
affinity:
{{ toYaml .Values.daemonset.affinity | indent 8 }}
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ template "sysdig.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.resources | indent 12 }}
securityContext:
privileged: true
{{- if .Values.ebpf.enabled }}
env:
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
{{- if .Values.proxy.httpProxy }}
- name: http_proxy
value: {{ .Values.proxy.httpProxy }}
{{- end }}
{{- if .Values.proxy.httpsProxy }}
- name: https_proxy
value: {{ .Values.proxy.httpsProxy }}
{{- end }}
{{- if .Values.proxy.noProxy }}
- name: no_proxy
value: {{ .Values.proxy.noProxy }}
{{- end }}
{{- if .Values.timezone }}
- name: TZ
value: {{ .Values.timezone }}
{{- end }}
{{- range $key, $value := .Values.daemonset.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
readinessProbe:
exec:
command: [ "test", "-e", "/opt/draios/logs/running" ]
initialDelaySeconds: 10
volumeMounts:
- mountPath: /host/dev
name: dev-vol
readOnly: false
- mountPath: /host/proc
name: proc-vol
readOnly: true
- mountPath: /host/boot
name: boot-vol
readOnly: true
- mountPath: /host/lib/modules
name: modules-vol
readOnly: true
- mountPath: /host/usr
name: usr-vol
readOnly: true
- mountPath: /host/run
name: run-vol
- mountPath: /host/var/run
name: varrun-vol
- mountPath: /dev/shm
name: dshm
- mountPath: /opt/draios/etc/kubernetes/config
name: sysdig-agent-config
- mountPath: /opt/draios/etc/kubernetes/secrets
name: sysdig-agent-secrets
{{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }}
- mountPath: /host/etc
name: etc-fs
readOnly: true
{{- end }}
{{- if .Values.customAppChecks }}
- mountPath: /opt/draios/lib/python/checks.custom.d
name: custom-app-checks-volume
{{- end }}
- mountPath: /host/etc/os-release
name: osrel
readOnly: true
volumes:
- name: osrel
hostPath:
path: /etc/os-release
type: FileOrCreate
- name: dshm
emptyDir:
medium: Memory
- name: dev-vol
hostPath:
path: /dev
- name: proc-vol
hostPath:
path: /proc
- name: boot-vol
hostPath:
path: /boot
- name: modules-vol
hostPath:
path: /lib/modules
- name: usr-vol
hostPath:
path: /usr
- name: run-vol
hostPath:
path: /run
- name: varrun-vol
hostPath:
path: /var/run
{{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }}
- name: etc-fs
hostPath:
path: /etc
{{- end }}
- name: sysdig-agent-config
configMap:
name: {{ template "sysdig.fullname" . }}
optional: true
- name: sysdig-agent-secrets
secret:
secretName: {{ template "sysdig.fullname" . }}
{{- if .Values.customAppChecks }}
- name: custom-app-checks-volume
configMap:
name: {{ template "sysdig.fullname" . }}-custom-app-checks
{{- end }}
updateStrategy:
{{ toYaml .Values.daemonset.updateStrategy | indent 4 }}
{{- end }}
charts/sysdig/v1.4.22/templates/secrets.yaml 0 → 100644
{{- if .Values.sysdig.accessKey }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "sysdig.fullname" . }}
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
access-key : {{ required "A valid .Values.sysdig.accessKey is required" .Values.sysdig.accessKey | b64enc | quote }}
{{- end }}
charts/sysdig/v1.4.22/templates/serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "sysdig.serviceAccountName" .}}
labels:
app: {{ template "sysdig.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- end }}
charts/sysdig/v1.4.22/values.yaml 0 → 100644
# Default values for Sysdig Monitor and Secure Helm package.
image:
registry: docker.io
repository: sysdig/agent
tag: 0.93.0
# Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
pullPolicy: IfNotPresent
# Optionally specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
#
# pullSecrets:
# - name: myRegistrKeySecretName
resources:
# Although resources needed are subjective on the actual workload we provide
# a sane defaults ones. If you have more questions or concerns, please refer
# to Sysdig Support for more info about it
requests:
cpu: 600m
memory: 512Mi
limits:
cpu: 2000m
memory: 1536Mi
rbac:
# true here enables creation of rbac resources
create: true
serviceAccount:
# Create and use serviceAccount resources
create: true
# Use this value as serviceAccountName
name:
daemonset:
# Perform rolling updates by default in the DaemonSet agent
# ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
updateStrategy:
# You can also customize maxUnavailable, maxSurge or minReadySeconds if you
# need it
type: RollingUpdate
## Extra environment variables that will be pass onto deployment pods
env: {}
## Allow the DaemonSet to schedule using affinity rules
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
# affinity: {}
# If is behind a proxy you can set the proxy server
proxy:
httpProxy:
httpsProxy:
noProxy:
# Set daemonset timezone
timezone:
# Set daemonset priorityClassName
priorityClassName:
ebpf:
# Enable eBPF support for Sysdig Agent
enabled: false
settings:
# Needed to correctly detect the kernel version for the eBPF program
# Set to false if not running on Google COS
mountEtcVolume: true
sysdig:
# Required: You need your Sysdig Monitor access key before running agents.
accessKey: ""
settings:
### Agent tags
# tags: linux:ubuntu,dept:dev,local:nyc
#### Sysdig Software related config ####
# Sysdig collector address
# collector: 192.168.1.1
# Collector TCP port
# collector_port: 6666
# Whether collector accepts ssl
# ssl: true
# collector certificate validation
# ssl_verify_certificate: true
#######################################
# k8s_cluster_name: production
secure:
# true here enables Sysdig Secure: container run-time security & forensics
enabled: true
customAppChecks: {}
# Allow passing custom app checks for Sysdig Agent.
# Example:
#
# sample.py: |-
# from checks import AgentCheck
#
# class MyCustomCheck(AgentCheck):
# def check(self, instance):
# self.gauge("testhelm", 1)
# Allow sysdig to run on Kubernetes 1.6 masters.
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment