apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: wazuh-agent
  namespace: kube-system
  labels:
    app.kubernetes.io/name: wazuh-agent
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: wazuh-agent
  template:
    metadata:
      labels:
        app.kubernetes.io/name: wazuh-agent
    spec:
      initContainers:
      - name: wazuh-register
        image: ??
        envFrom:
        - configMapRef:
            name: wazuh-agent-env
        - secretRef:  # Peut-être à décortiquer plutôt
            name: wazuh-agent-secret
        resources:
          limits:
            memory: 200Mi
            cpu: 500m
          requests:
            memory: 100Mi
            cpu: 100m
        volumeMounts:
        - name: ossec-etc
          mountPath: /var/ossec/etc/
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
          runAsUser: 1000
      containers:
      - name: wazuh-agent
        image: ??
        envFrom:
        - configMapRef:
            name: wazuh-agent-env # nécessaire ?
        - secretRef:  # Peut-être à décortiquer plutôt
            name: wazuh-agent-secret
        # TODO: add liveness, readiness, startup probes with ports if necessary
        resources:
          limits:
            cpu: 500m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: var-log
          mountPath: /var/log
          readOnly: true
      terminationGracePeriodSeconds: 30
      volumes:
      - name: var-log
        hostPath:
          path: /var/log
      - name: ossec-etc
        emptyDir:
          sizeLimit: 1Mi