67 lines
1.6 KiB
YAML
67 lines
1.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: wazuh-agent
|
|
namespace: kube-system
|
|
labels:
|
|
app.kubernetes.io/name: wazuh-agent
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: wazuh-agent
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: wazuh-agent
|
|
spec:
|
|
initContainers:
|
|
- name: wazuh-register
|
|
image: ??
|
|
envFrom:
|
|
- configMapRef:
|
|
name: wazuh-agent-env
|
|
- secretRef: # Peut-être à décortiquer plutôt
|
|
name: wazuh-agent-secret
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
cpu: 500m
|
|
requests:
|
|
memory: 100Mi
|
|
cpu: 100m
|
|
volumeMounts:
|
|
- name: ossec-etc
|
|
mountPath: /var/ossec/etc/
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
containers:
|
|
- name: wazuh-agent
|
|
image: ??
|
|
envFrom:
|
|
- configMapRef:
|
|
name: wazuh-agent-env # nécessaire ?
|
|
- secretRef: # Peut-être à décortiquer plutôt
|
|
name: wazuh-agent-secret
|
|
# TODO: add liveness, readiness, startup probes with ports if necessary
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 200Mi
|
|
volumeMounts:
|
|
- name: var-log
|
|
mountPath: /var/log
|
|
readOnly: true
|
|
terminationGracePeriodSeconds: 30
|
|
volumes:
|
|
- name: var-log
|
|
hostPath:
|
|
path: /var/log
|
|
- name: ossec-etc
|
|
emptyDir:
|
|
sizeLimit: 1Mi
|