apiVersion: apps/v1 kind: DaemonSet metadata: name: citadel-agent namespace: observability labels: app.kubernetes.io/name: citadel-agent app.kubernetes.io/part-of: citadel spec: selector: matchLabels: app.kubernetes.io/name: citadel-agent updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 template: metadata: labels: app.kubernetes.io/name: citadel-agent app.kubernetes.io/part-of: citadel # Label this pod so it routes its OWN logs to rdev-platform citadel.io/environment: rdev-platform citadel.io/service: citadel-agent spec: serviceAccountName: citadel-agent tolerations: # Run on all nodes including control plane - operator: Exists containers: - name: agent image: gcr.io/orchard9/citadel-agent:latest resources: requests: cpu: 50m memory: 64Mi limits: cpu: 200m memory: 256Mi envFrom: - configMapRef: name: citadel-agent-config env: - name: CITADEL_API_KEY valueFrom: secretKeyRef: name: citadel-agent key: api-key - name: CITADEL_TENANT_ID valueFrom: secretKeyRef: name: citadel-agent key: tenant-id - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: # Container log files on the node - name: varlog mountPath: /var/log readOnly: true # Container runtime data (for resolving container IDs to pod metadata) - name: containers mountPath: /var/lib/docker/containers readOnly: true # Persistent state (checkpoint offsets survive agent restarts) - name: agent-state mountPath: /var/lib/citadel-agent livenessProbe: httpGet: path: /healthz port: 9090 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /readyz port: 9090 initialDelaySeconds: 5 periodSeconds: 10 volumes: - name: varlog hostPath: path: /var/log - name: containers hostPath: path: /var/lib/docker/containers - name: agent-state hostPath: path: /var/lib/citadel-agent type: DirectoryOrCreate