apiVersion: apps/v1
kind: DaemonSet
metadata:
#  annotations:
#    meta.helm.sh/release-name: crowdsec
#    meta.helm.sh/release-namespace: crowdsec
  labels:
#    app.kubernetes.io/managed-by: Helm
    k8s-app: crowdsec
    type: agent
    version: v1
  name: crowdsec-agent
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: crowdsec
      type: agent
  template:
    metadata:
      labels:
        k8s-app: crowdsec
        type: agent
        version: v1
    spec:
      containers:
      - command:
        - sh
        - -c
        - mv -n /staging/etc/crowdsec/* /etc/crowdsec_data/ && rm -rf /staging/etc/crowdsec
          && ln -s /etc/crowdsec_data /etc/crowdsec && ./docker_start.sh
        env:
        - name: AGENT_USERNAME
          valueFrom:
            secretKeyRef:
              key: username
              name: agent-credentials
        - name: AGENT_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: agent-credentials
        - name: LOCAL_API_URL
          value: http://crowdsec-service.crowdsec:8080
        - name: DISABLE_LOCAL_API
          value: "true"
        - name: DISABLE_ONLINE_API
          value: "true"
        - name: COLLECTIONS
          value: crowdsecurity/traefik
        - name: SCENARIOS
          value: crowdsecurity/linux-lpe crowdsecurity/http-crawl-non_statics
        image: crowdsecurity/crowdsec:latest
        imagePullPolicy: IfNotPresent
        name: crowdsec-agent
        ports:
        - containerPort: 6060
          name: metrics
          protocol: TCP
        resources:
          limits:
            memory: 100Mi
          requests:
            cpu: 150m
            memory: 100Mi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/crowdsec_data
          name: crowdsec-agent-config
        - mountPath: /etc/crowdsec_data/acquis.yaml
          name: acquis-config-volume
          subPath: acquis.yaml
        - mountPath: /var/log
          name: varlog
        - mountPath: /var/lib/docker/containers
          name: varlibdockercontainers
          readOnly: true
      dnsPolicy: ClusterFirst
      initContainers:
      - command:
        - sh
        - -c
        - until nc crowdsec-service.crowdsec 8080; do echo waiting for lapi to start;
          sleep 5; done
        image: busybox:1.28
        imagePullPolicy: IfNotPresent
        name: wait-for-lapi
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
      volumes:
      - configMap:
          defaultMode: 420
          name: acquis-configmap
        name: acquis-config-volume
      - hostPath:
          path: /var/log
          type: ""
        name: varlog
      - name: crowdsec-agent-config
        hostPath:
          path: /mnt/local/crowdsec-agent
          type: "DirectoryOrCreate"
      - hostPath:
          path: /var/lib/docker/containers
          type: ""
        name: varlibdockercontainers
  updateStrategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate