Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- apiVersion: extensions/v1beta1
- kind: DaemonSet
- metadata:
- creationTimestamp: 2017-12-04T10:29:11Z
- generation: 1
- labels:
- app: twistlock-defender
- name: twistlock-defender-ds
- namespace: twistlock
- resourceVersion: "3397"
- selfLink: /apis/extensions/v1beta1/namespaces/twistlock/daemonsets/twistlock-defender-ds
- uid: f79387ae-d8dd-11e7-8227-42010a8a006c
- spec:
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- app: twistlock-defender
- template:
- metadata:
- creationTimestamp: null
- labels:
- app: twistlock-defender
- spec:
- containers:
- - env:
- - name: WS_ADDRESS
- value: wss://35.197.52.108:8084
- - name: DEFENDER_TYPE
- value: daemonset
- - name: DEFENDER_LISTENER_TYPE
- value: unix
- - name: LOG_PROD
- value: "true"
- - name: SYSLOG_ENABLED
- value: "true"
- - name: NETWORK_SCAN_ENABLED
- value: "true"
- - name: PROCESS_SCAN_ENABLED
- value: "true"
- - name: FILESYSTEM_SCAN_ENABLED
- value: "true"
- - name: SYSCALL_AUDIT_ENABLED
- value: "true"
- - name: LOCAL_DOCKER_AUDIT_ENABLED
- value: "true"
- - name: SYSTEMD_ENABLED
- value: "false"
- - name: DOCKER_CLIENT_ADDRESS
- value: /var/run/docker.sock
- - name: HTTP_PROXY
- - name: HTTPS_PROXY
- - name: NO_PROXY
- image: us.gcr.io/flexdh-devops/twistlock/private:defender_2_2_100
- imagePullPolicy: IfNotPresent
- name: twistlock-defender-2-2-100
- resources:
- limits:
- memory: 512M
- requests:
- cpu: 256m
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- - SYS_ADMIN
- - SYS_PTRACE
- - AUDIT_CONTROL
- privileged: true
- readOnlyRootFilesystem: true
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: /var/lib/twistlock/certificates
- name: certificates
- - mountPath: /var/lib/twistlock
- name: data-folder
- - mountPath: /var/run
- name: docker-sock-folder
- - mountPath: /etc/passwd
- name: passwd
- readOnly: true
- - mountPath: /var/run/docker/netns
- name: docker-netns
- readOnly: true
- - mountPath: /dev/log
- name: syslog-socket
- - mountPath: /run
- name: iptables-lock
- dnsPolicy: ClusterFirst
- hostNetwork: true
- hostPID: true
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- serviceAccount: twistlock-service
- serviceAccountName: twistlock-service
- terminationGracePeriodSeconds: 30
- volumes:
- - name: certificates
- secret:
- defaultMode: 256
- secretName: twistlock-secrets
- - hostPath:
- path: /dev/log
- name: syslog-socket
- - hostPath:
- path: /var/lib/twistlock
- name: data-folder
- - hostPath:
- path: /var/run/docker/netns
- name: docker-netns
- - hostPath:
- path: /etc/passwd
- name: passwd
- - hostPath:
- path: /var/run
- name: docker-sock-folder
- - hostPath:
- path: /run
- name: iptables-lock
- templateGeneration: 1
- updateStrategy:
- type: OnDelete
- status:
- currentNumberScheduled: 3
- desiredNumberScheduled: 3
- numberAvailable: 3
- numberMisscheduled: 0
- numberReady: 3
- observedGeneration: 1
- updatedNumberScheduled: 3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement