observability-conf/tracee.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app.kubernetes.io/name: tracee
    app.kubernetes.io/component: tracee
    app.kubernetes.io/part-of: tracee
  name: tracee
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: tracee
  template:
    metadata:
      labels:
        app.kubernetes.io/name: tracee
      name: tracee
    spec:
      containers:
      - name: tracee
        image: docker.io/aquasec/tracee:full
        imagePullPolicy: IfNotPresent
        args:
          - --webhook http://tracee-webhook:2801 --webhook-template ./templates/rawjson.tmpl --webhook-content-type application/json
        env:
          - name: LIBBPFGO_OSRELEASE_FILE
            value: /etc/os-release-host
        securityContext:
          privileged: true
        volumeMounts:
        - name: tmp-tracee
          mountPath: /tmp/tracee
        - name: etc-os-release
          mountPath: /etc/os-release-host
          readOnly: true
        resources:
          limits:
            cpu: 500m
            memory: 300Mi
          requests:
            cpu: 350m
            memory: 50Mi
      tolerations:
        - effect: NoSchedule
          operator: Exists
        - effect: NoExecute
          operator: Exists
      volumes:
      - hostPath:
          path: /tmp/tracee
        name: tmp-tracee
      - hostPath:
          path: /etc/os-release
        name: etc-os-release