apiVersion: apps/v1 kind: DaemonSet metadata: name: fluent-bit labels: &labels app.kubernetes.io/name: fluent-bit app.kubernetes.io/component: fluent-bit spec: selector: matchLabels: *labels template: metadata: labels: *labels spec: containers: - name: fluent-bit image: cr.fluentbit.io/fluent/fluent-bit imagePullPolicy: IfNotPresent args: - -c - /etc/fluent-bit/fluent-bit.yml env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName securityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL add: - CAP_DAC_READ_SEARCH volumeMounts: - mountPath: /etc/fluent-bit name: fluent-bit-config readOnly: true - mountPath: /etc/machine-id name: machine-id readOnly: true - mountPath: /etc/pki/ca-trust/source/anchors name: dch-ca readOnly: true - mountPath: /run/log name: run-log readOnly: true - mountPath: /var/lib/fluent-bit name: fluent-bit-data - mountPath: /var/log name: var-log readOnly: true dnsPolicy: ClusterFirstWithHostNet securityContext: seLinuxOptions: type: spc_t serviceAccountName: fluent-bit tolerations: - effect: NoExecute operator: Exists - effect: NoSchedule operator: Exists volumes: - name: dch-ca configMap: name: dch-root-ca items: - key: dch-root-ca.crt path: dch-root-ca-r2.crt - name: fluent-bit-config configMap: name: fluent-bit - name: fluent-bit-data hostPath: path: /var/lib/fluent-bit type: DirectoryOrCreate - name: machine-id hostPath: path: /etc/machine-id type: File - name: run-log hostPath: path: /run/log type: Directory - name: var-log hostPath: path: /var/log type: Directory