apiVersion: v1
kind: ServiceAccount
metadata:
  name: node-problem-detector
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: node-problem-detector
rules:
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - nodes/status
    verbs:
      - patch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
      - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: node-problem-detector
subjects:
  - kind: ServiceAccount
    name: node-problem-detector
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: node-problem-detector
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-problem-detector
  namespace: kube-system
  labels:
    app: node-problem-detector
spec:
  selector:
    matchLabels:
      app: node-problem-detector
  template:
    metadata:
      labels:
        app: node-problem-detector
    spec:
      serviceAccount: node-problem-detector
      containers:
        - name: node-problem-detector
          command:
            - /node-problem-detector
            - --logtostderr
            - --apiserver-wait-timeout=10s
            - --config.system-log-monitor=/config/kernel-monitor.json,/config/docker-monitor.json
          image: k8s.gcr.io/node-problem-detector:v0.8.1
          resources:
            limits:
              cpu: 10m
              memory: 80Mi
            requests:
              cpu: 10m
              memory: 80Mi
          imagePullPolicy: Always
          securityContext:
            privileged: true
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: log
              mountPath: /run/log
              readOnly: true
            - name: kmsg
              mountPath: /dev/kmsg
              readOnly: true
            # Make sure node problem detector is in the same timezone
            # with the host.
            - name: localtime
              mountPath: /etc/localtime
              readOnly: true
            - name: config
              mountPath: /config
              readOnly: true
      volumes:
        - name: log
          # Config `log` to your system log directory
          hostPath:
            path: /run/log/
        - name: kmsg
          hostPath:
            path: /dev/kmsg
        - name: localtime
          hostPath:
            path: /etc/localtime
        - name: config
          configMap:
            name: node-problem-detector-config
            items:
              - key: kernel-monitor.json
                path: kernel-monitor.json
              - key: docker-monitor.json
                path: docker-monitor.json