# services/maintenance/metis-sentinel-daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: metis-sentinel namespace: maintenance spec: selector: matchLabels: app: metis-sentinel updateStrategy: type: RollingUpdate template: metadata: labels: app: metis-sentinel annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: serviceAccountName: metis nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/worker: "true" containers: - name: metis-sentinel image: registry.bstein.dev/bstein/metis-sentinel:latest imagePullPolicy: Always command: - /bin/sh - -c args: - | set -eu out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}" interval="${METIS_SENTINEL_INTERVAL_SEC:-120}" mkdir -p "${out_dir}" while true; do ts="$(date -u +%Y%m%dT%H%M%SZ)" node="${METIS_SENTINEL_NODE:-unknown}" tmp="${out_dir}/${node}-${ts}.json.tmp" out="${out_dir}/${node}-${ts}.json" if metis-sentinel > "${tmp}"; then mv "${tmp}" "${out}" else rm -f "${tmp}" || true fi sleep "${interval}" done envFrom: - configMapRef: name: metis env: - name: METIS_SENTINEL_NODE valueFrom: fieldRef: fieldPath: spec.nodeName ports: - name: http containerPort: 8080 volumeMounts: - name: sentinel-output mountPath: /var/run/metis-sentinel resources: requests: cpu: 25m memory: 64Mi limits: cpu: 250m memory: 256Mi securityContext: allowPrivilegeEscalation: false runAsUser: 0 capabilities: drop: ["ALL"] - name: sentinel-pusher image: curlimages/curl:8.12.1 imagePullPolicy: IfNotPresent command: - /bin/sh - -c args: - | set -eu out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}" push_url="${METIS_SENTINEL_PUSH_URL:-}" interval="${METIS_SENTINEL_PUSH_INTERVAL_SEC:-120}" timeout="${METIS_SENTINEL_PUSH_TIMEOUT_SEC:-10}" mkdir -p "${out_dir}" while true; do for snapshot in "${out_dir}"/*.json; do [ -f "${snapshot}" ] || continue if [ -z "${push_url}" ]; then break fi if curl -fsS --connect-timeout "${timeout}" --max-time "${timeout}" \ -X POST \ -H "Content-Type: application/json" \ -H "X-Metis-Node: ${METIS_SENTINEL_NODE:-unknown}" \ --data-binary "@${snapshot}" \ "${push_url}"; then rm -f "${snapshot}" fi done sleep "${interval}" done envFrom: - configMapRef: name: metis env: - name: METIS_SENTINEL_NODE valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: sentinel-output mountPath: /var/run/metis-sentinel resources: requests: cpu: 10m memory: 32Mi limits: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false runAsUser: 0 capabilities: drop: ["ALL"] volumes: - name: sentinel-output emptyDir: {}