apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: log-agent
  namespace: node-agents
  labels:
    app: log-agent
spec:
  selector:
    matchLabels:
      app: log-agent
  template:
    metadata:
      labels:
        app: log-agent
    spec:
      nodeSelector:
        daemonset: log-agent
      containers:
        - name: log-agent
          image: busybox:1.36
          command:
            - sh
            - -c
            - echo node-agent running on $NODE_NAME; sleep 3600
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 65534
            seccompProfile:
              type: RuntimeDefault