apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" meta.helm.sh/release-name: kube-prometheus-stack meta.helm.sh/release-namespace: monitoring creationTimestamp: "2026-04-27T16:30:40Z" generation: 1 labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: prometheus-node-exporter app.kubernetes.io/part-of: prometheus-node-exporter app.kubernetes.io/version: 1.8.1 helm.sh/chart: prometheus-node-exporter-4.36.0 jobLabel: node-exporter release: kube-prometheus-stack name: kube-prometheus-stack-prometheus-node-exporter namespace: monitoring resourceVersion: "6752" uid: 2cfde8df-b40d-4dac-a700-9260d8a58d71 spec: revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/name: prometheus-node-exporter template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" container.apparmor.security.beta.kubernetes.io/node-exporter: unconfined creationTimestamp: null labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: prometheus-node-exporter app.kubernetes.io/part-of: prometheus-node-exporter app.kubernetes.io/version: 1.8.1 helm.sh/chart: prometheus-node-exporter-4.36.0 jobLabel: node-exporter release: kube-prometheus-stack spec: automountServiceAccountToken: true containers: - args: - --path.procfs=/host/proc - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.udev.data=/host/root/run/udev/data - --web.listen-address=[$(HOST_IP)]:9100 - --collector.diskstats.ignored-devices=^(ram|loop|nbd|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$ - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|fuse.squashfuse_ll|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ - --collector.filesystem.mount-points-exclude=^/(dev|proc|run/credentials/.+|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+|var/lib/kubelet/plugins/kubernetes.io/csi/.+|run/containerd/.+)($|/) - --collector.netclass.ignored-devices=^(lxc|cilium_|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys|[0-9a-f]+_eth|vxlan).*$ - --collector.netdev.device-exclude=^(lxc|cilium_|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys|[0-9a-f]+_eth|vxlan).*$ - --collector.processes - --collector.systemd - --collector.stat.softirq - --web.config.file=/config/node-exporter.yml env: - name: HOST_IP value: 0.0.0.0 image: harbor.atmosphere.dev/quay.io/prometheus/node-exporter:v1.8.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: / port: 9100 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: node-exporter ports: - containerPort: 9100 name: http-metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: / port: 9100 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /host/proc name: proc readOnly: true - mountPath: /host/sys name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /certs name: certs readOnly: true - mountPath: /config name: kube-prometheus-stack-node-exporter - args: - --template=/config/certificate-template.yml - --ca-path=/certs/ca.crt - --cert-path=/certs/tls.crt - --key-path=/certs/tls.key env: - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0 imagePullPolicy: IfNotPresent name: pod-tls-sidecar resources: {} securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /certs name: certs - mountPath: /config name: kube-prometheus-stack-node-exporter dnsPolicy: ClusterFirst hostNetwork: true hostPID: true nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 serviceAccount: kube-prometheus-stack-prometheus-node-exporter serviceAccountName: kube-prometheus-stack-prometheus-node-exporter terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule operator: Exists volumes: - hostPath: path: /proc type: "" name: proc - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: medium: Memory name: certs - configMap: defaultMode: 420 name: kube-prometheus-stack-node-exporter name: kube-prometheus-stack-node-exporter updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 1 desiredNumberScheduled: 1 numberAvailable: 1 numberMisscheduled: 0 numberReady: 1 observedGeneration: 1 updatedNumberScheduled: 1