---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: node-labeler
  namespace: monitoring
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: node-labeler
rules:
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
      - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: node-labeler
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: node-labeler
subjects:
- kind: ServiceAccount
  name: node-labeler
  namespace: monitoring
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-labeler
  namespace: monitoring
  labels:
    tier: node
    app: node-labeler
spec:
  selector:
    matchLabels:
      app: node-labeler
  template:
    metadata:
      labels:
        tier: node
        app: node-labeler
    spec:
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: node-labeler
      containers:
      - name: node-labeler
        image: vexxhost/node-labeler:latest
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        env:
        - name: NODE
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName