Icinga
diff --git a/‎Dockerfile
+5-3 b/‎Dockerfile
+5-3
diff --git a/‎cmd/icinga-kubernetes/main.go
+24-1 b/‎cmd/icinga-kubernetes/main.go
+24-1
diff --git a/‎icinga-kubernetes-expose-8080.yml
-15 b/‎icinga-kubernetes-expose-8080.yml
-15
diff --git a/‎icinga-kubernetes.example.yml
+110 b/‎icinga-kubernetes.example.yml
+110
diff --git a/‎icinga-kubernetes.yml
-14 b/‎icinga-kubernetes.yml
-14
@@ -7,6 +7,8 @@ RUN go build -o /go/bin/icinga-kubernetes ./cmd/icinga-kubernetes/main.go
 
 FROM scratch
 
-COPY --from=builder /go/bin/icinga-kubernetes /go/bin/icinga-kubernetes
-EXPOSE 8080
-ENTRYPOINT ["/go/bin/icinga-kubernetes"]
+WORKDIR /go/bin/
+COPY --from=alpine /tmp /tmp
+COPY --from=builder /go/bin/icinga-kubernetes ./icinga-kubernetes
+
+ENTRYPOINT ["./icinga-kubernetes"]
@@ -15,6 +15,7 @@ import (
 	kinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	kclientcmd "k8s.io/client-go/tools/clientcmd"
+	"os"
 )
 
 func main() {
@@ -34,7 +35,29 @@ func main() {
 		logging.Fatal(errors.Wrap(err, "can't parse flags"))
 	}
 
-	cfg, err := config.FromYAMLFile[internal.Config](flags.Config)
+	cfg := &internal.Config{}
+	configFile := flags.Config
+
+	if ikConfig, inCluster := os.LookupEnv("ICINGA_KUBERNETES_CONFIG"); inCluster {
+		file, err := os.CreateTemp("", "yaml-config-")
+		if err != nil {
+			logging.Fatal(errors.Wrap(err, "can't create temporary yaml config"))
+		}
+		defer func() {
+			err := os.Remove(file.Name())
+			if err != nil {
+				logging.Fatal(errors.Wrap(err, "can't remove temporary yaml config"))
+			}
+		}()
+
+		if _, err = file.Write([]byte(ikConfig)); err != nil {
+			logging.Fatal(errors.Wrap(err, "can't write to temporary yaml config"))
+		}
+
+		configFile = file.Name()
+	}
+
+	cfg, err = config.FromYAMLFile[internal.Config](configFile)
 	if err != nil {
 		logging.Fatal(errors.Wrap(err, "can't create configuration"))
 	}
 
@@ -0,0 +1,110 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: icinga-kubernetes
+  labels:
+    app: icinga-kubernetes
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: icinga-kubernetes-config
+  namespace: icinga-kubernetes
+data:
+  config: |
+    # This is the configuration file for Icinga Kubernetes.
+    #
+    # Connection configuration for the database to which Icinga Kubernetes synchronizes Kubernetes data.
+    # This is also the database used in Icinga Kubernetes Web to view and work with the data.
+    database:
+      # Database type. Either 'mysql' for MySQL or 'pgsql' for PostgreSQL.
+      # Defaults to 'mysql'.
+    #  type: mysql
+
+      # Database host or absolute Unix socket path.
+      host: 10.96.0.2
+    
+      # Database port. By default, the MySQL or PostgreSQL port, depending on the database type.
+    #  port:
+    
+      # Database name.
+      database: kubernetes
+    
+      # Database user.
+      user: kubernetes
+    
+      # Database password.
+      password: kubernetes
+    
+    # Icinga Kubernetes logs its activities at various severity levels and any errors that occur either
+    # on the console or in systemd's journal. The latter is used automatically when running under systemd.
+    # In any case, the default log level is 'info'.
+    logging:
+      # Default logging level. Can be set to 'fatal', 'error', 'warn', 'info' or 'debug'.
+      # If not set, defaults to 'info'.
+      level: info
+    
+      # Logging output. Can be set to 'console' (stderr) or 'systemd-journald'.
+      # If not set, logs to systemd-journald when running under systemd, otherwise stderr.
+    #  output:
+
+      # Interval for periodic logging defined as duration string.
+      # A duration string is a sequence of decimal numbers and a unit suffix, such as "20s".
+      # Valid units are "ms", "s", "m", "h".
+      # Defaults to "20s".
+    #  interval: 20s
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: icinga-kubernetes
+  namespace: icinga-kubernetes
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: icinga-kubernetes
+  name: resource-reader
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "*" ]
+    verbs: [ "get", "watch", "list" ]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: read-resources
+  namespace: icinga-kubernetes
+subjects:
+  - kind: ServiceAccount
+    name: icinga-kubernetes
+    namespace: icinga-kubernetes
+roleRef:
+  kind: ClusterRole
+  name: resource-reader
+  apiGroup: "rbac.authorization.k8s.io"
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: icinga-kubernetes
+  labels:
+    app: icinga-kubernetes
+  namespace: icinga-kubernetes
+spec:
+  serviceAccountName: icinga-kubernetes
+  containers:
+    - name: icinga-kubernetes
+      image: icinga-kubernetes
+      imagePullPolicy: Never
+      env:
+        - name: ICINGA_KUBERNETES_CONFIG
+          valueFrom:
+            configMapKeyRef:
+              name: icinga-kubernetes-config
+              key: config