apiVersion: v1 kind: ServiceAccount metadata: name: kube-dhcp-daemon namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dhcp-daemon-cluster-role rules: - apiGroups: - "" resources: - nodes/status - pods verbs: - patch - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dhcp-daemon-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: dhcp-daemon-cluster-role subjects: - kind: ServiceAccount name: kube-dhcp-daemon namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app: dhcp name: kube-dhcp tier: node name: kube-dhcp-daemon namespace: kube-system spec: selector: matchLabels: name: kube-dhcp template: metadata: labels: app: dhcp name: kube-dhcp tier: node spec: affinity: {} containers: - env: - name: PRIORITY value: "99" - name: NODENAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: ghcr.io/ajacques/k8s-dhcp-cni-helper:br imagePullPolicy: Always lifecycle: preStop: exec: command: - /bin/sh - -c - rm /host/cni_net/$PRIORITY-bridge.conflist && /cni/dhcp shutdown name: kube-dhcp resources: limits: cpu: 100m memory: 50Mi requests: cpu: 10m memory: 50Mi securityContext: privileged: true volumeMounts: - mountPath: /run name: run - mountPath: /var/run/netns name: host-var-run-netns readOnly: true mountPropagation: HostToContainer - mountPath: /host/cni_bin/ name: cnibin - mountPath: /host/cni_net name: cni hostNetwork: true hostPID: true serviceAccountName: kube-dhcp-daemon terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule operator: Exists - effect: NoExecute operator: Exists volumes: - hostPath: path: /run type: "" name: run - hostPath: path: /etc/cni/net.d type: "" name: cni - hostPath: path: /opt/cni/bin type: "" name: cnibin - name: host-var-run-netns hostPath: path: /var/run/netns updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate