--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kindnet rules: - apiGroups: - "" resources: - nodes verbs: - list - watch - patch - apiGroups: - "" resources: - configmaps verbs: - get - apiGroups: - "" resources: - pods - namespaces verbs: - list - watch - apiGroups: - "networking.k8s.io" resources: - networkpolicies verbs: - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kindnet roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kindnet subjects: - kind: ServiceAccount name: kindnet namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: kindnet namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kindnet namespace: kube-system labels: tier: node app: kindnet k8s-app: kindnet spec: selector: matchLabels: app: kindnet template: metadata: labels: tier: node app: kindnet k8s-app: kindnet spec: hostNetwork: true tolerations: - operator: Exists effect: NoSchedule serviceAccountName: kindnet initContainers: - name: install-cni-bin image: ghcr.io/aojea/kindnetd:stable command: ['sh', '-c', 'cat /opt/cni/bin/cni-kindnet > /cni/cni-kindnet ; chmod +x /cni/cni-kindnet'] volumeMounts: - name: cni-bin mountPath: /cni containers: - name: kindnet-cni image: ghcr.io/aojea/kindnetd:stable args: - /bin/kindnetd - --hostname-override=$(NODE_NAME) - --v=2 env: - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: cni-cfg mountPath: /etc/cni/net.d - name: var-lib-kindnet mountPath: /var/lib/cni-kindnet resources: requests: cpu: "100m" memory: "50Mi" securityContext: privileged: true volumes: - name: cni-bin hostPath: path: /opt/cni/bin type: DirectoryOrCreate - name: cni-cfg hostPath: path: /etc/cni/net.d type: DirectoryOrCreate - name: var-lib-kindnet hostPath: path: /var/lib/cni-kindnet type: DirectoryOrCreate ---