apiVersion: v1
kind: Namespace
metadata:
  name: nitro-enclaves
  labels:
    name: nitro-enclaves
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: aws-nitro-enclaves-k8s-daemonset
  namespace: kube-system
  labels:
    name: aws-nitro-enclaves-k8s-dp
    role: agent
spec:
  selector:
    matchLabels:
      name: aws-nitro-enclaves-k8s-dp
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        name: aws-nitro-enclaves-k8s-dp
      annotations:
        node.kubernetes.io/bootstrap-checkpoint: "true"
    spec:
      nodeSelector:
        aws-nitro-enclaves-k8s-dp: enabled
      priorityClassName: "system-node-critical"
      hostname: aws-nitro-enclaves-k8s-dp
      containers:
      - name: aws-nitro-enclaves-k8s-dp
        image: public.ecr.aws/aws-nitro-enclaves/aws-nitro-enclaves-k8s-device-plugin:latest
        imagePullPolicy: Always
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["ALL"]
        resources:
          limits:
            cpu: 100m
            memory: 15Mi
          requests:
            cpu: 10m
            memory: 15Mi
        volumeMounts:
          - name: device-plugin
            mountPath: /var/lib/kubelet/device-plugins
          - name: dev-dir
            mountPath: /dev
          - name: sys-dir
            mountPath: /sys
      volumes:
        - name: device-plugin
          hostPath:
            path: /var/lib/kubelet/device-plugins
        - name: dev-dir
          hostPath:
            path: /dev
        - name: sys-dir
          hostPath:
            path: /sys
      terminationGracePeriodSeconds: 30