--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: aws-node rules: - apiGroups: - crd.k8s.amazonaws.com resources: - "*" - namespaces verbs: - "*" - apiGroups: [""] resources: - pods - nodes - namespaces verbs: ["list", "watch", "get"] - apiGroups: ["extensions"] resources: - daemonsets verbs: ["list", "watch"] --- apiVersion: v1 kind: ServiceAccount metadata: name: aws-node namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: aws-node roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: aws-node subjects: - kind: ServiceAccount name: aws-node namespace: kube-system --- kind: DaemonSet apiVersion: apps/v1 metadata: name: aws-node namespace: kube-system labels: k8s-app: aws-node spec: updateStrategy: type: RollingUpdate selector: matchLabels: k8s-app: aws-node template: metadata: labels: k8s-app: aws-node spec: priorityClassName: system-node-critical affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "beta.kubernetes.io/os" operator: In values: - linux - key: "beta.kubernetes.io/arch" operator: In values: - amd64 serviceAccountName: aws-node hostNetwork: true tolerations: - operator: Exists containers: - image: nithmu/grpc-healthcheck:amazon-k8s-cni.v1.5.0-rc1-40-g8333996d-dirty imagePullPolicy: Always ports: - containerPort: 61678 name: metrics name: aws-node readinessProbe: exec: command: ["/app/grpc_health_probe", "-addr=:50051"] initialDelaySeconds: 5 livenessProbe: exec: command: ["/app/grpc_health_probe", "-addr=:50051"] initialDelaySeconds: 5 env: - name: AWS_VPC_K8S_CNI_LOGLEVEL value: DEBUG - name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: requests: cpu: 10m securityContext: privileged: true volumeMounts: - mountPath: /host/opt/cni/bin name: cni-bin-dir - mountPath: /host/etc/cni/net.d name: cni-net-dir - mountPath: /host/var/log name: log-dir - mountPath: /var/run/docker.sock name: dockersock volumes: - name: cni-bin-dir hostPath: path: /opt/cni/bin - name: cni-net-dir hostPath: path: /etc/cni/net.d - name: log-dir hostPath: path: /var/log - name: dockersock hostPath: path: /var/run/docker.sock --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: eniconfigs.crd.k8s.amazonaws.com spec: scope: Cluster group: crd.k8s.amazonaws.com versions: - name: v1alpha1 served: true storage: true names: plural: eniconfigs singular: eniconfig kind: ENIConfig