--- apiVersion: "rbac.authorization.k8s.io/v1" kind: "ClusterRoleBinding" metadata: name: "aws-node" roleRef: apiGroup: "rbac.authorization.k8s.io" kind: "ClusterRole" name: "aws-node" subjects: - kind: "ServiceAccount" name: "aws-node" namespace: "kube-system" --- apiVersion: "rbac.authorization.k8s.io/v1" kind: "ClusterRole" metadata: name: "aws-node" rules: - apiGroups: - "crd.k8s.amazonaws.com" resources: - "eniconfigs" verbs: - get - list - watch - apiGroups: - "" resources: - "pods" - "namespaces" verbs: - "list" - "watch" - "get" - apiGroups: - "" resources: - "nodes" verbs: - "list" - "watch" - "get" - "update" - apiGroups: - "extensions" resources: - "*" verbs: - "list" - "watch" --- apiVersion: "apiextensions.k8s.io/v1beta1" kind: "CustomResourceDefinition" metadata: name: "eniconfigs.crd.k8s.amazonaws.com" spec: group: "crd.k8s.amazonaws.com" names: kind: "ENIConfig" plural: "eniconfigs" singular: "eniconfig" scope: "Cluster" versions: - name: "v1alpha1" served: true storage: true --- apiVersion: "apps/v1" kind: "DaemonSet" metadata: labels: k8s-app: "aws-node" name: "aws-node" namespace: "kube-system" spec: selector: matchLabels: k8s-app: "aws-node" template: metadata: labels: k8s-app: "aws-node" spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "beta.kubernetes.io/os" operator: "In" values: - "linux" - key: "beta.kubernetes.io/arch" operator: "In" values: - "amd64" - "arm64" - key: "eks.amazonaws.com/compute-type" operator: "NotIn" values: - "fargate" - matchExpressions: - key: "kubernetes.io/os" operator: "In" values: - "linux" - key: "kubernetes.io/arch" operator: "In" values: - "amd64" - "arm64" - key: "eks.amazonaws.com/compute-type" operator: "NotIn" values: - "fargate" containers: - env: - name: "ADDITIONAL_ENI_TAGS" value: "{}" - name: "AWS_VPC_CNI_NODE_PORT_SUPPORT" value: "true" - name: "AWS_VPC_ENI_MTU" value: "9001" - name: "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER" value: "false" - name: "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" value: "false" - name: "AWS_VPC_K8S_CNI_EXTERNALSNAT" value: "false" - name: "AWS_VPC_K8S_CNI_LOGLEVEL" value: "DEBUG" - name: "AWS_VPC_K8S_CNI_LOG_FILE" value: "/host/var/log/aws-routed-eni/ipamd.log" - name: "AWS_VPC_K8S_CNI_RANDOMIZESNAT" value: "prng" - name: "AWS_VPC_K8S_CNI_VETHPREFIX" value: "eni" - name: "AWS_VPC_K8S_PLUGIN_LOG_FILE" value: "/var/log/aws-routed-eni/plugin.log" - name: "AWS_VPC_K8S_PLUGIN_LOG_LEVEL" value: "DEBUG" - name: "DISABLE_INTROSPECTION" value: "false" - name: "DISABLE_METRICS" value: "false" - name: "ENABLE_POD_ENI" value: "false" - name: "MY_NODE_NAME" valueFrom: fieldRef: fieldPath: "spec.nodeName" - name: "WARM_ENI_TARGET" value: "1" image: "public.ecr.aws/w6p6i9i7/amazon-k8s-hpc-cni:latest" livenessProbe: exec: command: - "/app/grpc-health-probe" - "-addr=:50051" initialDelaySeconds: 60 name: "aws-node" ports: - containerPort: 61678 name: "metrics" readinessProbe: exec: command: - "/app/grpc-health-probe" - "-addr=:50051" initialDelaySeconds: 1 resources: requests: cpu: "10m" securityContext: capabilities: add: - "NET_ADMIN" volumeMounts: - mountPath: "/host/opt/cni/bin" name: "cni-bin-dir" - mountPath: "/host/etc/cni/net.d" name: "cni-net-dir" - mountPath: "/host/var/log/aws-routed-eni" name: "log-dir" - mountPath: "/var/run/aws-node" name: "run-dir" - mountPath: "/var/run/dockershim.sock" name: "dockershim" - mountPath: "/run/xtables.lock" name: "xtables-lock" hostNetwork: true initContainers: - env: - name: "DISABLE_TCP_EARLY_DEMUX" value: "false" image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.8.0" name: "aws-vpc-cni-init" securityContext: privileged: true volumeMounts: - mountPath: "/host/opt/cni/bin" name: "cni-bin-dir" priorityClassName: "system-node-critical" serviceAccountName: "aws-node" terminationGracePeriodSeconds: 10 tolerations: - operator: "Exists" volumes: - hostPath: path: "/opt/cni/bin" name: "cni-bin-dir" - hostPath: path: "/etc/cni/net.d" name: "cni-net-dir" - hostPath: path: "/var/run/dockershim.sock" name: "dockershim" - hostPath: path: "/run/xtables.lock" name: "xtables-lock" - hostPath: path: "/var/log/aws-routed-eni" type: "DirectoryOrCreate" name: "log-dir" - hostPath: path: "/var/run/aws-node" type: "DirectoryOrCreate" name: "run-dir" updateStrategy: rollingUpdate: maxUnavailable: "10%" type: "RollingUpdate" --- apiVersion: "v1" kind: "ServiceAccount" metadata: name: "aws-node" namespace: "kube-system" ...