apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube2iam
  labels:
    app: kube2iam
spec:
  selector:
    matchLabels:
      name: kube2iam
  template:
    metadata:
      labels:
        name: kube2iam
    spec:
      hostNetwork: true
      containers:
        - image: jtblin/kube2iam:0.8.1
          name: kube2iam
          args:
            - "--auto-discover-base-arn"
            - "--host-interface=cbr0"
            - "--host-ip=$(HOST_IP)"
            - "--iptables=true"
          env:
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          securityContext:
            privileged: true
          ports:
             - containerPort: 8181
               hostPort: 8181
               name: http