apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: vpc-resource-controller rules: - apiGroups: - "" resources: - nodes - nodes/status - pods verbs: - update - get - list - watch - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: vpc-resource-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: vpc-resource-controller subjects: - kind: ServiceAccount name: vpc-resource-controller namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: vpc-resource-controller namespace: kube-system --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: vpc-resource-controller namespace: kube-system spec: replicas: 1 template: metadata: labels: app: vpc-resource-controller tier: backend track: stable spec: serviceAccount: vpc-resource-controller containers: - command: - /vpc-resource-controller args: - -stderrthreshold=info image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/vpc-resource-controller:beta imagePullPolicy: Always livenessProbe: failureThreshold: 5 httpGet: host: 127.0.0.1 path: /healthz port: 61679 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 5 name: vpc-resource-controller securityContext: privileged: true hostNetwork: true nodeSelector: beta.kubernetes.io/os: linux --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: eks:kube-proxy-windows labels: k8s-app: kube-proxy eks.amazonaws.com/component: kube-proxy subjects: - kind: Group name: "eks:kube-proxy-windows" roleRef: kind: ClusterRole name: system:node-proxier apiGroup: rbac.authorization.k8s.io