# kindnetd networking manifest # would you kindly template this file # would you kindly patch this file --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kindnet rules: - apiGroups: - policy resources: - podsecuritypolicies verbs: - use resourceNames: - kindnet - apiGroups: - "" resources: - nodes verbs: - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kindnet roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kindnet subjects: - kind: ServiceAccount name: kindnet namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: kindnet namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: creationTimestamp: null labels: app: kindnet k8s-app: kindnet tier: node name: kindnet namespace: kube-system spec: selector: matchLabels: app: kindnet template: metadata: creationTimestamp: null labels: app: kindnet k8s-app: kindnet tier: node spec: containers: - env: - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: POD_SUBNET value: 192.168.1.0/24 image: public.ecr.aws/eks-anywhere/kubernetes-sigs/kind/kindnetd:v0.11.1 name: kindnet-cni resources: limits: cpu: 100m memory: 50Mi requests: cpu: 100m memory: 50Mi securityContext: capabilities: add: - NET_RAW - NET_ADMIN privileged: false volumeMounts: - mountPath: /etc/cni/net.d name: cni-cfg - mountPath: /run/xtables.lock name: xtables-lock - mountPath: /lib/modules name: lib-modules readOnly: true hostNetwork: true serviceAccountName: kindnet tolerations: - operator: Exists volumes: - hostPath: path: /etc/cni/net.d name: cni-cfg - hostPath: path: /run/xtables.lock type: FileOrCreate name: xtables-lock - hostPath: path: /lib/modules name: lib-modules updateStrategy: {} status: currentNumberScheduled: 0 desiredNumberScheduled: 0 numberMisscheduled: 0 numberReady: 0 --- ---