hack/dev/ds.yaml (101 lines of code) (raw):
---
# Source: eks-pod-identity-agent/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: eks-pod-identity-agent
namespace: default
labels:
app.kubernetes.io/name: eks-pod-identity-agent
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "0.1.6"
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 10%
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: eks-pod-identity-agent
app.kubernetes.io/instance: release-name
template:
metadata:
labels:
app.kubernetes.io/name: eks-pod-identity-agent
app.kubernetes.io/instance: release-name
spec:
priorityClassName: system-node-critical
hostNetwork: true
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
initContainers:
- name: eks-pod-identity-agent-init
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/eks-pod-identity-agent:0.1.10
imagePullPolicy: Always
command: ['/go-runner', '/eks-pod-identity-agent', 'initialize']
securityContext:
privileged: true
containers:
- name: eks-pod-identity-agent
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/eks-pod-identity-agent:0.1.10
imagePullPolicy: Always
command: ['/go-runner', '/eks-pod-identity-agent', 'server']
args:
- "--port"
- "80"
- "--cluster-name"
- "EKS_CLUSTER_NAME"
- "--probe-port"
- "2703"
ports:
- containerPort: 80
protocol: TCP
name: proxy
- containerPort: 2703
protocol: TCP
name: probes-port
env:
- name: AWS_REGION
value: "AWS_REGION_NAME"
securityContext:
capabilities:
add:
- CAP_NET_BIND_SERVICE
resources:
{}
livenessProbe:
failureThreshold: 3
httpGet:
host: localhost
path: /healthz
port: probes-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 10
readinessProbe:
failureThreshold: 30
httpGet:
host: localhost
path: /readyz
port: probes-port
scheme: HTTP
initialDelaySeconds: 1
timeoutSeconds: 10