apiVersion: v1 kind: ServiceAccount metadata: name: azure-npm namespace: kube-system labels: addonmanager.kubernetes.io/mode: {{GetMode}} --- apiVersion: {{GetRBACAPIVersion}} kind: ClusterRole metadata: name: azure-npm namespace: kube-system labels: addonmanager.kubernetes.io/mode: {{GetMode}} rules: - apiGroups: - "" resources: - pods - nodes - namespaces verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - get - list - watch --- apiVersion: {{GetRBACAPIVersion}} kind: ClusterRoleBinding metadata: name: azure-npm-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: {{GetMode}} subjects: - kind: ServiceAccount name: azure-npm namespace: kube-system roleRef: kind: ClusterRole name: azure-npm apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-npm namespace: kube-system labels: app: azure-npm addonmanager.kubernetes.io/mode: {{GetMode}} spec: selector: matchLabels: k8s-app: azure-npm updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% template: metadata: labels: k8s-app: azure-npm annotations: scheduler.alpha.kubernetes.io/critical-pod: '' azure.npm/scrapeable: '' {{- if IsKubernetesVersionGe "1.17.0"}} cluster-autoscaler.kubernetes.io/daemonset-pod: "true" {{- end}} spec: priorityClassName: system-node-critical tolerations: - operator: "Exists" effect: NoExecute - operator: "Exists" effect: NoSchedule - key: CriticalAddonsOnly operator: Exists nodeSelector: kubernetes.io/os: linux containers: - name: azure-npm image: {{ContainerImage "azure-npm-daemonset"}} securityContext: privileged: true resources: requests: cpu: {{ContainerCPUReqs "azure-npm-daemonset"}} memory: {{ContainerMemReqs "azure-npm-daemonset"}} limits: cpu: {{ContainerCPULimits "azure-npm-daemonset"}} memory: {{ContainerMemLimits "azure-npm-daemonset"}} env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: NPM_CONFIG value: /etc/azure-npm/azure-npm.json volumeMounts: - name: xtables-lock mountPath: /run/xtables.lock - name: log mountPath: /var/log - name: protocols mountPath: /etc/protocols - name: azure-npm-config mountPath: /etc/azure-npm hostNetwork: true volumes: - name: log hostPath: path: /var/log type: Directory - name: xtables-lock hostPath: path: /run/xtables.lock type: FileOrCreate - name: protocols hostPath: path: /etc/protocols type: File - name: azure-npm-config configMap: name: azure-npm-config serviceAccountName: azure-npm --- apiVersion: v1 kind: Service metadata: name: npm-metrics-cluster-service namespace: kube-system labels: app: npm-metrics addonmanager.kubernetes.io/mode: {{GetMode}} spec: selector: k8s-app: azure-npm ports: - port: 9000 targetPort: 10091 --- apiVersion: v1 kind: ConfigMap metadata: name: azure-npm-config namespace: kube-system labels: addonmanager.kubernetes.io/mode: {{GetMode}} data: azure-npm.json: | { "ResyncPeriodInMinutes": 15, "ListeningPort": 10091, "ListeningAddress": "0.0.0.0", "Toggles": { "EnablePrometheusMetrics": true, "EnablePprof": true, "EnableHTTPDebugAPI": true, "EnableV2NPM": false, "PlaceAzureChainFirst": false }, "Transport": { "Address": "azure-npm.kube-system.svc.cluster.local", "Port": 10092, "ServicePort": 9001 } }