apiVersion: v1 kind: Pod metadata: name: azure-kms-provider namespace: kube-system labels: tier: control-plane component: azure-kms-provider spec: priorityClassName: system-node-critical hostNetwork: true containers: - name: azure-kms-provider image: {{ContainerImage "azure-kms-provider"}} imagePullPolicy: IfNotPresent command: [{{ContainerConfig "command"}}] resources: requests: cpu: 100m memory: 128Mi limits: cpu: 4 memory: 2Gi volumeMounts: - name: etc-kubernetes mountPath: /etc/kubernetes - name: etc-ssl mountPath: /etc/ssl readOnly: true - name: var-lib-kubelet mountPath: /var/lib/kubelet - name: msi mountPath: /var/lib/waagent/ManagedIdentity-Settings readOnly: true - name: sock mountPath: /opt volumes: - name: etc-kubernetes hostPath: path: /etc/kubernetes - name: etc-ssl hostPath: path: /etc/ssl - name: var-lib-kubelet hostPath: path: /var/lib/kubelet - name: msi hostPath: path: /var/lib/waagent/ManagedIdentity-Settings - name: sock hostPath: path: /opt