apiVersion: v1 kind: ServiceAccount metadata: name: azure-npm namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: azure-npm namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists rules: - apiGroups: - "" resources: - pods - nodes - namespaces verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: azure-npm-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists subjects: - kind: ServiceAccount name: azure-npm namespace: kube-system roleRef: kind: ClusterRole name: azure-npm apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-npm namespace: kube-system labels: app: azure-npm addonmanager.kubernetes.io/mode: EnsureExists spec: selector: matchLabels: k8s-app: azure-npm template: metadata: labels: k8s-app: azure-npm annotations: scheduler.alpha.kubernetes.io/critical-pod: "" azure.npm/scrapeable: "" spec: priorityClassName: system-node-critical tolerations: - operator: "Exists" effect: NoExecute - operator: "Exists" effect: NoSchedule - key: CriticalAddonsOnly operator: Exists containers: - name: azure-npm image: mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.3 resources: limits: cpu: 250m memory: 300Mi requests: cpu: 250m securityContext: privileged: false capabilities: add: - NET_ADMIN readOnlyRootFilesystem: true env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: NPM_CONFIG value: /etc/azure-npm/azure-npm.json volumeMounts: - name: log mountPath: /var/log - name: xtables-lock mountPath: /run/xtables.lock - name: protocols mountPath: /etc/protocols - name: azure-npm-config mountPath: /etc/azure-npm - name: tmp mountPath: /tmp hostNetwork: true nodeSelector: kubernetes.io/os: linux volumes: - name: log hostPath: path: /var/log type: Directory - name: xtables-lock hostPath: path: /run/xtables.lock type: File - name: protocols hostPath: path: /etc/protocols type: File - name: azure-npm-config configMap: name: azure-npm-config - name: tmp emptyDir: {} serviceAccountName: azure-npm --- apiVersion: v1 kind: Service metadata: name: npm-metrics-cluster-service namespace: kube-system labels: app: npm-metrics spec: selector: k8s-app: azure-npm ports: - port: 9000 targetPort: 10091 --- apiVersion: v1 kind: ConfigMap metadata: name: azure-npm-config namespace: kube-system data: azure-npm.json: | { "ResyncPeriodInMinutes": 15, "ListeningPort": 10091, "ListeningAddress": "0.0.0.0", "ApplyIntervalInMilliseconds": 500, "ApplyMaxBatches": 100, "MaxBatchedACLsPerPod": 30, "NetPolInvervalInMilliseconds": 500, "MaxPendingNetPols": 100, "Toggles": { "EnablePrometheusMetrics": true, "EnablePprof": true, "EnableHTTPDebugAPI": true, "EnableV2NPM": true, "PlaceAzureChainFirst": false, "ApplyInBackground": true, "NetPolInBackground": true }, "LogLevel": "info" }