apiVersion: apps/v1 kind: DaemonSet metadata: name: cni-manager namespace: system labels: kube-egress-gateway-control-plane: cni-manager spec: selector: matchLabels: kube-egress-gateway-control-plane: cni-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: cnimanager labels: kube-egress-gateway-control-plane: cni-manager spec: initContainers: - name: cni-install image: cni:latest volumeMounts: - mountPath: /opt/cni/bin name: cni-bin securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - name: cni-ipam-install image: cni-ipam:latest volumeMounts: - mountPath: /opt/cni/bin name: cni-bin securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL containers: - command: - /kube-egress-gateway-cnimanager args: - serve - --grpc-server-port=50051 - --exception-cidrs=$(EXCEPTION_CIDRS) - --cni-conf-file=01-egressgateway.conflist - --cni-uninstall-configmap-name=cni-uninstall image: cnimanager:latest name: cnimanager securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL env: - name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - mountPath: /etc/cni/net.d name: cni-conf ports: - containerPort: 50051 name: grpc livenessProbe: grpc: port: 50051 initialDelaySeconds: 20 periodSeconds: 5 readinessProbe: grpc: port: 50051 initialDelaySeconds: 20 periodSeconds: 5 # TODO(user): Configure the resources accordingly based on the project requirements. # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi nodeSelector: kubernetes.io/os: linux hostNetwork: true serviceAccountName: cni-manager terminationGracePeriodSeconds: 60 # update to 60 seconds for cni uninstall retry on error volumes: - name: cni-bin hostPath: path: /opt/cni/bin/ - name: cni-conf hostPath: path: /etc/cni/net.d/