apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kopeio-networking-agent namespace: kube-system labels: k8s-addon: networking.kope.io role.kubernetes.io/networking: "1" spec: template: metadata: labels: name: kopeio-networking-agent role.kubernetes.io/networking: "1" annotations: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: hostPID: true hostIPC: true hostNetwork: true containers: - resources: requests: cpu: 50m memory: 100Mi limits: memory: 100Mi securityContext: privileged: true image: kopeio/networking-agent:1.0.20180203 name: networking-agent volumeMounts: - name: lib-modules mountPath: /lib/modules readOnly: true serviceAccountName: kopeio-networking-agent tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: lib-modules hostPath: path: /lib/modules --- apiVersion: v1 kind: ServiceAccount metadata: name: kopeio-networking-agent namespace: kube-system labels: k8s-addon: networking.kope.io role.kubernetes.io/networking: "1" --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: k8s-addon: networking.kope.io name: kopeio:networking-agent rules: - apiGroups: - "" resources: - nodes verbs: - get - list - watch - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: labels: k8s-addon: networking.kope.io name: kopeio:networking-agent roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kopeio:networking-agent subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: system:serviceaccount:kube-system:kopeio-networking-agent