# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/v1.9/aws-k8s-cni.yaml --- # Source: aws-vpc-cni/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: aws-node labels: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node app.kubernetes.io/version: "v1.9.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: aws-node subjects: - kind: ServiceAccount name: aws-node namespace: kube-system --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: aws-node labels: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node app.kubernetes.io/version: "v1.9.3" rules: - apiGroups: - crd.k8s.amazonaws.com resources: - eniconfigs verbs: ["list", "watch", "get"] - apiGroups: [""] resources: - namespaces verbs: ["list", "watch", "get"] - apiGroups: [""] resources: - pods verbs: ["list", "watch", "get"] - apiGroups: [""] resources: - nodes verbs: ["list", "watch", "get", "update"] - apiGroups: ["extensions", "apps"] resources: - '*' verbs: ["list", "watch"] --- # Source: aws-vpc-cni/templates/customresourcedefinition.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: eniconfigs.crd.k8s.amazonaws.com labels: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node app.kubernetes.io/version: "v1.9.3" spec: scope: Cluster group: crd.k8s.amazonaws.com preserveUnknownFields: false versions: - name: v1alpha1 served: true storage: true schema: openAPIV3Schema: type: object x-kubernetes-preserve-unknown-fields: true names: plural: eniconfigs singular: eniconfig kind: ENIConfig --- # Source: aws-vpc-cni/templates/daemonset.yaml kind: DaemonSet apiVersion: apps/v1 metadata: name: aws-node namespace: kube-system labels: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node app.kubernetes.io/version: "v1.9.3" spec: updateStrategy: type: OnDelete selector: matchLabels: k8s-app: aws-node template: metadata: labels: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node spec: priorityClassName: "system-node-critical" serviceAccountName: aws-node hostNetwork: true initContainers: - name: aws-vpc-cni-init image: "{{- or .Networking.AmazonVPC.InitImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.9.3" }}" imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" securityContext: privileged: true volumeMounts: - mountPath: /host/opt/cni/bin name: cni-bin-dir terminationGracePeriodSeconds: 10 tolerations: - operator: Exists securityContext: {} containers: - name: aws-node image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.9.3" }}" imagePullPolicy: Always ports: - containerPort: 61678 name: metrics livenessProbe: exec: command: - /app/grpc-health-probe - -addr=:50051 - -connect-timeout=2s - -rpc-timeout=2s initialDelaySeconds: 60 timeoutSeconds: 5 readinessProbe: exec: command: - /app/grpc-health-probe - -addr=:50051 - -connect-timeout=2s - -rpc-timeout=2s initialDelaySeconds: 1 timeoutSeconds: 5 env: {{- range $name, $value := AmazonVpcEnvVars }} - "name": "{{ $name }}" "value": "{{ $value }}" {{- end }} # The below envs are commented-out on purpose and replaced by the above range. # See https://github.com/kubernetes/kops/issues/11144 for more context # - name: ADDITIONAL_ENI_TAGS # value: "{}" # - name: AWS_VPC_CNI_NODE_PORT_SUPPORT # value: "true" # - name: AWS_VPC_ENI_MTU # value: "9001" # - name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER # value: "false" # - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG # value: "false" # - name: AWS_VPC_K8S_CNI_EXTERNALSNAT # value: "false" # - name: AWS_VPC_K8S_CNI_LOGLEVEL # value: "DEBUG" # - name: AWS_VPC_K8S_CNI_LOG_FILE # value: "/host/var/log/aws-routed-eni/ipamd.log" # - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT # value: "prng" # - name: AWS_VPC_K8S_CNI_VETHPREFIX # value: "eni" # - name: AWS_VPC_K8S_PLUGIN_LOG_FILE # value: "/var/log/aws-routed-eni/plugin.log" # - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL # value: "DEBUG" # - name: DISABLE_INTROSPECTION # value: "false" # - name: DISABLE_METRICS # value: "false" # - name: DISABLE_NETWORK_RESOURCE_PROVISIONING # value: "false" # - name: ENABLE_IPv4 # value: "true" # - name: ENABLE_IPv6 # value: "false" # - name: ENABLE_POD_ENI # value: "false" # - name: ENABLE_PREFIX_DELEGATION # value: "false" # - name: WARM_ENI_TARGET # value: "1" # - name: WARM_PREFIX_TARGET # value: "1" - name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: "CLUSTER_NAME" value: "{{ ClusterName }}" resources: requests: cpu: 10m securityContext: capabilities: add: - NET_ADMIN volumeMounts: - mountPath: /host/opt/cni/bin name: cni-bin-dir - mountPath: /host/etc/cni/net.d name: cni-net-dir - mountPath: /host/var/log/aws-routed-eni name: log-dir - mountPath: /var/run/aws-node name: run-dir - mountPath: /var/run/dockershim.sock name: dockershim - mountPath: /run/xtables.lock name: xtables-lock volumes: - name: cni-bin-dir hostPath: path: /opt/cni/bin - name: cni-net-dir hostPath: path: /etc/cni/net.d - name: dockershim hostPath: path: "{{ if eq .ContainerRuntime "containerd" }}/run/containerd/containerd.sock{{ else }}/var/run/dockershim.sock{{ end }}" - name: xtables-lock hostPath: path: /run/xtables.lock - name: log-dir hostPath: path: /var/log/aws-routed-eni type: DirectoryOrCreate - name: run-dir hostPath: path: /var/run/aws-node type: DirectoryOrCreate affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux - key: kubernetes.io/arch operator: In values: - amd64 - arm64 - key: eks.amazonaws.com/compute-type operator: NotIn values: - fargate --- # Source: aws-vpc-cni/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: aws-node namespace: kube-system labels: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node app.kubernetes.io/version: "v1.9.3"