kops/upup/models/cloudup/resources/addons/networking.kope.io/k8s-1.12.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kopeio-networking-agent
  namespace: kube-system
  labels:
    k8s-addon: networking.kope.io
    role.kubernetes.io/networking: "1"
spec:
  selector:
    matchLabels:
      name: kopeio-networking-agent
      role.kubernetes.io/networking: "1"
  template:
    metadata:
      labels:
        name: kopeio-networking-agent
        role.kubernetes.io/networking: "1"
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      hostPID: true
      hostIPC: true
      hostNetwork: true
      containers:
        - resources:
            requests:
              cpu: 50m
              memory: 100Mi
            limits:
              memory: 100Mi
          securityContext:
            privileged: true
          image: kopeio/networking-agent:1.0.20181028
          name: networking-agent
          volumeMounts:
            - name: lib-modules
              mountPath: /lib/modules
              readOnly: true
          env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
      serviceAccountName: kopeio-networking-agent
      priorityClassName: system-node-critical
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
      volumes:
        - name: lib-modules
          hostPath:
            path: /lib/modules

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: kopeio-networking-agent
  namespace: kube-system
  labels:
    k8s-addon: networking.kope.io
    role.kubernetes.io/networking: "1"

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    k8s-addon: networking.kope.io
  name: kopeio:networking-agent
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
  - patch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-addon: networking.kope.io
  name: kopeio:networking-agent
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kopeio:networking-agent
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: system:serviceaccount:kube-system:kopeio-networking-agent