github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/nmi-daemonset.yaml (about) 1 apiVersion: apps/v1 2 kind: DaemonSet 3 metadata: 4 name: {{ template "aad-pod-identity.nmi.fullname" . }} 5 namespace: {{ .Release.Namespace }} 6 labels: 7 {{- include "aad-pod-identity.labels" . | nindent 4 }} 8 app.kubernetes.io/component: nmi 9 tier: node 10 annotations: 11 description: {{ .Chart.Description }} 12 spec: 13 selector: 14 matchLabels: 15 {{- include "aad-pod-identity.selectors" . | nindent 6 }} 16 app.kubernetes.io/component: nmi 17 {{- with .Values.nmi.updateStrategy }} 18 updateStrategy: 19 {{ toYaml . | indent 4 }} 20 {{- end }} 21 template: 22 metadata: 23 labels: 24 {{- include "aad-pod-identity.labels" . | nindent 8 }} 25 app.kubernetes.io/component: nmi 26 tier: node 27 {{- if .Values.nmi.podLabels }} 28 {{- toYaml .Values.nmi.podLabels | nindent 8 }} 29 {{- end }} 30 {{- if .Values.nmi.podAnnotations }} 31 annotations: 32 {{ toYaml .Values.nmi.podAnnotations | indent 8 }} 33 {{- end }} 34 spec: 35 {{- if .Values.imagePullSecrets }} 36 imagePullSecrets: 37 {{ toYaml .Values.imagePullSecrets | indent 8 }} 38 {{- end }} 39 {{- if .Values.rbac.enabled }} 40 serviceAccountName: {{ template "aad-pod-identity.nmi.fullname" . }} 41 {{- end }} 42 {{- if .Values.nmi.priorityClassName }} 43 priorityClassName: {{ .Values.nmi.priorityClassName | quote }} 44 {{- end }} 45 hostNetwork: true 46 dnsPolicy: ClusterFirstWithHostNet 47 volumes: 48 - hostPath: 49 path: /run/xtables.lock 50 type: FileOrCreate 51 name: iptableslock 52 {{- if semverCompare ">= 1.7.0-0" .Values.nmi.tag }} 53 - name: kubelet-config 54 hostPath: 55 path: {{ .Values.nmi.kubeletConfig }} 56 type: FileOrCreate 57 {{- end }} 58 containers: 59 - name: nmi 60 image: "{{ .Values.image.repository }}/{{ .Values.nmi.image }}:{{ .Values.nmi.tag }}" 61 imagePullPolicy: {{ .Values.image.imagePullPolicy }} 62 args: 63 {{- if semverCompare "<= 1.6.1-0" .Values.nmi.tag }} 64 - "--host-ip=$(HOST_IP)" 65 {{- end }} 66 - "--node=$(NODE_NAME)" 67 {{- if .Values.nmi.probePort }} 68 - --http-probe-port={{ .Values.nmi.probePort }} 69 {{- end }} 70 {{- if .Values.nmi.ipTableUpdateTimeIntervalInSeconds }} 71 - --ipt-update-interval-sec={{ .Values.nmi.ipTableUpdateTimeIntervalInSeconds }} 72 {{- end }} 73 {{- if .Values.nmi.micNamespace }} 74 - --MICNamespace={{ .Values.nmi.micNamespace }} 75 {{- end }} 76 {{- if .Values.nmi.retryAttemptsForCreated }} 77 - --retry-attempts-for-created={{ .Values.nmi.retryAttemptsForCreated }} 78 {{- end }} 79 {{- if .Values.nmi.retryAttemptsForAssigned }} 80 - --retry-attempts-for-assigned={{ .Values.nmi.retryAttemptsForAssigned }} 81 {{- end }} 82 {{- if .Values.nmi.findIdentityRetryIntervalInSeconds }} 83 - --find-identity-retry-interval={{ .Values.nmi.findIdentityRetryIntervalInSeconds }} 84 {{- end }} 85 - --enableScaleFeatures={{ .Values.nmi.enableScaleFeatures }} 86 {{- if .Values.nmi.prometheusPort }} 87 - --prometheus-port={{ .Values.nmi.prometheusPort }} 88 {{- end }} 89 {{- if .Values.nmi.blockInstanceMetadata }} 90 - --block-instance-metadata={{ .Values.nmi.blockInstanceMetadata }} 91 {{- end }} 92 - --metadata-header-required={{ .Values.nmi.metadataHeaderRequired }} 93 {{- if .Values.nmi.loggingFormat }} 94 - --log-format={{ .Values.nmi.loggingFormat }} 95 {{- end}} 96 {{- if .Values.nmi.logVerbosity }} 97 - -v={{ .Values.nmi.logVerbosity }} 98 {{- end }} 99 {{- if semverCompare ">= 1.6.0-0" .Values.nmi.tag }} 100 - --operation-mode={{ .Values.operationMode }} 101 {{- end}} 102 {{- if eq .Values.operationMode "managed" }} 103 - --forceNamespaced 104 {{- end }} 105 {{- if .Values.nmi.allowNetworkPluginKubenet }} 106 - --allow-network-plugin-kubenet={{ .Values.nmi.allowNetworkPluginKubenet }} 107 {{- end }} 108 {{- if semverCompare ">= 1.7.0-0" .Values.nmi.tag }} 109 - --kubelet-config={{ .Values.nmi.kubeletConfig }} 110 {{- end }} 111 {{- if .Values.customUserAgent }} 112 - --custom-user-agent={{ .Values.customUserAgent }} 113 {{- end }} 114 {{- if .Values.nmi.setRetryAfterHeader }} 115 - --set-retry-after-header={{ .Values.nmi.setRetryAfterHeader }} 116 {{- end }} 117 {{- if .Values.nmi.enableConntrackDeletion }} 118 - --enable-conntrack-deletion={{ .Values.nmi.enableConntrackDeletion }} 119 {{- end }} 120 env: 121 {{- if semverCompare "<= 1.6.1-0" .Values.nmi.tag }} 122 - name: HOST_IP 123 valueFrom: 124 fieldRef: 125 fieldPath: status.podIP 126 {{- end }} 127 - name: NODE_NAME 128 valueFrom: 129 fieldRef: 130 fieldPath: spec.nodeName 131 {{- if eq .Values.operationMode "standard" }} 132 - name: FORCENAMESPACED 133 value: "{{ .Values.forceNamespaced }}" 134 {{- end }} 135 {{- if .Values.nmi.prometheusPort }} 136 ports: 137 - containerPort: {{ .Values.nmi.prometheusPort }} 138 name: metrics 139 protocol: TCP 140 {{- end }} 141 securityContext: 142 runAsUser: 0 143 capabilities: 144 drop: 145 - ALL 146 add: 147 - DAC_READ_SEARCH 148 - NET_ADMIN 149 - NET_RAW 150 volumeMounts: 151 - mountPath: /run/xtables.lock 152 name: iptableslock 153 {{- if semverCompare ">= 1.7.0-0" .Values.nmi.tag }} 154 - name: kubelet-config 155 mountPath: {{ .Values.nmi.kubeletConfig }} 156 readOnly: true 157 {{- end }} 158 livenessProbe: 159 httpGet: 160 path: /healthz 161 {{- if .Values.nmi.probePort }} 162 port: {{ .Values.nmi.probePort }} 163 {{- else }} 164 port: 8080 165 {{- end }} 166 initialDelaySeconds: 10 167 periodSeconds: 5 168 {{- with .Values.nmi.resources }} 169 resources: 170 {{ toYaml . | indent 12 }} 171 {{- end }} 172 {{- with .Values.nmi.nodeSelector }} 173 nodeSelector: 174 {{ toYaml . | indent 8 }} 175 {{- end }} 176 {{- with .Values.nmi.affinity }} 177 affinity: 178 {{ toYaml . | indent 8 }} 179 {{- end }} 180 {{- with .Values.nmi.tolerations }} 181 tolerations: 182 {{ toYaml . | indent 8 }} 183 {{- end }}