@pulumi/eks 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,572 +5,598 @@
5
5
  apiVersion: apiextensions.k8s.io/v1
6
6
  kind: CustomResourceDefinition
7
7
  metadata:
8
- name: eniconfigs.crd.k8s.amazonaws.com
8
+ name: eniconfigs.crd.k8s.amazonaws.com
9
9
  spec:
10
- scope: Cluster
11
- group: crd.k8s.amazonaws.com
12
- preserveUnknownFields: false
13
- versions:
14
- - name: v1alpha1
15
- served: true
16
- storage: true
17
- schema:
18
- openAPIV3Schema:
19
- type: object
20
- x-kubernetes-preserve-unknown-fields: true
21
- names:
22
- plural: eniconfigs
23
- singular: eniconfig
24
- kind: ENIConfig
10
+ scope: Cluster
11
+ group: crd.k8s.amazonaws.com
12
+ preserveUnknownFields: false
13
+ versions:
14
+ - name: v1alpha1
15
+ served: true
16
+ storage: true
17
+ schema:
18
+ openAPIV3Schema:
19
+ type: object
20
+ x-kubernetes-preserve-unknown-fields: true
21
+ names:
22
+ plural: eniconfigs
23
+ singular: eniconfig
24
+ kind: ENIConfig
25
25
  ---
26
26
  apiVersion: apiextensions.k8s.io/v1
27
27
  kind: CustomResourceDefinition
28
28
  metadata:
29
- annotations:
30
- controller-gen.kubebuilder.io/version: v0.11.3
31
- creationTimestamp: null
32
- labels:
33
- app.kubernetes.io/name: amazon-network-policy-controller-k8s
34
- name: policyendpoints.networking.k8s.aws
29
+ annotations:
30
+ controller-gen.kubebuilder.io/version: v0.11.3
31
+ creationTimestamp: null
32
+ labels:
33
+ app.kubernetes.io/name: amazon-network-policy-controller-k8s
34
+ name: policyendpoints.networking.k8s.aws
35
35
  spec:
36
- group: networking.k8s.aws
37
- names:
38
- kind: PolicyEndpoint
39
- listKind: PolicyEndpointList
40
- plural: policyendpoints
41
- singular: policyendpoint
42
- scope: Namespaced
43
- versions:
44
- - name: v1alpha1
45
- schema:
46
- openAPIV3Schema:
47
- description: PolicyEndpoint is the Schema for the policyendpoints API
48
- properties:
49
- apiVersion:
50
- description: 'APIVersion defines the versioned schema of this representation
51
- of an object. Servers should convert recognized schemas to the latest
52
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
53
- type: string
54
- kind:
55
- description: 'Kind is a string value representing the REST resource this
56
- object represents. Servers may infer this from the endpoint the client
57
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
58
- type: string
59
- metadata:
60
- type: object
61
- spec:
62
- description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
63
- properties:
64
- egress:
65
- description: Egress is the list of egress rules containing resolved
66
- network addresses
67
- items:
68
- description: EndpointInfo defines the network endpoint information
69
- for the policy ingress/egress
70
- properties:
71
- cidr:
72
- description: CIDR is the network address(s) of the endpoint
73
- type: string
74
- except:
75
- description: Except is the exceptions to the CIDR ranges mentioned
76
- above.
77
- items:
78
- type: string
79
- type: array
80
- ports:
81
- description: Ports is the list of ports
82
- items:
83
- description: Port contains information about the transport
84
- port/protocol
85
- properties:
86
- endPort:
87
- description: Endport specifies the port range port to
88
- endPort port must be defined and an integer, endPort
89
- > port
90
- format: int32
91
- type: integer
92
- port:
93
- description: Port specifies the numerical port for the
94
- protocol. If empty applies to all ports
95
- format: int32
96
- type: integer
97
- protocol:
98
- default: TCP
99
- description: Protocol specifies the transport protocol,
100
- default TCP
101
- type: string
102
- type: object
103
- type: array
104
- required:
105
- - cidr
106
- type: object
107
- type: array
108
- ingress:
109
- description: Ingress is the list of ingress rules containing resolved
110
- network addresses
111
- items:
112
- description: EndpointInfo defines the network endpoint information
113
- for the policy ingress/egress
36
+ group: networking.k8s.aws
37
+ names:
38
+ kind: PolicyEndpoint
39
+ listKind: PolicyEndpointList
40
+ plural: policyendpoints
41
+ singular: policyendpoint
42
+ scope: Namespaced
43
+ versions:
44
+ - name: v1alpha1
45
+ schema:
46
+ openAPIV3Schema:
47
+ description: PolicyEndpoint is the Schema for the policyendpoints API
114
48
  properties:
115
- cidr:
116
- description: CIDR is the network address(s) of the endpoint
117
- type: string
118
- except:
119
- description: Except is the exceptions to the CIDR ranges mentioned
120
- above.
121
- items:
122
- type: string
123
- type: array
124
- ports:
125
- description: Ports is the list of ports
126
- items:
127
- description: Port contains information about the transport
128
- port/protocol
129
- properties:
130
- endPort:
131
- description: Endport specifies the port range port to
132
- endPort port must be defined and an integer, endPort
133
- > port
134
- format: int32
135
- type: integer
136
- port:
137
- description: Port specifies the numerical port for the
138
- protocol. If empty applies to all ports
139
- format: int32
140
- type: integer
141
- protocol:
142
- default: TCP
143
- description: Protocol specifies the transport protocol,
144
- default TCP
145
- type: string
146
- type: object
147
- type: array
148
- required:
149
- - cidr
150
- type: object
151
- type: array
152
- podIsolation:
153
- description: PodIsolation specifies whether the pod needs to be isolated
154
- for a particular traffic direction Ingress or Egress, or both. If
155
- default isolation is not specified, and there are no ingress/egress
156
- rules, then the pod is not isolated from the point of view of this
157
- policy. This follows the NetworkPolicy spec.PolicyTypes.
158
- items:
159
- description: PolicyType string describes the NetworkPolicy type
160
- This type is beta-level in 1.8
161
- type: string
162
- type: array
163
- podSelector:
164
- description: PodSelector is the podSelector from the policy resource
165
- properties:
166
- matchExpressions:
167
- description: matchExpressions is a list of label selector requirements.
168
- The requirements are ANDed.
169
- items:
170
- description: A label selector requirement is a selector that
171
- contains values, a key, and an operator that relates the key
172
- and values.
173
- properties:
174
- key:
175
- description: key is the label key that the selector applies
176
- to.
49
+ apiVersion:
50
+ description:
51
+ "APIVersion defines the versioned schema of this representation
52
+ of an object. Servers should convert recognized schemas to the latest
53
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
177
54
  type: string
178
- operator:
179
- description: operator represents a key's relationship to
180
- a set of values. Valid operators are In, NotIn, Exists
181
- and DoesNotExist.
55
+ kind:
56
+ description: "Kind is a string value representing the REST resource this
57
+ object represents. Servers may infer this from the endpoint the client
58
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
182
59
  type: string
183
- values:
184
- description: values is an array of string values. If the
185
- operator is In or NotIn, the values array must be non-empty.
186
- If the operator is Exists or DoesNotExist, the values
187
- array must be empty. This array is replaced during a strategic
188
- merge patch.
189
- items:
190
- type: string
191
- type: array
192
- required:
193
- - key
194
- - operator
195
- type: object
196
- type: array
197
- matchLabels:
198
- additionalProperties:
199
- type: string
200
- description: matchLabels is a map of {key,value} pairs. A single
201
- {key,value} in the matchLabels map is equivalent to an element
202
- of matchExpressions, whose key field is "key", the operator
203
- is "In", and the values array contains only "value". The requirements
204
- are ANDed.
205
- type: object
206
- type: object
207
- x-kubernetes-map-type: atomic
208
- podSelectorEndpoints:
209
- description: PodSelectorEndpoints contains information about the pods
210
- matching the podSelector
211
- items:
212
- description: PodEndpoint defines the summary information for the
213
- pods
214
- properties:
215
- hostIP:
216
- description: HostIP is the IP address of the host the pod is
217
- currently running on
218
- type: string
219
- name:
220
- description: Name is the pod name
221
- type: string
222
- namespace:
223
- description: Namespace is the pod namespace
224
- type: string
225
- podIP:
226
- description: PodIP is the IP address of the pod
227
- type: string
228
- required:
229
- - hostIP
230
- - name
231
- - namespace
232
- - podIP
60
+ metadata:
61
+ type: object
62
+ spec:
63
+ description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
64
+ properties:
65
+ egress:
66
+ description:
67
+ Egress is the list of egress rules containing resolved
68
+ network addresses
69
+ items:
70
+ description:
71
+ EndpointInfo defines the network endpoint information
72
+ for the policy ingress/egress
73
+ properties:
74
+ cidr:
75
+ description: CIDR is the network address(s) of the endpoint
76
+ type: string
77
+ except:
78
+ description:
79
+ Except is the exceptions to the CIDR ranges mentioned
80
+ above.
81
+ items:
82
+ type: string
83
+ type: array
84
+ ports:
85
+ description: Ports is the list of ports
86
+ items:
87
+ description:
88
+ Port contains information about the transport
89
+ port/protocol
90
+ properties:
91
+ endPort:
92
+ description:
93
+ Endport specifies the port range port to
94
+ endPort port must be defined and an integer, endPort
95
+ > port
96
+ format: int32
97
+ type: integer
98
+ port:
99
+ description:
100
+ Port specifies the numerical port for the
101
+ protocol. If empty applies to all ports
102
+ format: int32
103
+ type: integer
104
+ protocol:
105
+ default: TCP
106
+ description:
107
+ Protocol specifies the transport protocol,
108
+ default TCP
109
+ type: string
110
+ type: object
111
+ type: array
112
+ required:
113
+ - cidr
114
+ type: object
115
+ type: array
116
+ ingress:
117
+ description:
118
+ Ingress is the list of ingress rules containing resolved
119
+ network addresses
120
+ items:
121
+ description:
122
+ EndpointInfo defines the network endpoint information
123
+ for the policy ingress/egress
124
+ properties:
125
+ cidr:
126
+ description: CIDR is the network address(s) of the endpoint
127
+ type: string
128
+ except:
129
+ description:
130
+ Except is the exceptions to the CIDR ranges mentioned
131
+ above.
132
+ items:
133
+ type: string
134
+ type: array
135
+ ports:
136
+ description: Ports is the list of ports
137
+ items:
138
+ description:
139
+ Port contains information about the transport
140
+ port/protocol
141
+ properties:
142
+ endPort:
143
+ description:
144
+ Endport specifies the port range port to
145
+ endPort port must be defined and an integer, endPort
146
+ > port
147
+ format: int32
148
+ type: integer
149
+ port:
150
+ description:
151
+ Port specifies the numerical port for the
152
+ protocol. If empty applies to all ports
153
+ format: int32
154
+ type: integer
155
+ protocol:
156
+ default: TCP
157
+ description:
158
+ Protocol specifies the transport protocol,
159
+ default TCP
160
+ type: string
161
+ type: object
162
+ type: array
163
+ required:
164
+ - cidr
165
+ type: object
166
+ type: array
167
+ podIsolation:
168
+ description:
169
+ PodIsolation specifies whether the pod needs to be isolated
170
+ for a particular traffic direction Ingress or Egress, or both. If
171
+ default isolation is not specified, and there are no ingress/egress
172
+ rules, then the pod is not isolated from the point of view of this
173
+ policy. This follows the NetworkPolicy spec.PolicyTypes.
174
+ items:
175
+ description:
176
+ PolicyType string describes the NetworkPolicy type
177
+ This type is beta-level in 1.8
178
+ type: string
179
+ type: array
180
+ podSelector:
181
+ description: PodSelector is the podSelector from the policy resource
182
+ properties:
183
+ matchExpressions:
184
+ description:
185
+ matchExpressions is a list of label selector requirements.
186
+ The requirements are ANDed.
187
+ items:
188
+ description:
189
+ A label selector requirement is a selector that
190
+ contains values, a key, and an operator that relates the key
191
+ and values.
192
+ properties:
193
+ key:
194
+ description:
195
+ key is the label key that the selector applies
196
+ to.
197
+ type: string
198
+ operator:
199
+ description:
200
+ operator represents a key's relationship to
201
+ a set of values. Valid operators are In, NotIn, Exists
202
+ and DoesNotExist.
203
+ type: string
204
+ values:
205
+ description:
206
+ values is an array of string values. If the
207
+ operator is In or NotIn, the values array must be non-empty.
208
+ If the operator is Exists or DoesNotExist, the values
209
+ array must be empty. This array is replaced during a strategic
210
+ merge patch.
211
+ items:
212
+ type: string
213
+ type: array
214
+ required:
215
+ - key
216
+ - operator
217
+ type: object
218
+ type: array
219
+ matchLabels:
220
+ additionalProperties:
221
+ type: string
222
+ description:
223
+ matchLabels is a map of {key,value} pairs. A single
224
+ {key,value} in the matchLabels map is equivalent to an element
225
+ of matchExpressions, whose key field is "key", the operator
226
+ is "In", and the values array contains only "value". The requirements
227
+ are ANDed.
228
+ type: object
229
+ type: object
230
+ x-kubernetes-map-type: atomic
231
+ podSelectorEndpoints:
232
+ description:
233
+ PodSelectorEndpoints contains information about the pods
234
+ matching the podSelector
235
+ items:
236
+ description:
237
+ PodEndpoint defines the summary information for the
238
+ pods
239
+ properties:
240
+ hostIP:
241
+ description:
242
+ HostIP is the IP address of the host the pod is
243
+ currently running on
244
+ type: string
245
+ name:
246
+ description: Name is the pod name
247
+ type: string
248
+ namespace:
249
+ description: Namespace is the pod namespace
250
+ type: string
251
+ podIP:
252
+ description: PodIP is the IP address of the pod
253
+ type: string
254
+ required:
255
+ - hostIP
256
+ - name
257
+ - namespace
258
+ - podIP
259
+ type: object
260
+ type: array
261
+ policyRef:
262
+ description:
263
+ PolicyRef is a reference to the Kubernetes NetworkPolicy
264
+ resource.
265
+ properties:
266
+ name:
267
+ description: Name is the name of the Policy
268
+ type: string
269
+ namespace:
270
+ description: Namespace is the namespace of the Policy
271
+ type: string
272
+ required:
273
+ - name
274
+ - namespace
275
+ type: object
276
+ required:
277
+ - policyRef
278
+ type: object
279
+ status:
280
+ description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
281
+ type: object
233
282
  type: object
234
- type: array
235
- policyRef:
236
- description: PolicyRef is a reference to the Kubernetes NetworkPolicy
237
- resource.
238
- properties:
239
- name:
240
- description: Name is the name of the Policy
241
- type: string
242
- namespace:
243
- description: Namespace is the namespace of the Policy
244
- type: string
245
- required:
246
- - name
247
- - namespace
248
- type: object
249
- required:
250
- - policyRef
251
- type: object
252
- status:
253
- description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
254
- type: object
255
- type: object
256
- served: true
257
- storage: true
258
- subresources:
259
- status: {}
283
+ served: true
284
+ storage: true
285
+ subresources:
286
+ status: {}
260
287
  ---
261
288
  # Source: aws-vpc-cni/templates/serviceaccount.yaml
262
289
  apiVersion: v1
263
290
  kind: ServiceAccount
264
291
  metadata:
265
- name: aws-node
266
- namespace: kube-system
267
- labels:
268
- app.kubernetes.io/name: aws-node
269
- app.kubernetes.io/instance: aws-vpc-cni
270
- k8s-app: aws-node
271
- app.kubernetes.io/version: "v1.16.0"
292
+ name: aws-node
293
+ namespace: kube-system
294
+ labels:
295
+ app.kubernetes.io/name: aws-node
296
+ app.kubernetes.io/instance: aws-vpc-cni
297
+ k8s-app: aws-node
298
+ app.kubernetes.io/version: "v1.16.0"
272
299
  ---
273
300
  # Source: aws-vpc-cni/templates/configmap.yaml
274
301
  apiVersion: v1
275
302
  kind: ConfigMap
276
303
  metadata:
277
- name: amazon-vpc-cni
278
- namespace: kube-system
279
- labels:
280
- app.kubernetes.io/name: aws-node
281
- app.kubernetes.io/instance: aws-vpc-cni
282
- k8s-app: aws-node
283
- app.kubernetes.io/version: "v1.16.0"
304
+ name: amazon-vpc-cni
305
+ namespace: kube-system
306
+ labels:
307
+ app.kubernetes.io/name: aws-node
308
+ app.kubernetes.io/instance: aws-vpc-cni
309
+ k8s-app: aws-node
310
+ app.kubernetes.io/version: "v1.16.0"
284
311
  data:
285
- enable-windows-ipam: "false"
286
- enable-network-policy-controller: "false"
287
- enable-windows-prefix-delegation: "false"
288
- warm-prefix-target: "0"
289
- warm-ip-target: "1"
290
- minimum-ip-target: "3"
291
- branch-eni-cooldown: "60"
312
+ enable-windows-ipam: "false"
313
+ enable-network-policy-controller: "false"
314
+ enable-windows-prefix-delegation: "false"
315
+ warm-prefix-target: "0"
316
+ warm-ip-target: "1"
317
+ minimum-ip-target: "3"
318
+ branch-eni-cooldown: "60"
292
319
  ---
293
320
  # Source: aws-vpc-cni/templates/clusterrole.yaml
294
321
  apiVersion: rbac.authorization.k8s.io/v1
295
322
  kind: ClusterRole
296
323
  metadata:
297
- name: aws-node
298
- labels:
299
- app.kubernetes.io/name: aws-node
300
- app.kubernetes.io/instance: aws-vpc-cni
301
- k8s-app: aws-node
302
- app.kubernetes.io/version: "v1.16.0"
324
+ name: aws-node
325
+ labels:
326
+ app.kubernetes.io/name: aws-node
327
+ app.kubernetes.io/instance: aws-vpc-cni
328
+ k8s-app: aws-node
329
+ app.kubernetes.io/version: "v1.16.0"
303
330
  rules:
304
- - apiGroups:
305
- - crd.k8s.amazonaws.com
306
- resources:
307
- - eniconfigs
308
- verbs: ["list", "watch", "get"]
309
- - apiGroups: [""]
310
- resources:
311
- - namespaces
312
- verbs: ["list", "watch", "get"]
313
- - apiGroups: [""]
314
- resources:
315
- - pods
316
- verbs: ["list", "watch", "get"]
317
- - apiGroups: [""]
318
- resources:
319
- - nodes
320
- verbs: ["list", "watch", "get"]
321
- - apiGroups: ["", "events.k8s.io"]
322
- resources:
323
- - events
324
- verbs: ["create", "patch", "list"]
325
- - apiGroups: ["networking.k8s.aws"]
326
- resources:
327
- - policyendpoints
328
- verbs: ["get", "list", "watch"]
329
- - apiGroups: ["networking.k8s.aws"]
330
- resources:
331
- - policyendpoints/status
332
- verbs: ["get"]
333
- - apiGroups:
334
- - vpcresources.k8s.aws
335
- resources:
336
- - cninodes
337
- verbs: ["get", "list", "watch", "patch"]
331
+ - apiGroups:
332
+ - crd.k8s.amazonaws.com
333
+ resources:
334
+ - eniconfigs
335
+ verbs: ["list", "watch", "get"]
336
+ - apiGroups: [""]
337
+ resources:
338
+ - namespaces
339
+ verbs: ["list", "watch", "get"]
340
+ - apiGroups: [""]
341
+ resources:
342
+ - pods
343
+ verbs: ["list", "watch", "get"]
344
+ - apiGroups: [""]
345
+ resources:
346
+ - nodes
347
+ verbs: ["list", "watch", "get"]
348
+ - apiGroups: ["", "events.k8s.io"]
349
+ resources:
350
+ - events
351
+ verbs: ["create", "patch", "list"]
352
+ - apiGroups: ["networking.k8s.aws"]
353
+ resources:
354
+ - policyendpoints
355
+ verbs: ["get", "list", "watch"]
356
+ - apiGroups: ["networking.k8s.aws"]
357
+ resources:
358
+ - policyendpoints/status
359
+ verbs: ["get"]
360
+ - apiGroups:
361
+ - vpcresources.k8s.aws
362
+ resources:
363
+ - cninodes
364
+ verbs: ["get", "list", "watch", "patch"]
338
365
  ---
339
366
  # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
340
367
  apiVersion: rbac.authorization.k8s.io/v1
341
368
  kind: ClusterRoleBinding
342
369
  metadata:
343
- name: aws-node
344
- labels:
345
- app.kubernetes.io/name: aws-node
346
- app.kubernetes.io/instance: aws-vpc-cni
347
- k8s-app: aws-node
348
- app.kubernetes.io/version: "v1.16.0"
370
+ name: aws-node
371
+ labels:
372
+ app.kubernetes.io/name: aws-node
373
+ app.kubernetes.io/instance: aws-vpc-cni
374
+ k8s-app: aws-node
375
+ app.kubernetes.io/version: "v1.16.0"
349
376
  roleRef:
350
- apiGroup: rbac.authorization.k8s.io
351
- kind: ClusterRole
352
- name: aws-node
353
- subjects:
354
- - kind: ServiceAccount
377
+ apiGroup: rbac.authorization.k8s.io
378
+ kind: ClusterRole
355
379
  name: aws-node
356
- namespace: kube-system
380
+ subjects:
381
+ - kind: ServiceAccount
382
+ name: aws-node
383
+ namespace: kube-system
357
384
  ---
358
385
  # Source: aws-vpc-cni/templates/daemonset.yaml
359
386
  kind: DaemonSet
360
387
  apiVersion: apps/v1
361
388
  metadata:
362
- name: aws-node
363
- namespace: kube-system
364
- labels:
365
- app.kubernetes.io/name: aws-node
366
- app.kubernetes.io/instance: aws-vpc-cni
367
- k8s-app: aws-node
368
- app.kubernetes.io/version: "v1.16.0"
369
- spec:
370
- updateStrategy:
371
- rollingUpdate:
372
- maxUnavailable: 10%
373
- type: RollingUpdate
374
- selector:
375
- matchLabels:
376
- k8s-app: aws-node
377
- template:
378
- metadata:
379
- labels:
389
+ name: aws-node
390
+ namespace: kube-system
391
+ labels:
380
392
  app.kubernetes.io/name: aws-node
381
393
  app.kubernetes.io/instance: aws-vpc-cni
382
394
  k8s-app: aws-node
383
- spec:
384
- priorityClassName: "system-node-critical"
385
- serviceAccountName: aws-node
386
- hostNetwork: true
387
- initContainers:
388
- - name: aws-vpc-cni-init
389
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.16.0
390
- env: []
391
- # env:
392
- # - name: DISABLE_TCP_EARLY_DEMUX
393
- # value: "false"
394
- # - name: ENABLE_IPv6
395
- # value: "false"
396
- securityContext:
397
- privileged: true
398
- resources:
399
- requests:
400
- cpu: 25m
401
- volumeMounts:
402
- - mountPath: /host/opt/cni/bin
403
- name: cni-bin-dir
404
- terminationGracePeriodSeconds: 10
405
- tolerations:
406
- - operator: Exists
407
- securityContext:
408
- {}
409
- containers:
410
- - name: aws-node
411
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.16.0
412
- ports:
413
- - containerPort: 61678
414
- name: metrics
415
- livenessProbe:
416
- exec:
417
- command:
418
- - /app/grpc-health-probe
419
- - -addr=:50051
420
- - -connect-timeout=5s
421
- - -rpc-timeout=5s
422
- initialDelaySeconds: 60
423
- timeoutSeconds: 10
424
- readinessProbe:
425
- exec:
426
- command:
427
- - /app/grpc-health-probe
428
- - -addr=:50051
429
- - -connect-timeout=5s
430
- - -rpc-timeout=5s
431
- initialDelaySeconds: 1
432
- timeoutSeconds: 10
433
- env:
434
- - name: ADDITIONAL_ENI_TAGS
435
- value: "{}"
436
- # - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
437
- # value: "true"
438
- # - name: AWS_VPC_ENI_MTU
439
- # value: "9001"
440
- # - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
441
- # value: "false"
442
- # - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
443
- # value: "false"
444
- # - name: AWS_VPC_K8S_CNI_LOGLEVEL
445
- # value: "DEBUG"
446
- # - name: AWS_VPC_K8S_CNI_LOG_FILE
447
- # value: "/host/var/log/aws-routed-eni/ipamd.log"
448
- - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
449
- value: "prng"
450
- # - name: AWS_VPC_K8S_CNI_VETHPREFIX
451
- # value: "eni"
452
- # - name: AWS_VPC_K8S_PLUGIN_LOG_FILE
453
- # value: "/var/log/aws-routed-eni/plugin.log"
454
- # - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
455
- # value: "DEBUG"
456
- - name: DISABLE_INTROSPECTION
457
- value: "false"
458
- - name: DISABLE_METRICS
459
- value: "false"
460
- - name: DISABLE_NETWORK_RESOURCE_PROVISIONING
461
- value: "false"
462
- - name: ENABLE_IPv4
463
- value: "true"
464
- # - name: ENABLE_IPv6
465
- # value: "false"
466
- # - name: ENABLE_POD_ENI
467
- # value: "false"
468
- # - name: ENABLE_PREFIX_DELEGATION
469
- # value: "false"
470
- - name: VPC_CNI_VERSION
471
- value: "v1.16.0"
472
- # - name: WARM_ENI_TARGET
473
- # value: "1"
474
- - name: WARM_PREFIX_TARGET
475
- value: "1"
476
- - name: MY_NODE_NAME
477
- valueFrom:
478
- fieldRef:
479
- apiVersion: v1
480
- fieldPath: spec.nodeName
481
- - name: MY_POD_NAME
482
- valueFrom:
483
- fieldRef:
484
- apiVersion: v1
485
- fieldPath: metadata.name
486
- resources:
487
- requests:
488
- cpu: 25m
489
- securityContext:
490
- capabilities:
491
- add:
492
- - NET_ADMIN
493
- - NET_RAW
494
- volumeMounts:
495
- - mountPath: /host/opt/cni/bin
496
- name: cni-bin-dir
497
- - mountPath: /host/etc/cni/net.d
498
- name: cni-net-dir
499
- - mountPath: /host/var/log/aws-routed-eni
500
- name: log-dir
501
- - mountPath: /var/run/aws-node
502
- name: run-dir
503
- - mountPath: /run/xtables.lock
504
- name: xtables-lock
505
- - name: aws-eks-nodeagent
506
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7
507
- env:
508
- - name: MY_NODE_NAME
509
- valueFrom:
510
- fieldRef:
511
- apiVersion: v1
512
- fieldPath: spec.nodeName
513
- args:
514
- - --enable-ipv6=false
515
- - --enable-network-policy=false
516
- - --enable-cloudwatch-logs=false
517
- - --enable-policy-event-logs=false
518
- - --metrics-bind-addr=:8162
519
- - --health-probe-bind-addr=:8163
520
- - --conntrack-cache-cleanup-period=300
521
- resources:
522
- requests:
523
- cpu: 25m
524
- securityContext:
525
- capabilities:
526
- add:
527
- - NET_ADMIN
528
- privileged: true
529
- volumeMounts:
530
- - mountPath: /host/opt/cni/bin
531
- name: cni-bin-dir
532
- - mountPath: /sys/fs/bpf
533
- name: bpf-pin-path
534
- - mountPath: /var/log/aws-routed-eni
535
- name: log-dir
536
- - mountPath: /var/run/aws-node
537
- name: run-dir
538
- volumes:
539
- - name: bpf-pin-path
540
- hostPath:
541
- path: /sys/fs/bpf
542
- - name: cni-bin-dir
543
- hostPath:
544
- path: /opt/cni/bin
545
- - name: cni-net-dir
546
- hostPath:
547
- path: /etc/cni/net.d
548
- - name: log-dir
549
- hostPath:
550
- path: /var/log/aws-routed-eni
551
- type: DirectoryOrCreate
552
- - name: run-dir
553
- hostPath:
554
- path: /var/run/aws-node
555
- type: DirectoryOrCreate
556
- - name: xtables-lock
557
- hostPath:
558
- path: /run/xtables.lock
559
- affinity:
560
- nodeAffinity:
561
- requiredDuringSchedulingIgnoredDuringExecution:
562
- nodeSelectorTerms:
563
- - matchExpressions:
564
- - key: kubernetes.io/os
565
- operator: In
566
- values:
567
- - linux
568
- - key: kubernetes.io/arch
569
- operator: In
570
- values:
571
- - amd64
572
- - arm64
573
- - key: eks.amazonaws.com/compute-type
574
- operator: NotIn
575
- values:
576
- - fargate
395
+ app.kubernetes.io/version: "v1.16.0"
396
+ spec:
397
+ updateStrategy:
398
+ rollingUpdate:
399
+ maxUnavailable: 10%
400
+ type: RollingUpdate
401
+ selector:
402
+ matchLabels:
403
+ k8s-app: aws-node
404
+ template:
405
+ metadata:
406
+ labels:
407
+ app.kubernetes.io/name: aws-node
408
+ app.kubernetes.io/instance: aws-vpc-cni
409
+ k8s-app: aws-node
410
+ spec:
411
+ priorityClassName: "system-node-critical"
412
+ serviceAccountName: aws-node
413
+ hostNetwork: true
414
+ initContainers:
415
+ - name: aws-vpc-cni-init
416
+ image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.16.0
417
+ env: []
418
+ # env:
419
+ # - name: DISABLE_TCP_EARLY_DEMUX
420
+ # value: "false"
421
+ # - name: ENABLE_IPv6
422
+ # value: "false"
423
+ securityContext:
424
+ privileged: true
425
+ resources:
426
+ requests:
427
+ cpu: 25m
428
+ volumeMounts:
429
+ - mountPath: /host/opt/cni/bin
430
+ name: cni-bin-dir
431
+ terminationGracePeriodSeconds: 10
432
+ tolerations:
433
+ - operator: Exists
434
+ securityContext: {}
435
+ containers:
436
+ - name: aws-node
437
+ image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.16.0
438
+ ports:
439
+ - containerPort: 61678
440
+ name: metrics
441
+ livenessProbe:
442
+ exec:
443
+ command:
444
+ - /app/grpc-health-probe
445
+ - -addr=:50051
446
+ - -connect-timeout=5s
447
+ - -rpc-timeout=5s
448
+ initialDelaySeconds: 60
449
+ timeoutSeconds: 10
450
+ readinessProbe:
451
+ exec:
452
+ command:
453
+ - /app/grpc-health-probe
454
+ - -addr=:50051
455
+ - -connect-timeout=5s
456
+ - -rpc-timeout=5s
457
+ initialDelaySeconds: 1
458
+ timeoutSeconds: 10
459
+ env:
460
+ - name: ADDITIONAL_ENI_TAGS
461
+ value: "{}"
462
+ # - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
463
+ # value: "true"
464
+ # - name: AWS_VPC_ENI_MTU
465
+ # value: "9001"
466
+ # - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
467
+ # value: "false"
468
+ # - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
469
+ # value: "false"
470
+ # - name: AWS_VPC_K8S_CNI_LOGLEVEL
471
+ # value: "DEBUG"
472
+ # - name: AWS_VPC_K8S_CNI_LOG_FILE
473
+ # value: "/host/var/log/aws-routed-eni/ipamd.log"
474
+ - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
475
+ value: "prng"
476
+ # - name: AWS_VPC_K8S_CNI_VETHPREFIX
477
+ # value: "eni"
478
+ # - name: AWS_VPC_K8S_PLUGIN_LOG_FILE
479
+ # value: "/var/log/aws-routed-eni/plugin.log"
480
+ # - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
481
+ # value: "DEBUG"
482
+ - name: DISABLE_INTROSPECTION
483
+ value: "false"
484
+ - name: DISABLE_METRICS
485
+ value: "false"
486
+ - name: DISABLE_NETWORK_RESOURCE_PROVISIONING
487
+ value: "false"
488
+ - name: ENABLE_IPv4
489
+ value: "true"
490
+ # - name: ENABLE_IPv6
491
+ # value: "false"
492
+ # - name: ENABLE_POD_ENI
493
+ # value: "false"
494
+ # - name: ENABLE_PREFIX_DELEGATION
495
+ # value: "false"
496
+ - name: VPC_CNI_VERSION
497
+ value: "v1.16.0"
498
+ # - name: WARM_ENI_TARGET
499
+ # value: "1"
500
+ - name: WARM_PREFIX_TARGET
501
+ value: "1"
502
+ - name: MY_NODE_NAME
503
+ valueFrom:
504
+ fieldRef:
505
+ apiVersion: v1
506
+ fieldPath: spec.nodeName
507
+ - name: MY_POD_NAME
508
+ valueFrom:
509
+ fieldRef:
510
+ apiVersion: v1
511
+ fieldPath: metadata.name
512
+ resources:
513
+ requests:
514
+ cpu: 25m
515
+ securityContext:
516
+ capabilities:
517
+ add:
518
+ - NET_ADMIN
519
+ - NET_RAW
520
+ volumeMounts:
521
+ - mountPath: /host/opt/cni/bin
522
+ name: cni-bin-dir
523
+ - mountPath: /host/etc/cni/net.d
524
+ name: cni-net-dir
525
+ - mountPath: /host/var/log/aws-routed-eni
526
+ name: log-dir
527
+ - mountPath: /var/run/aws-node
528
+ name: run-dir
529
+ - mountPath: /run/xtables.lock
530
+ name: xtables-lock
531
+ - name: aws-eks-nodeagent
532
+ image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7
533
+ env:
534
+ - name: MY_NODE_NAME
535
+ valueFrom:
536
+ fieldRef:
537
+ apiVersion: v1
538
+ fieldPath: spec.nodeName
539
+ args:
540
+ - --enable-ipv6=false
541
+ - --enable-network-policy=false
542
+ - --enable-cloudwatch-logs=false
543
+ - --enable-policy-event-logs=false
544
+ - --metrics-bind-addr=:8162
545
+ - --health-probe-bind-addr=:8163
546
+ - --conntrack-cache-cleanup-period=300
547
+ resources:
548
+ requests:
549
+ cpu: 25m
550
+ securityContext:
551
+ capabilities:
552
+ add:
553
+ - NET_ADMIN
554
+ privileged: true
555
+ volumeMounts:
556
+ - mountPath: /host/opt/cni/bin
557
+ name: cni-bin-dir
558
+ - mountPath: /sys/fs/bpf
559
+ name: bpf-pin-path
560
+ - mountPath: /var/log/aws-routed-eni
561
+ name: log-dir
562
+ - mountPath: /var/run/aws-node
563
+ name: run-dir
564
+ volumes:
565
+ - name: bpf-pin-path
566
+ hostPath:
567
+ path: /sys/fs/bpf
568
+ - name: cni-bin-dir
569
+ hostPath:
570
+ path: /opt/cni/bin
571
+ - name: cni-net-dir
572
+ hostPath:
573
+ path: /etc/cni/net.d
574
+ - name: log-dir
575
+ hostPath:
576
+ path: /var/log/aws-routed-eni
577
+ type: DirectoryOrCreate
578
+ - name: run-dir
579
+ hostPath:
580
+ path: /var/run/aws-node
581
+ type: DirectoryOrCreate
582
+ - name: xtables-lock
583
+ hostPath:
584
+ path: /run/xtables.lock
585
+ affinity:
586
+ nodeAffinity:
587
+ requiredDuringSchedulingIgnoredDuringExecution:
588
+ nodeSelectorTerms:
589
+ - matchExpressions:
590
+ - key: kubernetes.io/os
591
+ operator: In
592
+ values:
593
+ - linux
594
+ - key: kubernetes.io/arch
595
+ operator: In
596
+ values:
597
+ - amd64
598
+ - arm64
599
+ - key: eks.amazonaws.com/compute-type
600
+ operator: NotIn
601
+ values:
602
+ - fargate