@pulumi/eks 2.8.1 → 2.9.0-alpha.1727304793

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (125) hide show
  1. package/addon.d.ts +61 -13
  2. package/addon.js +45 -18
  3. package/addon.js.map +1 -1
  4. package/cluster.d.ts +291 -585
  5. package/cluster.js +120 -947
  6. package/cluster.js.map +1 -1
  7. package/clusterCreationRoleProvider.d.ts +28 -0
  8. package/clusterCreationRoleProvider.js +47 -0
  9. package/clusterCreationRoleProvider.js.map +1 -0
  10. package/clusterMixins.d.ts +71 -0
  11. package/clusterMixins.js +107 -0
  12. package/clusterMixins.js.map +1 -0
  13. package/index.d.ts +31 -7
  14. package/index.js +80 -34
  15. package/index.js.map +1 -1
  16. package/managedNodeGroup.d.ts +221 -0
  17. package/managedNodeGroup.js +81 -0
  18. package/managedNodeGroup.js.map +1 -0
  19. package/nodeGroup.d.ts +273 -0
  20. package/nodeGroup.js +93 -0
  21. package/nodeGroup.js.map +1 -0
  22. package/nodeGroupSecurityGroup.d.ts +51 -0
  23. package/nodeGroupSecurityGroup.js +60 -0
  24. package/nodeGroupSecurityGroup.js.map +1 -0
  25. package/nodeGroupV2.d.ts +280 -0
  26. package/nodeGroupV2.js +90 -0
  27. package/nodeGroupV2.js.map +1 -0
  28. package/nodegroupMixins.d.ts +203 -0
  29. package/{securitygroup.js → nodegroupMixins.js} +25 -36
  30. package/nodegroupMixins.js.map +1 -0
  31. package/package.json +8 -36
  32. package/provider.d.ts +21 -0
  33. package/provider.js +38 -0
  34. package/provider.js.map +1 -0
  35. package/{storageclass.js → storageclassMixins.js} +1 -14
  36. package/storageclassMixins.js.map +1 -0
  37. package/types/enums/index.d.ts +170 -0
  38. package/types/enums/index.js +145 -0
  39. package/types/enums/index.js.map +1 -0
  40. package/types/index.d.ts +4 -0
  41. package/types/index.js +13 -0
  42. package/types/index.js.map +1 -0
  43. package/types/input.d.ts +745 -0
  44. package/types/input.js +30 -0
  45. package/types/input.js.map +1 -0
  46. package/types/output.d.ts +422 -0
  47. package/types/output.js +5 -0
  48. package/types/output.js.map +1 -0
  49. package/utilities.d.ts +8 -1
  50. package/utilities.js +90 -17
  51. package/utilities.js.map +1 -1
  52. package/vpcCniAddon.d.ts +175 -0
  53. package/vpcCniAddon.js +88 -0
  54. package/vpcCniAddon.js.map +1 -0
  55. package/LICENSE +0 -202
  56. package/README.md +0 -77
  57. package/authenticationMode.d.ts +0 -24
  58. package/authenticationMode.js +0 -172
  59. package/authenticationMode.js.map +0 -1
  60. package/authenticationMode.test.d.ts +0 -1
  61. package/authenticationMode.test.js +0 -208
  62. package/authenticationMode.test.js.map +0 -1
  63. package/cert-thumprint.d.ts +0 -16
  64. package/cert-thumprint.js +0 -113
  65. package/cert-thumprint.js.map +0 -1
  66. package/cmd/provider/addon.d.ts +0 -1
  67. package/cmd/provider/addon.js +0 -40
  68. package/cmd/provider/addon.js.map +0 -1
  69. package/cmd/provider/cluster.d.ts +0 -1
  70. package/cmd/provider/cluster.js +0 -71
  71. package/cmd/provider/cluster.js.map +0 -1
  72. package/cmd/provider/cni.d.ts +0 -2
  73. package/cmd/provider/cni.js +0 -291
  74. package/cmd/provider/cni.js.map +0 -1
  75. package/cmd/provider/index.d.ts +0 -1
  76. package/cmd/provider/index.js +0 -171
  77. package/cmd/provider/index.js.map +0 -1
  78. package/cmd/provider/nodegroup.d.ts +0 -1
  79. package/cmd/provider/nodegroup.js +0 -89
  80. package/cmd/provider/nodegroup.js.map +0 -1
  81. package/cmd/provider/randomSuffix.d.ts +0 -1
  82. package/cmd/provider/randomSuffix.js +0 -52
  83. package/cmd/provider/randomSuffix.js.map +0 -1
  84. package/cmd/provider/schema.json +0 -1909
  85. package/cmd/provider/securitygroup.d.ts +0 -1
  86. package/cmd/provider/securitygroup.js +0 -41
  87. package/cmd/provider/securitygroup.js.map +0 -1
  88. package/cni/README.md +0 -6
  89. package/cni/aws-k8s-cni.yaml +0 -602
  90. package/cni.d.ts +0 -177
  91. package/cni.js +0 -64
  92. package/cni.js.map +0 -1
  93. package/dashboard/heapster-rbac.yaml +0 -12
  94. package/dashboard/heapster.yaml +0 -46
  95. package/dashboard/influxdb.yaml +0 -40
  96. package/dashboard/kubernetes-dashboard.yaml +0 -167
  97. package/dashboard.d.ts +0 -5
  98. package/dashboard.js +0 -58
  99. package/dashboard.js.map +0 -1
  100. package/dependencies.d.ts +0 -2
  101. package/dependencies.js +0 -81
  102. package/dependencies.js.map +0 -1
  103. package/dependencies.test.d.ts +0 -1
  104. package/dependencies.test.js +0 -133
  105. package/dependencies.test.js.map +0 -1
  106. package/nodegroup.d.ts +0 -515
  107. package/nodegroup.js +0 -1152
  108. package/nodegroup.js.map +0 -1
  109. package/nodegroup.test.d.ts +0 -1
  110. package/nodegroup.test.js +0 -336
  111. package/nodegroup.test.js.map +0 -1
  112. package/package.json.dev +0 -67
  113. package/randomSuffix.d.ts +0 -1
  114. package/randomSuffix.js +0 -51
  115. package/randomSuffix.js.map +0 -1
  116. package/securitygroup.d.ts +0 -52
  117. package/securitygroup.js.map +0 -1
  118. package/servicerole.d.ts +0 -43
  119. package/servicerole.js +0 -72
  120. package/servicerole.js.map +0 -1
  121. package/storageclass.js.map +0 -1
  122. package/utils.d.ts +0 -23
  123. package/utils.js +0 -16
  124. package/utils.js.map +0 -1
  125. /package/{storageclass.d.ts → storageclassMixins.d.ts} +0 -0
@@ -1 +0,0 @@
1
- export {};
@@ -1,41 +0,0 @@
1
- "use strict";
2
- // Copyright 2016-2020, Pulumi Corporation.
3
- //
4
- // Licensed under the Apache License, Version 2.0 (the "License");
5
- // you may not use this file except in compliance with the License.
6
- // You may obtain a copy of the License at
7
- //
8
- // http://www.apache.org/licenses/LICENSE-2.0
9
- //
10
- // Unless required by applicable law or agreed to in writing, software
11
- // distributed under the License is distributed on an "AS IS" BASIS,
12
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- // See the License for the specific language governing permissions and
14
- // limitations under the License.
15
- Object.defineProperty(exports, "__esModule", { value: true });
16
- exports.nodeGroupSecurityGroupProviderFactory = void 0;
17
- const securitygroup_1 = require("../../securitygroup");
18
- const nodeGroupSecurityGroupProvider = {
19
- construct: (name, type, inputs, options) => {
20
- try {
21
- const nodeGroupSecurityGroup = new securitygroup_1.NodeGroupSecurityGroup(name, inputs, options);
22
- return Promise.resolve({
23
- urn: nodeGroupSecurityGroup.urn,
24
- state: {
25
- securityGroup: nodeGroupSecurityGroup.securityGroup,
26
- securityGroupRule: nodeGroupSecurityGroup.securityGroupRule,
27
- },
28
- });
29
- }
30
- catch (e) {
31
- return Promise.reject(e);
32
- }
33
- },
34
- version: "", // ignored
35
- };
36
- /** @internal */
37
- function nodeGroupSecurityGroupProviderFactory() {
38
- return nodeGroupSecurityGroupProvider;
39
- }
40
- exports.nodeGroupSecurityGroupProviderFactory = nodeGroupSecurityGroupProviderFactory;
41
- //# sourceMappingURL=securitygroup.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"securitygroup.js","sourceRoot":"","sources":["../../../cmd/provider/securitygroup.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;AAGjC,uDAA6D;AAE7D,MAAM,8BAA8B,GAA6B;IAC7D,SAAS,EAAE,CACP,IAAY,EACZ,IAAY,EACZ,MAAqB,EACrB,OAAwC,EAC1C,EAAE;QACA,IAAI;YACA,MAAM,sBAAsB,GAAG,IAAI,sCAAsB,CAAC,IAAI,EAAO,MAAM,EAAE,OAAO,CAAC,CAAC;YACtF,OAAO,OAAO,CAAC,OAAO,CAAC;gBACnB,GAAG,EAAE,sBAAsB,CAAC,GAAG;gBAC/B,KAAK,EAAE;oBACH,aAAa,EAAE,sBAAsB,CAAC,aAAa;oBACnD,iBAAiB,EAAE,sBAAsB,CAAC,iBAAiB;iBAC9D;aACJ,CAAC,CAAC;SACN;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;SAC5B;IACL,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,UAAU;CAC1B,CAAC;AAEF,gBAAgB;AAChB,SAAgB,qCAAqC;IACjD,OAAO,8BAA8B,CAAC;AAC1C,CAAC;AAFD,sFAEC"}
package/cni/README.md DELETED
@@ -1,6 +0,0 @@
1
- The CNI manfiest used has divergence between the
2
- [upstream CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.16.0/config/master/aws-k8s-cni.yaml),
3
- Pulumi's [approach](https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cni/aws-k8s-cni.yaml),
4
- and what AWS does by [default](https://github.com/aws/amazon-vpc-cni-k8s/issues/755) for Fargate clusters.
5
-
6
- Pulumi's fork of the manifest removes certain lines from the upstream manifest. This is showcased in our forked copy by commenting out such lines.
@@ -1,602 +0,0 @@
1
- # Adapted from: https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.16.0/config/master/aws-k8s-cni.yaml
2
- # Configuration that differs from upstream are commented out.
3
- ---
4
- # Source: aws-vpc-cni/crds/customresourcedefinition.yaml
5
- apiVersion: apiextensions.k8s.io/v1
6
- kind: CustomResourceDefinition
7
- metadata:
8
- name: eniconfigs.crd.k8s.amazonaws.com
9
- spec:
10
- scope: Cluster
11
- group: crd.k8s.amazonaws.com
12
- preserveUnknownFields: false
13
- versions:
14
- - name: v1alpha1
15
- served: true
16
- storage: true
17
- schema:
18
- openAPIV3Schema:
19
- type: object
20
- x-kubernetes-preserve-unknown-fields: true
21
- names:
22
- plural: eniconfigs
23
- singular: eniconfig
24
- kind: ENIConfig
25
- ---
26
- apiVersion: apiextensions.k8s.io/v1
27
- kind: CustomResourceDefinition
28
- metadata:
29
- annotations:
30
- controller-gen.kubebuilder.io/version: v0.11.3
31
- creationTimestamp: null
32
- labels:
33
- app.kubernetes.io/name: amazon-network-policy-controller-k8s
34
- name: policyendpoints.networking.k8s.aws
35
- spec:
36
- group: networking.k8s.aws
37
- names:
38
- kind: PolicyEndpoint
39
- listKind: PolicyEndpointList
40
- plural: policyendpoints
41
- singular: policyendpoint
42
- scope: Namespaced
43
- versions:
44
- - name: v1alpha1
45
- schema:
46
- openAPIV3Schema:
47
- description: PolicyEndpoint is the Schema for the policyendpoints API
48
- properties:
49
- apiVersion:
50
- description:
51
- "APIVersion defines the versioned schema of this representation
52
- of an object. Servers should convert recognized schemas to the latest
53
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
54
- type: string
55
- kind:
56
- description: "Kind is a string value representing the REST resource this
57
- object represents. Servers may infer this from the endpoint the client
58
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
59
- type: string
60
- metadata:
61
- type: object
62
- spec:
63
- description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
64
- properties:
65
- egress:
66
- description:
67
- Egress is the list of egress rules containing resolved
68
- network addresses
69
- items:
70
- description:
71
- EndpointInfo defines the network endpoint information
72
- for the policy ingress/egress
73
- properties:
74
- cidr:
75
- description: CIDR is the network address(s) of the endpoint
76
- type: string
77
- except:
78
- description:
79
- Except is the exceptions to the CIDR ranges mentioned
80
- above.
81
- items:
82
- type: string
83
- type: array
84
- ports:
85
- description: Ports is the list of ports
86
- items:
87
- description:
88
- Port contains information about the transport
89
- port/protocol
90
- properties:
91
- endPort:
92
- description:
93
- Endport specifies the port range port to
94
- endPort port must be defined and an integer, endPort
95
- > port
96
- format: int32
97
- type: integer
98
- port:
99
- description:
100
- Port specifies the numerical port for the
101
- protocol. If empty applies to all ports
102
- format: int32
103
- type: integer
104
- protocol:
105
- default: TCP
106
- description:
107
- Protocol specifies the transport protocol,
108
- default TCP
109
- type: string
110
- type: object
111
- type: array
112
- required:
113
- - cidr
114
- type: object
115
- type: array
116
- ingress:
117
- description:
118
- Ingress is the list of ingress rules containing resolved
119
- network addresses
120
- items:
121
- description:
122
- EndpointInfo defines the network endpoint information
123
- for the policy ingress/egress
124
- properties:
125
- cidr:
126
- description: CIDR is the network address(s) of the endpoint
127
- type: string
128
- except:
129
- description:
130
- Except is the exceptions to the CIDR ranges mentioned
131
- above.
132
- items:
133
- type: string
134
- type: array
135
- ports:
136
- description: Ports is the list of ports
137
- items:
138
- description:
139
- Port contains information about the transport
140
- port/protocol
141
- properties:
142
- endPort:
143
- description:
144
- Endport specifies the port range port to
145
- endPort port must be defined and an integer, endPort
146
- > port
147
- format: int32
148
- type: integer
149
- port:
150
- description:
151
- Port specifies the numerical port for the
152
- protocol. If empty applies to all ports
153
- format: int32
154
- type: integer
155
- protocol:
156
- default: TCP
157
- description:
158
- Protocol specifies the transport protocol,
159
- default TCP
160
- type: string
161
- type: object
162
- type: array
163
- required:
164
- - cidr
165
- type: object
166
- type: array
167
- podIsolation:
168
- description:
169
- PodIsolation specifies whether the pod needs to be isolated
170
- for a particular traffic direction Ingress or Egress, or both. If
171
- default isolation is not specified, and there are no ingress/egress
172
- rules, then the pod is not isolated from the point of view of this
173
- policy. This follows the NetworkPolicy spec.PolicyTypes.
174
- items:
175
- description:
176
- PolicyType string describes the NetworkPolicy type
177
- This type is beta-level in 1.8
178
- type: string
179
- type: array
180
- podSelector:
181
- description: PodSelector is the podSelector from the policy resource
182
- properties:
183
- matchExpressions:
184
- description:
185
- matchExpressions is a list of label selector requirements.
186
- The requirements are ANDed.
187
- items:
188
- description:
189
- A label selector requirement is a selector that
190
- contains values, a key, and an operator that relates the key
191
- and values.
192
- properties:
193
- key:
194
- description:
195
- key is the label key that the selector applies
196
- to.
197
- type: string
198
- operator:
199
- description:
200
- operator represents a key's relationship to
201
- a set of values. Valid operators are In, NotIn, Exists
202
- and DoesNotExist.
203
- type: string
204
- values:
205
- description:
206
- values is an array of string values. If the
207
- operator is In or NotIn, the values array must be non-empty.
208
- If the operator is Exists or DoesNotExist, the values
209
- array must be empty. This array is replaced during a strategic
210
- merge patch.
211
- items:
212
- type: string
213
- type: array
214
- required:
215
- - key
216
- - operator
217
- type: object
218
- type: array
219
- matchLabels:
220
- additionalProperties:
221
- type: string
222
- description:
223
- matchLabels is a map of {key,value} pairs. A single
224
- {key,value} in the matchLabels map is equivalent to an element
225
- of matchExpressions, whose key field is "key", the operator
226
- is "In", and the values array contains only "value". The requirements
227
- are ANDed.
228
- type: object
229
- type: object
230
- x-kubernetes-map-type: atomic
231
- podSelectorEndpoints:
232
- description:
233
- PodSelectorEndpoints contains information about the pods
234
- matching the podSelector
235
- items:
236
- description:
237
- PodEndpoint defines the summary information for the
238
- pods
239
- properties:
240
- hostIP:
241
- description:
242
- HostIP is the IP address of the host the pod is
243
- currently running on
244
- type: string
245
- name:
246
- description: Name is the pod name
247
- type: string
248
- namespace:
249
- description: Namespace is the pod namespace
250
- type: string
251
- podIP:
252
- description: PodIP is the IP address of the pod
253
- type: string
254
- required:
255
- - hostIP
256
- - name
257
- - namespace
258
- - podIP
259
- type: object
260
- type: array
261
- policyRef:
262
- description:
263
- PolicyRef is a reference to the Kubernetes NetworkPolicy
264
- resource.
265
- properties:
266
- name:
267
- description: Name is the name of the Policy
268
- type: string
269
- namespace:
270
- description: Namespace is the namespace of the Policy
271
- type: string
272
- required:
273
- - name
274
- - namespace
275
- type: object
276
- required:
277
- - policyRef
278
- type: object
279
- status:
280
- description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
281
- type: object
282
- type: object
283
- served: true
284
- storage: true
285
- subresources:
286
- status: {}
287
- ---
288
- # Source: aws-vpc-cni/templates/serviceaccount.yaml
289
- apiVersion: v1
290
- kind: ServiceAccount
291
- metadata:
292
- name: aws-node
293
- namespace: kube-system
294
- labels:
295
- app.kubernetes.io/name: aws-node
296
- app.kubernetes.io/instance: aws-vpc-cni
297
- k8s-app: aws-node
298
- app.kubernetes.io/version: "v1.16.0"
299
- ---
300
- # Source: aws-vpc-cni/templates/configmap.yaml
301
- apiVersion: v1
302
- kind: ConfigMap
303
- metadata:
304
- name: amazon-vpc-cni
305
- namespace: kube-system
306
- labels:
307
- app.kubernetes.io/name: aws-node
308
- app.kubernetes.io/instance: aws-vpc-cni
309
- k8s-app: aws-node
310
- app.kubernetes.io/version: "v1.16.0"
311
- data:
312
- enable-windows-ipam: "false"
313
- enable-network-policy-controller: "false"
314
- enable-windows-prefix-delegation: "false"
315
- warm-prefix-target: "0"
316
- warm-ip-target: "1"
317
- minimum-ip-target: "3"
318
- branch-eni-cooldown: "60"
319
- ---
320
- # Source: aws-vpc-cni/templates/clusterrole.yaml
321
- apiVersion: rbac.authorization.k8s.io/v1
322
- kind: ClusterRole
323
- metadata:
324
- name: aws-node
325
- labels:
326
- app.kubernetes.io/name: aws-node
327
- app.kubernetes.io/instance: aws-vpc-cni
328
- k8s-app: aws-node
329
- app.kubernetes.io/version: "v1.16.0"
330
- rules:
331
- - apiGroups:
332
- - crd.k8s.amazonaws.com
333
- resources:
334
- - eniconfigs
335
- verbs: ["list", "watch", "get"]
336
- - apiGroups: [""]
337
- resources:
338
- - namespaces
339
- verbs: ["list", "watch", "get"]
340
- - apiGroups: [""]
341
- resources:
342
- - pods
343
- verbs: ["list", "watch", "get"]
344
- - apiGroups: [""]
345
- resources:
346
- - nodes
347
- verbs: ["list", "watch", "get"]
348
- - apiGroups: ["", "events.k8s.io"]
349
- resources:
350
- - events
351
- verbs: ["create", "patch", "list"]
352
- - apiGroups: ["networking.k8s.aws"]
353
- resources:
354
- - policyendpoints
355
- verbs: ["get", "list", "watch"]
356
- - apiGroups: ["networking.k8s.aws"]
357
- resources:
358
- - policyendpoints/status
359
- verbs: ["get"]
360
- - apiGroups:
361
- - vpcresources.k8s.aws
362
- resources:
363
- - cninodes
364
- verbs: ["get", "list", "watch", "patch"]
365
- ---
366
- # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
367
- apiVersion: rbac.authorization.k8s.io/v1
368
- kind: ClusterRoleBinding
369
- metadata:
370
- name: aws-node
371
- labels:
372
- app.kubernetes.io/name: aws-node
373
- app.kubernetes.io/instance: aws-vpc-cni
374
- k8s-app: aws-node
375
- app.kubernetes.io/version: "v1.16.0"
376
- roleRef:
377
- apiGroup: rbac.authorization.k8s.io
378
- kind: ClusterRole
379
- name: aws-node
380
- subjects:
381
- - kind: ServiceAccount
382
- name: aws-node
383
- namespace: kube-system
384
- ---
385
- # Source: aws-vpc-cni/templates/daemonset.yaml
386
- kind: DaemonSet
387
- apiVersion: apps/v1
388
- metadata:
389
- name: aws-node
390
- namespace: kube-system
391
- labels:
392
- app.kubernetes.io/name: aws-node
393
- app.kubernetes.io/instance: aws-vpc-cni
394
- k8s-app: aws-node
395
- app.kubernetes.io/version: "v1.16.0"
396
- spec:
397
- updateStrategy:
398
- rollingUpdate:
399
- maxUnavailable: 10%
400
- type: RollingUpdate
401
- selector:
402
- matchLabels:
403
- k8s-app: aws-node
404
- template:
405
- metadata:
406
- labels:
407
- app.kubernetes.io/name: aws-node
408
- app.kubernetes.io/instance: aws-vpc-cni
409
- k8s-app: aws-node
410
- spec:
411
- priorityClassName: "system-node-critical"
412
- serviceAccountName: aws-node
413
- hostNetwork: true
414
- initContainers:
415
- - name: aws-vpc-cni-init
416
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.16.0
417
- env: []
418
- # env:
419
- # - name: DISABLE_TCP_EARLY_DEMUX
420
- # value: "false"
421
- # - name: ENABLE_IPv6
422
- # value: "false"
423
- securityContext:
424
- privileged: true
425
- resources:
426
- requests:
427
- cpu: 25m
428
- volumeMounts:
429
- - mountPath: /host/opt/cni/bin
430
- name: cni-bin-dir
431
- terminationGracePeriodSeconds: 10
432
- tolerations:
433
- - operator: Exists
434
- securityContext: {}
435
- containers:
436
- - name: aws-node
437
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.16.0
438
- ports:
439
- - containerPort: 61678
440
- name: metrics
441
- livenessProbe:
442
- exec:
443
- command:
444
- - /app/grpc-health-probe
445
- - -addr=:50051
446
- - -connect-timeout=5s
447
- - -rpc-timeout=5s
448
- initialDelaySeconds: 60
449
- timeoutSeconds: 10
450
- readinessProbe:
451
- exec:
452
- command:
453
- - /app/grpc-health-probe
454
- - -addr=:50051
455
- - -connect-timeout=5s
456
- - -rpc-timeout=5s
457
- initialDelaySeconds: 1
458
- timeoutSeconds: 10
459
- env:
460
- - name: ADDITIONAL_ENI_TAGS
461
- value: "{}"
462
- # - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
463
- # value: "true"
464
- # - name: AWS_VPC_ENI_MTU
465
- # value: "9001"
466
- # - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
467
- # value: "false"
468
- # - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
469
- # value: "false"
470
- # - name: AWS_VPC_K8S_CNI_LOGLEVEL
471
- # value: "DEBUG"
472
- # - name: AWS_VPC_K8S_CNI_LOG_FILE
473
- # value: "/host/var/log/aws-routed-eni/ipamd.log"
474
- - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
475
- value: "prng"
476
- # - name: AWS_VPC_K8S_CNI_VETHPREFIX
477
- # value: "eni"
478
- # - name: AWS_VPC_K8S_PLUGIN_LOG_FILE
479
- # value: "/var/log/aws-routed-eni/plugin.log"
480
- # - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
481
- # value: "DEBUG"
482
- - name: DISABLE_INTROSPECTION
483
- value: "false"
484
- - name: DISABLE_METRICS
485
- value: "false"
486
- - name: DISABLE_NETWORK_RESOURCE_PROVISIONING
487
- value: "false"
488
- - name: ENABLE_IPv4
489
- value: "true"
490
- # - name: ENABLE_IPv6
491
- # value: "false"
492
- # - name: ENABLE_POD_ENI
493
- # value: "false"
494
- # - name: ENABLE_PREFIX_DELEGATION
495
- # value: "false"
496
- - name: VPC_CNI_VERSION
497
- value: "v1.16.0"
498
- # - name: WARM_ENI_TARGET
499
- # value: "1"
500
- - name: WARM_PREFIX_TARGET
501
- value: "1"
502
- - name: MY_NODE_NAME
503
- valueFrom:
504
- fieldRef:
505
- apiVersion: v1
506
- fieldPath: spec.nodeName
507
- - name: MY_POD_NAME
508
- valueFrom:
509
- fieldRef:
510
- apiVersion: v1
511
- fieldPath: metadata.name
512
- resources:
513
- requests:
514
- cpu: 25m
515
- securityContext:
516
- capabilities:
517
- add:
518
- - NET_ADMIN
519
- - NET_RAW
520
- volumeMounts:
521
- - mountPath: /host/opt/cni/bin
522
- name: cni-bin-dir
523
- - mountPath: /host/etc/cni/net.d
524
- name: cni-net-dir
525
- - mountPath: /host/var/log/aws-routed-eni
526
- name: log-dir
527
- - mountPath: /var/run/aws-node
528
- name: run-dir
529
- - mountPath: /run/xtables.lock
530
- name: xtables-lock
531
- - name: aws-eks-nodeagent
532
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7
533
- env:
534
- - name: MY_NODE_NAME
535
- valueFrom:
536
- fieldRef:
537
- apiVersion: v1
538
- fieldPath: spec.nodeName
539
- args:
540
- - --enable-ipv6=false
541
- - --enable-network-policy=false
542
- - --enable-cloudwatch-logs=false
543
- - --enable-policy-event-logs=false
544
- - --metrics-bind-addr=:8162
545
- - --health-probe-bind-addr=:8163
546
- - --conntrack-cache-cleanup-period=300
547
- resources:
548
- requests:
549
- cpu: 25m
550
- securityContext:
551
- capabilities:
552
- add:
553
- - NET_ADMIN
554
- privileged: true
555
- volumeMounts:
556
- - mountPath: /host/opt/cni/bin
557
- name: cni-bin-dir
558
- - mountPath: /sys/fs/bpf
559
- name: bpf-pin-path
560
- - mountPath: /var/log/aws-routed-eni
561
- name: log-dir
562
- - mountPath: /var/run/aws-node
563
- name: run-dir
564
- volumes:
565
- - name: bpf-pin-path
566
- hostPath:
567
- path: /sys/fs/bpf
568
- - name: cni-bin-dir
569
- hostPath:
570
- path: /opt/cni/bin
571
- - name: cni-net-dir
572
- hostPath:
573
- path: /etc/cni/net.d
574
- - name: log-dir
575
- hostPath:
576
- path: /var/log/aws-routed-eni
577
- type: DirectoryOrCreate
578
- - name: run-dir
579
- hostPath:
580
- path: /var/run/aws-node
581
- type: DirectoryOrCreate
582
- - name: xtables-lock
583
- hostPath:
584
- path: /run/xtables.lock
585
- affinity:
586
- nodeAffinity:
587
- requiredDuringSchedulingIgnoredDuringExecution:
588
- nodeSelectorTerms:
589
- - matchExpressions:
590
- - key: kubernetes.io/os
591
- operator: In
592
- values:
593
- - linux
594
- - key: kubernetes.io/arch
595
- operator: In
596
- values:
597
- - amd64
598
- - arm64
599
- - key: eks.amazonaws.com/compute-type
600
- operator: NotIn
601
- values:
602
- - fargate