apiVersion: v1
kind: Pod
metadata:
name: kube-addon-manager
namespace: kube-system
labels:
component: kube-addon-manager
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
runAsUser: {{runAsUser}}
runAsGroup: {{runAsGroup}}
priorityClassName: system-node-critical
priority: 2000001000
hostNetwork: true
containers:
- name: kube-addon-manager
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
# When updating version also bump it in:
# - test/kubemark/resources/manifests/kube-addon-manager.yaml
image: registry.k8s.io/addon-manager/kube-addon-manager:v9.1.7
command:
- /bin/bash
- -c
- exec /opt/kube-addons-main.sh 1>>/var/log/kube-addon-manager.log 2>&1
resources:
requests:
cpu: 5m
memory: 50Mi
volumeMounts:
- mountPath: /etc/kubernetes/
name: addons
readOnly: true
- mountPath: /var/log
name: varlog
readOnly: false
- mountPath: /etc/srv/kubernetes/addon-manager/
name: srvkube
readOnly: true
env:
- name: KUBECTL_PRUNE_WHITELIST_OVERRIDE
value: {{kubectl_prune_whitelist_override}}
- name: KUBECTL_EXTRA_PRUNE_WHITELIST
value: {{kubectl_extra_prune_whitelist}}
- name: KUBECTL_OPTS
value: '--kubeconfig=/etc/srv/kubernetes/addon-manager/kubeconfig'
volumes:
- hostPath:
path: /etc/kubernetes/
name: addons
- hostPath:
path: /var/log
name: varlog
- hostPath:
path: /etc/srv/kubernetes/addon-manager/
name: srvkube