icy · October 16, 2019 13:41
diff --git a/kube2iam-daemonset.yaml b/kube2iam-daemonset.yaml
 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
  name: kube2iam
  namespace: kube-system
  labels:
    app: kube2iam
 spec:
  template:
    metadata:
      labels:
        app: kube2iam
    spec:
      hostNetwork: true
      serviceAccountName: kube2iam
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      containers:
        - name: kube2iam
          image: jtblin/kube2iam:0.10.8
          imagePullPolicy: Always
          args:
            - --host-interface=eni+
            - --host-ip=$(HOST_IP)
            - --iptables=true
            - --app-port=8181
            # Please don't turn these flags on.
            # - --auto-discover-base-arn
            # - --auto-discover-default-role=true
          env:
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          ports:
            - containerPort: 8181
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8181
              scheme: HTTP
            initialDelaySeconds: 30
            periodSeconds: 5
            successThreshold: 1
            failureThreshold: 3
            timeoutSeconds: 1
          securityContext:
            privileged: true
	---
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	name: kube2iam
	namespace: kube-system
	labels:
	app: kube2iam
	spec:
	template:
	metadata:
	labels:
	app: kube2iam
	spec:
	hostNetwork: true
	serviceAccountName: kube2iam
	tolerations:
	- key: node-role.kubernetes.io/master
	effect: NoSchedule
	containers:
	- name: kube2iam
	image: jtblin/kube2iam:0.10.8
	imagePullPolicy: Always
	args:
	- --host-interface=eni+
	- --host-ip=$(HOST_IP)
	- --iptables=true
	- --app-port=8181
	# Please don't turn these flags on.
	# - --auto-discover-base-arn
	# - --auto-discover-default-role=true
	env:
	- name: HOST_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	ports:
	- containerPort: 8181
	livenessProbe:
	httpGet:
	path: /healthz
	port: 8181
	scheme: HTTP
	initialDelaySeconds: 30
	periodSeconds: 5
	successThreshold: 1
	failureThreshold: 3
	timeoutSeconds: 1
	securityContext:
	privileged: true