deployment.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: azureassignedidentities.aadpodidentity.k8s.io
spec:
  group: aadpodidentity.k8s.io
  version: v1
  names:
    kind: AzureAssignedIdentity
    plural: azureassignedidentities
  scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: azureidentitybindings.aadpodidentity.k8s.io
spec:
  group: aadpodidentity.k8s.io
  version: v1
  names:
    kind: AzureIdentityBinding
    plural: azureidentitybindings
  scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: azureidentities.aadpodidentity.k8s.io
spec:
  group: aadpodidentity.k8s.io
  version: v1
  names:
    kind: AzureIdentity
    singular: azureidentity
    plural: azureidentities
  scope: Namespaced
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    kubernetes.io/cluster-service: "true"
    component: nmi
    tier: node
  name: nmi
  namespace: default
spec:
  template:
    metadata:
      labels:
        component: nmi
        tier: node
    spec:
      hostNetwork: true
      volumes:
      - hostPath:
          path: /run/xtables.lock
          type: FileOrCreate
        name: iptableslock
      containers:
      - name: nmi
        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.4"
        imagePullPolicy: Always
        args:
          - nmi
          - "--host-ip=$(HOST_IP)"
          - "--node=$(NODE_NAME)"
        env:
          - name: HOST_IP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
        securityContext:
          privileged: true
          capabilities:
            add:
            - NET_ADMIN
        volumeMounts:
        - mountPath: /run/xtables.lock
          name: iptableslock
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    component: mic
  name: mic
  namespace: default
spec:
  template:
    metadata:
      labels:
        component: mic
    spec:
      containers:
      - name: mic
        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.3"
        imagePullPolicy: Always
        args:
          - mic
          - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
          - "--cloudconfig=/etc/kubernetes/azure.json"
          - "--logtostderr"
        volumeMounts:
          - name: kubeconfig
            mountPath: /etc/kubernetes/kubeconfig
            readOnly: true
          - name: certificates
            mountPath: /etc/kubernetes/certs
            readOnly: true
          - name: k8s-azure-file
            mountPath: /etc/kubernetes/azure.json
            readOnly: true
      volumes:
      - name: kubeconfig
        hostPath:
          path: /var/lib/kubelet
      - name: certificates
        hostPath:
          path: /etc/kubernetes/certs
      - name: k8s-azure-file
        hostPath: 
          path: /etc/kubernetes/azure.json
      nodeSelector:
        beta.kubernetes.io/os: linux