--- /dev/null
+# yamllint disable rule:hyphens rule:commas rule:indentation
+apiVersion: apps/v1beta2
+kind: DaemonSet
+metadata:
+ name: netwatcher
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ danm.k8s.io: netwatcher
+ template:
+ metadata:
+ labels:
+ danm.k8s.io: netwatcher
+ spec:
+ serviceAccount: netwatcher
+ hostNetwork: true
+ dnsPolicy: ClusterFirst
+ hostIPC: true
+ hostPID: true
+ containers:
+ - name: netwatcher
+ image: iecedge/netwatcher:v4.0.0
+ securityContext:
+ capabilities:
+ add:
+ - SYS_PTRACE
+ - SYS_ADMIN
+ - NET_ADMIN
+ - NET_RAW
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
+ - effect: NoExecute
+ operator: Exists
+ terminationGracePeriodSeconds: 0