intel-device-plugins-for-kubernetes/deployments/dsa_plugin/base/intel-dsa-plugin.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: intel-dsa-plugin
  labels:
    app: intel-dsa-plugin
spec:
  selector:
    matchLabels:
      app: intel-dsa-plugin
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  template:
    metadata:
      labels:
        app: intel-dsa-plugin
    spec:
      automountServiceAccountToken: false
      containers:
      - name: intel-dsa-plugin
        env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
        image: intel/intel-dsa-plugin:devel
        imagePullPolicy: IfNotPresent
        securityContext:
          seLinuxOptions:
            type: "container_device_plugin_t"
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          seccompProfile:
            type: RuntimeDefault
        resources:
          requests:
            memory: "25Mi"
            cpu: 50m
          limits:
            memory: "50Mi"
            cpu: 100m
        volumeMounts:
        - name: devfs
          mountPath: /dev/dsa
          readOnly: true
        - name: chardevs
          mountPath: /dev/char
          readOnly: true
        - name: sysfs
          mountPath: /sys/bus/dsa
          readOnly: true
        - name: kubeletsockets
          mountPath: /var/lib/kubelet/device-plugins
      volumes:
      - name: devfs
        hostPath:
          path: /dev/dsa
      - name: chardevs
        hostPath:
          path: /dev/char
      - name: sysfs
        hostPath:
          path: /sys/bus/dsa
      - name: kubeletsockets
        hostPath:
          path: /var/lib/kubelet/device-plugins
      nodeSelector:
        kubernetes.io/arch: amd64