parts/k8s/addons/kube-proxy.yaml (129 lines of code) (raw):
apiVersion: v1
kind: ConfigMap
data:
config.yaml: |
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
clientConnection:
kubeconfig: /var/lib/kubelet/kubeconfig
clusterCIDR: "{{ContainerConfig "cluster-cidr"}}"
mode: "{{ContainerConfig "proxy-mode"}}"
{{- if ContainerConfig "bind-address"}}
bindAddress: "{{ContainerConfig "bind-address"}}"
{{- end}}
{{- if ContainerConfig "healthz-bind-address"}}
healthzBindAddress: "{{ContainerConfig "healthz-bind-address"}}"
{{- end}}
{{- if ContainerConfig "metrics-bind-address"}}
metricsBindAddress: "{{ContainerConfig "metrics-bind-address"}}"
{{- end}}
featureGates:
{{ContainerConfig "featureGates"}}
metadata:
name: kube-proxy-config
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
component: kube-proxy
tier: node
k8s-app: kube-proxy
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
component: kube-proxy
tier: node
k8s-app: kube-proxy
name: kube-proxy
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: kube-proxy
component: kube-proxy
tier: node
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 50%
template:
metadata:
labels:
component: kube-proxy
tier: node
k8s-app: kube-proxy
annotations:
cluster-autoscaler.kubernetes.io/daemonset-pod: "true"
spec:
priorityClassName: system-node-critical
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: "Exists"
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
operator: "Exists"
- operator: "Exists"
effect: NoExecute
- operator: "Exists"
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists
containers:
- command:
- kube-proxy
- --config=/var/lib/kube-proxy/config.yaml
image: {{ContainerImage "kube-proxy"}}
imagePullPolicy: IfNotPresent
name: kube-proxy
resources:
requests:
cpu: 100m
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs-host
readOnly: true
- mountPath: /etc/kubernetes
name: etc-kubernetes
readOnly: true
- mountPath: /var/lib/kubelet/kubeconfig
name: kubeconfig
readOnly: true
- mountPath: /run/xtables.lock
name: iptableslock
- mountPath: /lib/modules/
name: kernelmodules
readOnly: true
- mountPath: /var/lib/kube-proxy/config.yaml
subPath: config.yaml
name: kube-proxy-config-volume
readOnly: true
hostNetwork: true
volumes:
- hostPath:
path: /usr/share/ca-certificates
name: ssl-certs-host
- hostPath:
path: /var/lib/kubelet/kubeconfig
name: kubeconfig
- hostPath:
path: /etc/kubernetes
name: etc-kubernetes
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: iptableslock
- hostPath:
path: /lib/modules/
name: kernelmodules
- configMap:
name: kube-proxy-config
name: kube-proxy-config-volume
nodeSelector:
kubernetes.io/os: linux