config/daemon/manager/manager.yaml (92 lines of code) (raw):
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: daemon-manager
namespace: system
labels:
kube-egress-gateway-control-plane: daemon-manager
spec:
selector:
matchLabels:
kube-egress-gateway-control-plane: daemon-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: daemon
labels:
kube-egress-gateway-control-plane: daemon-manager
spec:
hostNetwork: true
nodeSelector:
kubeegressgateway.azure.com/mode: "true"
tolerations:
- key: kubeegressgateway.azure.com/mode
operator: "Equal"
value: "true"
effect: "NoSchedule"
initContainers:
- name: ip-netns-add
image: daemoninit:latest
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/run/netns
name: hostpath-var
mountPropagation: Bidirectional
containers:
- command:
- /kube-egress-gateway-daemon
args:
- --secret-namespace=$(MY_POD_NAMESPACE)
- --gateway-lb-probe-port=8082
image: daemon:latest
name: daemon
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
add: ["NET_ADMIN", "NET_RAW", "SYS_ADMIN"]
volumeMounts:
- mountPath: /var/run/netns
name: hostpath-var
mountPropagation: HostToContainer
- mountPath: /run/xtables.lock
name: iptableslock
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
# TODO(user): Configure the resources accordingly based on the project requirements.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
serviceAccountName: daemon-manager
terminationGracePeriodSeconds: 10
volumes:
- name: hostpath-var
hostPath:
path: /var/run/netns
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: iptableslock