config/addons/essentials/kube-proxy.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: kube-system
  name: kube-proxy
data:
  kubeconfig.conf: |
    apiVersion: v1
    kind: Config
    current-context: default
    contexts:
    - name: default
      context:
        cluster: default
        namespace: default
        user: default
    clusters:
    - name: default
      cluster:
        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        server: https://[::1]:6444
    users:
    - name: default
      user:
        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kube-proxy
  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: system:kube-proxy
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
subjects:
  - kind: ServiceAccount
    name: kube-proxy
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: system:node-proxier
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  namespace: kube-system
  name: kube-proxy
  labels:
    k8s-app: kube-proxy
spec:
  minReadySeconds: 60
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      k8s-app: kube-proxy
  template:
    metadata:
      labels:
        k8s-app: kube-proxy
        app: kube-proxy
    spec:
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
      serviceAccountName: kube-proxy
      hostNetwork: true
{{ if eq "kpng" .vars.kube_proxy }}
      containers:
      - image: mcluseau/kpng:0.4
        name: kpng
        volumeMounts:
        - name: empty
          mountPath: /k8s
        - mountPath: /var/lib/kpng
          name: kpng-config
        args:
        - kube
        - --kubeconfig=/var/lib/kpng/kubeconfig.conf
        - to-api
        - --listen=unix:///k8s/proxy.sock
      - image: mcluseau/kpng:0.4
        name: kpng-nftables
        securityContext:
          capabilities:
           add:
           - NET_ADMIN
        volumeMounts:
        - name: empty
          mountPath: /k8s
        - name: modules
          mountPath: /lib/modules
          readOnly: true
        args:
        - local
        - --api=unix:///k8s/proxy.sock
        - to-nft
        - --cluster-cidrs={{ .subnets.pods }}
        #- --v=2
        #- --dry-run
      volumes:
      - name: empty
        emptyDir: {}
      - name: modules
        hostPath:
          path: /lib/modules
      - name: kpng-config
        configMap:
          name: kube-proxy
{{ else }}
      containers:
      - command:
        - kube-proxy
        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
        - --hostname-override=$(HOSTNAME_OVERRIDE)
        - --cluster-cidr={{.subnets.services}}
        - --proxy-mode=iptables
        env:
        - name: HOSTNAME_OVERRIDE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        image: {{.vars.k8s_registry}}/kube-proxy:{{.vars.kubernetes_version}}
        imagePullPolicy: IfNotPresent
        name: kube-proxy
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /var/lib/kube-proxy
          name: kube-proxy
        - mountPath: /lib/modules
          name: modules
      volumes:
      - name: kube-proxy
        configMap:
          name: kube-proxy
      - name: modules
        hostPath:
          path: /lib/modules
{{ end }}
Initial commit 2023-05-15 14:36:48 +00:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`namespace: kube-system`
			`name: kube-proxy`
			`data:`
			`kubeconfig.conf: \|`
			`apiVersion: v1`
			`kind: Config`
			`current-context: default`
			`contexts:`
			`- name: default`
			`context:`
			`cluster: default`
			`namespace: default`
			`user: default`
			`clusters:`
			`- name: default`
			`cluster:`
			`certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt`
			`server: https://[::1]:6444`
			`users:`
			`- name: default`
			`user:`
			`tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token`

			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: kube-proxy`
			`namespace: kube-system`
			`labels:`
			`addonmanager.kubernetes.io/mode: Reconcile`
			`---`
			`kind: ClusterRoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: system:kube-proxy`
			`labels:`
			`addonmanager.kubernetes.io/mode: Reconcile`
			`subjects:`
			`- kind: ServiceAccount`
			`name: kube-proxy`
			`namespace: kube-system`
			`roleRef:`
			`kind: ClusterRole`
			`name: system:node-proxier`
			`apiGroup: rbac.authorization.k8s.io`

			`---`
			`apiVersion: apps/v1`
			`kind: DaemonSet`
			`metadata:`
			`namespace: kube-system`
			`name: kube-proxy`
			`labels:`
			`k8s-app: kube-proxy`
			`spec:`
			`minReadySeconds: 60`
			`updateStrategy:`
			`type: RollingUpdate`
			`selector:`
			`matchLabels:`
			`k8s-app: kube-proxy`
			`template:`
			`metadata:`
			`labels:`
			`k8s-app: kube-proxy`
			`app: kube-proxy`
			`spec:`
			`tolerations:`
			`- effect: NoSchedule`
			`operator: Exists`
			`- effect: NoExecute`
			`operator: Exists`
			`serviceAccountName: kube-proxy`
			`hostNetwork: true`
			`{{ if eq "kpng" .vars.kube_proxy }}`
			`containers:`
			`- image: mcluseau/kpng:0.4`
			`name: kpng`
			`volumeMounts:`
			`- name: empty`
			`mountPath: /k8s`
			`- mountPath: /var/lib/kpng`
			`name: kpng-config`
			`args:`
			`- kube`
			`- --kubeconfig=/var/lib/kpng/kubeconfig.conf`
			`- to-api`
			`- --listen=unix:///k8s/proxy.sock`
			`- image: mcluseau/kpng:0.4`
			`name: kpng-nftables`
			`securityContext:`
			`capabilities:`
			`add:`
			`- NET_ADMIN`
			`volumeMounts:`
			`- name: empty`
			`mountPath: /k8s`
			`- name: modules`
			`mountPath: /lib/modules`
			`readOnly: true`
			`args:`
			`- local`
			`- --api=unix:///k8s/proxy.sock`
			`- to-nft`
			`- --cluster-cidrs={{ .subnets.pods }}`
			`#- --v=2`
			`#- --dry-run`
			`volumes:`
			`- name: empty`
			`emptyDir: {}`
			`- name: modules`
			`hostPath:`
			`path: /lib/modules`
			`- name: kpng-config`
			`configMap:`
			`name: kube-proxy`
			`{{ else }}`
			`containers:`
			`- command:`
			`- kube-proxy`
			`- --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf`
			`- --hostname-override=$(HOSTNAME_OVERRIDE)`
			`- --cluster-cidr={{.subnets.services}}`
			`- --proxy-mode=iptables`
			`env:`
			`- name: HOSTNAME_OVERRIDE`
			`valueFrom:`
			`fieldRef:`
			`apiVersion: v1`
			`fieldPath: spec.nodeName`
			`image: {{.vars.k8s_registry}}/kube-proxy:{{.vars.kubernetes_version}}`
			`imagePullPolicy: IfNotPresent`
			`name: kube-proxy`
			`securityContext:`
			`privileged: true`
			`volumeMounts:`
			`- mountPath: /var/lib/kube-proxy`
			`name: kube-proxy`
			`- mountPath: /lib/modules`
			`name: modules`
			`volumes:`
			`- name: kube-proxy`
			`configMap:`
			`name: kube-proxy`
			`- name: modules`
			`hostPath:`
			`path: /lib/modules`
			`{{ end }}`