Update to v1.32

addons/novit/kube-proxy.yaml

@@ -0,0 +1,152 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: kube-system
+  name: kube-proxy
+data:
+  kubeconfig.conf: |
+    apiVersion: v1
+    kind: Config
+    current-context: default
+    contexts:
+    - name: default
+      context:
+        cluster: default
+        namespace: default
+        user: default
+    clusters:
+    - name: default
+      cluster:
+        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        server: https://[::1]:6444
+    users:
+    - name: default
+      user:
+        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-proxy
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-proxy
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+  - kind: ServiceAccount
+    name: kube-proxy
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: system:node-proxier
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: kube-system
+  name: kube-proxy
+  labels:
+    k8s-app: kube-proxy
+spec:
+  minReadySeconds: 60
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      k8s-app: kube-proxy
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-proxy
+        app: kube-proxy
+    spec:
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+      serviceAccountName: kube-proxy
+      hostNetwork: true
+{{ if eq "kpng" .vars.kube_proxy }}
+      containers:
+      - image: mcluseau/kpng:0.2
+        name: kpng
+        volumeMounts:
+        - name: empty
+          mountPath: /k8s
+        - mountPath: /var/lib/kpng
+          name: kpng-config
+        args:
+        - kube
+        - --kubeconfig=/var/lib/kpng/kubeconfig.conf
+        - to-api
+        - --listen=unix:///k8s/proxy.sock
+      - image: mcluseau/kpng:0.2
+        name: kpng-nftables
+        securityContext:
+          capabilities:
+           add:
+           - NET_ADMIN
+        volumeMounts:
+        - name: empty
+          mountPath: /k8s
+        - name: modules
+          mountPath: /lib/modules
+          readOnly: true
+        args:
+        - local
+        - --api=unix:///k8s/proxy.sock
+        - to-nft
+        - --cluster-cidrs={{ .subnets.pods }}
+        #- --v=2
+        #- --dry-run
+      volumes:
+      - name: empty
+        emptyDir: {}
+      - name: modules
+        hostPath:
+          path: /lib/modules
+      - name: kpng-config
+        configMap:
+          name: kube-proxy
+{{ else }}
+      containers:
+      - command:
+        - kube-proxy
+        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
+        - --hostname-override=$(HOSTNAME_OVERRIDE)
+        - --cluster-cidr={{.subnets.services}}
+        - --proxy-mode=iptables
+        env:
+        - name: HOSTNAME_OVERRIDE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        image: {{.vars.kube_proxy_image}}:{{.vars.kubernetes_version}}
+        imagePullPolicy: IfNotPresent
+        name: kube-proxy
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /var/lib/kube-proxy
+          name: kube-proxy
+        - mountPath: /lib/modules
+          name: modules
+      volumes:
+      - name: kube-proxy
+        configMap:
+          name: kube-proxy
+      - name: modules
+        hostPath:
+          path: /lib/modules
+{{ end }}