{{- if .vars.public_vip }} apiVersion: v1 kind: Pod metadata: namespace: kube-system name: k8s-keepalived annotations: novit.io/bootstrap-prio: "250" labels: component: k8s-keepalived tier: control-plane spec: hostNetwork: true dnsPolicy: Default priorityClassName: system-node-critical automountServiceAccountToken: false tolerations: - key: node.kubernetes.io/not-ready effect: NoSchedule containers: - name: keepalived image: {{.vars.keepalived.image}}:{{.vars.keepalived.version}} env: - name: KEEPALIVED_AUTH_PASSWORD value: '{{ token "keepalived-vip" }}' {{- range $i, $host := hosts_by_group "master" }} - name: KEEPALIVED_UNICAST_PEER_{{$i}} value: {{ $host.ip }} {{- end }} - name: KEEPALIVED_VIRTUAL_IPADDRESS_0 value: {{.vars.public_vip}}/{{.vars.netmask}} - name: KEEPALIVED_INTERFACE value: {{ .vars.vip_interface }} {{- if .vars.keepalived.router_id }} - name: KEEPALIVED_VIRTUAL_ROUTER_ID value: "{{ .vars.keepalived.router_id }}" {{- end }} - name: KEEPALIVED_KUBE_APISERVER_CHECK value: "true" - name: KUBE_APISERVER_ADDRESS value: 127.0.0.1 - name: KEEPALIVED_GARP_MASTER_REFRESH value: "{{ .vars.keepalived.garp_master_refresh }}" securityContext: capabilities: add: - NET_ADMIN {{ end }}