direktil/config
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4877387140
config/addons/essentials/kube-proxy.yaml
Mikaël Cluseau 973db6fba8 Initial commit
2023-05-15 16:40:08 +02:00

153 lines
3.5 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
namespace: kube-system
name: kube-proxy
data:
kubeconfig.conf: |
apiVersion: v1
kind: Config
current-context: default
contexts:
- name: default
context:
cluster: default
namespace: default
user: default
clusters:
- name: default
cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://[::1]:6444
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-proxy
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-proxy
labels:
addonmanager.kubernetes.io/mode: Reconcile
subjects:
- kind: ServiceAccount
name: kube-proxy
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:node-proxier
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: kube-proxy
labels:
k8s-app: kube-proxy
spec:
minReadySeconds: 60
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
k8s-app: kube-proxy
template:
metadata:
labels:
k8s-app: kube-proxy
app: kube-proxy
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: kube-proxy
hostNetwork: true
{{ if eq "kpng" .vars.kube_proxy }}
containers:
- image: mcluseau/kpng:0.4
name: kpng
volumeMounts:
- name: empty
mountPath: /k8s
- mountPath: /var/lib/kpng
name: kpng-config
args:
- kube
- --kubeconfig=/var/lib/kpng/kubeconfig.conf
- to-api
- --listen=unix:///k8s/proxy.sock
- image: mcluseau/kpng:0.4
name: kpng-nftables
securityContext:
capabilities:
add:
- NET_ADMIN
volumeMounts:
- name: empty
mountPath: /k8s
- name: modules
mountPath: /lib/modules
readOnly: true
args:
- local
- --api=unix:///k8s/proxy.sock
- to-nft
- --cluster-cidrs={{ .subnets.pods }}
#- --v=2
#- --dry-run
volumes:
- name: empty
emptyDir: {}
- name: modules
hostPath:
path: /lib/modules
- name: kpng-config
configMap:
name: kube-proxy
{{ else }}
containers:
- command:
- kube-proxy
- --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
- --hostname-override=$(HOSTNAME_OVERRIDE)
- --cluster-cidr={{.subnets.services}}
- --proxy-mode=iptables
env:
- name: HOSTNAME_OVERRIDE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: {{.vars.k8s_registry}}/kube-proxy:{{.vars.kubernetes_version}}
imagePullPolicy: IfNotPresent
name: kube-proxy
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/kube-proxy
name: kube-proxy
- mountPath: /lib/modules
name: modules
volumes:
- name: kube-proxy
configMap:
name: kube-proxy
- name: modules
hostPath:
path: /lib/modules
{{ end }}
Reference in New Issue View Git Blame Copy Permalink