| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: ip-masq-agent
- namespace: kube-system
- labels:
- k8s-app: ip-masq-agent
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- ---
- # https://github.com/kubernetes-incubator/ip-masq-agent/blob/v2.4.1/README.md
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: ip-masq-agent
- namespace: kube-system
- labels:
- addonmanager.kubernetes.io/mode: Reconcile
- spec:
- selector:
- matchLabels:
- k8s-app: ip-masq-agent
- template:
- metadata:
- labels:
- k8s-app: ip-masq-agent
- spec:
- priorityClassName: system-node-critical
- serviceAccountName: ip-masq-agent
- hostNetwork: true
- containers:
- - name: ip-masq-agent
- image: k8s.gcr.io/ip-masq-agent-amd64:v2.4.1
- args:
- - --masq-chain=IP-MASQ
- - --nomasq-all-reserved-ranges
- resources:
- requests:
- cpu: 10m
- memory: 16Mi
- securityContext:
- privileged: true
- volumeMounts:
- - name: config
- mountPath: /etc/config
- nodeSelector:
- beta.kubernetes.io/os: linux
- node.kubernetes.io/masq-agent-ds-ready: "true"
- volumes:
- - name: config
- configMap:
- # Note this ConfigMap must be created in the same namespace as the daemon pods - this spec uses kube-system
- name: ip-masq-agent
- optional: true
- items:
- # The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent
- - key: config
- path: ip-masq-agent
- tolerations:
- - effect: NoSchedule
- operator: Exists
- - effect: NoExecute
- operator: Exists
- - key: "CriticalAddonsOnly"
- operator: "Exists"
|
