| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- # Please keep kube-proxy configuration in-sync with:
- # cluster/addons/kube-proxy/kube-proxy-ds.yaml
- apiVersion: v1
- kind: Pod
- metadata:
- name: kube-proxy
- namespace: kube-system
- labels:
- tier: node
- component: kube-proxy
- spec:
- priorityClassName: system-node-critical
- hostNetwork: true
- tolerations:
- - operator: "Exists"
- effect: "NoExecute"
- - operator: "Exists"
- effect: "NoSchedule"
- containers:
- - name: kube-proxy
- image: {{pillar['kube_docker_registry']}}/kube-proxy-amd64:{{pillar['kube-proxy_docker_tag']}}
- resources:
- requests:
- cpu: {{ cpurequest }}
- command:
- - /bin/sh
- - -c
- - exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
- {{container_env}}
- {{kube_cache_mutation_detector_env_name}}
- {{kube_cache_mutation_detector_env_value}}
- securityContext:
- privileged: true
- volumeMounts:
- - mountPath: /etc/ssl/certs
- name: etc-ssl-certs
- readOnly: true
- - mountPath: /usr/share/ca-certificates
- name: usr-ca-certs
- readOnly: true
- - mountPath: /var/log
- name: varlog
- readOnly: false
- - mountPath: /var/lib/kube-proxy/kubeconfig
- name: kubeconfig
- readOnly: false
- - mountPath: /run/xtables.lock
- name: iptableslock
- readOnly: false
- - mountPath: /lib/modules
- name: lib-modules
- readOnly: true
- volumes:
- - hostPath:
- path: /usr/share/ca-certificates
- name: usr-ca-certs
- - hostPath:
- path: /etc/ssl/certs
- name: etc-ssl-certs
- - hostPath:
- path: /var/lib/kube-proxy/kubeconfig
- type: FileOrCreate
- name: kubeconfig
- - hostPath:
- path: /var/log
- name: varlog
- - hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- name: iptableslock
- - name: lib-modules
- hostPath:
- path: /lib/modules
|
