| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- # Please keep kube-proxy configuration in-sync with:
- # cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- labels:
- k8s-app: kube-proxy
- addonmanager.kubernetes.io/mode: Reconcile
- name: kube-proxy
- namespace: kube-system
- spec:
- selector:
- matchLabels:
- k8s-app: kube-proxy
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: 10%
- template:
- metadata:
- labels:
- k8s-app: kube-proxy
- annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
- spec:
- priorityClassName: system-node-critical
- hostNetwork: true
- nodeSelector:
- # TODO(liggitt): switch to node.kubernetes.io/kube-proxy-ds-ready in 1.16
- beta.kubernetes.io/kube-proxy-ds-ready: "true"
- tolerations:
- - operator: "Exists"
- effect: "NoExecute"
- - operator: "Exists"
- effect: "NoSchedule"
- containers:
- - name: kube-proxy
- image: {{pillar['kube_docker_registry']}}/kube-proxy:{{pillar['kube-proxy_docker_tag']}}
- resources:
- requests:
- cpu: {{ cpurequest }}
- command:
- - /bin/sh
- - -c
- - kube-proxy {{cluster_cidr}} --resource-container="" --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
- env:
- - name: KUBERNETES_SERVICE_HOST
- value: {{kubernetes_service_host_env_value}}
- {{kube_cache_mutation_detector_env_name}}
- {{kube_cache_mutation_detector_env_value}}
- securityContext:
- privileged: true
- volumeMounts:
- - mountPath: /var/log
- name: varlog
- readOnly: false
- - mountPath: /run/xtables.lock
- name: xtables-lock
- readOnly: false
- - mountPath: /lib/modules
- name: lib-modules
- readOnly: true
- volumes:
- - name: varlog
- hostPath:
- path: /var/log
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- - name: lib-modules
- hostPath:
- path: /lib/modules
- serviceAccountName: kube-proxy
|
