1apiVersion: v1
2kind: ServiceAccount
3metadata:
4 name: ip-masq-agent
5 namespace: kube-system
6 labels:
7 k8s-app: ip-masq-agent
8 kubernetes.io/cluster-service: "true"
9 addonmanager.kubernetes.io/mode: Reconcile
10---
11apiVersion: apps/v1
12kind: DaemonSet
13metadata:
14 name: ip-masq-agent
15 namespace: kube-system
16 labels:
17 addonmanager.kubernetes.io/mode: Reconcile
18spec:
19 selector:
20 matchLabels:
21 k8s-app: ip-masq-agent
22 template:
23 metadata:
24 labels:
25 k8s-app: ip-masq-agent
26 spec:
27 priorityClassName: system-node-critical
28 serviceAccountName: ip-masq-agent
29 hostNetwork: true
30 containers:
31 - name: ip-masq-agent
32 image: registry.k8s.io/networking/ip-masq-agent-amd64:v2.6.0
33 args:
34 - --masq-chain=IP-MASQ
35 - --nomasq-all-reserved-ranges
36 resources:
37 requests:
38 cpu: 10m
39 memory: 16Mi
40 securityContext:
41 privileged: true
42 volumeMounts:
43 - name: config
44 mountPath: /etc/config
45 nodeSelector:
46 kubernetes.io/os: linux
47 node.kubernetes.io/masq-agent-ds-ready: "true"
48 volumes:
49 - name: config
50 configMap:
51 # Note this ConfigMap must be created in the same namespace as the daemon pods - this spec uses kube-system
52 name: ip-masq-agent
53 optional: true
54 items:
55 # The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent
56 - key: config
57 path: ip-masq-agent
58 tolerations:
59 - effect: NoSchedule
60 operator: Exists
61 - effect: NoExecute
62 operator: Exists
63 - key: "CriticalAddonsOnly"
64 operator: "Exists"
View as plain text