1# Please keep kube-proxy configuration in-sync with:
2# cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
3
4apiVersion: apps/v1
5kind: DaemonSet
6metadata:
7 labels:
8 k8s-app: kube-proxy
9 addonmanager.kubernetes.io/mode: Reconcile
10 name: kube-proxy
11 namespace: kube-system
12spec:
13 selector:
14 matchLabels:
15 k8s-app: kube-proxy
16 updateStrategy:
17 type: RollingUpdate
18 rollingUpdate:
19 maxUnavailable: 10%
20 template:
21 metadata:
22 labels:
23 k8s-app: kube-proxy
24 spec:
25 priorityClassName: system-node-critical
26 hostNetwork: true
27 nodeSelector:
28 kubernetes.io/os: linux
29 node.kubernetes.io/kube-proxy-ds-ready: "true"
30 tolerations:
31 - operator: "Exists"
32 effect: "NoExecute"
33 - operator: "Exists"
34 effect: "NoSchedule"
35 containers:
36 - name: kube-proxy
37 image: {{pillar['kube_docker_registry']}}/kube-proxy-{{pillar['host_arch']}}:{{pillar['kube-proxy_docker_tag']}}
38 resources:
39 requests:
40 cpu: {{ cpurequest }}
41 memory: {{ memoryrequest }}
42 command:
43 - /bin/sh
44 - -c
45 - kube-proxy {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
46 env:
47 - name: KUBERNETES_SERVICE_HOST
48 value: {{kubernetes_service_host_env_value}}
49 {{kube_cache_mutation_detector_env_name}}
50 {{kube_cache_mutation_detector_env_value}}
51 securityContext:
52 privileged: true
53 volumeMounts:
54 - mountPath: /var/log
55 name: varlog
56 readOnly: false
57 - mountPath: /run/xtables.lock
58 name: xtables-lock
59 readOnly: false
60 - mountPath: /lib/modules
61 name: lib-modules
62 readOnly: true
63 volumes:
64 - name: varlog
65 hostPath:
66 path: /var/log
67 - name: xtables-lock
68 hostPath:
69 path: /run/xtables.lock
70 type: FileOrCreate
71 - name: lib-modules
72 hostPath:
73 path: /lib/modules
74 serviceAccountName: kube-proxy
View as plain text