1# Please keep kube-proxy configuration in-sync with:
2# cluster/addons/kube-proxy/kube-proxy-ds.yaml
3apiVersion: v1
4kind: Pod
5metadata:
6 name: kube-proxy
7 namespace: kube-system
8 labels:
9 tier: node
10 component: kube-proxy
11spec:
12 priorityClassName: system-node-critical
13 priority: 2000001000
14 hostNetwork: true
15 tolerations:
16 - operator: "Exists"
17 effect: "NoExecute"
18 - operator: "Exists"
19 effect: "NoSchedule"
20 containers:
21 - name: kube-proxy
22 image: {{pillar['kube_docker_registry']}}/kube-proxy-{{pillar['host_arch']}}:{{pillar['kube-proxy_docker_tag']}}
23 resources:
24 requests:
25 cpu: {{ cpurequest }}
26 memory: {{ memoryrequest }}
27 command:
28 - /bin/sh
29 - -c
30 - exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
31 {{container_env}}
32 {{kube_cache_mutation_detector_env_name}}
33 {{kube_cache_mutation_detector_env_value}}
34 {{kube_watchlist_inconsistency_detector_env_name}}
35 {{kube_watchlist_inconsistency_detector_env_value}}
36 securityContext:
37 privileged: true
38 volumeMounts:
39 - mountPath: /etc/ssl/certs
40 name: etc-ssl-certs
41 readOnly: true
42 - mountPath: /usr/share/ca-certificates
43 name: usr-ca-certs
44 readOnly: true
45 - mountPath: /var/log
46 name: varlog
47 readOnly: false
48 - mountPath: /var/lib/kube-proxy/kubeconfig
49 name: kubeconfig
50 readOnly: false
51 - mountPath: /run/xtables.lock
52 name: iptableslock
53 readOnly: false
54 - mountPath: /lib/modules
55 name: lib-modules
56 readOnly: true
57 volumes:
58 - hostPath:
59 path: /usr/share/ca-certificates
60 name: usr-ca-certs
61 - hostPath:
62 path: /etc/ssl/certs
63 name: etc-ssl-certs
64 - hostPath:
65 path: /var/lib/kube-proxy/kubeconfig
66 type: FileOrCreate
67 name: kubeconfig
68 - hostPath:
69 path: /var/log
70 name: varlog
71 - hostPath:
72 path: /run/xtables.lock
73 type: FileOrCreate
74 name: iptableslock
75 - name: lib-modules
76 hostPath:
77 path: /lib/modules
View as plain text