github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/kube-proxy/templates/kube-proxy.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3  metadata:
     4    name: kube-proxy
     5    namespace: kube-system
     6    labels:
     7      addonmanager.kubernetes.io/mode: Reconcile
     8  ---
     9  kind: ClusterRoleBinding
    10  apiVersion: rbac.authorization.k8s.io/v1
    11  metadata:
    12    name: system:kube-proxy
    13    labels:
    14      addonmanager.kubernetes.io/mode: Reconcile
    15  subjects:
    16    - kind: ServiceAccount
    17      name: kube-proxy
    18      namespace: kube-system
    19  roleRef:
    20    kind: ClusterRole
    21    name: system:node-proxier
    22    apiGroup: rbac.authorization.k8s.io
    23  ---
    24  
    25  apiVersion: apps/v1
    26  kind: DaemonSet
    27  metadata:
    28    labels:
    29      k8s-app: kube-proxy
    30    annotations:
    31      version: "{{ official_images.kube_apiserver.version }}"
    32      kismatic/version: "{{ kismatic_short_version }}"
    33    name: kube-proxy
    34    namespace: kube-system
    35  spec:
    36    selector:
    37      matchLabels:
    38        k8s-app: kube-proxy
    39    template:
    40      metadata:
    41        labels:
    42          tier: control-plane
    43          k8s-app: kube-proxy
    44        annotations:
    45          version: "{{ official_images.kube_apiserver.version }}"
    46          kismatic/version: "{{ kismatic_short_version }}"
    47          k8s-app: kube-proxy
    48          scheduler.alpha.kubernetes.io/critical-pod: ''
    49      spec:
    50        hostNetwork: true
    51        nodeSelector:
    52          kismatic/kube-proxy: "true"
    53        tolerations:
    54        - operator: "Exists"
    55          effect: "NoExecute"
    56        - operator: "Exists"
    57          effect: "NoSchedule"
    58        containers:
    59        - name: kube-proxy
    60          image: {{ images.kube_proxy }}
    61          imagePullPolicy: IfNotPresent
    62          resources:
    63            requests:
    64              cpu: 100m
    65          command:
    66          - kube-proxy
    67  {% set combined_options = kube_proxy_option_defaults | combine(kube_proxy_option_overrides) -%}
    68  {% for option in combined_options | dictsort %}
    69  {% if option[1] is defined and option[1] | string | length > 0 %}
    70          - "--{{ option[0] }}={{ option[1] }}"
    71  {% endif %}
    72  {% endfor %}
    73          env:
    74          - name: KUBERNETES_SERVICE_HOST
    75            value: "{{ kubernetes_load_balanced_fqdn }}"
    76          - name: KUBERNETES_SERVICE_PORT
    77            value: "{{ kubernetes_master_secure_port }}"
    78          - name: NODE_NAME
    79            valueFrom:
    80              fieldRef:
    81                fieldPath: spec.nodeName
    82          securityContext:
    83            privileged: true
    84          livenessProbe:
    85            httpGet:
    86              host: 127.0.0.1
    87              path: /healthz
    88              port: 10256
    89            initialDelaySeconds: 15
    90            timeoutSeconds: 15
    91            failureThreshold: 8
    92          volumeMounts:
    93          - mountPath: /var/log
    94            name: varlog
    95            readOnly: false
    96          - mountPath: /run/xtables.lock
    97            name: xtables-lock
    98            readOnly: false
    99          - mountPath: /lib/modules
   100            name: lib-modules
   101            readOnly: true
   102        volumes:
   103        - name: varlog
   104          hostPath:
   105            path: /var/log
   106        - name: xtables-lock
   107          hostPath:
   108            path: /run/xtables.lock
   109            type: FileOrCreate
   110        - name: lib-modules
   111          hostPath:
   112            path: /lib/modules
   113        serviceAccountName: kube-proxy