k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/gce/manifests/kube-proxy.manifest

k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/gce/manifests/kube-proxy.manifest (about)

     1  # Please keep kube-proxy configuration in-sync with:
     2  # cluster/addons/kube-proxy/kube-proxy-ds.yaml
     3  apiVersion: v1
     4  kind: Pod
     5  metadata:
     6    name: kube-proxy
     7    namespace: kube-system
     8    labels:
     9      tier: node
    10      component: kube-proxy
    11  spec:
    12    priorityClassName: system-node-critical
    13    priority: 2000001000
    14    hostNetwork: true
    15    tolerations:
    16    - operator: "Exists"
    17      effect: "NoExecute"
    18    - operator: "Exists"
    19      effect: "NoSchedule"
    20    containers:
    21    - name: kube-proxy
    22      image: {{pillar['kube_docker_registry']}}/kube-proxy-{{pillar['host_arch']}}:{{pillar['kube-proxy_docker_tag']}}
    23      resources:
    24        requests:
    25          cpu: {{ cpurequest }}
    26          memory: {{ memoryrequest }}
    27      command:
    28      - /bin/sh
    29      - -c
    30      - exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
    31      {{container_env}}
    32      {{kube_cache_mutation_detector_env_name}}
    33        {{kube_cache_mutation_detector_env_value}}
    34      {{kube_watchlist_inconsistency_detector_env_name}}
    35        {{kube_watchlist_inconsistency_detector_env_value}}
    36      securityContext:
    37        privileged: true
    38      volumeMounts:
    39      - mountPath: /etc/ssl/certs
    40        name: etc-ssl-certs
    41        readOnly: true
    42      - mountPath: /usr/share/ca-certificates
    43        name: usr-ca-certs
    44        readOnly: true
    45      - mountPath: /var/log
    46        name: varlog
    47        readOnly: false
    48      - mountPath: /var/lib/kube-proxy/kubeconfig
    49        name: kubeconfig
    50        readOnly: false
    51      - mountPath: /run/xtables.lock
    52        name: iptableslock
    53        readOnly: false
    54      - mountPath: /lib/modules
    55        name: lib-modules
    56        readOnly: true
    57    volumes:
    58    - hostPath:
    59        path: /usr/share/ca-certificates
    60      name: usr-ca-certs
    61    - hostPath:
    62        path: /etc/ssl/certs
    63      name: etc-ssl-certs
    64    - hostPath:
    65        path: /var/lib/kube-proxy/kubeconfig
    66        type: FileOrCreate
    67      name: kubeconfig
    68    - hostPath:
    69        path: /var/log
    70      name: varlog
    71    - hostPath:
    72        path: /run/xtables.lock
    73        type: FileOrCreate
    74      name: iptableslock
    75    - name: lib-modules
    76      hostPath:
    77        path: /lib/modules