k3s/cluster/addons/kube-proxy/kube-proxy-ds.yaml

# Please keep kube-proxy configuration in-sync with:
# cluster/saltbase/salt/kube-proxy/kube-proxy.manifest

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    k8s-app: kube-proxy
    addonmanager.kubernetes.io/mode: Reconcile
  name: kube-proxy
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: kube-proxy
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 10%
  template:
    metadata:
      labels:
        k8s-app: kube-proxy
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      hostNetwork: true
      nodeSelector:
        beta.kubernetes.io/kube-proxy-ds-ready: "true"
      initContainers:
      - name: touch-lock
        image: busybox
        command: ['/bin/touch', '/run/xtables.lock']
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /run
          name: run
          readOnly: false
      containers:
      - name: kube-proxy
        image: {{pillar['kube_docker_registry']}}/kube-proxy:{{pillar['kube-proxy_docker_tag']}}
        resources:
          requests:
            cpu: {{ cpurequest }}
        command:
        - /bin/sh
        - -c
        - echo -998 > /proc/$$$/oom_score_adj && kube-proxy {{kubeconfig}} {{cluster_cidr}} --resource-container="" {{params}} 1>>/var/log/kube-proxy.log 2>&1
        {{container_env}}
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /var/log
          name: varlog
          readOnly: false
        - mountPath: /var/lib/kube-proxy/kubeconfig
          name: kubeconfig
          readOnly: false
        - mountPath: /run/xtables.lock
          name: xtables-lock
          readOnly: false
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: kubeconfig
        hostPath:
          path: /var/lib/kube-proxy/kubeconfig
      - name: xtables-lock
        hostPath:
          path: /run/xtables.lock
      - name: run
        hostPath:
          path: /run
      serviceAccountName: kube-proxy
Add kube-proxy daemonset as a cluster addon. 2017-08-22 00:12:24 +00:00			`# Please keep kube-proxy configuration in-sync with:`
			`# cluster/saltbase/salt/kube-proxy/kube-proxy.manifest`

			`apiVersion: extensions/v1beta1`
			`kind: DaemonSet`
			`metadata:`
			`labels:`
			`k8s-app: kube-proxy`
			`addonmanager.kubernetes.io/mode: Reconcile`
			`name: kube-proxy`
			`namespace: kube-system`
			`spec:`
			`selector:`
			`matchLabels:`
			`k8s-app: kube-proxy`
			`updateStrategy:`
			`type: RollingUpdate`
			`rollingUpdate:`
			`maxUnavailable: 10%`
			`template:`
			`metadata:`
			`labels:`
			`k8s-app: kube-proxy`
			`annotations:`
			`scheduler.alpha.kubernetes.io/critical-pod: ''`
			`spec:`
			`hostNetwork: true`
			`nodeSelector:`
			`beta.kubernetes.io/kube-proxy-ds-ready: "true"`
			`initContainers:`
			`- name: touch-lock`
			`image: busybox`
			`command: ['/bin/touch', '/run/xtables.lock']`
			`securityContext:`
			`privileged: true`
			`volumeMounts:`
			`- mountPath: /run`
			`name: run`
			`readOnly: false`
			`containers:`
			`- name: kube-proxy`
			`image: {{pillar['kube_docker_registry']}}/kube-proxy:{{pillar['kube-proxy_docker_tag']}}`
			`resources:`
			`requests:`
			`cpu: {{ cpurequest }}`
			`command:`
			`- /bin/sh`
			`- -c`
			`- echo -998 > /proc/$$$/oom_score_adj && kube-proxy {{kubeconfig}} {{cluster_cidr}} --resource-container="" {{params}} 1>>/var/log/kube-proxy.log 2>&1`
			`{{container_env}}`
			`securityContext:`
			`privileged: true`
			`volumeMounts:`
			`- mountPath: /var/log`
			`name: varlog`
			`readOnly: false`
			`- mountPath: /var/lib/kube-proxy/kubeconfig`
			`name: kubeconfig`
			`readOnly: false`
			`- mountPath: /run/xtables.lock`
			`name: xtables-lock`
			`readOnly: false`
			`volumes:`
			`- name: varlog`
			`hostPath:`
			`path: /var/log`
			`- name: kubeconfig`
			`hostPath:`
			`path: /var/lib/kube-proxy/kubeconfig`
			`- name: xtables-lock`
			`hostPath:`
			`path: /run/xtables.lock`
			`- name: run`
			`hostPath:`
			`path: /run`
			`serviceAccountName: kube-proxy`