apiVersion: v1 kind: Pod metadata: name: kube-proxy namespace: kube-system labels: k8s-app: kube-proxy annotations: kubespray.kube-proxy-cert/serial: "{{ kube_proxy_cert_serial }}" spec: hostNetwork: true {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirst {% endif %} # When having win nodes in cluster without this patch, this pod cloud try to be created in windows nodeSelector: beta.kubernetes.io/os: linux {% if kube_version|version_compare('v1.11.1', '>=') %} priorityClassName: system-node-critical {% endif %} containers: - name: kube-proxy image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: limits: cpu: {{ kube_proxy_cpu_limit }} memory: {{ kube_proxy_memory_limit }} requests: cpu: {{ kube_proxy_cpu_requests }} memory: {{ kube_proxy_memory_requests }} livenessProbe: httpGet: host: 127.0.0.1 path: /healthz port: 10256 failureThreshold: 8 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 15 command: - /hyperkube - proxy - --v={{ kube_log_level }} - --kubeconfig={{kube_config_dir}}/kube-proxy-kubeconfig.yaml - --bind-address={{ ip | default(ansible_default_ipv4.address) }} - --cluster-cidr={{ kube_pods_subnet }} - --proxy-mode={{ kube_proxy_mode }} - --oom-score-adj=-998 - --healthz-bind-address={{ kube_proxy_healthz_bind_address }} {% if kube_proxy_nodeport_addresses %} - --nodeport-addresses={{ kube_proxy_nodeport_addresses_cidr }} {% endif %} {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} - --masquerade-all {% elif kube_proxy_mode == 'ipvs' %} - --masquerade-all {% if kube_version | version_compare('v1.10', '<') %} - --feature-gates=SupportIPVSProxyMode=true {% endif %} - --ipvs-min-sync-period=5s - --ipvs-sync-period=5s - --ipvs-scheduler=rr {% endif %} securityContext: privileged: true volumeMounts: - mountPath: /etc/ssl/certs name: ssl-certs-host readOnly: true - mountPath: "{{ kube_config_dir }}/ssl" name: etc-kube-ssl readOnly: true - mountPath: "{{ kube_config_dir }}/kube-proxy-kubeconfig.yaml" name: kubeconfig readOnly: true - mountPath: /var/run/dbus name: var-run-dbus readOnly: false - mountPath: /lib/modules name: lib-modules readOnly: true - mountPath: /run/xtables.lock name: xtables-lock readOnly: false volumes: - name: ssl-certs-host hostPath: {% if ansible_os_family == 'RedHat' %} path: /etc/pki/tls {% else %} path: /usr/share/ca-certificates {% endif %} - name: etc-kube-ssl hostPath: path: "{{ kube_config_dir }}/ssl" - name: kubeconfig hostPath: path: "{{ kube_config_dir }}/kube-proxy-kubeconfig.yaml" - name: var-run-dbus hostPath: path: /var/run/dbus - hostPath: path: /lib/modules name: lib-modules - hostPath: path: /run/xtables.lock type: FileOrCreate name: xtables-lock