apiVersion: v1 kind: Pod metadata: name: kube-proxy namespace: {{system_namespace}} labels: k8s-app: kube-proxy spec: hostNetwork: true {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirst {% endif %} containers: - name: kube-proxy image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: limits: cpu: {{ kube_proxy_cpu_limit }} memory: {{ kube_proxy_memory_limit }} requests: cpu: {{ kube_proxy_cpu_requests }} memory: {{ kube_proxy_memory_requests }} command: - /hyperkube - proxy - --v={{ kube_log_level }} - --master={{ kube_apiserver_endpoint }} {% if not is_kube_master %} - --kubeconfig={{kube_config_dir}}/kube-proxy-kubeconfig.yaml {% endif %} - --bind-address={{ ip | default(ansible_default_ipv4.address) }} - --cluster-cidr={{ kube_pods_subnet }} - --proxy-mode={{ kube_proxy_mode }} {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} - --masquerade-all {% endif %} securityContext: privileged: true volumeMounts: - mountPath: /etc/ssl/certs name: ssl-certs-host readOnly: true - mountPath: {{kube_config_dir}}/kube-proxy-kubeconfig.yaml name: "kubeconfig" readOnly: true - mountPath: {{kube_config_dir}}/ssl name: "etc-kube-ssl" readOnly: true - mountPath: /var/run/dbus name: "var-run-dbus" readOnly: false volumes: - name: ssl-certs-host hostPath: {% if ansible_os_family == 'RedHat' %} path: /etc/pki/tls {% else %} path: /usr/share/ca-certificates {% endif %} - name: "kubeconfig" hostPath: path: "{{kube_config_dir}}/kube-proxy-kubeconfig.yaml" - name: "etc-kube-ssl" hostPath: path: "{{kube_config_dir}}/ssl" - name: "var-run-dbus" hostPath: path: "/var/run/dbus"