731d32afda
* Add HA docs for API server. * Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver vars and usecases. * Use facts for kube_apiserver to not repeat code and enable LB endpoints use. * Use /healthz check for the wait-for apiserver. * Use the single endpoint for kubelet instead of the list of apiservers * Specify kube_apiserver_count to for HA layout Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
42 lines
1.1 KiB
Django/Jinja
42 lines
1.1 KiB
Django/Jinja
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-proxy
|
|
namespace: kube-system
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-proxy
|
|
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
|
command:
|
|
- /hyperkube
|
|
- proxy
|
|
- --v={{ kube_log_level | default('2') }}
|
|
- --master={{ kube_apiserver_endpoint }}
|
|
{% if not is_kube_master %}
|
|
- --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
|
|
{% endif %}
|
|
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
|
- --proxy-mode={{ kube_proxy_mode }}
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- mountPath: /etc/ssl/certs
|
|
name: ssl-certs-host
|
|
readOnly: true
|
|
- mountPath: /etc/kubernetes/node-kubeconfig.yaml
|
|
name: "kubeconfig"
|
|
readOnly: true
|
|
- mountPath: /etc/kubernetes/ssl
|
|
name: "etc-kube-ssl"
|
|
readOnly: true
|
|
volumes:
|
|
- name: ssl-certs-host
|
|
hostPath:
|
|
path: /usr/share/ca-certificates
|
|
- name: "kubeconfig"
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-kubeconfig.yaml"
|
|
- name: "etc-kube-ssl"
|
|
hostPath:
|
|
path: "/etc/kubernetes/ssl"
|