Skip to content
Snippets Groups Projects
Commit f3e1e04e authored by kaiyou's avatar kaiyou
Browse files

Add example kube-proxy config

parent 65eb8aaa
No related branches found
No related tags found
No related merge requests found
apiVersion: v1
kind: Namespace
metadata:
name: kube-proxy
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/enforce-version: latest
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kube-proxy
name: kube-proxy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-proxy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node-proxier
subjects:
- apiGroup: ''
kind: ServiceAccount
name: kube-proxy
namespace: kube-proxy
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-proxy
namespace: kube-proxy
data:
kubeconfig: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
// Replace this with a proper address from hepto info
server: https://[dead::beef]:6443
name: default
contexts:
- context:
cluster: default
namespace: default
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
kube-proxy.yaml: |-
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
bindAddress: "::1"
mode: iptables
// Replace this with the proper CIDR from hepto info
clusterCIDR: dead:beff:200::/56
clientConnection:
kubeconfig: /config/kubeconfig
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: kube-proxy
k8s-app: kube-proxy
kubernetes.io/cluster-service: "true"
name: kube-proxy
tier: node
name: kube-proxy
namespace: kube-proxy
spec:
selector:
matchLabels:
component: kube-proxy
k8s-app: kube-proxy
kubernetes.io/cluster-service: "true"
name: kube-proxy
tier: node
template:
metadata:
labels:
component: kube-proxy
k8s-app: kube-proxy
kubernetes.io/cluster-service: "true"
name: kube-proxy
tier: node
spec:
serviceAccount: kube-proxy
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
hostNetwork: true
containers:
- name: kube-proxy
image: gcr.io/google_containers/kube-proxy-amd64:v1.18.6
imagePullPolicy: IfNotPresent
command:
- kube-proxy
- --config
- /config/kube-proxy.yaml
securityContext:
privileged: true
volumeMounts:
- mountPath: /config
name: config
volumes:
- configMap:
name: kube-proxy
name: config
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment