Add example kube-proxy config

f3e1e04e · kaiyou · 65eb8aaa · f3e1e04e
Commit f3e1e04e authored 2 years ago by kaiyou
--- a/docs/kube-proxy.yaml
+++ b/docs/kube-proxy.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-proxy
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: kube-proxy
+  name: kube-proxy
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-proxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:node-proxier
+subjects:
+- apiGroup: ''
+  kind: ServiceAccount
+  name: kube-proxy
+  namespace: kube-proxy
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-proxy
+  namespace: kube-proxy
+data:
+  kubeconfig: |-
+    apiVersion: v1
+    kind: Config
+    clusters:
+    - cluster:
+        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        // Replace this with a proper address from hepto info
+        server: https://[dead::beef]:6443
+      name: default
+    contexts:
+    - context:
+        cluster: default
+        namespace: default
+        user: default
+      name: default
+    current-context: default
+    users:
+    - name: default
+      user:
+        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+  kube-proxy.yaml: |-
+    apiVersion: kubeproxy.config.k8s.io/v1alpha1
+    kind: KubeProxyConfiguration
+    bindAddress: "::1"
+    mode: iptables
+    // Replace this with the proper CIDR from hepto info
+    clusterCIDR: dead:beff:200::/56
+    clientConnection:
+      kubeconfig: /config/kubeconfig
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    component: kube-proxy
+    k8s-app: kube-proxy
+    kubernetes.io/cluster-service: "true"
+    name: kube-proxy
+    tier: node
+  name: kube-proxy
+  namespace: kube-proxy
+spec:
+  selector:
+    matchLabels:
+      component: kube-proxy
+      k8s-app: kube-proxy
+      kubernetes.io/cluster-service: "true"
+      name: kube-proxy
+      tier: node
+  template:
+    metadata:
+      labels:
+        component: kube-proxy
+        k8s-app: kube-proxy
+        kubernetes.io/cluster-service: "true"
+        name: kube-proxy
+        tier: node
+    spec:
+      serviceAccount: kube-proxy
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+      hostNetwork: true
+      containers:
+      - name: kube-proxy
+        image: gcr.io/google_containers/kube-proxy-amd64:v1.18.6
+        imagePullPolicy: IfNotPresent
+        command:
+        - kube-proxy
+        - --config
+        - /config/kube-proxy.yaml
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /config
+          name: config
+      volumes:
+      - configMap:
+          name: kube-proxy
+        name: config