Skip to content
This repository has been archived by the owner on Jun 13, 2023. It is now read-only.

Use kube proxy configuration file #93

Merged
merged 2 commits into from
Jul 12, 2018
Merged

Use kube proxy configuration file #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f5fcf5b
kube-proxy: use file
JulienBalestra Jul 10, 2018
4bb4127
kube-proxy: use file
JulienBalestra Jul 12, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 67 additions & 3 deletions pkg/setup/templates/1.10.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,64 @@ spec:
Name: "kube-proxy.yaml",
Destination: ManifestAPI,
Content: []byte(`---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-proxy
namespace: kube-system
data:
config.yaml: |
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
bindAddress: 0.0.0.0
clientConnection:
kubeconfig: /var/lib/kubernetes/kubeconfig.yaml
clusterCIDR: "{{ .ServiceClusterIPRange }}"
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: "{{ .Hostname }}"
iptables:
masqueradeAll: true
metricsBindAddress: 127.0.0.1:10249
mode: iptables

kubeconfig.yaml: |
apiVersion: v1
kind: Config
clusters:
- name: kube
cluster:
server: https://127.0.0.1:6443
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
users:
- name: service-account
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
contexts:
- name: kube
context:
cluster: kube
user: service-account
current-context: kube
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-proxy
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: system:kube-proxy
subjects:
- kind: ServiceAccount
name: kube-proxy
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:node-proxier
apiGroup: rbac.authorization.k8s.io
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
Expand All @@ -309,18 +367,20 @@ spec:
app: kube-proxy
spec:
hostNetwork: true
serviceAccountName: kube-proxy
containers:
- name: kube-proxy
image: "{{ .HyperkubeImageURL }}"
imagePullPolicy: IfNotPresent
command:
- /hyperkube
- proxy
- --master=http://127.0.0.1:8080
- --proxy-mode=iptables
- --masquerade-all
- --config=/var/lib/kubernetes/config.yaml
securityContext:
privileged: true
volumeMounts:
- name: config
mountPath: /var/lib/kubernetes/
livenessProbe:
httpGet:
path: /healthz
Expand All @@ -334,6 +394,10 @@ spec:
cpu: "50m"
limits:
cpu: "100m"
volumes:
- name: config
configMap:
name: kube-proxy
`),
},
{
Expand Down
70 changes: 67 additions & 3 deletions pkg/setup/templates/1.11.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,64 @@ spec:
Name: "kube-proxy.yaml",
Destination: ManifestAPI,
Content: []byte(`---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-proxy
namespace: kube-system
data:
config.yaml: |
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
bindAddress: 0.0.0.0
clientConnection:
kubeconfig: /var/lib/kubernetes/kubeconfig.yaml
clusterCIDR: "{{ .ServiceClusterIPRange }}"
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: "{{ .Hostname }}"
iptables:
masqueradeAll: true
metricsBindAddress: 127.0.0.1:10249
mode: iptables

kubeconfig.yaml: |
apiVersion: v1
kind: Config
clusters:
- name: kube
cluster:
server: https://127.0.0.1:6443
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
users:
- name: service-account
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
contexts:
- name: kube
context:
cluster: kube
user: service-account
current-context: kube
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-proxy
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: system:kube-proxy
subjects:
- kind: ServiceAccount
name: kube-proxy
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:node-proxier
apiGroup: rbac.authorization.k8s.io
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
Expand All @@ -308,18 +366,20 @@ spec:
app: kube-proxy
spec:
hostNetwork: true
serviceAccountName: kube-proxy
containers:
- name: kube-proxy
image: "{{ .HyperkubeImageURL }}"
imagePullPolicy: IfNotPresent
command:
- /hyperkube
- proxy
- --master=http://127.0.0.1:8080
- --proxy-mode=iptables
- --masquerade-all
- --config=/var/lib/kubernetes/config.yaml
securityContext:
privileged: true
volumeMounts:
- name: config
mountPath: /var/lib/kubernetes/
livenessProbe:
httpGet:
path: /healthz
Expand All @@ -333,6 +393,10 @@ spec:
cpu: "50m"
limits:
cpu: "100m"
volumes:
- name: config
configMap:
name: kube-proxy
`),
},
{
Expand Down