apiVersion: v1
kind: ServiceAccount
metadata:
name: ip-masq-agent
namespace: kube-system
labels:
k8s-app: ip-masq-agent
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ip-masq-agent
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: ip-masq-agent
template:
metadata:
labels:
k8s-app: ip-masq-agent
spec:
priorityClassName: system-node-critical
serviceAccountName: ip-masq-agent
hostNetwork: true
containers:
- name: ip-masq-agent
image: registry.k8s.io/networking/ip-masq-agent:v2.9.3
args:
- --masq-chain=IP-MASQ
- --nomasq-all-reserved-ranges
resources:
requests:
cpu: 10m
memory: 16Mi
securityContext:
privileged: true
volumeMounts:
- name: config
mountPath: /etc/config
nodeSelector:
kubernetes.io/os: linux
node.kubernetes.io/masq-agent-ds-ready: "true"
volumes:
- name: config
configMap:
# Note this ConfigMap must be created in the same namespace as the daemon pods - this spec uses kube-system
name: ip-masq-agent
optional: true
items:
# The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent
- key: config
path: ip-masq-agent
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: "CriticalAddonsOnly"
operator: "Exists"
Codebase Browser
kubernetes