-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump rke2-kube-proxy-1.21 to v1.21.8-rke2r2-build20220107
Signed-off-by: Brad Davidson <[email protected]>
- Loading branch information
1 parent
1abbc6a
commit f14c205
Showing
10 changed files
with
357 additions
and
0 deletions.
There are no files selected for viewing
Binary file added
BIN
+4.23 KB
assets/rke2-kube-proxy-1.21/rke2-kube-proxy-v1.21.8-rke2r2-build2022010701.tgz
Binary file not shown.
12 changes: 12 additions & 0 deletions
12
charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/Chart.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v1 | ||
appVersion: v1.21.8-rke2r2 | ||
description: Install Kube Proxy. | ||
keywords: | ||
- kube-proxy | ||
maintainers: | ||
- email: [email protected] | ||
name: Rancher Labs | ||
name: rke2-kube-proxy | ||
sources: | ||
- https://github.com/rancher/rke2-charts | ||
version: v1.21.8-rke2r2-build2022010701 |
2 changes: 2 additions & 0 deletions
2
...s/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/templates/NOTES.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
Kube-proxy has been installed. | ||
|
21 changes: 21 additions & 0 deletions
21
...ke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/templates/_helpers.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{{- define "system_default_registry" -}} | ||
{{- if .Values.global.systemDefaultRegistry -}} | ||
{{- printf "%s/" .Values.global.systemDefaultRegistry -}} | ||
{{- else -}} | ||
{{- "" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- define "rke2_data_dir" -}} | ||
{{- if .Values.global.rke2DataDir -}} | ||
{{- printf "%s" .Values.global.rke2DataDir -}} | ||
{{- else -}} | ||
{{- "/var/lib/rancher/rke2" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- define "kubeproxy_kubeconfig" -}} | ||
{{- if .Values.global.rke2DataDir -}} | ||
{{- printf "%s/agent/kubeproxy.kubeconfig" .Values.global.rke2DataDir -}} | ||
{{- else -}} | ||
{{- printf "%s" .Values.clientConnection.kubeconfig -}} | ||
{{- end -}} | ||
{{- end -}} |
69 changes: 69 additions & 0 deletions
69
...rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/templates/config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
--- | ||
apiVersion: v1 | ||
data: | ||
config.conf: |- | ||
apiVersion: kubeproxy.config.k8s.io/v1alpha1 | ||
bindAddress: {{ .Values.bindAddress | quote }} | ||
clientConnection: | ||
acceptContentTypes: {{ .Values.clientConnection.acceptContentTypes | quote }} | ||
burst: {{ .Values.clientConnection.burst }} | ||
contentType: {{ .Values.clientConnection.contentType | quote }} | ||
kubeconfig: {{ include "kubeproxy_kubeconfig" . | quote }} | ||
qps: {{ .Values.clientConnection.qps }} | ||
clusterCIDR: {{ coalesce .Values.global.clusterCIDR .Values.clusterCIDR | quote }} | ||
configSyncPeriod: {{ .Values.configSyncPeriod }} | ||
conntrack: | ||
maxPerCore: {{ .Values.conntrack.maxPerCore }} | ||
min: {{ .Values.conntrack.min }} | ||
tcpCloseWaitTimeout: {{ .Values.conntrack.tcpCloseWaitTimeout | quote }} | ||
tcpEstablishedTimeout: {{ .Values.conntrack.tcpEstablishedTimeout | quote }} | ||
detectLocalMode: {{ .Values.detectLocalMode | quote }} | ||
enableProfiling: {{ .Values.enableProfiling }} | ||
healthzBindAddress: {{ .Values.healthzBindAddress | quote }} | ||
hostnameOverride: {{ .Values.hostnameOverride | quote }} | ||
iptables: | ||
masqueradeAll: {{ .Values.iptables.masqueradeAll }} | ||
masqueradeBit: {{ .Values.iptables.masqueradeBit }} | ||
{{ if .Values.iptables.minSyncPeriod }} | ||
minSyncPeriod: {{ .Values.iptables.minSyncPeriod }} | ||
{{ end }} | ||
syncPeriod: {{ .Values.iptables.syncPeriod }} | ||
ipvs: | ||
excludeCIDRs: {{ .Values.ipvs.excludeCIDRs | quote }} | ||
{{ if .Values.ipvs.minSyncPeriod }} | ||
minSyncPeriod: {{ .Values.ipvs.minSyncPeriod }} | ||
{{ end }} | ||
scheduler: {{ .Values.ipvs.scheduler | quote }} | ||
strictARP: {{ .Values.ipvs.strictARP }} | ||
syncPeriod: {{ .Values.ipvs.syncPeriod }} | ||
{{ if .Values.ipvs.tcpFinTimeout }} | ||
tcpFinTimeout: {{ .Values.ipvs.tcpFinTimeout }} | ||
{{ end }} | ||
{{ if .Values.ipvs.tcpTimeout }} | ||
tcpTimeout: {{ .Values.ipvs.tcpTimeout }} | ||
{{ end }} | ||
{{ if .Values.ipvs.udpTimeout }} | ||
udpTimeout: {{ .Values.ipvs.udpTimeout }} | ||
{{ end }} | ||
kind: KubeProxyConfiguration | ||
metricsBindAddress: {{ .Values.metricsBindAddress | quote }} | ||
mode: {{ .Values.proxy.mode | quote }} | ||
nodePortAddresses: null | ||
oomScoreAdj: {{ .Values.oomScoreAdj }} | ||
portRange: {{ .Values.proxy.portRange | quote }} | ||
showHiddenMetricsForVersion: {{ .Values.showHiddenMetricsForVersion | quote }} | ||
udpIdleTimeout: {{ .Values.udpTimeout | quote }} | ||
featureGates: | ||
{{- range $key, $value := .Values.featureGates }} | ||
{{ $key }}: {{ $value }} | ||
{{- end }} | ||
winkernel: | ||
enableDSR: false | ||
networkName: "" | ||
sourceVip: "" | ||
kind: ConfigMap | ||
metadata: | ||
labels: | ||
app: kube-proxy | ||
name: kube-proxy | ||
namespace: kube-system |
78 changes: 78 additions & 0 deletions
78
...2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/templates/daemonset.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
labels: | ||
k8s-app: kube-proxy | ||
name: kube-proxy | ||
namespace: kube-system | ||
spec: | ||
selector: | ||
matchLabels: | ||
k8s-app: kube-proxy | ||
template: | ||
metadata: | ||
labels: | ||
k8s-app: kube-proxy | ||
spec: | ||
containers: | ||
- command: | ||
- /usr/local/bin/kube-proxy | ||
- --config=/var/lib/kube-proxy/config.conf | ||
- --hostname-override=$(NODE_NAME) | ||
env: | ||
- name: NODE_NAME | ||
valueFrom: | ||
fieldRef: | ||
apiVersion: v1 | ||
fieldPath: spec.nodeName | ||
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} | ||
imagePullPolicy: IfNotPresent | ||
name: kube-proxy | ||
securityContext: | ||
privileged: true | ||
volumeMounts: | ||
- mountPath: /var/lib/kube-proxy | ||
name: kube-proxy | ||
- mountPath: {{ template "rke2_data_dir" . }}/agent | ||
name: rke2config | ||
readOnly: true | ||
- mountPath: /run/xtables.lock | ||
name: xtables-lock | ||
- mountPath: /lib/modules | ||
name: lib-modules | ||
readOnly: true | ||
dnsPolicy: ClusterFirst | ||
hostNetwork: true | ||
nodeSelector: | ||
kubernetes.io/os: linux | ||
priorityClassName: system-node-critical | ||
restartPolicy: Always | ||
schedulerName: default-scheduler | ||
securityContext: {} | ||
serviceAccount: kube-proxy | ||
serviceAccountName: kube-proxy | ||
terminationGracePeriodSeconds: 30 | ||
tolerations: | ||
- key: CriticalAddonsOnly | ||
operator: Exists | ||
- operator: Exists | ||
volumes: | ||
- hostPath: | ||
path: {{ template "rke2_data_dir" . }}/agent | ||
type: "" | ||
name: rke2config | ||
- configMap: | ||
name: kube-proxy | ||
name: kube-proxy | ||
- hostPath: | ||
path: /run/xtables.lock | ||
type: FileOrCreate | ||
name: xtables-lock | ||
- hostPath: | ||
path: /lib/modules | ||
type: "" | ||
name: lib-modules | ||
updateStrategy: | ||
rollingUpdate: | ||
maxUnavailable: 1 | ||
type: RollingUpdate |
12 changes: 12 additions & 0 deletions
12
...s/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/templates/rbac.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: rke2:node-proxier | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: system:node-proxier | ||
subjects: | ||
- kind: ServiceAccount | ||
name: kube-proxy | ||
namespace: kube-system |
5 changes: 5 additions & 0 deletions
5
...e-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/templates/serviceaccount.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
kind: ServiceAccount | ||
apiVersion: v1 | ||
metadata: | ||
name: kube-proxy | ||
namespace: kube-system |
142 changes: 142 additions & 0 deletions
142
charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.8-rke2r2-build2022010701/values.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
--- | ||
|
||
# image for kubeproxy | ||
image: | ||
repository: rancher/hardened-kubernetes | ||
tag: v1.21.8-rke2r2-build20220107 | ||
|
||
# The IP address for the proxy server to serve on | ||
# (set to '0.0.0.0' for all IPv4 interfaces and '::' for all IPv6 interfaces) | ||
bindAddress: 0.0.0.0 | ||
|
||
# If true cleanup iptables and ipvs rules and exit. | ||
cleanup: | ||
|
||
# The CIDR range of pods in the cluster. | ||
# When configured, traffic sent to a Service cluster IP from outside this range | ||
# will be masqueraded and traffic sent from pods to an external | ||
# LoadBalancer IP will be directed to the respective cluster IP instead | ||
clusterCIDR: 10.42.0.0/16 | ||
|
||
# The path to the configuration file. | ||
config: | ||
|
||
# How often configuration from the apiserver is refreshed. Must be greater than 0. | ||
configSyncPeriod: 15m0s | ||
|
||
conntrack: | ||
# Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). | ||
maxPerCore: 32768 | ||
# Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). | ||
min: 131072 | ||
# NAT timeout for TCP connections in the CLOSE_WAIT state | ||
tcpTimeoutCloseWait: 1h0m0s | ||
# Idle timeout for established TCP connections (0 to leave as-is) | ||
tcpTimeoutEstablished: 24h0m0s | ||
|
||
# Mode to use to detect local traffic | ||
detectLocalMode: | ||
|
||
# A set of key=value pairs that describe feature gates for alpha/experimental features: | ||
featureGates: | ||
|
||
# The IP address with port for the health check server to serve on | ||
# (set to '0.0.0.0:10256' for all IPv4 interfaces and '[::]:10256' for all IPv6 interfaces). Set empty to disable. | ||
healthzBindAddress: 0.0.0.0:10256 | ||
|
||
# help for kube-proxy | ||
help: | ||
|
||
# If non-empty, will use this string as identification instead of the actual hostname. | ||
hostnameOverride: | ||
|
||
iptables: | ||
# If using the pure iptables proxy, SNAT all traffic sent via Service cluster IPs (this not commonly needed) | ||
masqueradeAll: | ||
# If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31]. | ||
masqueradeBit: 14 | ||
# The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m'). | ||
minSyncPeriod: | ||
# The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0. | ||
syncPeriod: 30s | ||
|
||
ipvs: | ||
# A comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules. | ||
excludeCidrs: | ||
# The minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m'). | ||
minSyncPeriod: | ||
# The ipvs scheduler type when proxy mode is ipvs | ||
scheduler: | ||
# Enable strict ARP by setting arp_ignore to 1 and arp_announce to 2 | ||
strictArp: | ||
# The maximum interval of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0. | ||
syncPeriod: 30s | ||
# The timeout for idle IPVS TCP connections, 0 to leave as-is. (e.g. '5s', '1m', '2h22m'). | ||
tcpTimeout: | ||
# The timeout for IPVS TCP connections after receiving a FIN packet, 0 to leave as-is. (e.g. '5s', '1m', '2h22m'). | ||
tcpfinTimeout: | ||
# The timeout for IPVS UDP packets, 0 to leave as-is. (e.g. '5s', '1m', '2h22m'). | ||
udpTimeout: | ||
|
||
|
||
clientConnection: | ||
# Burst to use while talking with kubernetes apiserver | ||
apiBurst: 10 | ||
# Content type of requests sent to apiserver. | ||
apiContentType: | ||
# QPS to use while talking with kubernetes apiserver | ||
qps: 5 | ||
# Path to kubeconfig file with authorization information (the master location is set by the master flag). | ||
kubeconfig: /var/lib/rancher/rke2/agent/kubeproxy.kubeconfig | ||
|
||
# Maximum number of seconds between log flushes | ||
logFlushFrequency: 5s | ||
|
||
|
||
|
||
# The address of the Kubernetes API server (overrides any value in kubeconfig) | ||
master: | ||
|
||
# The IP address with port for the metrics server to serve on | ||
# (set to '0.0.0.0:10249' for all IPv4 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to disable. | ||
metricsBindAddress: 127.0.0.1:10249 | ||
|
||
# A string slice of values which specify the addresses to use for NodePorts. | ||
# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses. | ||
nodeportAddresses: | ||
|
||
# The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] | ||
oomScoreAdj: -999 | ||
|
||
# If true enables profiling via web interface on /debug/pprof handler. | ||
profiling: | ||
|
||
proxy: | ||
# Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs'. | ||
# If blank, use the best-available proxy (currently iptables). | ||
# If the iptables proxy is selected, regardless of how, but the system's | ||
# kernel or iptables versions are insufficient, this always falls back to the userspace proxy. | ||
mode: | ||
# Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) | ||
# that may be consumed in order to proxy service traffic. | ||
# If (unspecified, 0, or 0-0) then ports will be randomly chosen. | ||
portRange: | ||
|
||
# The previous version for which you want to show hidden metrics. | ||
# Only the previous minor version is meaningful, other values will not be allowed. | ||
# The format is <major>.<minor>, e.g.: '1.16'. The purpose of this format is make | ||
# sure you have the opportunity to notice if the next release hides additional metrics, | ||
# rather than being surprised when they are permanently removed in the release after that. | ||
showHiddenMetricsForVersion: | ||
|
||
# How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). | ||
# Must be greater than 0. Only applicable for proxy-mode=userspace | ||
udpTimeout: 250ms | ||
|
||
# Print version information and quit | ||
version: | ||
|
||
# If set, write the default configuration values to this file and exit. | ||
writeConfigTo: | ||
global: | ||
systemDefaultRegistry: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2091,6 +2091,22 @@ entries: | |
- assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz | ||
version: 1.36.300 | ||
rke2-kube-proxy: | ||
- apiVersion: v1 | ||
appVersion: v1.21.8-rke2r2 | ||
created: "2022-01-07T20:18:41.307776587Z" | ||
description: Install Kube Proxy. | ||
digest: 1a771e3457051c17c5e0854ade22c2e7a27790a3d56dcaae95f1802a35475cfa | ||
keywords: | ||
- kube-proxy | ||
maintainers: | ||
- email: [email protected] | ||
name: Rancher Labs | ||
name: rke2-kube-proxy | ||
sources: | ||
- https://github.com/rancher/rke2-charts | ||
urls: | ||
- assets/rke2-kube-proxy-1.21/rke2-kube-proxy-v1.21.8-rke2r2-build2022010701.tgz | ||
version: v1.21.8-rke2r2-build2022010701 | ||
- apiVersion: v1 | ||
appVersion: v1.21.8-rke2r1 | ||
created: "2021-12-15T21:56:35.06236487Z" | ||
|