Skip to content

Commit

Permalink
Bump rke2-kube-proxy-1.21 to v1.21.8-rke2r2-build20220107
Browse files Browse the repository at this point in the history
Signed-off-by: Brad Davidson <[email protected]>
  • Loading branch information
actions-user committed Jan 7, 2022
1 parent 1abbc6a commit f14c205
Show file tree
Hide file tree
Showing 10 changed files with 357 additions and 0 deletions.
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
appVersion: v1.21.8-rke2r2
description: Install Kube Proxy.
keywords:
- kube-proxy
maintainers:
- email: [email protected]
name: Rancher Labs
name: rke2-kube-proxy
sources:
- https://github.com/rancher/rke2-charts
version: v1.21.8-rke2r2-build2022010701
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Kube-proxy has been installed.

Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "rke2_data_dir" -}}
{{- if .Values.global.rke2DataDir -}}
{{- printf "%s" .Values.global.rke2DataDir -}}
{{- else -}}
{{- "/var/lib/rancher/rke2" -}}
{{- end -}}
{{- end -}}
{{- define "kubeproxy_kubeconfig" -}}
{{- if .Values.global.rke2DataDir -}}
{{- printf "%s/agent/kubeproxy.kubeconfig" .Values.global.rke2DataDir -}}
{{- else -}}
{{- printf "%s" .Values.clientConnection.kubeconfig -}}
{{- end -}}
{{- end -}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
---
apiVersion: v1
data:
config.conf: |-
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: {{ .Values.bindAddress | quote }}
clientConnection:
acceptContentTypes: {{ .Values.clientConnection.acceptContentTypes | quote }}
burst: {{ .Values.clientConnection.burst }}
contentType: {{ .Values.clientConnection.contentType | quote }}
kubeconfig: {{ include "kubeproxy_kubeconfig" . | quote }}
qps: {{ .Values.clientConnection.qps }}
clusterCIDR: {{ coalesce .Values.global.clusterCIDR .Values.clusterCIDR | quote }}
configSyncPeriod: {{ .Values.configSyncPeriod }}
conntrack:
maxPerCore: {{ .Values.conntrack.maxPerCore }}
min: {{ .Values.conntrack.min }}
tcpCloseWaitTimeout: {{ .Values.conntrack.tcpCloseWaitTimeout | quote }}
tcpEstablishedTimeout: {{ .Values.conntrack.tcpEstablishedTimeout | quote }}
detectLocalMode: {{ .Values.detectLocalMode | quote }}
enableProfiling: {{ .Values.enableProfiling }}
healthzBindAddress: {{ .Values.healthzBindAddress | quote }}
hostnameOverride: {{ .Values.hostnameOverride | quote }}
iptables:
masqueradeAll: {{ .Values.iptables.masqueradeAll }}
masqueradeBit: {{ .Values.iptables.masqueradeBit }}
{{ if .Values.iptables.minSyncPeriod }}
minSyncPeriod: {{ .Values.iptables.minSyncPeriod }}
{{ end }}
syncPeriod: {{ .Values.iptables.syncPeriod }}
ipvs:
excludeCIDRs: {{ .Values.ipvs.excludeCIDRs | quote }}
{{ if .Values.ipvs.minSyncPeriod }}
minSyncPeriod: {{ .Values.ipvs.minSyncPeriod }}
{{ end }}
scheduler: {{ .Values.ipvs.scheduler | quote }}
strictARP: {{ .Values.ipvs.strictARP }}
syncPeriod: {{ .Values.ipvs.syncPeriod }}
{{ if .Values.ipvs.tcpFinTimeout }}
tcpFinTimeout: {{ .Values.ipvs.tcpFinTimeout }}
{{ end }}
{{ if .Values.ipvs.tcpTimeout }}
tcpTimeout: {{ .Values.ipvs.tcpTimeout }}
{{ end }}
{{ if .Values.ipvs.udpTimeout }}
udpTimeout: {{ .Values.ipvs.udpTimeout }}
{{ end }}
kind: KubeProxyConfiguration
metricsBindAddress: {{ .Values.metricsBindAddress | quote }}
mode: {{ .Values.proxy.mode | quote }}
nodePortAddresses: null
oomScoreAdj: {{ .Values.oomScoreAdj }}
portRange: {{ .Values.proxy.portRange | quote }}
showHiddenMetricsForVersion: {{ .Values.showHiddenMetricsForVersion | quote }}
udpIdleTimeout: {{ .Values.udpTimeout | quote }}
featureGates:
{{- range $key, $value := .Values.featureGates }}
{{ $key }}: {{ $value }}
{{- end }}
winkernel:
enableDSR: false
networkName: ""
sourceVip: ""
kind: ConfigMap
metadata:
labels:
app: kube-proxy
name: kube-proxy
namespace: kube-system
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
k8s-app: kube-proxy
name: kube-proxy
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: kube-proxy
template:
metadata:
labels:
k8s-app: kube-proxy
spec:
containers:
- command:
- /usr/local/bin/kube-proxy
- --config=/var/lib/kube-proxy/config.conf
- --hostname-override=$(NODE_NAME)
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: IfNotPresent
name: kube-proxy
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/kube-proxy
name: kube-proxy
- mountPath: {{ template "rke2_data_dir" . }}/agent
name: rke2config
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
- mountPath: /lib/modules
name: lib-modules
readOnly: true
dnsPolicy: ClusterFirst
hostNetwork: true
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kube-proxy
serviceAccountName: kube-proxy
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- operator: Exists
volumes:
- hostPath:
path: {{ template "rke2_data_dir" . }}/agent
type: ""
name: rke2config
- configMap:
name: kube-proxy
name: kube-proxy
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock
- hostPath:
path: /lib/modules
type: ""
name: lib-modules
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rke2:node-proxier
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node-proxier
subjects:
- kind: ServiceAccount
name: kube-proxy
namespace: kube-system
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: kube-proxy
namespace: kube-system
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
---

# image for kubeproxy
image:
repository: rancher/hardened-kubernetes
tag: v1.21.8-rke2r2-build20220107

# The IP address for the proxy server to serve on
# (set to '0.0.0.0' for all IPv4 interfaces and '::' for all IPv6 interfaces)
bindAddress: 0.0.0.0

# If true cleanup iptables and ipvs rules and exit.
cleanup:

# The CIDR range of pods in the cluster.
# When configured, traffic sent to a Service cluster IP from outside this range
# will be masqueraded and traffic sent from pods to an external
# LoadBalancer IP will be directed to the respective cluster IP instead
clusterCIDR: 10.42.0.0/16

# The path to the configuration file.
config:

# How often configuration from the apiserver is refreshed. Must be greater than 0.
configSyncPeriod: 15m0s

conntrack:
# Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min).
maxPerCore: 32768
# Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is).
min: 131072
# NAT timeout for TCP connections in the CLOSE_WAIT state
tcpTimeoutCloseWait: 1h0m0s
# Idle timeout for established TCP connections (0 to leave as-is)
tcpTimeoutEstablished: 24h0m0s

# Mode to use to detect local traffic
detectLocalMode:

# A set of key=value pairs that describe feature gates for alpha/experimental features:
featureGates:

# The IP address with port for the health check server to serve on
# (set to '0.0.0.0:10256' for all IPv4 interfaces and '[::]:10256' for all IPv6 interfaces). Set empty to disable.
healthzBindAddress: 0.0.0.0:10256

# help for kube-proxy
help:

# If non-empty, will use this string as identification instead of the actual hostname.
hostnameOverride:

iptables:
# If using the pure iptables proxy, SNAT all traffic sent via Service cluster IPs (this not commonly needed)
masqueradeAll:
# If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31].
masqueradeBit: 14
# The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
minSyncPeriod:
# The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.
syncPeriod: 30s

ipvs:
# A comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules.
excludeCidrs:
# The minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
minSyncPeriod:
# The ipvs scheduler type when proxy mode is ipvs
scheduler:
# Enable strict ARP by setting arp_ignore to 1 and arp_announce to 2
strictArp:
# The maximum interval of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.
syncPeriod: 30s
# The timeout for idle IPVS TCP connections, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
tcpTimeout:
# The timeout for IPVS TCP connections after receiving a FIN packet, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
tcpfinTimeout:
# The timeout for IPVS UDP packets, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
udpTimeout:


clientConnection:
# Burst to use while talking with kubernetes apiserver
apiBurst: 10
# Content type of requests sent to apiserver.
apiContentType:
# QPS to use while talking with kubernetes apiserver
qps: 5
# Path to kubeconfig file with authorization information (the master location is set by the master flag).
kubeconfig: /var/lib/rancher/rke2/agent/kubeproxy.kubeconfig

# Maximum number of seconds between log flushes
logFlushFrequency: 5s



# The address of the Kubernetes API server (overrides any value in kubeconfig)
master:

# The IP address with port for the metrics server to serve on
# (set to '0.0.0.0:10249' for all IPv4 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to disable.
metricsBindAddress: 127.0.0.1:10249

# A string slice of values which specify the addresses to use for NodePorts.
# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
nodeportAddresses:

# The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
oomScoreAdj: -999

# If true enables profiling via web interface on /debug/pprof handler.
profiling:

proxy:
# Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs'.
# If blank, use the best-available proxy (currently iptables).
# If the iptables proxy is selected, regardless of how, but the system's
# kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
mode:
# Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive)
# that may be consumed in order to proxy service traffic.
# If (unspecified, 0, or 0-0) then ports will be randomly chosen.
portRange:

# The previous version for which you want to show hidden metrics.
# Only the previous minor version is meaningful, other values will not be allowed.
# The format is <major>.<minor>, e.g.: '1.16'. The purpose of this format is make
# sure you have the opportunity to notice if the next release hides additional metrics,
# rather than being surprised when they are permanently removed in the release after that.
showHiddenMetricsForVersion:

# How long an idle UDP connection will be kept open (e.g. '250ms', '2s').
# Must be greater than 0. Only applicable for proxy-mode=userspace
udpTimeout: 250ms

# Print version information and quit
version:

# If set, write the default configuration values to this file and exit.
writeConfigTo:
global:
systemDefaultRegistry: ""
16 changes: 16 additions & 0 deletions index.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2091,6 +2091,22 @@ entries:
- assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz
version: 1.36.300
rke2-kube-proxy:
- apiVersion: v1
appVersion: v1.21.8-rke2r2
created: "2022-01-07T20:18:41.307776587Z"
description: Install Kube Proxy.
digest: 1a771e3457051c17c5e0854ade22c2e7a27790a3d56dcaae95f1802a35475cfa
keywords:
- kube-proxy
maintainers:
- email: [email protected]
name: Rancher Labs
name: rke2-kube-proxy
sources:
- https://github.com/rancher/rke2-charts
urls:
- assets/rke2-kube-proxy-1.21/rke2-kube-proxy-v1.21.8-rke2r2-build2022010701.tgz
version: v1.21.8-rke2r2-build2022010701
- apiVersion: v1
appVersion: v1.21.8-rke2r1
created: "2021-12-15T21:56:35.06236487Z"
Expand Down

0 comments on commit f14c205

Please sign in to comment.