Add CoreOS/K8s recommended defaults to kube-proxy
The cluster-cidr fix asymetric routing in specific use case. Adding dbus removes iptables error message for kube-proxy and adding ${HOST_CERT_PATH} is just common practice. Change-Id: I8912091ebcb5c1ef940f43e5195a849f8fa6370e Partially-Implements: bp coreos-best-pratice
This commit is contained in:
parent
1a36735599
commit
a18724b612
|
@ -38,8 +38,23 @@ write_files:
|
||||||
- /hyperkube
|
- /hyperkube
|
||||||
- proxy
|
- proxy
|
||||||
- --master=http://127.0.0.1:8080
|
- --master=http://127.0.0.1:8080
|
||||||
|
- --cluster-cidr=${FLANNEL_NETWORK_CIDR}
|
||||||
- --logtostderr=true
|
- --logtostderr=true
|
||||||
- --v=0
|
- --v=0
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/ssl/certs
|
||||||
|
name: ssl-certs-host
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /var/run/dbus
|
||||||
|
name: dbus
|
||||||
|
readOnly: false
|
||||||
|
volumes:
|
||||||
|
- hostPath:
|
||||||
|
path: ${HOST_CERTS_PATH}
|
||||||
|
name: ssl-certs-host
|
||||||
|
- hostPath:
|
||||||
|
path: /var/run/dbus
|
||||||
|
name: dbus
|
||||||
EOF
|
EOF
|
||||||
|
|
|
@ -48,6 +48,7 @@ write_files:
|
||||||
- proxy
|
- proxy
|
||||||
- --master=${KUBE_MASTER_URI}
|
- --master=${KUBE_MASTER_URI}
|
||||||
- --kubeconfig=${KUBE_CONFIG}
|
- --kubeconfig=${KUBE_CONFIG}
|
||||||
|
- --cluster-cidr=${FLANNEL_NETWORK_CIDR}
|
||||||
- --logtostderr=true
|
- --logtostderr=true
|
||||||
- --v=0
|
- --v=0
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -59,6 +60,12 @@ write_files:
|
||||||
- mountPath: ${KUBE_CERTS_PATH}
|
- mountPath: ${KUBE_CERTS_PATH}
|
||||||
name: ssl-certs-kubernetes
|
name: ssl-certs-kubernetes
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- mountPath: /etc/ssl/certs
|
||||||
|
name: ssl-certs-host
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /var/run/dbus
|
||||||
|
name: dbus
|
||||||
|
readOnly: false
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
- name: kubeconfig
|
||||||
hostPath:
|
hostPath:
|
||||||
|
@ -66,4 +73,10 @@ write_files:
|
||||||
- name: ssl-certs-kubernetes
|
- name: ssl-certs-kubernetes
|
||||||
hostPath:
|
hostPath:
|
||||||
path: ${KUBE_CERTS_PATH}
|
path: ${KUBE_CERTS_PATH}
|
||||||
|
- hostPath:
|
||||||
|
path: ${HOST_CERTS_PATH}
|
||||||
|
name: ssl-certs-host
|
||||||
|
- hostPath:
|
||||||
|
path: /var/run/dbus
|
||||||
|
name: dbus
|
||||||
EOF
|
EOF
|
||||||
|
|
Loading…
Reference in New Issue