| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: ip-masq-agent |
| namespace: kube-system |
| labels: |
| k8s-app: ip-masq-agent |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| --- |
| # https://github.com/kubernetes-incubator/ip-masq-agent/blob/v2.0.0/README.md |
| apiVersion: extensions/v1beta1 |
| kind: DaemonSet |
| metadata: |
| name: ip-masq-agent |
| namespace: kube-system |
| labels: |
| addonmanager.kubernetes.io/mode: Reconcile |
| spec: |
| template: |
| metadata: |
| labels: |
| k8s-app: ip-masq-agent |
| annotations: |
| scheduler.alpha.kubernetes.io/critical-pod: '' |
| spec: |
| priorityClassName: system-node-critical |
| serviceAccountName: ip-masq-agent |
| hostNetwork: true |
| containers: |
| - name: ip-masq-agent |
| image: k8s.gcr.io/ip-masq-agent-amd64:v2.1.1 |
| args: |
| - --masq-chain=IP-MASQ |
| resources: |
| requests: |
| cpu: 10m |
| memory: 16Mi |
| securityContext: |
| privileged: true |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| nodeSelector: |
| beta.kubernetes.io/masq-agent-ds-ready: "true" |
| volumes: |
| - name: config |
| configMap: |
| # Note this ConfigMap must be created in the same namespace as the daemon pods - this spec uses kube-system |
| name: ip-masq-agent |
| optional: true |
| items: |
| # The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent |
| - key: config |
| path: ip-masq-agent |
| tolerations: |
| - effect: NoSchedule |
| operator: Exists |
| - effect: NoExecute |
| operator: Exists |
| - key: "CriticalAddonsOnly" |
| operator: "Exists" |