kubespray/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2

apiVersion: v1
kind: Pod
metadata:
  name: kube-proxy
  namespace: {{system_namespace}}
  labels:
    k8s-app: kube-proxy
  annotations:
    kubespray.kube-proxy-cert/serial: "{{ kube_proxy_cert_serial }}"
spec:
  hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
  dnsPolicy: ClusterFirst
{% endif %}
  containers:
  - name: kube-proxy
    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
    imagePullPolicy: {{ k8s_image_pull_policy }}
    resources:
      limits:
        cpu: {{ kube_proxy_cpu_limit }}
        memory: {{ kube_proxy_memory_limit }}
      requests:
        cpu: {{ kube_proxy_cpu_requests }}
        memory: {{ kube_proxy_memory_requests }}
    command:
    - /hyperkube
    - proxy
    - --v={{ kube_log_level }}
    - --kubeconfig={{kube_config_dir}}/kube-proxy-kubeconfig.yaml
    - --bind-address={{ ip | default(ansible_default_ipv4.address) }}
    - --cluster-cidr={{ kube_pods_subnet }}
    - --proxy-mode={{ kube_proxy_mode }}
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
    - --masquerade-all
{% endif %}
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ssl-certs-host
      readOnly: true
    - mountPath: "{{ kube_config_dir }}/ssl"
      name: etc-kube-ssl
      readOnly: true
    - mountPath: "{{ kube_config_dir }}/kube-proxy-kubeconfig.yaml"
      name: kubeconfig
      readOnly: true
    - mountPath: /var/run/dbus
      name: var-run-dbus
      readOnly: false
    - mountPath: /lib/modules
      name: lib-modules
      readOnly: true
  volumes:
  - name: ssl-certs-host
    hostPath:
{% if ansible_os_family == 'RedHat' %}
      path: /etc/pki/tls
{% else %}
      path: /usr/share/ca-certificates
{% endif %}
  - name: etc-kube-ssl
    hostPath:
      path: "{{ kube_config_dir }}/ssl"
  - name: kubeconfig
    hostPath:
      path: "{{ kube_config_dir }}/kube-proxy-kubeconfig.yaml"
  - name: var-run-dbus
    hostPath:
      path: /var/run/dbus
  - hostPath:
      path: /lib/modules
    name: lib-modules