rke2 june release (#275)

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: v1.21.14-rke2r1
+description: Install Kube Proxy.
+keywords:
+- kube-proxy
+maintainers:
+- email: charts@rancher.com
+  name: Rancher Labs
+name: rke2-kube-proxy
+sources:
+- https://github.com/rancher/rke2-charts
+version: v1.21.14-rke2r1-build2022061701

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/templates/NOTES.txt

@@ -0,0 +1,2 @@
+Kube-proxy has been installed.
+

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/templates/_helpers.tpl

@@ -0,0 +1,21 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+{{- define "rke2_data_dir" -}}
+{{- if .Values.global.rke2DataDir -}}
+{{- printf "%s" .Values.global.rke2DataDir -}}
+{{- else -}}
+{{- "/var/lib/rancher/rke2" -}}
+{{- end -}}
+{{- end -}}
+{{- define "kubeproxy_kubeconfig" -}}
+{{- if .Values.global.rke2DataDir -}}
+{{- printf "%s/agent/kubeproxy.kubeconfig" .Values.global.rke2DataDir -}}
+{{- else -}}
+{{- printf "%s" .Values.clientConnection.kubeconfig -}}
+{{- end -}}
+{{- end -}}

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/templates/config.yaml

@@ -0,0 +1,69 @@
+---
+apiVersion: v1
+data:
+  config.conf: |-
+    apiVersion: kubeproxy.config.k8s.io/v1alpha1
+    bindAddress: {{ .Values.bindAddress | quote }}
+    clientConnection:
+      acceptContentTypes: {{ .Values.clientConnection.acceptContentTypes | quote }}
+      burst: {{ .Values.clientConnection.burst }}
+      contentType: {{ .Values.clientConnection.contentType | quote }}
+      kubeconfig: {{ include "kubeproxy_kubeconfig" . | quote }}
+      qps: {{ .Values.clientConnection.qps }} 
+    clusterCIDR: {{ coalesce .Values.global.clusterCIDR .Values.clusterCIDR | quote }}
+    configSyncPeriod: {{ .Values.configSyncPeriod }}
+    conntrack:
+      maxPerCore: {{ .Values.conntrack.maxPerCore }}
+      min: {{ .Values.conntrack.min }}
+      tcpCloseWaitTimeout: {{ .Values.conntrack.tcpCloseWaitTimeout | quote }}
+      tcpEstablishedTimeout: {{ .Values.conntrack.tcpEstablishedTimeout | quote }}
+    detectLocalMode: {{ .Values.detectLocalMode | quote }}
+    enableProfiling: {{ .Values.enableProfiling }}
+    healthzBindAddress: {{ .Values.healthzBindAddress | quote }}
+    hostnameOverride: {{ .Values.hostnameOverride | quote }}
+    iptables:
+      masqueradeAll: {{ .Values.iptables.masqueradeAll }}
+      masqueradeBit: {{ .Values.iptables.masqueradeBit }}
+      {{ if .Values.iptables.minSyncPeriod }}
+      minSyncPeriod: {{ .Values.iptables.minSyncPeriod }}
+      {{ end }}
+      syncPeriod: {{ .Values.iptables.syncPeriod }}
+    ipvs:
+      excludeCIDRs: {{ .Values.ipvs.excludeCIDRs | quote }}
+      {{ if .Values.ipvs.minSyncPeriod }}
+      minSyncPeriod: {{ .Values.ipvs.minSyncPeriod }}
+      {{ end }}
+      scheduler: {{ .Values.ipvs.scheduler | quote }}
+      strictARP: {{ .Values.ipvs.strictARP }}
+      syncPeriod: {{ .Values.ipvs.syncPeriod }}
+      {{ if .Values.ipvs.tcpFinTimeout }}
+      tcpFinTimeout: {{ .Values.ipvs.tcpFinTimeout }}
+      {{ end }}
+      {{ if .Values.ipvs.tcpTimeout }}
+      tcpTimeout: {{ .Values.ipvs.tcpTimeout }}
+      {{ end }}
+      {{ if .Values.ipvs.udpTimeout }}
+      udpTimeout: {{ .Values.ipvs.udpTimeout }}
+      {{ end }}
+    kind: KubeProxyConfiguration
+    metricsBindAddress: {{ .Values.metricsBindAddress | quote }}
+    mode: {{ .Values.proxy.mode | quote }}
+    nodePortAddresses: null
+    oomScoreAdj: {{ .Values.oomScoreAdj }}
+    portRange: {{ .Values.proxy.portRange | quote }}
+    showHiddenMetricsForVersion: {{ .Values.showHiddenMetricsForVersion | quote }}
+    udpIdleTimeout: {{ .Values.udpTimeout | quote }}
+    featureGates:
+    {{- range  $key, $value := .Values.featureGates }}
+      {{ $key }}: {{ $value }}
+    {{- end }}
+    winkernel:
+      enableDSR: false
+      networkName: ""
+      sourceVip: ""
+kind: ConfigMap
+metadata:
+  labels:
+    app: kube-proxy
+  name: kube-proxy
+  namespace: kube-system

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/templates/daemonset.yaml

@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: kube-proxy
+  name: kube-proxy
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-proxy
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-proxy
+    spec:
+      containers:
+      - command:
+        - /usr/local/bin/kube-proxy
+        - --config=/var/lib/kube-proxy/config.conf
+        - --hostname-override=$(NODE_NAME)
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: IfNotPresent
+        name: kube-proxy
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /var/lib/kube-proxy
+          name: kube-proxy
+        - mountPath: {{ template "rke2_data_dir" . }}/agent
+          name: rke2config
+          readOnly: true
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+        - mountPath: /lib/modules
+          name: lib-modules
+          readOnly: true
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      nodeSelector:
+        kubernetes.io/os: linux
+      priorityClassName: system-node-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: kube-proxy
+      serviceAccountName: kube-proxy
+      terminationGracePeriodSeconds: 30
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - operator: Exists
+      volumes:
+      - hostPath:
+          path: {{ template "rke2_data_dir" . }}/agent
+          type: ""
+        name: rke2config
+      - configMap:
+          name: kube-proxy
+        name: kube-proxy
+      - hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+        name: xtables-lock
+      - hostPath:
+          path: /lib/modules
+          type: ""
+        name: lib-modules
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/templates/rbac.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rke2:node-proxier
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:node-proxier
+subjects:
+- kind: ServiceAccount
+  name: kube-proxy
+  namespace: kube-system

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/templates/serviceaccount.yaml

@@ -0,0 +1,5 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: kube-proxy
+  namespace: kube-system

charts/rke2-kube-proxy-1.21/rke2-kube-proxy/v1.21.14-rke2r1-build2022061701/values.yaml

@@ -0,0 +1,142 @@
+---
+
+# image for kubeproxy
+image:
+  repository: rancher/hardened-kubernetes
+  tag: v1.21.14-rke2r1-build20220617
+
+# The IP address for the proxy server to serve on 
+# (set to '0.0.0.0' for all IPv4 interfaces and '::' for all IPv6 interfaces)
+bindAddress: 0.0.0.0
+
+# If true cleanup iptables and ipvs rules and exit.
+cleanup: 
+
+# The CIDR range of pods in the cluster. 
+# When configured, traffic sent to a Service cluster IP from outside this range 
+# will be masqueraded and traffic sent from pods to an external 
+# LoadBalancer IP will be directed to the respective cluster IP instead
+clusterCIDR: 10.42.0.0/16
+
+# The path to the configuration file.
+config: 
+
+# How often configuration from the apiserver is refreshed. Must be greater than 0.
+configSyncPeriod: 15m0s
+
+conntrack:
+  # Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min).
+  maxPerCore: 32768
+  # Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is).
+  min: 131072
+  # NAT timeout for TCP connections in the CLOSE_WAIT state
+  tcpTimeoutCloseWait: 1h0m0s
+  # Idle timeout for established TCP connections (0 to leave as-is)
+  tcpTimeoutEstablished: 24h0m0s
+
+# Mode to use to detect local traffic
+detectLocalMode: 
+
+# A set of key=value pairs that describe feature gates for alpha/experimental features:
+featureGates: 
+
+# The IP address with port for the health check server to serve on
+# (set to '0.0.0.0:10256' for all IPv4 interfaces and '[::]:10256' for all IPv6 interfaces). Set empty to disable.
+healthzBindAddress: 0.0.0.0:10256
+
+# help for kube-proxy
+help: 
+
+# If non-empty, will use this string as identification instead of the actual hostname.
+hostnameOverride: 
+
+iptables:
+  # If using the pure iptables proxy, SNAT all traffic sent via Service cluster IPs (this not commonly needed)
+  masqueradeAll: 
+  # If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31].
+  masqueradeBit: 14
+  # The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
+  minSyncPeriod: 
+  # The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.
+  syncPeriod: 30s
+
+ipvs:
+  # A comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules.
+  excludeCidrs:
+  # The minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
+  minSyncPeriod: 
+  # The ipvs scheduler type when proxy mode is ipvs
+  scheduler:
+  # Enable strict ARP by setting arp_ignore to 1 and arp_announce to 2
+  strictArp: 
+  # The maximum interval of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.
+  syncPeriod: 30s
+  # The timeout for idle IPVS TCP connections, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
+  tcpTimeout: 
+  # The timeout for IPVS TCP connections after receiving a FIN packet, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
+  tcpfinTimeout:
+  # The timeout for IPVS UDP packets, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
+  udpTimeout:
+
+
+clientConnection:        
+  # Burst to use while talking with kubernetes apiserver
+  apiBurst: 10
+  # Content type of requests sent to apiserver.
+  apiContentType:
+  # QPS to use while talking with kubernetes apiserver
+  qps: 5
+  # Path to kubeconfig file with authorization information (the master location is set by the master flag).
+  kubeconfig: /var/lib/rancher/rke2/agent/kubeproxy.kubeconfig
+
+# Maximum number of seconds between log flushes
+logFlushFrequency: 5s
+
+
+
+# The address of the Kubernetes API server (overrides any value in kubeconfig)
+master: 
+
+# The IP address with port for the metrics server to serve on 
+# (set to '0.0.0.0:10249' for all IPv4 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to disable.
+metricsBindAddress: 127.0.0.1:10249
+
+# A string slice of values which specify the addresses to use for NodePorts. 
+# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
+nodeportAddresses:
+
+# The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
+oomScoreAdj: -999
+
+# If true enables profiling via web interface on /debug/pprof handler.
+profiling:
+
+proxy:
+  # Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs'. 
+  # If blank, use the best-available proxy (currently iptables). 
+  # If the iptables proxy is selected, regardless of how, but the system's 
+  # kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
+  mode:
+# Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) 
+# that may be consumed in order to proxy service traffic. 
+# If (unspecified, 0, or 0-0) then ports will be randomly chosen.
+  portRange:
+
+# The previous version for which you want to show hidden metrics. 
+# Only the previous minor version is meaningful, other values will not be allowed.
+# The format is <major>.<minor>, e.g.: '1.16'. The purpose of this format is make 
+# sure you have the opportunity to notice if the next release hides additional metrics, 
+# rather than being surprised when they are permanently removed in the release after that.
+showHiddenMetricsForVersion:
+
+# How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). 
+# Must be greater than 0. Only applicable for proxy-mode=userspace
+udpTimeout: 250ms
+
+# Print version information and quit
+version: 
+
+# If set, write the default configuration values to this file and exit.
+writeConfigTo:
+global:
+  systemDefaultRegistry: ""

index.yaml

@@ -3905,6 +3905,22 @@ entries:
     - assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz
     version: 1.36.300
   rke2-kube-proxy:
+  - apiVersion: v1
+    appVersion: v1.21.14-rke2r1
+    created: "2022-06-17T18:21:56.244084103Z"
+    description: Install Kube Proxy.
+    digest: ddef3549af79de83a069c938b7951e3092b849e15e356942f9f300a30fd72a1a
+    keywords:
+    - kube-proxy
+    maintainers:
+    - email: charts@rancher.com
+      name: Rancher Labs
+    name: rke2-kube-proxy
+    sources:
+    - https://github.com/rancher/rke2-charts
+    urls:
+    - assets/rke2-kube-proxy-1.21/rke2-kube-proxy-v1.21.14-rke2r1-build2022061701.tgz
+    version: v1.21.14-rke2r1-build2022061701
   - apiVersion: v1
     appVersion: v1.21.13-rke2r2
     created: "2022-06-08T20:57:10.364930785Z"