kops/upup/models/cloudup/resources/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml

# Borrowed from https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/metadata-proxy

apiVersion: v1
kind: ServiceAccount
metadata:
  name: metadata-proxy
  namespace: kube-system
  labels:
    k8s-app: metadata-proxy
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: metadata-proxy-v0.12
  namespace: kube-system
  labels:
    k8s-app: metadata-proxy
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    version: v0.12
spec:
  selector:
    matchLabels:
      k8s-app: metadata-proxy
      version: v0.12
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: metadata-proxy
        kubernetes.io/cluster-service: "true"
        version: v0.12
    spec:
      priorityClassName: system-node-critical
      serviceAccountName: metadata-proxy
      hostNetwork: true
      dnsPolicy: Default
      tolerations:
      - operator: "Exists"
        effect: "NoExecute"
      - operator: "Exists"
        effect: "NoSchedule"
      hostNetwork: true
      initContainers:
      - name: update-ipdtables
        securityContext:
          privileged: true
        image: gcr.io/google_containers/k8s-custom-iptables:1.0
        imagePullPolicy: Always
        command: [ "/bin/sh", "-c", "/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -d 169.254.169.254 -j DNAT --to-destination 127.0.0.1:988" ]
        volumeMounts:
        - name: host
          mountPath: /host
      volumes:
      - name: host
        hostPath:
          path: /
          type: Directory
      containers:
      - name: metadata-proxy
        image: k8s.gcr.io/metadata-proxy:v0.1.12
        securityContext:
          privileged: true
        # Request and limit resources to get guaranteed QoS.
        resources:
          requests:
            memory: "25Mi"
            cpu: "30m"
          limits:
            memory: "25Mi"
            cpu: "30m"
      # BEGIN_PROMETHEUS_TO_SD
      - name: prometheus-to-sd-exporter
        image: k8s.gcr.io/prometheus-to-sd:v0.5.0
        # Request and limit resources to get guaranteed QoS.
        resources:
          requests:
            memory: "20Mi"
            cpu: "2m"
          limits:
            memory: "20Mi"
            cpu: "2m"
        command:
          - /monitor
          - --stackdriver-prefix=custom.googleapis.com/addons
          - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count
          - --pod-id=$(POD_NAME)
          - --namespace-id=$(POD_NAMESPACE)
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
      # END_PROMETHEUS_TO_SD
      nodeSelector:
        cloud.google.com/metadata-proxy-ready: "true"
        beta.kubernetes.io/os: linux
      terminationGracePeriodSeconds: 30