From 9da1262c70cc2d206aa041bc038bec7d21edcb3a Mon Sep 17 00:00:00 2001
From: Thirunavukkarasu Palani <thiru3456@gmail.com>
Date: Fri, 4 Jun 2021 15:32:44 -0500
Subject: [PATCH] Add configMap to proxy chart

Flags in kube-proxy other than --config, --write-config-to,
and --cleanup are deprecated.
Added configmap to remove deprecated warning

Change-Id: I325e3a459b1079c6d1902bf06a43e00021231716
---
 charts/proxy/templates/configmap-etc.yaml    | 12 ++++++
 charts/proxy/templates/daemonset.yaml        |  7 ++++
 charts/proxy/templates/etc/_proxy-config.tpl | 44 ++++++++++++++++++++
 charts/proxy/values.yaml                     | 38 ++++++++++++++++-
 4 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 charts/proxy/templates/configmap-etc.yaml
 create mode 100644 charts/proxy/templates/etc/_proxy-config.tpl

diff --git a/charts/proxy/templates/configmap-etc.yaml b/charts/proxy/templates/configmap-etc.yaml
new file mode 100644
index 00000000..292af62a
--- /dev/null
+++ b/charts/proxy/templates/configmap-etc.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.manifests.configmap_proxy }}
+{{- $envAll := . }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.service.name }}-etc
+data:
+  config.conf: |-
+{{ tuple "etc/_proxy-config.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
diff --git a/charts/proxy/templates/daemonset.yaml b/charts/proxy/templates/daemonset.yaml
index 1c22bf1e..7e41917f 100644
--- a/charts/proxy/templates/daemonset.yaml
+++ b/charts/proxy/templates/daemonset.yaml
@@ -67,6 +67,7 @@ spec:
           {{- range .Values.command_prefix }}
           - {{ . }}
           {{- end }}
+          - --config=/var/lib/kube-proxy/config.conf
           - --hostname-override=$(NODE_NAME)
           {{- if .Values.proxy.logging.log_level }}
           - --v={{ .Values.proxy.logging.log_level }}
@@ -85,6 +86,8 @@ spec:
 {{ dict "envAll" . "component" "proxy" "container" "proxy" "type" "liveness" "probeTemplate" (include "probeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 8 }}
 {{ dict "envAll" . "component" "proxy" "container" "proxy" "type" "readiness" "probeTemplate" (include "probeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 8 }}
         volumeMounts:
+          - mountPath: /var/lib/kube-proxy
+            name: kube-proxy
           - mountPath: /run/xtables.lock
             name: xtables-lock
             readOnly: false
@@ -93,6 +96,10 @@ spec:
             readOnly: true
       serviceAccountName: kube-proxy
       volumes:
+        - configMap:
+            defaultMode: 420
+            name: {{ .Values.service.name }}-etc
+          name: kube-proxy
         - name: xtables-lock
           hostPath:
             path: /run/xtables.lock
diff --git a/charts/proxy/templates/etc/_proxy-config.tpl b/charts/proxy/templates/etc/_proxy-config.tpl
new file mode 100644
index 00000000..2ac32333
--- /dev/null
+++ b/charts/proxy/templates/etc/_proxy-config.tpl
@@ -0,0 +1,44 @@
+apiVersion: {{ .Values.config_conf.apiVersion | default "kubeproxy.config.k8s.io/v1alpha1"  }}
+bindAddress: {{ .Values.config_conf.bindAddress | default "0.0.0.0" }}
+bindAddressHardFail: {{ .Values.config_conf.bindAddressHardFail | default "false" }}
+clientConnection:
+  acceptContentTypes: {{ .Values.config_conf.clientConnection.acceptContentTypes | default "" |quote }}
+  burst: {{ .Values.config_conf.clientConnection.burst | default "10" }}
+  contentType: {{ .Values.config_conf.clientConnection.contentType | default "application/vnd.kubernetes.protobuf" }}
+  kubeconfig: {{ .Values.config_conf.clientConnection.kubeconfig | default "" |quote }}
+  qps: {{ .Values.config_conf.clientConnection.qps | default "5" }}
+clusterCIDR: {{ .Values.config_conf.clusterCIDR | default "" |quote }}
+configSyncPeriod: {{ .Values.config_conf.configSyncPeriod | default "15m0s" }}
+conntrack:
+  {{- range $key, $val := .Values.config_conf.conntrack }}
+  {{ $key }}: {{ $val }}
+  {{- end }}
+detectLocalMode: {{ .Values.config_conf.detectLocalMode | default "" |quote }}
+enableProfiling: {{ .Values.config_conf.enableProfiling | default "false" }}
+healthzBindAddress: {{ .Values.config_conf.healthzBindAddress | default "0.0.0.0:10256" }}
+hostnameOverride: {{ .Values.config_conf.hostnameOverride | default ""|quote }}
+iptables:
+  {{- range $key, $val := .Values.config_conf.iptables }}
+  {{ $key }}: {{ $val }}
+  {{- end }}
+ipvs:
+  excludeCIDRs: {{ .Values.config_conf.ipvs.excludeCIDRs | default "null" }}
+  minSyncPeriod: {{ .Values.config_conf.ipvs.minSyncPeriod | default "0s" }}
+  scheduler: {{ .Values.config_conf.ipvs.scheduler | default "" |quote }}
+  strictARP: {{ .Values.config_conf.ipvs.strictARP | default "false" }}
+  syncPeriod: {{ .Values.config_conf.ipvs.syncPeriod | default "30s" }}
+  tcpFinTimeout: {{ .Values.config_conf.ipvs.tcpFinTimeout | default "0s" }}
+  tcpTimeout: {{ .Values.config_conf.ipvs.tcpTimeout | default "0s" }}
+  udpTimeout: {{ .Values.config_conf.ipvs.udpTimeout | default "0s"  }}
+kind: {{ .Values.config_conf.kind | default "KubeProxyConfiguration" }}
+metricsBindAddress: {{ .Values.config_conf.metricsBindAddress | default "127.0.0.1:10249" }}
+mode: {{ .Values.config_conf.mode | default "iptables"  }}
+nodePortAddresses: {{ .Values.config_conf.nodePortAddresses | default "null" }}
+oomScoreAdj: {{ .Values.config_conf.oomScoreAdj | default "-999" }}
+portRange: {{ .Values.config_conf.portRange | default "" |quote }}
+showHiddenMetricsForVersion: {{ .Values.config_conf.showHiddenMetricsForVersion | default "" |quote }}
+udpIdleTimeout: {{ .Values.config_conf.udpIdleTimeout | default "250ms" }}
+winkernel:
+  enableDSR: {{ .Values.config_conf.winkernel.enableDSR | default "false" }}
+  networkName: {{ .Values.config_conf.winkernel.networkName | default "" |quote }}
+  sourceVip: {{ .Values.config_conf.winkernel.sourceVip | default "" |quote }}
diff --git a/charts/proxy/values.yaml b/charts/proxy/values.yaml
index 56c6e2d0..4159a823 100644
--- a/charts/proxy/values.yaml
+++ b/charts/proxy/values.yaml
@@ -14,6 +14,7 @@
 # limitations under the License.
 
 manifests:
+  configmap_proxy: true
   daemonset_proxy: true
   rbac: true
 
@@ -79,8 +80,9 @@ proxy:
 
 command_prefix:
   - kube-proxy
-  - --proxy-mode=iptables
-  - --cluster-cidr=10.97.0.0/16
+
+service:
+  name: kube-proxy
 
 network:
   kubernetes_netloc: 10.96.0.1
@@ -88,3 +90,35 @@ network:
 kube_service:
   host: 127.0.0.1
   port: 6553
+
+config_conf:
+  clusterCIDR: 10.97.0.0/16
+  clientConnection:
+    acceptContentTypes: ""
+    burst: 10
+    contentType: application/vnd.kubernetes.protobuf
+    kubeconfig: ""
+    qps: 5
+  conntrack:
+    maxPerCore: 32768
+    min: 131072
+    tcpCloseWaitTimeout: 1h0m0s
+    tcpEstablishedTimeout: 24h0m0s
+  iptables:
+    masqueradeAll: false
+    masqueradeBit: 14
+    minSyncPeriod: 1s
+    syncPeriod: 30s
+  ipvs:
+    excludeCIDRs: "null"
+    minSyncPeriod: 0s
+    scheduler: ""
+    strictARP: false
+    syncPeriod: 30s
+    tcpFinTimeout: 0s
+    tcpTimeout: 0s
+    udpTimeout: 0s
+  winkernel:
+    enableDSR: false
+    networkName: ""
+    sourceVip: ""