---
apiVersion: v1
kind: Pod
metadata:
  name: kube-proxy
  namespace: kube-system
  labels:
    tier: node
    component: kube-proxy
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
  containers:
    - name: kube-proxy
      image: gcr.io/google_containers/hyperkube-amd64:v1.6.2
      command:
        - /hyperkube
        - proxy
        - --cluster-cidr={{ network.pod_ip_cidr }}
        - --hostname-override=$(NODE_NAME)
        - --kubeconfig=/etc/kubernetes/config/kubeconfig.yaml
        - --proxy-mode=iptables
        - --v=5
      env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
      securityContext:
        privileged: true
      volumeMounts:
        - name: config
          mountPath: /etc/kubernetes
          readOnly: true
  hostNetwork: true
  volumes:
    - name: config
      hostPath:
        path: /etc/kubernetes/proxy