resource "kubernetes_daemonset" "this" { metadata { name = var.daemonset_name namespace = var.namespace labels = { "k8s-app" = var.daemonset_name } } spec { selector { match_labels = { "k8s-app" = var.daemonset_name } } template { metadata { labels = { "k8s-app" = var.daemonset_name "prometheus.io/scrape" = "true" "prometheus.io/port" = "10249" "prometheus.io/scheme" = "http" } } spec { affinity { node_affinity { required_during_scheduling_ignored_during_execution { node_selector_term { match_expressions { key = "kubernetes.io/os" operator = "In" values = ["linux"] } } } } } host_network = true priority_class_name = "system-node-critical" service_account_name = kubernetes_service_account.this.metadata.0.name toleration { operator = "Exists" effect = "NoSchedule" } volume { name = "kube-proxy-config" config_map { name = kubernetes_config_map.this.metadata.0.name } } volume { name = "kubeconfig" empty_dir { medium = "Memory" } } volume { name = "lib-modules" host_path { path = "/lib/modules" } } init_container { name = "kubeconfig" image = "bitnami/kubectl:${var.kubernetes_version}" command = ["/bin/bash"] args = ["/kubeconfig.sh"] volume_mount { name = "kube-proxy-config" mount_path = "/kubeconfig.sh" sub_path = "kubeconfig.sh" } volume_mount { name = "kubeconfig" mount_path = "/kubeconfig" } } container { security_context { privileged = true } image = "k8s.gcr.io/kube-proxy:v${var.kubernetes_version}" command = ["kube-proxy"] args = [ "--config=/var/lib/kube-proxy/kube-proxy-config.yaml", ] name = "kube-proxy" resources { limits = { cpu = "100m" memory = "50Mi" } requests = { cpu = "100m" memory = "50Mi" } } volume_mount { name = "kube-proxy-config" mount_path = "/var/lib/kube-proxy" } volume_mount { name = "lib-modules" mount_path = "/lib/modules" } volume_mount { name = "kubeconfig" mount_path = "/kubeconfig" } # liveness_probe { # http_get { # path = "/" # port = 80 # http_header { # name = "X-Custom-Header" # value = "Awesome" # } # } # initial_delay_seconds = 3 # period_seconds = 3 # } } } } } }