terraform-modules/kubernetes/kube-proxy/daemonset.tf

resource "kubernetes_daemonset" "this" {
  metadata {
    name      = var.daemonset_name
    namespace = var.namespace
    labels = {
      "k8s-app" = var.daemonset_name
    }
  }

  spec {
    selector {
      match_labels = {
        "k8s-app" = var.daemonset_name
      }
    }

    template {
      metadata {
        labels = {
          "k8s-app"              = var.daemonset_name
          "prometheus.io/scrape" = "true"
          "prometheus.io/port"   = "10249"
          "prometheus.io/scheme" = "http"
        }
      }

      spec {
        affinity {
          node_affinity {
            required_during_scheduling_ignored_during_execution {
              node_selector_term {
                match_expressions {
                  key      = "kubernetes.io/os"
                  operator = "In"
                  values   = ["linux"]
                }
              }
            }
          }
        }

        host_network         = true
        priority_class_name  = "system-node-critical"
        service_account_name = kubernetes_service_account.this.metadata.0.name

        toleration {
          operator = "Exists"
          effect   = "NoSchedule"
        }
        volume {
          name = "kube-proxy-config"
          config_map {
            name = kubernetes_config_map.this.metadata.0.name
          }
        }
        volume {
          name = "kubeconfig"
          empty_dir {
            medium = "Memory"
          }
        }

        volume {
          name = "lib-modules"
          host_path {
            path = "/lib/modules"
          }
        }

        init_container {
          name    = "kubeconfig"
          image   = "bitnami/kubectl:${var.kubernetes_version}"
          command = ["/bin/bash"]
          args    = ["/kubeconfig.sh"]

          volume_mount {
            name       = "kube-proxy-config"
            mount_path = "/kubeconfig.sh"
            sub_path   = "kubeconfig.sh"
          }
          volume_mount {
            name       = "kubeconfig"
            mount_path = "/kubeconfig"
          }

        }

        container {
          security_context {
            privileged = true
          }
          image   = "k8s.gcr.io/kube-proxy:v${var.kubernetes_version}"
          command = ["kube-proxy"]
          args = [
            "--config=/var/lib/kube-proxy/kube-proxy-config.yaml",
          ]
          name = "kube-proxy"

          resources {
            limits = {
              cpu    = "100m"
              memory = "50Mi"
            }
            requests = {
              cpu    = "100m"
              memory = "50Mi"
            }
          }

          volume_mount {
            name       = "kube-proxy-config"
            mount_path = "/var/lib/kube-proxy"
          }

          volume_mount {
            name       = "lib-modules"
            mount_path = "/lib/modules"
          }

          volume_mount {
            name       = "kubeconfig"
            mount_path = "/kubeconfig"
          }

          #   liveness_probe {
          #     http_get {
          #       path = "/"
          #       port = 80

          #       http_header {
          #         name  = "X-Custom-Header"
          #         value = "Awesome"
          #       }
          #     }

          #     initial_delay_seconds = 3
          #     period_seconds        = 3
          #   }

        }
      }
    }
  }
}