rbo/kube-apiserver-proxy.bu

## kube-apiserver-proxy.bu
variant: openshift
version: 4.12.0
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: 99-kube-apiserver-proxy
storage:
  files:
    - path: /etc/kubernetes/apiserver-proxy-config/haproxy.cfg
      mode: 0644
      overwrite: true
      contents:
        inline: |
          global
            maxconn 7000
            log stdout local0
            log stdout local1 notice

          defaults
            mode tcp
            timeout client 10m
            timeout server 10m
            timeout connect 10s
            timeout client-fin 5s
            timeout server-fin 5s
            timeout queue 5s
            retries 3

          frontend local_apiserver
            bind 172.20.0.1:6443
            log global
            mode tcp
            option tcplog
            default_backend remote_apiserver

          backend remote_apiserver
            mode tcp
            log global
            option httpchk GET /version
            option log-health-checks
            default-server inter 10s fall 3 rise 3
            # Please replace API IP
            server controlplane REPLACE_WITH_API_IP:6443

    - path: /etc/kubernetes/manifests/kube-apiserver-proxy.yaml
      mode: 0644
      overwrite: true
      contents:
        inline: |
          apiVersion: v1
          kind: Pod
          metadata:
            creationTimestamp: null
            labels:
              k8s-app: kube-apiserver-proxy
            name: kube-apiserver-proxy
            namespace: kube-system
          spec:
            containers:
            - command:
              - haproxy
              - -f
              - /usr/local/etc/haproxy
              # Replace with the haproxy-roouter image of your openshift release:
              #    oc adm release info 4.15.8  --image-for=haproxy-router
              image: REPLACE_WITH_HAPROXY-ROUTER_IMAGE
              livenessProbe:
                failureThreshold: 3
                httpGet:
                  host: 172.20.0.1
                  path: /version
                  port: 6443
                  scheme: HTTPS
                initialDelaySeconds: 120
                periodSeconds: 120
                successThreshold: 1
              name: haproxy
              ports:
              - containerPort: 6443
                hostPort: 6443
                name: apiserver
                protocol: TCP
              resources:
                requests:
                  cpu: 13m
                  memory: 16Mi
              securityContext:
                runAsUser: 1001
              volumeMounts:
              - mountPath: /usr/local/etc/haproxy
                name: config
            hostNetwork: true
            priorityClassName: system-node-critical
            volumes:
            - hostPath:
                path: /etc/kubernetes/apiserver-proxy-config
              name: config
	variant: openshift
	version: 4.12.0
	metadata:
	labels:
	machineconfiguration.openshift.io/role: worker
	name: 99-kube-apiserver-proxy
	storage:
	files:
	- path: /etc/kubernetes/apiserver-proxy-config/haproxy.cfg
	mode: 0644
	overwrite: true
	contents:
	inline: \|
	global
	maxconn 7000
	log stdout local0
	log stdout local1 notice

	defaults
	mode tcp
	timeout client 10m
	timeout server 10m
	timeout connect 10s
	timeout client-fin 5s
	timeout server-fin 5s
	timeout queue 5s
	retries 3

	frontend local_apiserver
	bind 172.20.0.1:6443
	log global
	mode tcp
	option tcplog
	default_backend remote_apiserver

	backend remote_apiserver
	mode tcp
	log global
	option httpchk GET /version
	option log-health-checks
	default-server inter 10s fall 3 rise 3
	# Please replace API IP
	server controlplane REPLACE_WITH_API_IP:6443

	- path: /etc/kubernetes/manifests/kube-apiserver-proxy.yaml
	mode: 0644
	overwrite: true
	contents:
	inline: \|
	apiVersion: v1
	kind: Pod
	metadata:
	creationTimestamp: null
	labels:
	k8s-app: kube-apiserver-proxy
	name: kube-apiserver-proxy
	namespace: kube-system
	spec:
	containers:
	- command:
	- haproxy
	- -f
	- /usr/local/etc/haproxy
	# Replace with the haproxy-roouter image of your openshift release:
	# oc adm release info 4.15.8 --image-for=haproxy-router
	image: REPLACE_WITH_HAPROXY-ROUTER_IMAGE
	livenessProbe:
	failureThreshold: 3
	httpGet:
	host: 172.20.0.1
	path: /version
	port: 6443
	scheme: HTTPS
	initialDelaySeconds: 120
	periodSeconds: 120
	successThreshold: 1
	name: haproxy
	ports:
	- containerPort: 6443
	hostPort: 6443
	name: apiserver
	protocol: TCP
	resources:
	requests:
	cpu: 13m
	memory: 16Mi
	securityContext:
	runAsUser: 1001
	volumeMounts:
	- mountPath: /usr/local/etc/haproxy
	name: config
	hostNetwork: true
	priorityClassName: system-node-critical
	volumes:
	- hostPath:
	path: /etc/kubernetes/apiserver-proxy-config
	name: config