kube-cascade/node-init/node-init.yaml

---
# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-init
  namespace: kube-system
  labels:
    root-init.k8s.exa.fi/component-name: node-init
spec:
  selector:
    matchLabels:
      root-init.k8s.exa.fi/component-name: node-init
  template:
    metadata:
      labels:
        root-init.k8s.exa.fi/component-name: node-init
    spec:
      tolerations:
      # this toleration is to have the daemonset runnable on master nodes
      # remove it if your masters can't run pods
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      initContainers:
      # this is implemented dorkily like this to cause it to be recreated
      # whenever there's a change.  this is intended to eventually be moved
      # into a helm chart to use in argocd where this will make more sense
      - name: set-sysctls
        image: alpine:3.7
        command: ["sh", "-c"]
        args:
        - |-
          set -x
          while [ $# -gt 0 ];do
            nsenter --mount=/proc/1/ns/mnt -- sysctl "$1"
            shift
          done
        - unused
        - net.core.rmem_max=67108864 
        - net.core.wmem_max=67108864 
        - net.ipv4.tcp_rmem=4096 87380 33554432
        - net.ipv4.tcp_wmem=4096 65536 33554432
        - net.ipv4.tcp_mtu_probing=1
        - fs.inotify.max_user_instances=511
        - fs.inotify.max_user_watches=524288
        - vm.max_map_count=262144
        securityContext:
          privileged: true
      - name: install-packages
        image: alpine:3.7
        command: ["sh", "-c"]
        args:
        - |-
          nsenter --mount=/proc/1/ns/mnt -- dpkg --configure -a
          for f in open-iscsi uuid htop curl nfs-common iptables qemu-kvm virtinst neovim htop ethtool iproute2 moreutils;do
            echo "installing $f"
            nsenter --mount=/proc/1/ns/mnt -- apt-get install -y "$f"
            shift
          done
        securityContext:
          privileged: true
      - name: iptables
        image: alpine:3.7
        command: ["nsenter", "--mount=/proc/1/ns/mnt", "--", "sh", "-c"]
        args:
        - |-
          iptables -A FORWARD -i br0 -j ACCEPT
        securityContext:
          privileged: true
      containers:
      - name: finished-sleep-forever
        image: k8s.gcr.io/pause:3.1
        securityContext:
          privileged: false
      terminationGracePeriodSeconds: 0
      hostNetwork: true
      hostPID: true
add sysctls ds 2023-04-29 03:57:11 +00:00			`---`
			`# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/`
			`apiVersion: apps/v1`
			`kind: DaemonSet`
			`metadata:`
			`name: node-init`
			`namespace: kube-system`
			`labels:`
			`root-init.k8s.exa.fi/component-name: node-init`
			`spec:`
			`selector:`
			`matchLabels:`
			`root-init.k8s.exa.fi/component-name: node-init`
			`template:`
			`metadata:`
			`labels:`
			`root-init.k8s.exa.fi/component-name: node-init`
			`spec:`
			`tolerations:`
			`# this toleration is to have the daemonset runnable on master nodes`
			`# remove it if your masters can't run pods`
			`- key: node-role.kubernetes.io/master`
			`effect: NoSchedule`
			`initContainers:`
			`# this is implemented dorkily like this to cause it to be recreated`
			`# whenever there's a change. this is intended to eventually be moved`
			`# into a helm chart to use in argocd where this will make more sense`
true it on up y'all 2023-12-20 22:40:16 +00:00			`- name: set-sysctls`
add sysctls ds 2023-04-29 03:57:11 +00:00			`image: alpine:3.7`
			`command: ["sh", "-c"]`
			`args:`
			`- \|-`
true it on up y'all 2023-12-20 22:40:16 +00:00			`set -x`
add sysctls ds 2023-04-29 03:57:11 +00:00			`while [ $# -gt 0 ];do`
			`nsenter --mount=/proc/1/ns/mnt -- sysctl "$1"`
			`shift`
			`done`
true it on up y'all 2023-12-20 22:40:16 +00:00			`- unused`
			`- net.core.rmem_max=67108864`
			`- net.core.wmem_max=67108864`
			`- net.ipv4.tcp_rmem=4096 87380 33554432`
			`- net.ipv4.tcp_wmem=4096 65536 33554432`
			`- net.ipv4.tcp_mtu_probing=1`
add sysctls ds 2023-04-29 03:57:11 +00:00			`- fs.inotify.max_user_instances=511`
			`- fs.inotify.max_user_watches=524288`
			`- vm.max_map_count=262144`
			`securityContext:`
			`privileged: true`
true it on up y'all 2023-12-20 22:40:16 +00:00			`- name: install-packages`
			`image: alpine:3.7`
			`command: ["sh", "-c"]`
			`args:`
			`- \|-`
			`nsenter --mount=/proc/1/ns/mnt -- dpkg --configure -a`
			`for f in open-iscsi uuid htop curl nfs-common iptables qemu-kvm virtinst neovim htop ethtool iproute2 moreutils;do`
			`echo "installing $f"`
			`nsenter --mount=/proc/1/ns/mnt -- apt-get install -y "$f"`
			`shift`
			`done`
			`securityContext:`
			`privileged: true`
			`- name: iptables`
			`image: alpine:3.7`
			`command: ["nsenter", "--mount=/proc/1/ns/mnt", "--", "sh", "-c"]`
			`args:`
			`- \|-`
			`iptables -A FORWARD -i br0 -j ACCEPT`
			`securityContext:`
			`privileged: true`
add sysctls ds 2023-04-29 03:57:11 +00:00			`containers:`
			`- name: finished-sleep-forever`
			`image: k8s.gcr.io/pause:3.1`
			`securityContext:`
			`privileged: false`
			`terminationGracePeriodSeconds: 0`
			`hostNetwork: true`
			`hostPID: true`