diff --git a/salt/metalk8s/kubernetes/coredns/files/coredns-deployment.yaml.j2 b/salt/metalk8s/kubernetes/coredns/files/coredns-deployment.yaml.j2 index 1a4622b1a1..997f04d37b 100644 --- a/salt/metalk8s/kubernetes/coredns/files/coredns-deployment.yaml.j2 +++ b/salt/metalk8s/kubernetes/coredns/files/coredns-deployment.yaml.j2 @@ -71,7 +71,7 @@ spec: add: - NET_BIND_SERVICE drop: - - all + - ALL readOnlyRootFilesystem: true livenessProbe: failureThreshold: 5 diff --git a/salt/metalk8s/kubernetes/kube-proxy/deployed.sls b/salt/metalk8s/kubernetes/kube-proxy/deployed.sls index 71ec3a805f..06a6244fba 100644 --- a/salt/metalk8s/kubernetes/kube-proxy/deployed.sls +++ b/salt/metalk8s/kubernetes/kube-proxy/deployed.sls @@ -59,8 +59,11 @@ Deploy kube-proxy (ConfigMap): conntrack: maxPerCore: null min: null + tcpBeLiberal: false tcpCloseWaitTimeout: null tcpEstablishedTimeout: null + udpStreamTimeout: 0s + udpTimeout: 0s detectLocal: bridgeInterface: "" interfaceNamePrefix: "" @@ -92,6 +95,11 @@ Deploy kube-proxy (ConfigMap): verbosity: 0 metricsBindAddress: @HOST_IP@:10249 mode: "" + nftables: + masqueradeAll: false, + masqueradeBit: null + minSyncPeriod: 0s + syncPeriod: 0s nodePortAddresses: {{ salt.metalk8s_network.get_nodeport_cidrs() | tojson }} oomScoreAdj: null portRange: "" diff --git a/salt/metalk8s/kubernetes/kubelet/standalone.sls b/salt/metalk8s/kubernetes/kubelet/standalone.sls index 78df72b9de..178829679d 100644 --- a/salt/metalk8s/kubernetes/kubelet/standalone.sls +++ b/salt/metalk8s/kubernetes/kubelet/standalone.sls @@ -77,6 +77,7 @@ Create kubelet config file: healthzPort: 10248 httpCheckFrequency: 0s imageMinimumGCAge: 0s + imageMaximumGCAge: 0s kind: KubeletConfiguration logging: flushFrequency: 0