apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-vip-ds
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: kube-vip-ds
  template:
    metadata:
      labels:
        app.kubernetes.io/name: kube-vip-ds
    spec:
      hostNetwork: true
      serviceAccountName: kube-vip
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: NoSchedule
        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: NoSchedule
        - operator: Exists
          effect: NoExecute
      containers:
        - name: kube-vip
          image: ghcr.io/kube-vip/kube-vip:v0.8.3
          imagePullPolicy: IfNotPresent
          args:
            - manager
          env:
            - name: vip_arp
              value: "true"
            - name: address
              value: "192.168.50.230"
            - name: port
              value: "6443"
            # Physical uplink from `talosctl -n <cp-ip> get links` (this cluster: ens18).
            - name: vip_interface
              value: "ens18"
            - name: vip_subnet
              value: "32"
            - name: vip_leaderelection
              value: "true"
            - name: cp_enable
              value: "true"
            - name: cp_namespace
              value: "kube-system"
            - name: svc_enable
              value: "true"
            # Env is svc_election (not servicesElection); see pkg/kubevip/config_envvar.go
            - name: svc_election
              value: "true"
            - name: vip_leaseduration
              value: "5"
            - name: vip_renewdeadline
              value: "3"
            - name: vip_retryperiod
              value: "1"
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - NET_RAW
                - SYS_TIME