1---
2apiVersion: apps/v1
3kind: DaemonSet
4metadata:
5 labels:
6 addonmanager.kubernetes.io/mode: Reconcile
7 k8s-app: konnectivity-agent
8 namespace: kube-system
9 name: konnectivity-agent
10spec:
11 selector:
12 matchLabels:
13 k8s-app: konnectivity-agent
14 updateStrategy:
15 type: RollingUpdate
16 template:
17 metadata:
18 labels:
19 k8s-app: konnectivity-agent
20 spec:
21 priorityClassName: system-cluster-critical
22 tolerations:
23 - key: "CriticalAddonsOnly"
24 operator: "Exists"
25 - operator: "Exists"
26 effect: "NoExecute"
27 nodeSelector:
28 kubernetes.io/os: linux
29 containers:
30 - image: registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.0
31 name: konnectivity-agent
32 command: ["/proxy-agent"]
33 args: [
34 "--logtostderr=true",
35 "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
36__EXTRA_PARAMS__
37 "--proxy-server-host=__APISERVER_IP__",
38 "--proxy-server-port=8132",
39 "--sync-interval=5s",
40 "--sync-interval-cap=30s",
41 "--probe-interval=5s",
42 "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token",
43 "--agent-identifiers=ipv4=$(HOST_IP)"
44 ]
45 env:
46 - name: POD_NAME
47 valueFrom:
48 fieldRef:
49 fieldPath: metadata.name
50 - name: POD_NAMESPACE
51 valueFrom:
52 fieldRef:
53 fieldPath: metadata.namespace
54 - name: HOST_IP
55 valueFrom:
56 fieldRef:
57 fieldPath: status.hostIP
58 resources:
59 requests:
60 cpu: 50m
61 limits:
62 memory: 30Mi
63 volumeMounts:
64__EXTRA_VOL_MNTS__
65 - mountPath: /var/run/secrets/tokens
66 name: konnectivity-agent-token
67 livenessProbe:
68 httpGet:
69 port: 8093
70 path: /healthz
71 initialDelaySeconds: 15
72 timeoutSeconds: 15
73 serviceAccountName: konnectivity-agent
74 volumes:
75__EXTRA_VOLS__
76 - name: konnectivity-agent-token
77 projected:
78 sources:
79 - serviceAccountToken:
80 path: konnectivity-agent-token
81 audience: system:konnectivity-server
View as plain text