--- apiVersion: apps/v1 kind: DaemonSet metadata: labels: addonmanager.kubernetes.io/mode: Reconcile k8s-app: konnectivity-agent namespace: kube-system name: konnectivity-agent spec: selector: matchLabels: k8s-app: konnectivity-agent updateStrategy: type: RollingUpdate template: metadata: labels: k8s-app: konnectivity-agent spec: priorityClassName: system-cluster-critical tolerations: - key: "CriticalAddonsOnly" operator: "Exists" - operator: "Exists" effect: "NoExecute" nodeSelector: kubernetes.io/os: linux containers: - image: registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.0 name: konnectivity-agent command: ["/proxy-agent"] args: [ "--logtostderr=true", "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", __EXTRA_PARAMS__ "--proxy-server-host=__APISERVER_IP__", "--proxy-server-port=8132", "--sync-interval=5s", "--sync-interval-cap=30s", "--probe-interval=5s", "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token", "--agent-identifiers=ipv4=$(HOST_IP)" ] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP resources: requests: cpu: 50m limits: memory: 30Mi volumeMounts: __EXTRA_VOL_MNTS__ - mountPath: /var/run/secrets/tokens name: konnectivity-agent-token livenessProbe: httpGet: port: 8093 path: /healthz initialDelaySeconds: 15 timeoutSeconds: 15 serviceAccountName: konnectivity-agent volumes: __EXTRA_VOLS__ - name: konnectivity-agent-token projected: sources: - serviceAccountToken: path: konnectivity-agent-token audience: system:konnectivity-server