1apiVersion: v1
2kind: Pod
3metadata:
4 name: konnectivity-server
5 namespace: kube-system
6 component: konnectivity-server
7spec:
8 securityContext:
9 {{ run_as_user }}
10 {{ run_as_group }}
11 {{ supplemental_groups }}
12 seccompProfile:
13 type: RuntimeDefault
14 priorityClassName: system-node-critical
15 priority: 2000001000
16 hostNetwork: true
17 containers:
18 - name: konnectivity-server-container
19 {{ container_security_context }}:
20 {{ disallow_privilege_escalation}}
21 {{ capabilities }}
22 {{ drop_capabilities }}
23 image: registry.k8s.io/kas-network-proxy/proxy-server:v0.29.0
24 resources:
25 requests:
26 cpu: 25m
27 command: [ "/proxy-server"{{ konnectivity_args }} ]
28 livenessProbe:
29 httpGet:
30 scheme: HTTP
31 host: 127.0.0.1
32 port: {{ health_port }}
33 path: /healthz
34 initialDelaySeconds: {{ liveness_probe_initial_delay }}
35 timeoutSeconds: 60
36 ports:
37 - name: agentport
38 containerPort: {{ agent_port }}
39 hostPort: {{ agent_port }}
40 - name: healthport
41 containerPort: {{ health_port }}
42 hostPort: {{ health_port }}
43 - name: adminport
44 containerPort: {{ admin_port }}
45 hostPort: {{ admin_port }}
46 volumeMounts:
47 - name: varlogkonnectivityserver
48 mountPath: /var/log/konnectivity-server.log
49 readOnly: false
50 - name: pki
51 mountPath: /etc/srv/kubernetes/pki
52 readOnly: true
53 - name: konnectivity-uds
54 mountPath: /etc/srv/kubernetes/konnectivity-server
55 readOnly: false
56 volumes:
57 - name: varlogkonnectivityserver
58 hostPath:
59 path: /var/log/konnectivity-server.log
60 type: FileOrCreate
61 - name: pki
62 hostPath:
63 path: /etc/srv/kubernetes/pki
64 - name: konnectivity-uds
65 hostPath:
66 path: /etc/srv/kubernetes/konnectivity-server
67 type: DirectoryOrCreate
View as plain text