apiVersion: v1 kind: Pod metadata: name: konnectivity-server namespace: kube-system spec: priorityClassName: system-cluster-critical hostNetwork: true containers: - name: konnectivity-server-container image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.8 command: ["/proxy-server"] args: [ "--log-file=/var/log/konnectivity-server.log", "--logtostderr=false", "--log-file-max-size=0", # This needs to be consistent with the value set in egressSelectorConfiguration. "--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket", # The following two lines assume the Konnectivity server is # deployed on the same machine as the apiserver, and the certs and # key of the API Server are at the specified location. "--cluster-cert=/etc/srv/kubernetes/pki/apiserver.crt", "--cluster-key=/etc/srv/kubernetes/pki/apiserver.key", # This needs to be consistent with the value set in egressSelectorConfiguration. "--mode=grpc", "--server-port=0", "--agent-port=8132", "--admin-port=8133", "--agent-namespace=kube-system", "--agent-service-account=konnectivity-agent", "--kubeconfig=/etc/srv/kubernetes/konnectivity-server/kubeconfig", "--authentication-audience=system:konnectivity-server" ] livenessProbe: httpGet: scheme: HTTP host: 127.0.0.1 port: 8133 path: /healthz initialDelaySeconds: 30 timeoutSeconds: 60 ports: - name: agentport containerPort: 8132 hostPort: 8132 - name: adminport containerPort: 8133 hostPort: 8133 volumeMounts: - name: varlogkonnectivityserver mountPath: /var/log/konnectivity-server.log readOnly: false - name: pki mountPath: /etc/srv/kubernetes/pki readOnly: true - name: konnectivity-uds mountPath: /etc/srv/kubernetes/konnectivity-server readOnly: false volumes: - name: varlogkonnectivityserver hostPath: path: /var/log/konnectivity-server.log type: FileOrCreate - name: pki hostPath: path: /etc/srv/kubernetes/pki - name: konnectivity-uds hostPath: path: /etc/srv/kubernetes/konnectivity-server type: DirectoryOrCreate