website/content/en/examples/admin/konnectivity/konnectivity-server.yaml

apiVersion: v1
kind: Pod
metadata:
  name: konnectivity-server
  namespace: kube-system
spec:
  priorityClassName: system-cluster-critical
  hostNetwork: true
  containers:
  - name: konnectivity-server-container
    image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.8
    command: ["/proxy-server"]
    args: [
            "--log-file=/var/log/konnectivity-server.log",
            "--logtostderr=false",
            "--log-file-max-size=0",
            # This needs to be consistent with the value set in egressSelectorConfiguration.
            "--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket",
            # The following two lines assume the Konnectivity server is
            # deployed on the same machine as the apiserver, and the certs and
            # key of the API Server are at the specified location.
            "--cluster-cert=/etc/srv/kubernetes/pki/apiserver.crt",
            "--cluster-key=/etc/srv/kubernetes/pki/apiserver.key",
            # This needs to be consistent with the value set in egressSelectorConfiguration.
            "--mode=grpc",
            "--server-port=0",
            "--agent-port=8132",
            "--admin-port=8133",
            "--agent-namespace=kube-system",
            "--agent-service-account=konnectivity-agent",
            "--kubeconfig=/etc/srv/kubernetes/konnectivity-server/kubeconfig",
            "--authentication-audience=system:konnectivity-server"
            ]
    livenessProbe:
      httpGet:
        scheme: HTTP
        host: 127.0.0.1
        port: 8133
        path: /healthz
      initialDelaySeconds: 30
      timeoutSeconds: 60
    ports:
    - name: agentport
      containerPort: 8132
      hostPort: 8132
    - name: adminport
      containerPort: 8133
      hostPort: 8133
    volumeMounts:
    - name: varlogkonnectivityserver
      mountPath: /var/log/konnectivity-server.log
      readOnly: false
    - name: pki
      mountPath: /etc/srv/kubernetes/pki
      readOnly: true
    - name: konnectivity-uds
      mountPath: /etc/srv/kubernetes/konnectivity-server
      readOnly: false
  volumes:
  - name: varlogkonnectivityserver
    hostPath:
      path: /var/log/konnectivity-server.log
      type: FileOrCreate
  - name: pki
    hostPath:
      path: /etc/srv/kubernetes/pki
  - name: konnectivity-uds
    hostPath:
      path: /etc/srv/kubernetes/konnectivity-server
      type: DirectoryOrCreate