File: konnectivity-agent-ds.yaml

package info (click to toggle)
golang-k8s-sigs-apiserver-network-proxy 0.33.0%2Bds1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,068 kB
  • sloc: makefile: 220; sh: 118
file content (94 lines) | stat: -rw-r--r-- 2,653 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: konnectivity-agent
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    k8s-app: konnectivity-agent
  namespace: kube-system
  name: konnectivity-agent
spec:
  selector:
    matchLabels:
      k8s-app: konnectivity-agent
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: konnectivity-agent
    spec:
      priorityClassName: system-cluster-critical
      tolerations:
        - key: "CriticalAddonsOnly"
          operator: "Exists"
        - operator: "Exists"
          effect: "NoExecute"
      nodeSelector:
        kubernetes.io/os: linux
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: konnectivity-agent-container
        image: gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master
        resources:
          requests:
            cpu: 50m
          limits:
            memory: 30Mi
        command: [ "/proxy-agent"]
        args: [
          "--logtostderr=true",
          "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
          "--proxy-server-host=konnectivity-server.kube-system.svc.cluster.local",
          "--proxy-server-port=8091",
          "--sync-interval=5s",
          "--sync-interval-cap=30s",
          "--probe-interval=5s",
          "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token",
          "--agent-identifiers=ipv4=$(HOST_IP)"
          ]
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: HOST_IP
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
        livenessProbe:
          httpGet:
            scheme: HTTP
            port: 8093
            path: /healthz
          initialDelaySeconds: 15
          timeoutSeconds: 15
        readinessProbe:
          httpGet:
            scheme: HTTP
            port: 8093
            path: /readyz
          initialDelaySeconds: 15
          timeoutSeconds: 15
        volumeMounts:
          - mountPath: /var/run/secrets/tokens
            name: konnectivity-agent-token
      serviceAccountName: konnectivity-agent
      volumes:
      - name: konnectivity-agent-token
        projected:
          sources:
          - serviceAccountToken:
              path: konnectivity-agent-token
              audience: system:konnectivity-server