1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
|
apiVersion: v1
kind: ServiceAccount
metadata:
name: konnectivity-agent
namespace: kube-system
---
apiVersion: v1
kind: Pod
metadata:
name: konnectivity-agent
namespace: kube-system
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
hostNetwork: true
containers:
- name: konnectivity-agent-container
image: ${AGENT_IMAGE}:${TAG}
resources:
requests:
cpu: 50m
limits:
memory: 30Mi
command: [ "/proxy-agent"]
args: [
"--logtostderr=true",
"--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
"--proxy-server-host=${CLUSTER_IP}",
"--proxy-server-port=8091",
"--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token",
]
livenessProbe:
httpGet:
scheme: HTTP
port: 8093
path: /healthz
initialDelaySeconds: 15
timeoutSeconds: 15
readinessProbe:
httpGet:
scheme: HTTP
port: 8093
path: /readyz
initialDelaySeconds: 15
timeoutSeconds: 15
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
serviceAccountName: konnectivity-agent
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
path: konnectivity-agent-token
audience: system:konnectivity-server
|