mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
helm: remove konnectivity agents (#2790)
This commit is contained in:
parent
3d8e548dcd
commit
0167a4a286
@ -80,7 +80,6 @@ kubectl -n kube-system wait --for=condition=Available=True --timeout=180s deploy
|
||||
kubectl -n kube-system rollout status --timeout 180s daemonset cilium
|
||||
kubectl -n kube-system rollout status --timeout 180s daemonset join-service
|
||||
kubectl -n kube-system rollout status --timeout 180s daemonset key-service
|
||||
kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent
|
||||
kubectl -n kube-system rollout status --timeout 180s daemonset verification-service
|
||||
|
||||
echo "Miniconstellation started successfully. Shutting down..."
|
||||
|
@ -241,13 +241,6 @@ go_library(
|
||||
"charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml",
|
||||
"charts/edgeless/constellation-services/charts/key-service/values.schema.json",
|
||||
"charts/edgeless/constellation-services/charts/key-service/values.yaml",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/.helmignore",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/values.schema.json",
|
||||
"charts/edgeless/constellation-services/charts/konnectivity/values.yaml",
|
||||
"charts/edgeless/constellation-services/charts/verification-service/.helmignore",
|
||||
"charts/edgeless/constellation-services/charts/verification-service/Chart.yaml",
|
||||
"charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml",
|
||||
|
@ -45,14 +45,6 @@ dependencies:
|
||||
- GCP
|
||||
- OpenStack
|
||||
- QEMU
|
||||
- name: konnectivity
|
||||
version: 0.0.0
|
||||
tags:
|
||||
- AWS
|
||||
- Azure
|
||||
- GCP
|
||||
- OpenStack
|
||||
- QEMU
|
||||
- name: gcp-guest-agent
|
||||
version: 0.0.0
|
||||
tags:
|
||||
|
@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
@ -1,5 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: konnectivity
|
||||
description: A chart to deploy konnectivity for Constellation
|
||||
type: application
|
||||
version: 0.0.0
|
@ -1,15 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: system:konnectivity-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: system:konnectivity-server
|
@ -1,76 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: konnectivity-agent
|
||||
name: konnectivity-agent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: konnectivity-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: konnectivity-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr=true
|
||||
- --proxy-server-host={{ .Values.loadBalancerIP }}
|
||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- --proxy-server-port=8132
|
||||
- --admin-server-port=8133
|
||||
- --health-server-port={{ .Values.healthServerPort }}
|
||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
||||
- --agent-identifiers=host=$(HOST_IP)
|
||||
- --sync-forever=true
|
||||
- --keepalive-time=60m
|
||||
- --sync-interval=5s
|
||||
- --sync-interval-cap=30s
|
||||
- --probe-interval=5s
|
||||
- --v=3
|
||||
command:
|
||||
- /proxy-agent
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
image: {{ .Values.image | quote }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.healthServerPort }}
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 15
|
||||
name: konnectivity-agent
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: konnectivity-agent-token
|
||||
readOnly: true
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: konnectivity-agent
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
key: node.kubernetes.io/not-ready
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: konnectivity-agent-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: system:konnectivity-server
|
||||
path: konnectivity-agent-token
|
||||
updateStrategy: {}
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: konnectivity-agent
|
||||
namespace: {{ .Release.Namespace }}
|
@ -1,21 +0,0 @@
|
||||
{
|
||||
"$schema": "https://json-schema.org/draft-07/schema#",
|
||||
"properties": {
|
||||
"image": {
|
||||
"description": "Container image to use for the spawned pods.",
|
||||
"type": "string",
|
||||
"examples": ["us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da"]
|
||||
},
|
||||
"loadBalancerIP": {
|
||||
"description": "IP of the loadbalancer serving the control plane.",
|
||||
"type": "string",
|
||||
"examples": ["10.4.0.1"]
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
"image",
|
||||
"loadBalancerIP"
|
||||
],
|
||||
"title": "Values",
|
||||
"type": "object"
|
||||
}
|
@ -1 +0,0 @@
|
||||
healthServerPort: 8134
|
@ -33,7 +33,5 @@ go_library(
|
||||
# TODO(malt3): add missing third-party images
|
||||
# - logstash
|
||||
# - filebeat
|
||||
# - konnectivity-agent
|
||||
# - konnectivity-server
|
||||
# - node-maintenance-operator
|
||||
# - gcp-guest-agent
|
||||
|
@ -68,7 +68,6 @@ type chartLoader struct {
|
||||
autoscalerImage string
|
||||
verificationServiceImage string
|
||||
gcpGuestAgentImage string
|
||||
konnectivityImage string
|
||||
constellationOperatorImage string
|
||||
nodeMaintenanceOperatorImage string
|
||||
clusterName string
|
||||
@ -104,7 +103,6 @@ func newLoader(csp cloudprovider.Provider, attestationVariant variant.Variant, k
|
||||
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
|
||||
verificationServiceImage: imageversion.VerificationService("", ""),
|
||||
gcpGuestAgentImage: versions.GcpGuestImage,
|
||||
konnectivityImage: versions.KonnectivityAgentImage,
|
||||
constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""),
|
||||
nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
|
||||
}
|
||||
@ -307,9 +305,6 @@ func (i *chartLoader) loadConstellationServicesValues() map[string]any {
|
||||
"gcp-guest-agent": map[string]any{
|
||||
"image": i.gcpGuestAgentImage,
|
||||
},
|
||||
"konnectivity": map[string]any{
|
||||
"image": i.konnectivityImage,
|
||||
},
|
||||
"tags": i.cspTags(),
|
||||
}
|
||||
}
|
||||
|
@ -171,7 +171,6 @@ func TestConstellationServices(t *testing.T) {
|
||||
azureCNMImage: tc.cnmImage,
|
||||
autoscalerImage: "autoscalerImage",
|
||||
verificationServiceImage: "verificationImage",
|
||||
konnectivityImage: "konnectivityImage",
|
||||
gcpGuestAgentImage: "gcpGuestAgentImage",
|
||||
clusterName: "testCluster",
|
||||
}
|
||||
@ -384,12 +383,6 @@ func addInClusterValues(values map[string]any, csp cloudprovider.Provider) error
|
||||
}
|
||||
verificationVals["loadBalancerIP"] = "127.0.0.1"
|
||||
|
||||
konnectivityVals, ok := values["konnectivity"].(map[string]any)
|
||||
if !ok {
|
||||
return errors.New("missing 'konnectivity' key")
|
||||
}
|
||||
konnectivityVals["loadBalancerIP"] = "127.0.0.1"
|
||||
|
||||
ccmVals, ok := values["ccm"].(map[string]any)
|
||||
if !ok {
|
||||
return errors.New("missing 'ccm' key")
|
||||
|
@ -90,9 +90,6 @@ func extraConstellationServicesValues(
|
||||
extraVals["verification-service"] = map[string]any{
|
||||
"attestationVariant": attestationVariant.String(),
|
||||
}
|
||||
extraVals["konnectivity"] = map[string]any{
|
||||
"loadBalancerIP": output.ClusterEndpoint,
|
||||
}
|
||||
|
||||
extraVals["key-service"] = map[string]any{
|
||||
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
|
||||
|
@ -1,15 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: system:konnectivity-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: system:konnectivity-server
|
@ -1,76 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: konnectivity-agent
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: konnectivity-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: konnectivity-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr=true
|
||||
- --proxy-server-host=127.0.0.1
|
||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- --proxy-server-port=8132
|
||||
- --admin-server-port=8133
|
||||
- --health-server-port=8134
|
||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
||||
- --agent-identifiers=host=$(HOST_IP)
|
||||
- --sync-forever=true
|
||||
- --keepalive-time=60m
|
||||
- --sync-interval=5s
|
||||
- --sync-interval-cap=30s
|
||||
- --probe-interval=5s
|
||||
- --v=3
|
||||
command:
|
||||
- /proxy-agent
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
image: konnectivityImage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8134
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 15
|
||||
name: konnectivity-agent
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: konnectivity-agent-token
|
||||
readOnly: true
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: konnectivity-agent
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
key: node.kubernetes.io/not-ready
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: konnectivity-agent-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: system:konnectivity-server
|
||||
path: konnectivity-agent-token
|
||||
updateStrategy: {}
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
@ -1,15 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: system:konnectivity-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: system:konnectivity-server
|
@ -1,76 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: konnectivity-agent
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: konnectivity-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: konnectivity-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr=true
|
||||
- --proxy-server-host=127.0.0.1
|
||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- --proxy-server-port=8132
|
||||
- --admin-server-port=8133
|
||||
- --health-server-port=8134
|
||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
||||
- --agent-identifiers=host=$(HOST_IP)
|
||||
- --sync-forever=true
|
||||
- --keepalive-time=60m
|
||||
- --sync-interval=5s
|
||||
- --sync-interval-cap=30s
|
||||
- --probe-interval=5s
|
||||
- --v=3
|
||||
command:
|
||||
- /proxy-agent
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
image: konnectivityImage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8134
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 15
|
||||
name: konnectivity-agent
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: konnectivity-agent-token
|
||||
readOnly: true
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: konnectivity-agent
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
key: node.kubernetes.io/not-ready
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: konnectivity-agent-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: system:konnectivity-server
|
||||
path: konnectivity-agent-token
|
||||
updateStrategy: {}
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
@ -1,15 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: system:konnectivity-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: system:konnectivity-server
|
@ -1,76 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: konnectivity-agent
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: konnectivity-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: konnectivity-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr=true
|
||||
- --proxy-server-host=127.0.0.1
|
||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- --proxy-server-port=8132
|
||||
- --admin-server-port=8133
|
||||
- --health-server-port=8134
|
||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
||||
- --agent-identifiers=host=$(HOST_IP)
|
||||
- --sync-forever=true
|
||||
- --keepalive-time=60m
|
||||
- --sync-interval=5s
|
||||
- --sync-interval-cap=30s
|
||||
- --probe-interval=5s
|
||||
- --v=3
|
||||
command:
|
||||
- /proxy-agent
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
image: konnectivityImage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8134
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 15
|
||||
name: konnectivity-agent
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: konnectivity-agent-token
|
||||
readOnly: true
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: konnectivity-agent
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
key: node.kubernetes.io/not-ready
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: konnectivity-agent-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: system:konnectivity-server
|
||||
path: konnectivity-agent-token
|
||||
updateStrategy: {}
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
@ -1,15 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: system:konnectivity-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: system:konnectivity-server
|
@ -1,76 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: konnectivity-agent
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: konnectivity-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: konnectivity-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr=true
|
||||
- --proxy-server-host=127.0.0.1
|
||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- --proxy-server-port=8132
|
||||
- --admin-server-port=8133
|
||||
- --health-server-port=8134
|
||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
||||
- --agent-identifiers=host=$(HOST_IP)
|
||||
- --sync-forever=true
|
||||
- --keepalive-time=60m
|
||||
- --sync-interval=5s
|
||||
- --sync-interval-cap=30s
|
||||
- --probe-interval=5s
|
||||
- --v=3
|
||||
command:
|
||||
- /proxy-agent
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
image: konnectivityImage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8134
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 15
|
||||
name: konnectivity-agent
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: konnectivity-agent-token
|
||||
readOnly: true
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: konnectivity-agent
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
key: node.kubernetes.io/not-ready
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: konnectivity-agent-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: system:konnectivity-server
|
||||
path: konnectivity-agent-token
|
||||
updateStrategy: {}
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
@ -1,15 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: system:konnectivity-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: system:konnectivity-server
|
@ -1,76 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: konnectivity-agent
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: konnectivity-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: konnectivity-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr=true
|
||||
- --proxy-server-host=127.0.0.1
|
||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- --proxy-server-port=8132
|
||||
- --admin-server-port=8133
|
||||
- --health-server-port=8134
|
||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
||||
- --agent-identifiers=host=$(HOST_IP)
|
||||
- --sync-forever=true
|
||||
- --keepalive-time=60m
|
||||
- --sync-interval=5s
|
||||
- --sync-interval-cap=30s
|
||||
- --probe-interval=5s
|
||||
- --v=3
|
||||
command:
|
||||
- /proxy-agent
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
image: konnectivityImage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8134
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 15
|
||||
name: konnectivity-agent
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: konnectivity-agent-token
|
||||
readOnly: true
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: konnectivity-agent
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
key: node.kubernetes.io/not-ready
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: konnectivity-agent-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: system:konnectivity-server
|
||||
path: konnectivity-agent-token
|
||||
updateStrategy: {}
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: konnectivity-agent
|
||||
namespace: testNamespace
|
@ -167,10 +167,6 @@ const (
|
||||
// These images are built in a way that they support all versions currently listed in VersionConfigs.
|
||||
//
|
||||
|
||||
// KonnectivityAgentImage agent image for konnectivity service.
|
||||
KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.1.2@sha256:cd3046d253d26ffb5907c625e0d0c2be05c5693c90e12116980851739fc0ead8" // renovate:container
|
||||
// KonnectivityServerImage server image for konnectivity service.
|
||||
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.1.2@sha256:79933c3779bc30e33bb7509dff913e70f6ba78ad441f4827f0f3e840ce5f3ddb" // renovate:container
|
||||
// GcpGuestImage image for GCP guest agent.
|
||||
// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
|
||||
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20231016.0.0@sha256:c51ebfc2b67f5a39daba88039e7f8f171d7084656c49c092cc53b0a2318209b2" // renovate:container
|
||||
|
Loading…
Reference in New Issue
Block a user