helm: remove konnectivity agents (#2790)

2024-10-01 01:36:09 -04:00 · 2024-01-03 14:09:32 +01:00 · 2024-01-03 14:09:32 +01:00 · 0167a4a286
commit 0167a4a286
parent 3d8e548dcd
30 changed files with 0 additions and 681 deletions
--- a/e2e/miniconstellation/test-remote.sh
+++ b/e2e/miniconstellation/test-remote.sh
@ -80,7 +80,6 @@ kubectl -n kube-system wait --for=condition=Available=True --timeout=180s deploy
 kubectl -n kube-system rollout status --timeout 180s daemonset cilium
 kubectl -n kube-system rollout status --timeout 180s daemonset join-service
 kubectl -n kube-system rollout status --timeout 180s daemonset key-service
-kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent
 kubectl -n kube-system rollout status --timeout 180s daemonset verification-service

 echo "Miniconstellation started successfully. Shutting down..."
--- a/internal/constellation/helm/BUILD.bazel
+++ b/internal/constellation/helm/BUILD.bazel
@ -241,13 +241,6 @@ go_library(
        "charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml",
        "charts/edgeless/constellation-services/charts/key-service/values.schema.json",
        "charts/edgeless/constellation-services/charts/key-service/values.yaml",
-        "charts/edgeless/constellation-services/charts/konnectivity/.helmignore",
-        "charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml",
-        "charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml",
-        "charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml",
-        "charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml",
-        "charts/edgeless/constellation-services/charts/konnectivity/values.schema.json",
-        "charts/edgeless/constellation-services/charts/konnectivity/values.yaml",
        "charts/edgeless/constellation-services/charts/verification-service/.helmignore",
        "charts/edgeless/constellation-services/charts/verification-service/Chart.yaml",
        "charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml",
--- a/internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml
@ -45,14 +45,6 @@ dependencies:
      - GCP
      - OpenStack
      - QEMU
-  - name: konnectivity
-    version: 0.0.0
-    tags:
-      - AWS
-      - Azure
-      - GCP
-      - OpenStack
-      - QEMU
  - name: gcp-guest-agent
    version: 0.0.0
    tags:
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/.helmignore
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/.helmignore
@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml
@ -1,5 +0,0 @@
-apiVersion: v2
-name: konnectivity
-description: A chart to deploy konnectivity for Constellation
-type: application
-version: 0.0.0
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: system:konnectivity-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:konnectivity-server
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    k8s-app: konnectivity-agent
-  name: konnectivity-agent
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    matchLabels:
-      k8s-app: konnectivity-agent
-  template:
-    metadata:
-      labels:
-        k8s-app: konnectivity-agent
-    spec:
-      containers:
-      - args:
-        - --logtostderr=true
-        - --proxy-server-host={{ .Values.loadBalancerIP }}
-        - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        - --proxy-server-port=8132
-        - --admin-server-port=8133
-        - --health-server-port={{ .Values.healthServerPort }}
-        - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
-        - --agent-identifiers=host=$(HOST_IP)
-        - --sync-forever=true
-        - --keepalive-time=60m
-        - --sync-interval=5s
-        - --sync-interval-cap=30s
-        - --probe-interval=5s
-        - --v=3
-        command:
-        - /proxy-agent
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.hostIP
-        image: {{ .Values.image | quote }}
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: {{ .Values.healthServerPort }}
-          initialDelaySeconds: 15
-          timeoutSeconds: 15
-        name: konnectivity-agent
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/secrets/tokens
-          name: konnectivity-agent-token
-          readOnly: true
-      priorityClassName: system-cluster-critical
-      serviceAccountName: konnectivity-agent
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoExecute
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: konnectivity-agent-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: system:konnectivity-server
-              path: konnectivity-agent-token
-  updateStrategy: {}
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: konnectivity-agent
-  namespace: {{ .Release.Namespace }}
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.schema.json
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.schema.json
@ -1,21 +0,0 @@
-{
-    "$schema": "https://json-schema.org/draft-07/schema#",
-    "properties": {
-        "image": {
-            "description": "Container image to use for the spawned pods.",
-            "type": "string",
-            "examples": ["us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da"]
-        },
-        "loadBalancerIP": {
-            "description": "IP of the loadbalancer serving the control plane.",
-            "type": "string",
-            "examples": ["10.4.0.1"]
-        }
-    },
-    "required": [
-        "image",
-        "loadBalancerIP"
-    ],
-    "title": "Values",
-    "type": "object"
-}
--- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.yaml
+++ b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.yaml
@ -1 +0,0 @@
-healthServerPort: 8134
--- a/internal/constellation/helm/imageversion/BUILD.bazel
+++ b/internal/constellation/helm/imageversion/BUILD.bazel
@ -33,7 +33,5 @@ go_library(
 # TODO(malt3): add missing third-party images
 # - logstash
 # - filebeat
-# - konnectivity-agent
-# - konnectivity-server
 # - node-maintenance-operator
 # - gcp-guest-agent
--- a/internal/constellation/helm/loader.go
+++ b/internal/constellation/helm/loader.go
@ -68,7 +68,6 @@ type chartLoader struct {
 	autoscalerImage              string
 	verificationServiceImage     string
 	gcpGuestAgentImage           string
-	konnectivityImage            string
 	constellationOperatorImage   string
 	nodeMaintenanceOperatorImage string
 	clusterName                  string
@ -104,7 +103,6 @@ func newLoader(csp cloudprovider.Provider, attestationVariant variant.Variant, k
 		autoscalerImage:              versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
 		verificationServiceImage:     imageversion.VerificationService("", ""),
 		gcpGuestAgentImage:           versions.GcpGuestImage,
-		konnectivityImage:            versions.KonnectivityAgentImage,
 		constellationOperatorImage:   imageversion.ConstellationNodeOperator("", ""),
 		nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
 	}
@ -307,9 +305,6 @@ func (i *chartLoader) loadConstellationServicesValues() map[string]any {
 		"gcp-guest-agent": map[string]any{
 			"image": i.gcpGuestAgentImage,
 		},
-		"konnectivity": map[string]any{
-			"image": i.konnectivityImage,
-		},
 		"tags": i.cspTags(),
 	}
 }
--- a/internal/constellation/helm/loader_test.go
+++ b/internal/constellation/helm/loader_test.go
@ -171,7 +171,6 @@ func TestConstellationServices(t *testing.T) {
 				azureCNMImage:            tc.cnmImage,
 				autoscalerImage:          "autoscalerImage",
 				verificationServiceImage: "verificationImage",
-				konnectivityImage:        "konnectivityImage",
 				gcpGuestAgentImage:       "gcpGuestAgentImage",
 				clusterName:              "testCluster",
 			}
@ -384,12 +383,6 @@ func addInClusterValues(values map[string]any, csp cloudprovider.Provider) error
 	}
 	verificationVals["loadBalancerIP"] = "127.0.0.1"

-	konnectivityVals, ok := values["konnectivity"].(map[string]any)
-	if !ok {
-		return errors.New("missing 'konnectivity' key")
-	}
-	konnectivityVals["loadBalancerIP"] = "127.0.0.1"
-
 	ccmVals, ok := values["ccm"].(map[string]any)
 	if !ok {
 		return errors.New("missing 'ccm' key")
--- a/internal/constellation/helm/overrides.go
+++ b/internal/constellation/helm/overrides.go
@ -90,9 +90,6 @@ func extraConstellationServicesValues(
 	extraVals["verification-service"] = map[string]any{
 		"attestationVariant": attestationVariant.String(),
 	}
-	extraVals["konnectivity"] = map[string]any{
-		"loadBalancerIP": output.ClusterEndpoint,
-	}

 	extraVals["key-service"] = map[string]any{
 		"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
--- a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
+++ b/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: system:konnectivity-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:konnectivity-server
--- a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/daemonset.yaml
+++ b/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/daemonset.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    k8s-app: konnectivity-agent
-  name: konnectivity-agent
-  namespace: testNamespace
-spec:
-  selector:
-    matchLabels:
-      k8s-app: konnectivity-agent
-  template:
-    metadata:
-      labels:
-        k8s-app: konnectivity-agent
-    spec:
-      containers:
-      - args:
-        - --logtostderr=true
-        - --proxy-server-host=127.0.0.1
-        - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        - --proxy-server-port=8132
-        - --admin-server-port=8133
-        - --health-server-port=8134
-        - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
-        - --agent-identifiers=host=$(HOST_IP)
-        - --sync-forever=true
-        - --keepalive-time=60m
-        - --sync-interval=5s
-        - --sync-interval-cap=30s
-        - --probe-interval=5s
-        - --v=3
-        command:
-        - /proxy-agent
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.hostIP
-        image: konnectivityImage
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8134
-          initialDelaySeconds: 15
-          timeoutSeconds: 15
-        name: konnectivity-agent
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/secrets/tokens
-          name: konnectivity-agent-token
-          readOnly: true
-      priorityClassName: system-cluster-critical
-      serviceAccountName: konnectivity-agent
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoExecute
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: konnectivity-agent-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: system:konnectivity-server
-              path: konnectivity-agent-token
-  updateStrategy: {}
--- a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
+++ b/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: konnectivity-agent
-  namespace: testNamespace
--- a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
+++ b/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: system:konnectivity-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:konnectivity-server
--- a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/daemonset.yaml
+++ b/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/daemonset.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    k8s-app: konnectivity-agent
-  name: konnectivity-agent
-  namespace: testNamespace
-spec:
-  selector:
-    matchLabels:
-      k8s-app: konnectivity-agent
-  template:
-    metadata:
-      labels:
-        k8s-app: konnectivity-agent
-    spec:
-      containers:
-      - args:
-        - --logtostderr=true
-        - --proxy-server-host=127.0.0.1
-        - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        - --proxy-server-port=8132
-        - --admin-server-port=8133
-        - --health-server-port=8134
-        - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
-        - --agent-identifiers=host=$(HOST_IP)
-        - --sync-forever=true
-        - --keepalive-time=60m
-        - --sync-interval=5s
-        - --sync-interval-cap=30s
-        - --probe-interval=5s
-        - --v=3
-        command:
-        - /proxy-agent
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.hostIP
-        image: konnectivityImage
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8134
-          initialDelaySeconds: 15
-          timeoutSeconds: 15
-        name: konnectivity-agent
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/secrets/tokens
-          name: konnectivity-agent-token
-          readOnly: true
-      priorityClassName: system-cluster-critical
-      serviceAccountName: konnectivity-agent
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoExecute
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: konnectivity-agent-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: system:konnectivity-server
-              path: konnectivity-agent-token
-  updateStrategy: {}
--- a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
+++ b/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: konnectivity-agent
-  namespace: testNamespace
--- a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
+++ b/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: system:konnectivity-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:konnectivity-server
--- a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/daemonset.yaml
+++ b/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/daemonset.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    k8s-app: konnectivity-agent
-  name: konnectivity-agent
-  namespace: testNamespace
-spec:
-  selector:
-    matchLabels:
-      k8s-app: konnectivity-agent
-  template:
-    metadata:
-      labels:
-        k8s-app: konnectivity-agent
-    spec:
-      containers:
-      - args:
-        - --logtostderr=true
-        - --proxy-server-host=127.0.0.1
-        - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        - --proxy-server-port=8132
-        - --admin-server-port=8133
-        - --health-server-port=8134
-        - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
-        - --agent-identifiers=host=$(HOST_IP)
-        - --sync-forever=true
-        - --keepalive-time=60m
-        - --sync-interval=5s
-        - --sync-interval-cap=30s
-        - --probe-interval=5s
-        - --v=3
-        command:
-        - /proxy-agent
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.hostIP
-        image: konnectivityImage
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8134
-          initialDelaySeconds: 15
-          timeoutSeconds: 15
-        name: konnectivity-agent
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/secrets/tokens
-          name: konnectivity-agent-token
-          readOnly: true
-      priorityClassName: system-cluster-critical
-      serviceAccountName: konnectivity-agent
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoExecute
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: konnectivity-agent-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: system:konnectivity-server
-              path: konnectivity-agent-token
-  updateStrategy: {}
--- a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
+++ b/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: konnectivity-agent
-  namespace: testNamespace
--- a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
+++ b/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: system:konnectivity-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:konnectivity-server
--- a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/daemonset.yaml
+++ b/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/daemonset.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    k8s-app: konnectivity-agent
-  name: konnectivity-agent
-  namespace: testNamespace
-spec:
-  selector:
-    matchLabels:
-      k8s-app: konnectivity-agent
-  template:
-    metadata:
-      labels:
-        k8s-app: konnectivity-agent
-    spec:
-      containers:
-      - args:
-        - --logtostderr=true
-        - --proxy-server-host=127.0.0.1
-        - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        - --proxy-server-port=8132
-        - --admin-server-port=8133
-        - --health-server-port=8134
-        - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
-        - --agent-identifiers=host=$(HOST_IP)
-        - --sync-forever=true
-        - --keepalive-time=60m
-        - --sync-interval=5s
-        - --sync-interval-cap=30s
-        - --probe-interval=5s
-        - --v=3
-        command:
-        - /proxy-agent
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.hostIP
-        image: konnectivityImage
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8134
-          initialDelaySeconds: 15
-          timeoutSeconds: 15
-        name: konnectivity-agent
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/secrets/tokens
-          name: konnectivity-agent-token
-          readOnly: true
-      priorityClassName: system-cluster-critical
-      serviceAccountName: konnectivity-agent
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoExecute
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: konnectivity-agent-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: system:konnectivity-server
-              path: konnectivity-agent-token
-  updateStrategy: {}
--- a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
+++ b/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: konnectivity-agent
-  namespace: testNamespace
--- a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
+++ b/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: system:konnectivity-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:konnectivity-server
--- a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/daemonset.yaml
+++ b/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/daemonset.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    k8s-app: konnectivity-agent
-  name: konnectivity-agent
-  namespace: testNamespace
-spec:
-  selector:
-    matchLabels:
-      k8s-app: konnectivity-agent
-  template:
-    metadata:
-      labels:
-        k8s-app: konnectivity-agent
-    spec:
-      containers:
-      - args:
-        - --logtostderr=true
-        - --proxy-server-host=127.0.0.1
-        - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        - --proxy-server-port=8132
-        - --admin-server-port=8133
-        - --health-server-port=8134
-        - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
-        - --agent-identifiers=host=$(HOST_IP)
-        - --sync-forever=true
-        - --keepalive-time=60m
-        - --sync-interval=5s
-        - --sync-interval-cap=30s
-        - --probe-interval=5s
-        - --v=3
-        command:
-        - /proxy-agent
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.hostIP
-        image: konnectivityImage
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8134
-          initialDelaySeconds: 15
-          timeoutSeconds: 15
-        name: konnectivity-agent
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/secrets/tokens
-          name: konnectivity-agent-token
-          readOnly: true
-      priorityClassName: system-cluster-critical
-      serviceAccountName: konnectivity-agent
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoExecute
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: konnectivity-agent-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: system:konnectivity-server
-              path: konnectivity-agent-token
-  updateStrategy: {}
--- a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
+++ b/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/serviceaccount.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-  name: konnectivity-agent
-  namespace: testNamespace
--- a/internal/versions/versions.go
+++ b/internal/versions/versions.go
@ -167,10 +167,6 @@ const (
 	// These images are built in a way that they support all versions currently listed in VersionConfigs.
 	//

-	// KonnectivityAgentImage agent image for konnectivity service.
-	KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.1.2@sha256:cd3046d253d26ffb5907c625e0d0c2be05c5693c90e12116980851739fc0ead8" // renovate:container
-	// KonnectivityServerImage server image for konnectivity service.
-	KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.1.2@sha256:79933c3779bc30e33bb7509dff913e70f6ba78ad441f4827f0f3e840ce5f3ddb" // renovate:container
 	// GcpGuestImage image for GCP guest agent.
 	// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
 	GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20231016.0.0@sha256:c51ebfc2b67f5a39daba88039e7f8f171d7084656c49c092cc53b0a2318209b2" // renovate:container