mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
helm: remove konnectivity agents (#2790)
This commit is contained in:
parent
3d8e548dcd
commit
0167a4a286
@ -80,7 +80,6 @@ kubectl -n kube-system wait --for=condition=Available=True --timeout=180s deploy
|
|||||||
kubectl -n kube-system rollout status --timeout 180s daemonset cilium
|
kubectl -n kube-system rollout status --timeout 180s daemonset cilium
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset join-service
|
kubectl -n kube-system rollout status --timeout 180s daemonset join-service
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset key-service
|
kubectl -n kube-system rollout status --timeout 180s daemonset key-service
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent
|
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset verification-service
|
kubectl -n kube-system rollout status --timeout 180s daemonset verification-service
|
||||||
|
|
||||||
echo "Miniconstellation started successfully. Shutting down..."
|
echo "Miniconstellation started successfully. Shutting down..."
|
||||||
|
@ -241,13 +241,6 @@ go_library(
|
|||||||
"charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml",
|
"charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml",
|
||||||
"charts/edgeless/constellation-services/charts/key-service/values.schema.json",
|
"charts/edgeless/constellation-services/charts/key-service/values.schema.json",
|
||||||
"charts/edgeless/constellation-services/charts/key-service/values.yaml",
|
"charts/edgeless/constellation-services/charts/key-service/values.yaml",
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/.helmignore",
|
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml",
|
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml",
|
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml",
|
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml",
|
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/values.schema.json",
|
|
||||||
"charts/edgeless/constellation-services/charts/konnectivity/values.yaml",
|
|
||||||
"charts/edgeless/constellation-services/charts/verification-service/.helmignore",
|
"charts/edgeless/constellation-services/charts/verification-service/.helmignore",
|
||||||
"charts/edgeless/constellation-services/charts/verification-service/Chart.yaml",
|
"charts/edgeless/constellation-services/charts/verification-service/Chart.yaml",
|
||||||
"charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml",
|
"charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml",
|
||||||
|
@ -45,14 +45,6 @@ dependencies:
|
|||||||
- GCP
|
- GCP
|
||||||
- OpenStack
|
- OpenStack
|
||||||
- QEMU
|
- QEMU
|
||||||
- name: konnectivity
|
|
||||||
version: 0.0.0
|
|
||||||
tags:
|
|
||||||
- AWS
|
|
||||||
- Azure
|
|
||||||
- GCP
|
|
||||||
- OpenStack
|
|
||||||
- QEMU
|
|
||||||
- name: gcp-guest-agent
|
- name: gcp-guest-agent
|
||||||
version: 0.0.0
|
version: 0.0.0
|
||||||
tags:
|
tags:
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*.orig
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
||||||
.vscode/
|
|
@ -1,5 +0,0 @@
|
|||||||
apiVersion: v2
|
|
||||||
name: konnectivity
|
|
||||||
description: A chart to deploy konnectivity for Constellation
|
|
||||||
type: application
|
|
||||||
version: 0.0.0
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: system:konnectivity-server
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: User
|
|
||||||
name: system:konnectivity-server
|
|
@ -1,76 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --logtostderr=true
|
|
||||||
- --proxy-server-host={{ .Values.loadBalancerIP }}
|
|
||||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
- --proxy-server-port=8132
|
|
||||||
- --admin-server-port=8133
|
|
||||||
- --health-server-port={{ .Values.healthServerPort }}
|
|
||||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
|
||||||
- --agent-identifiers=host=$(HOST_IP)
|
|
||||||
- --sync-forever=true
|
|
||||||
- --keepalive-time=60m
|
|
||||||
- --sync-interval=5s
|
|
||||||
- --sync-interval-cap=30s
|
|
||||||
- --probe-interval=5s
|
|
||||||
- --v=3
|
|
||||||
command:
|
|
||||||
- /proxy-agent
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
image: {{ .Values.image | quote }}
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: {{ .Values.healthServerPort }}
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
timeoutSeconds: 15
|
|
||||||
name: konnectivity-agent
|
|
||||||
resources: {}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/run/secrets/tokens
|
|
||||||
name: konnectivity-agent-token
|
|
||||||
readOnly: true
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: konnectivity-agent
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: konnectivity-agent-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
audience: system:konnectivity-server
|
|
||||||
path: konnectivity-agent-token
|
|
||||||
updateStrategy: {}
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
@ -1,21 +0,0 @@
|
|||||||
{
|
|
||||||
"$schema": "https://json-schema.org/draft-07/schema#",
|
|
||||||
"properties": {
|
|
||||||
"image": {
|
|
||||||
"description": "Container image to use for the spawned pods.",
|
|
||||||
"type": "string",
|
|
||||||
"examples": ["us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da"]
|
|
||||||
},
|
|
||||||
"loadBalancerIP": {
|
|
||||||
"description": "IP of the loadbalancer serving the control plane.",
|
|
||||||
"type": "string",
|
|
||||||
"examples": ["10.4.0.1"]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"required": [
|
|
||||||
"image",
|
|
||||||
"loadBalancerIP"
|
|
||||||
],
|
|
||||||
"title": "Values",
|
|
||||||
"type": "object"
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
healthServerPort: 8134
|
|
@ -33,7 +33,5 @@ go_library(
|
|||||||
# TODO(malt3): add missing third-party images
|
# TODO(malt3): add missing third-party images
|
||||||
# - logstash
|
# - logstash
|
||||||
# - filebeat
|
# - filebeat
|
||||||
# - konnectivity-agent
|
|
||||||
# - konnectivity-server
|
|
||||||
# - node-maintenance-operator
|
# - node-maintenance-operator
|
||||||
# - gcp-guest-agent
|
# - gcp-guest-agent
|
||||||
|
@ -68,7 +68,6 @@ type chartLoader struct {
|
|||||||
autoscalerImage string
|
autoscalerImage string
|
||||||
verificationServiceImage string
|
verificationServiceImage string
|
||||||
gcpGuestAgentImage string
|
gcpGuestAgentImage string
|
||||||
konnectivityImage string
|
|
||||||
constellationOperatorImage string
|
constellationOperatorImage string
|
||||||
nodeMaintenanceOperatorImage string
|
nodeMaintenanceOperatorImage string
|
||||||
clusterName string
|
clusterName string
|
||||||
@ -104,7 +103,6 @@ func newLoader(csp cloudprovider.Provider, attestationVariant variant.Variant, k
|
|||||||
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
|
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
|
||||||
verificationServiceImage: imageversion.VerificationService("", ""),
|
verificationServiceImage: imageversion.VerificationService("", ""),
|
||||||
gcpGuestAgentImage: versions.GcpGuestImage,
|
gcpGuestAgentImage: versions.GcpGuestImage,
|
||||||
konnectivityImage: versions.KonnectivityAgentImage,
|
|
||||||
constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""),
|
constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""),
|
||||||
nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
|
nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
|
||||||
}
|
}
|
||||||
@ -307,9 +305,6 @@ func (i *chartLoader) loadConstellationServicesValues() map[string]any {
|
|||||||
"gcp-guest-agent": map[string]any{
|
"gcp-guest-agent": map[string]any{
|
||||||
"image": i.gcpGuestAgentImage,
|
"image": i.gcpGuestAgentImage,
|
||||||
},
|
},
|
||||||
"konnectivity": map[string]any{
|
|
||||||
"image": i.konnectivityImage,
|
|
||||||
},
|
|
||||||
"tags": i.cspTags(),
|
"tags": i.cspTags(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -171,7 +171,6 @@ func TestConstellationServices(t *testing.T) {
|
|||||||
azureCNMImage: tc.cnmImage,
|
azureCNMImage: tc.cnmImage,
|
||||||
autoscalerImage: "autoscalerImage",
|
autoscalerImage: "autoscalerImage",
|
||||||
verificationServiceImage: "verificationImage",
|
verificationServiceImage: "verificationImage",
|
||||||
konnectivityImage: "konnectivityImage",
|
|
||||||
gcpGuestAgentImage: "gcpGuestAgentImage",
|
gcpGuestAgentImage: "gcpGuestAgentImage",
|
||||||
clusterName: "testCluster",
|
clusterName: "testCluster",
|
||||||
}
|
}
|
||||||
@ -384,12 +383,6 @@ func addInClusterValues(values map[string]any, csp cloudprovider.Provider) error
|
|||||||
}
|
}
|
||||||
verificationVals["loadBalancerIP"] = "127.0.0.1"
|
verificationVals["loadBalancerIP"] = "127.0.0.1"
|
||||||
|
|
||||||
konnectivityVals, ok := values["konnectivity"].(map[string]any)
|
|
||||||
if !ok {
|
|
||||||
return errors.New("missing 'konnectivity' key")
|
|
||||||
}
|
|
||||||
konnectivityVals["loadBalancerIP"] = "127.0.0.1"
|
|
||||||
|
|
||||||
ccmVals, ok := values["ccm"].(map[string]any)
|
ccmVals, ok := values["ccm"].(map[string]any)
|
||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("missing 'ccm' key")
|
return errors.New("missing 'ccm' key")
|
||||||
|
@ -90,9 +90,6 @@ func extraConstellationServicesValues(
|
|||||||
extraVals["verification-service"] = map[string]any{
|
extraVals["verification-service"] = map[string]any{
|
||||||
"attestationVariant": attestationVariant.String(),
|
"attestationVariant": attestationVariant.String(),
|
||||||
}
|
}
|
||||||
extraVals["konnectivity"] = map[string]any{
|
|
||||||
"loadBalancerIP": output.ClusterEndpoint,
|
|
||||||
}
|
|
||||||
|
|
||||||
extraVals["key-service"] = map[string]any{
|
extraVals["key-service"] = map[string]any{
|
||||||
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
|
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
|
||||||
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: system:konnectivity-server
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: User
|
|
||||||
name: system:konnectivity-server
|
|
@ -1,76 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --logtostderr=true
|
|
||||||
- --proxy-server-host=127.0.0.1
|
|
||||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
- --proxy-server-port=8132
|
|
||||||
- --admin-server-port=8133
|
|
||||||
- --health-server-port=8134
|
|
||||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
|
||||||
- --agent-identifiers=host=$(HOST_IP)
|
|
||||||
- --sync-forever=true
|
|
||||||
- --keepalive-time=60m
|
|
||||||
- --sync-interval=5s
|
|
||||||
- --sync-interval-cap=30s
|
|
||||||
- --probe-interval=5s
|
|
||||||
- --v=3
|
|
||||||
command:
|
|
||||||
- /proxy-agent
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
image: konnectivityImage
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: 8134
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
timeoutSeconds: 15
|
|
||||||
name: konnectivity-agent
|
|
||||||
resources: {}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/run/secrets/tokens
|
|
||||||
name: konnectivity-agent-token
|
|
||||||
readOnly: true
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: konnectivity-agent
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: konnectivity-agent-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
audience: system:konnectivity-server
|
|
||||||
path: konnectivity-agent-token
|
|
||||||
updateStrategy: {}
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: system:konnectivity-server
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: User
|
|
||||||
name: system:konnectivity-server
|
|
@ -1,76 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --logtostderr=true
|
|
||||||
- --proxy-server-host=127.0.0.1
|
|
||||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
- --proxy-server-port=8132
|
|
||||||
- --admin-server-port=8133
|
|
||||||
- --health-server-port=8134
|
|
||||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
|
||||||
- --agent-identifiers=host=$(HOST_IP)
|
|
||||||
- --sync-forever=true
|
|
||||||
- --keepalive-time=60m
|
|
||||||
- --sync-interval=5s
|
|
||||||
- --sync-interval-cap=30s
|
|
||||||
- --probe-interval=5s
|
|
||||||
- --v=3
|
|
||||||
command:
|
|
||||||
- /proxy-agent
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
image: konnectivityImage
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: 8134
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
timeoutSeconds: 15
|
|
||||||
name: konnectivity-agent
|
|
||||||
resources: {}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/run/secrets/tokens
|
|
||||||
name: konnectivity-agent-token
|
|
||||||
readOnly: true
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: konnectivity-agent
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: konnectivity-agent-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
audience: system:konnectivity-server
|
|
||||||
path: konnectivity-agent-token
|
|
||||||
updateStrategy: {}
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: system:konnectivity-server
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: User
|
|
||||||
name: system:konnectivity-server
|
|
@ -1,76 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --logtostderr=true
|
|
||||||
- --proxy-server-host=127.0.0.1
|
|
||||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
- --proxy-server-port=8132
|
|
||||||
- --admin-server-port=8133
|
|
||||||
- --health-server-port=8134
|
|
||||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
|
||||||
- --agent-identifiers=host=$(HOST_IP)
|
|
||||||
- --sync-forever=true
|
|
||||||
- --keepalive-time=60m
|
|
||||||
- --sync-interval=5s
|
|
||||||
- --sync-interval-cap=30s
|
|
||||||
- --probe-interval=5s
|
|
||||||
- --v=3
|
|
||||||
command:
|
|
||||||
- /proxy-agent
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
image: konnectivityImage
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: 8134
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
timeoutSeconds: 15
|
|
||||||
name: konnectivity-agent
|
|
||||||
resources: {}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/run/secrets/tokens
|
|
||||||
name: konnectivity-agent-token
|
|
||||||
readOnly: true
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: konnectivity-agent
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: konnectivity-agent-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
audience: system:konnectivity-server
|
|
||||||
path: konnectivity-agent-token
|
|
||||||
updateStrategy: {}
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: system:konnectivity-server
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: User
|
|
||||||
name: system:konnectivity-server
|
|
@ -1,76 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --logtostderr=true
|
|
||||||
- --proxy-server-host=127.0.0.1
|
|
||||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
- --proxy-server-port=8132
|
|
||||||
- --admin-server-port=8133
|
|
||||||
- --health-server-port=8134
|
|
||||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
|
||||||
- --agent-identifiers=host=$(HOST_IP)
|
|
||||||
- --sync-forever=true
|
|
||||||
- --keepalive-time=60m
|
|
||||||
- --sync-interval=5s
|
|
||||||
- --sync-interval-cap=30s
|
|
||||||
- --probe-interval=5s
|
|
||||||
- --v=3
|
|
||||||
command:
|
|
||||||
- /proxy-agent
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
image: konnectivityImage
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: 8134
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
timeoutSeconds: 15
|
|
||||||
name: konnectivity-agent
|
|
||||||
resources: {}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/run/secrets/tokens
|
|
||||||
name: konnectivity-agent-token
|
|
||||||
readOnly: true
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: konnectivity-agent
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: konnectivity-agent-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
audience: system:konnectivity-server
|
|
||||||
path: konnectivity-agent-token
|
|
||||||
updateStrategy: {}
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: system:konnectivity-server
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: User
|
|
||||||
name: system:konnectivity-server
|
|
@ -1,76 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: konnectivity-agent
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --logtostderr=true
|
|
||||||
- --proxy-server-host=127.0.0.1
|
|
||||||
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
- --proxy-server-port=8132
|
|
||||||
- --admin-server-port=8133
|
|
||||||
- --health-server-port=8134
|
|
||||||
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
|
|
||||||
- --agent-identifiers=host=$(HOST_IP)
|
|
||||||
- --sync-forever=true
|
|
||||||
- --keepalive-time=60m
|
|
||||||
- --sync-interval=5s
|
|
||||||
- --sync-interval-cap=30s
|
|
||||||
- --probe-interval=5s
|
|
||||||
- --v=3
|
|
||||||
command:
|
|
||||||
- /proxy-agent
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
image: konnectivityImage
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: 8134
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
timeoutSeconds: 15
|
|
||||||
name: konnectivity-agent
|
|
||||||
resources: {}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/run/secrets/tokens
|
|
||||||
name: konnectivity-agent-token
|
|
||||||
readOnly: true
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: konnectivity-agent
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: konnectivity-agent-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
audience: system:konnectivity-server
|
|
||||||
path: konnectivity-agent-token
|
|
||||||
updateStrategy: {}
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: konnectivity-agent
|
|
||||||
namespace: testNamespace
|
|
@ -167,10 +167,6 @@ const (
|
|||||||
// These images are built in a way that they support all versions currently listed in VersionConfigs.
|
// These images are built in a way that they support all versions currently listed in VersionConfigs.
|
||||||
//
|
//
|
||||||
|
|
||||||
// KonnectivityAgentImage agent image for konnectivity service.
|
|
||||||
KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.1.2@sha256:cd3046d253d26ffb5907c625e0d0c2be05c5693c90e12116980851739fc0ead8" // renovate:container
|
|
||||||
// KonnectivityServerImage server image for konnectivity service.
|
|
||||||
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.1.2@sha256:79933c3779bc30e33bb7509dff913e70f6ba78ad441f4827f0f3e840ce5f3ddb" // renovate:container
|
|
||||||
// GcpGuestImage image for GCP guest agent.
|
// GcpGuestImage image for GCP guest agent.
|
||||||
// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
|
// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
|
||||||
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20231016.0.0@sha256:c51ebfc2b67f5a39daba88039e7f8f171d7084656c49c092cc53b0a2318209b2" // renovate:container
|
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20231016.0.0@sha256:c51ebfc2b67f5a39daba88039e7f8f171d7084656c49c092cc53b0a2318209b2" // renovate:container
|
||||||
|
Loading…
Reference in New Issue
Block a user