mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-02-08 19:08:40 -05:00
enable konnectivity
This commit is contained in:
Leonard Cohnen
3u13r
parent
803209b12b
commit
2e3176f87c
@ -27,6 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||||||
- Local cluster creation based on QEMU
|
- Local cluster creation based on QEMU
|
||||||
- Verification of Azure trusted launch attestation keys
|
- Verification of Azure trusted launch attestation keys
|
||||||
- Kubernetes version v1.25 is now fully supported.
|
- Kubernetes version v1.25 is now fully supported.
|
||||||
|
- Enabled Konnectivity.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
<!-- For changes in existing functionality. -->
|
<!-- For changes in existing functionality. -->
|
||||||
|
|||||||
@ -72,8 +72,7 @@ func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sV
|
|||||||
"audit-log-maxbackup": "10", // CIS benchmark - Default value of Rancher
|
"audit-log-maxbackup": "10", // CIS benchmark - Default value of Rancher
|
||||||
"audit-log-maxsize": "100", // CIS benchmark - Default value of Rancher
|
"audit-log-maxsize": "100", // CIS benchmark - Default value of Rancher
|
||||||
"profiling": "false", // CIS benchmark
|
"profiling": "false", // CIS benchmark
|
||||||
// Disabled konnectivity until agents have stable connections
|
"egress-selector-config-file": "/etc/kubernetes/egress-selector-configuration.yaml",
|
||||||
// "egress-selector-config-file": "/etc/kubernetes/egress-selector-configuration.yaml",
|
|
||||||
"kubelet-certificate-authority": filepath.Join(
|
"kubelet-certificate-authority": filepath.Join(
|
||||||
kubeconstants.KubernetesDir,
|
kubeconstants.KubernetesDir,
|
||||||
kubeconstants.DefaultCertificateDir,
|
kubeconstants.DefaultCertificateDir,
|
||||||
|
|||||||
@ -113,10 +113,10 @@ func NewKonnectivityAgents(konnectivityServerAddress string) *KonnectivityAgents
|
|||||||
// https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/273
|
// https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/273
|
||||||
"--sync-forever=true",
|
"--sync-forever=true",
|
||||||
// Ensure stable connection to the konnectivity server.
|
// Ensure stable connection to the konnectivity server.
|
||||||
"--keepalive-time=60s",
|
"--keepalive-time=60m",
|
||||||
"--sync-interval=1s",
|
"--sync-interval=5s",
|
||||||
"--sync-interval-cap=3s",
|
"--sync-interval-cap=30s",
|
||||||
"--probe-interval=1s",
|
"--probe-interval=5s",
|
||||||
"--v=3",
|
"--v=3",
|
||||||
},
|
},
|
||||||
Env: []corev1.EnvVar{
|
Env: []corev1.EnvVar{
|
||||||
@ -253,7 +253,7 @@ func NewKonnectivityServerStaticPod() *KonnectivityServerStaticPod {
|
|||||||
"--agent-service-account=konnectivity-agent",
|
"--agent-service-account=konnectivity-agent",
|
||||||
"--kubeconfig=/etc/kubernetes/konnectivity-server.conf",
|
"--kubeconfig=/etc/kubernetes/konnectivity-server.conf",
|
||||||
"--authentication-audience=system:konnectivity-server",
|
"--authentication-audience=system:konnectivity-server",
|
||||||
"--proxy-strategies=destHost,default",
|
"--proxy-strategies=default",
|
||||||
},
|
},
|
||||||
LivenessProbe: &corev1.Probe{
|
LivenessProbe: &corev1.Probe{
|
||||||
ProbeHandler: corev1.ProbeHandler{
|
ProbeHandler: corev1.ProbeHandler{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user