Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-08 19:08:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

enable konnectivity

Browse Source
This commit is contained in:
Leonard Cohnen 2022-09-28 10:49:13 +02:00 committed by 3u13r
parent 803209b12b
commit 2e3176f87c
3 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -27,6 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Local cluster creation based on QEMU - Local cluster creation based on QEMU
- Verification of Azure trusted launch attestation keys - Verification of Azure trusted launch attestation keys
- Kubernetes version v1.25 is now fully supported. - Kubernetes version v1.25 is now fully supported.
- Enabled Konnectivity.
### Changed ### Changed
<!-- For changes in existing functionality. --> <!-- For changes in existing functionality. -->

15
bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
View File

@ -66,14 +66,13 @@ func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sV
APIServer: kubeadm.APIServer{ APIServer: kubeadm.APIServer{
ControlPlaneComponent: kubeadm.ControlPlaneComponent{ ControlPlaneComponent: kubeadm.ControlPlaneComponent{
ExtraArgs: map[string]string{ ExtraArgs: map[string]string{
"audit-policy-file": auditPolicyPath, "audit-policy-file": auditPolicyPath,
"audit-log-path": filepath.Join(auditLogDir, auditLogFile), // CIS benchmark "audit-log-path": filepath.Join(auditLogDir, auditLogFile), // CIS benchmark
"audit-log-maxage": "30", // CIS benchmark - Default value of Rancher "audit-log-maxage": "30", // CIS benchmark - Default value of Rancher
"audit-log-maxbackup": "10", // CIS benchmark - Default value of Rancher "audit-log-maxbackup": "10", // CIS benchmark - Default value of Rancher
"audit-log-maxsize": "100", // CIS benchmark - Default value of Rancher "audit-log-maxsize": "100", // CIS benchmark - Default value of Rancher
"profiling": "false", // CIS benchmark "profiling": "false", // CIS benchmark
// Disabled konnectivity until agents have stable connections "egress-selector-config-file": "/etc/kubernetes/egress-selector-configuration.yaml",
// "egress-selector-config-file": "/etc/kubernetes/egress-selector-configuration.yaml",
"kubelet-certificate-authority": filepath.Join( "kubelet-certificate-authority": filepath.Join(
kubeconstants.KubernetesDir, kubeconstants.KubernetesDir,
kubeconstants.DefaultCertificateDir, kubeconstants.DefaultCertificateDir,

10
bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go
View File

@ -113,10 +113,10 @@ func NewKonnectivityAgents(konnectivityServerAddress string) *KonnectivityAgents
// https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/273 // https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/273
"--sync-forever=true", "--sync-forever=true",
// Ensure stable connection to the konnectivity server. // Ensure stable connection to the konnectivity server.
"--keepalive-time=60s", "--keepalive-time=60m",
"--sync-interval=1s", "--sync-interval=5s",
"--sync-interval-cap=3s", "--sync-interval-cap=30s",
"--probe-interval=1s", "--probe-interval=5s",
"--v=3", "--v=3",
}, },
Env: []corev1.EnvVar{ Env: []corev1.EnvVar{
@ -253,7 +253,7 @@ func NewKonnectivityServerStaticPod() *KonnectivityServerStaticPod {
"--agent-service-account=konnectivity-agent", "--agent-service-account=konnectivity-agent",
"--kubeconfig=/etc/kubernetes/konnectivity-server.conf", "--kubeconfig=/etc/kubernetes/konnectivity-server.conf",
"--authentication-audience=system:konnectivity-server", "--authentication-audience=system:konnectivity-server",
"--proxy-strategies=destHost,default", "--proxy-strategies=default",
}, },
LivenessProbe: &corev1.Probe{ LivenessProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{ ProbeHandler: corev1.ProbeHandler{