Deploy Konnectivity

2025-08-07 22:42:22 -04:00 · 2022-09-01 03:40:29 +02:00 · 2022-09-01 03:40:29 +02:00 · 7163c161b6
commit 7163c161b6
parent 15592e8f3f
32 changed files with 1243 additions and 496 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
@ -66,12 +66,13 @@ func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sV
 			APIServer: kubeadm.APIServer{
 				ControlPlaneComponent: kubeadm.ControlPlaneComponent{
 					ExtraArgs: map[string]string{
-						"audit-policy-file":   auditPolicyPath,
-						"audit-log-path":      filepath.Join(auditLogDir, auditLogFile), // CIS benchmark
-						"audit-log-maxage":    "30",                                     // CIS benchmark - Default value of Rancher
-						"audit-log-maxbackup": "10",                                     // CIS benchmark - Default value of Rancher
-						"audit-log-maxsize":   "100",                                    // CIS benchmark - Default value of Rancher
-						"profiling":           "false",                                  // CIS benchmark
+						"audit-policy-file":           auditPolicyPath,
+						"audit-log-path":              filepath.Join(auditLogDir, auditLogFile), // CIS benchmark
+						"audit-log-maxage":            "30",                                     // CIS benchmark - Default value of Rancher
+						"audit-log-maxbackup":         "10",                                     // CIS benchmark - Default value of Rancher
+						"audit-log-maxsize":           "100",                                    // CIS benchmark - Default value of Rancher
+						"profiling":                   "false",                                  // CIS benchmark
+						"egress-selector-config-file": "/etc/kubernetes/egress-selector-configuration.yaml",
 						"kubelet-certificate-authority": filepath.Join(
 							kubeconstants.KubernetesDir,
 							kubeconstants.DefaultCertificateDir,
@ -101,6 +102,20 @@ func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sV
 							ReadOnly:  true,
 							PathType:  corev1.HostPathFile,
 						},
+						{
+							Name:      "egress-config",
+							HostPath:  "/etc/kubernetes/egress-selector-configuration.yaml",
+							MountPath: "/etc/kubernetes/egress-selector-configuration.yaml",
+							ReadOnly:  true,
+							PathType:  corev1.HostPathFile,
+						},
+						{
+							Name:      "konnectivity-uds",
+							HostPath:  "/etc/kubernetes/konnectivity-server",
+							MountPath: "/etc/kubernetes/konnectivity-server",
+							ReadOnly:  false,
+							PathType:  corev1.HostPathDirectoryOrCreate,
+						},
 					},
 				},
 				CertSANs: []string{"127.0.0.1"},
@ -133,6 +148,7 @@ func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sV
 				"TLS_RSA_WITH_AES_256_GCM_SHA384",
 				"TLS_RSA_WITH_AES_128_GCM_SHA256",
 			}, // CIS benchmark
+			StaticPodPath: "/etc/kubernetes/manifests",
 			TypeMeta: metav1.TypeMeta{
 				APIVersion: kubeletconf.SchemeGroupVersion.String(),
 				Kind:       "KubeletConfiguration",