apiVersion: apps/v1 # 作为另一种替代方案,你可以将代理部署为 Deployment。 # 没有必要在每个节点上都有一个代理。 kind: DaemonSet metadata: labels: addonmanager.kubernetes.io/mode: Reconcile k8s-app: konnectivity-agent namespace: kube-system name: konnectivity-agent spec: selector: matchLabels: k8s-app: konnectivity-agent template: metadata: labels: k8s-app: konnectivity-agent spec: priorityClassName: system-cluster-critical tolerations: - key: "CriticalAddonsOnly" operator: "Exists" containers: - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.37 name: konnectivity-agent command: ["/proxy-agent"] args: [ "--logtostderr=true", "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", # 由于 konnectivity 服务器以 hostNetwork=true 运行, # 所以这是控制面节点的 IP 地址。 "--proxy-server-host=35.225.206.7", "--proxy-server-port=8132", "--admin-server-port=8133", "--health-server-port=8134", "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token" ] volumeMounts: - mountPath: /var/run/secrets/tokens name: konnectivity-agent-token livenessProbe: httpGet: port: 8134 path: /healthz initialDelaySeconds: 15 timeoutSeconds: 15 serviceAccountName: konnectivity-agent volumes: - name: konnectivity-agent-token projected: sources: - serviceAccountToken: path: konnectivity-agent-token audience: system:konnectivity-server