apiVersion: apps/v1 # 에이전트를 Deployment(디플로이먼트)로 배포할 수도 있다. 각 노드에 에이전트가 # 있을 필요는 없다. kind: DaemonSet metadata: labels: addonmanager.kubernetes.io/mode: Reconcile k8s-app: konnectivity-agent namespace: kube-system name: konnectivity-agent spec: selector: matchLabels: k8s-app: konnectivity-agent template: metadata: labels: k8s-app: konnectivity-agent spec: priorityClassName: system-cluster-critical tolerations: - key: "CriticalAddonsOnly" operator: "Exists" containers: - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.16 name: konnectivity-agent command: ["/proxy-agent"] args: [ "--logtostderr=true", "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", # konnectivity 서버는 hostNetwork=true로 실행되기 때문에, # 이것은 마스터 머신의 IP 주소이다. "--proxy-server-host=35.225.206.7", "--proxy-server-port=8132", "--admin-server-port=8133", "--health-server-port=8134", "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token" ] volumeMounts: - mountPath: /var/run/secrets/tokens name: konnectivity-agent-token livenessProbe: httpGet: port: 8134 path: /healthz initialDelaySeconds: 15 timeoutSeconds: 15 serviceAccountName: konnectivity-agent volumes: - name: konnectivity-agent-token projected: sources: - serviceAccountToken: path: konnectivity-agent-token audience: system:konnectivity-server