apiVersion: v1 kind: Pod metadata: name: konnectivity-server namespace: kube-system spec: priorityClassName: system-cluster-critical hostNetwork: true containers: - name: konnectivity-server-container image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.16 command: ["/proxy-server"] args: [ "--logtostderr=true", # 下一行需与 egressSelectorConfiguration 中设置的值一致。 "--uds-name=/etc/kubernetes/konnectivity-server/konnectivity-server.socket", # 下面两行假定 Konnectivity 服务器被部署在与 apiserver 相同的机器上, # 并且该 API 服务器的证书和密钥位于指定的位置。 "--cluster-cert=/etc/kubernetes/pki/apiserver.crt", "--cluster-key=/etc/kubernetes/pki/apiserver.key", # 下一行需与 egressSelectorConfiguration 中设置的值一致。 "--mode=grpc", "--server-port=0", "--agent-port=8132", "--admin-port=8133", "--health-port=8134", "--agent-namespace=kube-system", "--agent-service-account=konnectivity-agent", "--kubeconfig=/etc/kubernetes/konnectivity-server.conf", "--authentication-audience=system:konnectivity-server" ] livenessProbe: httpGet: scheme: HTTP host: 127.0.0.1 port: 8134 path: /healthz initialDelaySeconds: 30 timeoutSeconds: 60 ports: - name: agentport containerPort: 8132 hostPort: 8132 - name: adminport containerPort: 8133 hostPort: 8133 - name: healthport containerPort: 8134 hostPort: 8134 volumeMounts: - name: k8s-certs mountPath: /etc/kubernetes/pki readOnly: true - name: kubeconfig mountPath: /etc/kubernetes/konnectivity-server.conf readOnly: true - name: konnectivity-uds mountPath: /etc/kubernetes/konnectivity-server readOnly: false volumes: - name: k8s-certs hostPath: path: /etc/kubernetes/pki - name: kubeconfig hostPath: path: /etc/kubernetes/konnectivity-server.conf type: FileOrCreate - name: konnectivity-uds hostPath: path: /etc/kubernetes/konnectivity-server type: DirectoryOrCreate