apiVersion: v1 kind: Pod metadata: name: konnectivity-server namespace: kube-system spec: priorityClassName: system-cluster-critical hostNetwork: true containers: - name: konnectivity-server-container image: registry.k8s.io/kas-network-proxy/proxy-server:v0.0.32 command: ["/proxy-server"] args: [ "--logtostderr=true", # 이것은 egressSelectorConfiguration에 설정된 값과 일치해야 한다. "--uds-name=/etc/kubernetes/konnectivity-server/konnectivity-server.socket", # 다음 두 줄은 Konnectivity 서버가 apiserver와 # 동일한 시스템에 배포되고 API 서버의 인증서와 # 키가 지정된 위치에 있다고 가정한다. "--cluster-cert=/etc/kubernetes/pki/apiserver.crt", "--cluster-key=/etc/kubernetes/pki/apiserver.key", # 이것은 egressSelectorConfiguration에 설정된 값과 일치해야 한다. "--mode=grpc", "--server-port=0", "--agent-port=8132", "--admin-port=8133", "--health-port=8134", "--agent-namespace=kube-system", "--agent-service-account=konnectivity-agent", "--kubeconfig=/etc/kubernetes/konnectivity-server.conf", "--authentication-audience=system:konnectivity-server" ] livenessProbe: httpGet: scheme: HTTP host: 127.0.0.1 port: 8134 path: /healthz initialDelaySeconds: 30 timeoutSeconds: 60 ports: - name: agentport containerPort: 8132 hostPort: 8132 - name: adminport containerPort: 8133 hostPort: 8133 - name: healthport containerPort: 8134 hostPort: 8134 volumeMounts: - name: k8s-certs mountPath: /etc/kubernetes/pki readOnly: true - name: kubeconfig mountPath: /etc/kubernetes/konnectivity-server.conf readOnly: true - name: konnectivity-uds mountPath: /etc/kubernetes/konnectivity-server readOnly: false volumes: - name: k8s-certs hostPath: path: /etc/kubernetes/pki - name: kubeconfig hostPath: path: /etc/kubernetes/konnectivity-server.conf type: FileOrCreate - name: konnectivity-uds hostPath: path: /etc/kubernetes/konnectivity-server type: DirectoryOrCreate