diff --git a/content/en/examples/admin/konnectivity/konnectivity-agent.yaml b/content/en/examples/admin/konnectivity/konnectivity-agent.yaml index 3c71999427..0eb47e1c58 100644 --- a/content/en/examples/admin/konnectivity/konnectivity-agent.yaml +++ b/content/en/examples/admin/konnectivity/konnectivity-agent.yaml @@ -22,7 +22,7 @@ spec: - key: "CriticalAddonsOnly" operator: "Exists" containers: - - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.12 + - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.16 name: konnectivity-agent command: ["/proxy-agent"] args: [ diff --git a/content/en/examples/admin/konnectivity/konnectivity-server.yaml b/content/en/examples/admin/konnectivity/konnectivity-server.yaml index a0f45af5ff..f1f378431a 100644 --- a/content/en/examples/admin/konnectivity/konnectivity-server.yaml +++ b/content/en/examples/admin/konnectivity/konnectivity-server.yaml @@ -8,7 +8,7 @@ spec: hostNetwork: true containers: - name: konnectivity-server-container - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.12 + image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.16 command: ["/proxy-server"] args: [ "--logtostderr=true", diff --git a/content/zh/examples/admin/konnectivity/egress-selector-configuration.yaml b/content/zh/examples/admin/konnectivity/egress-selector-configuration.yaml index 6659ff3fbb..c85f25ea51 100644 --- a/content/zh/examples/admin/konnectivity/egress-selector-configuration.yaml +++ b/content/zh/examples/admin/konnectivity/egress-selector-configuration.yaml @@ -18,4 +18,4 @@ egressSelections: # The other supported transport is "tcp". You will need to set up TLS # config to secure the TCP transport. uds: - udsName: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket + udsName: /etc/kubernetes/konnectivity-server/konnectivity-server.socket diff --git a/content/zh/examples/admin/konnectivity/konnectivity-agent.yaml b/content/zh/examples/admin/konnectivity/konnectivity-agent.yaml index c3dc71040b..0eb47e1c58 100644 --- a/content/zh/examples/admin/konnectivity/konnectivity-agent.yaml +++ b/content/zh/examples/admin/konnectivity/konnectivity-agent.yaml @@ -22,7 +22,7 @@ spec: - key: "CriticalAddonsOnly" operator: "Exists" containers: - - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.8 + - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.16 name: konnectivity-agent command: ["/proxy-agent"] args: [ @@ -32,6 +32,8 @@ spec: # this is the IP address of the master machine. "--proxy-server-host=35.225.206.7", "--proxy-server-port=8132", + "--admin-server-port=8133", + "--health-server-port=8134", "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token" ] volumeMounts: @@ -39,7 +41,7 @@ spec: name: konnectivity-agent-token livenessProbe: httpGet: - port: 8093 + port: 8134 path: /healthz initialDelaySeconds: 15 timeoutSeconds: 15 diff --git a/content/zh/examples/admin/konnectivity/konnectivity-server.yaml b/content/zh/examples/admin/konnectivity/konnectivity-server.yaml index 730c26c66a..f1f378431a 100644 --- a/content/zh/examples/admin/konnectivity/konnectivity-server.yaml +++ b/content/zh/examples/admin/konnectivity/konnectivity-server.yaml @@ -8,34 +8,33 @@ spec: hostNetwork: true containers: - name: konnectivity-server-container - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.8 + image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-server:v0.0.16 command: ["/proxy-server"] args: [ - "--log-file=/var/log/konnectivity-server.log", - "--logtostderr=false", - "--log-file-max-size=0", + "--logtostderr=true", # This needs to be consistent with the value set in egressSelectorConfiguration. - "--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket", + "--uds-name=/etc/kubernetes/konnectivity-server/konnectivity-server.socket", # The following two lines assume the Konnectivity server is # deployed on the same machine as the apiserver, and the certs and # key of the API Server are at the specified location. - "--cluster-cert=/etc/srv/kubernetes/pki/apiserver.crt", - "--cluster-key=/etc/srv/kubernetes/pki/apiserver.key", + "--cluster-cert=/etc/kubernetes/pki/apiserver.crt", + "--cluster-key=/etc/kubernetes/pki/apiserver.key", # This needs to be consistent with the value set in egressSelectorConfiguration. "--mode=grpc", "--server-port=0", "--agent-port=8132", "--admin-port=8133", + "--health-port=8134", "--agent-namespace=kube-system", "--agent-service-account=konnectivity-agent", - "--kubeconfig=/etc/srv/kubernetes/konnectivity-server/kubeconfig", + "--kubeconfig=/etc/kubernetes/konnectivity-server.conf", "--authentication-audience=system:konnectivity-server" ] livenessProbe: httpGet: scheme: HTTP host: 127.0.0.1 - port: 8133 + port: 8134 path: /healthz initialDelaySeconds: 30 timeoutSeconds: 60 @@ -46,25 +45,28 @@ spec: - name: adminport containerPort: 8133 hostPort: 8133 + - name: healthport + containerPort: 8134 + hostPort: 8134 volumeMounts: - - name: varlogkonnectivityserver - mountPath: /var/log/konnectivity-server.log - readOnly: false - - name: pki - mountPath: /etc/srv/kubernetes/pki + - name: k8s-certs + mountPath: /etc/kubernetes/pki + readOnly: true + - name: kubeconfig + mountPath: /etc/kubernetes/konnectivity-server.conf readOnly: true - name: konnectivity-uds - mountPath: /etc/srv/kubernetes/konnectivity-server + mountPath: /etc/kubernetes/konnectivity-server readOnly: false volumes: - - name: varlogkonnectivityserver + - name: k8s-certs hostPath: - path: /var/log/konnectivity-server.log + path: /etc/kubernetes/pki + - name: kubeconfig + hostPath: + path: /etc/kubernetes/konnectivity-server.conf type: FileOrCreate - - name: pki - hostPath: - path: /etc/srv/kubernetes/pki - name: konnectivity-uds hostPath: - path: /etc/srv/kubernetes/konnectivity-server + path: /etc/kubernetes/konnectivity-server type: DirectoryOrCreate