kubernetes/cluster/gce/addons/konnectivity-agent/konnectivity-agent-ds.yaml

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    k8s-app: konnectivity-agent
  namespace: kube-system
  name: konnectivity-agent
spec:
  selector:
    matchLabels:
      k8s-app: konnectivity-agent
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: konnectivity-agent
    spec:
      priorityClassName: system-cluster-critical
      tolerations:
        - key: "CriticalAddonsOnly"
          operator: "Exists"
        - operator: "Exists"
          effect: "NoExecute"
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - image: registry.k8s.io/kas-network-proxy/proxy-agent:v0.30.3
          name: konnectivity-agent
          command: ["/proxy-agent"]
          args: [
                  "--logtostderr=true",
                  "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
__EXTRA_PARAMS__
                  "--proxy-server-host=__APISERVER_IP__",
                  "--proxy-server-port=8132",
                  "--sync-interval=5s",
                  "--sync-interval-cap=30s",
                  "--probe-interval=5s",
                  "--keepalive-time=60s",
                  "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token",
                  "--agent-identifiers=ipv4=$(HOST_IP)"
                  ]
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP
          resources:
            requests:
              cpu: 50m
            limits:
              memory: 30Mi
          volumeMounts:
__EXTRA_VOL_MNTS__
            - mountPath: /var/run/secrets/tokens
              name: konnectivity-agent-token
          livenessProbe:
            httpGet:
              port: 8093
              path: /healthz
            initialDelaySeconds: 15
            timeoutSeconds: 15
      serviceAccountName: konnectivity-agent
      volumes:
__EXTRA_VOLS__
        - name: konnectivity-agent-token
          projected:
            sources:
              - serviceAccountToken:
                  path: konnectivity-agent-token
                  audience: system:konnectivity-server