feat(konnectivity-agent): init

.github/workflows/release.yaml

@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

charts/konnectivity-agent/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/konnectivity-agent/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: konnectivity-agent
+description: A Helm chart for Konnectivity Agent
+type: application
+version: 0.1.0
+appVersion: "0.0.37"

charts/konnectivity-agent/readme.md

@@ -0,0 +1,43 @@
+# konnectivity-agent helm chart
+
+This Helm chart deploys the Konnectivity Agent, a component of the Kubernetes Konnectivity service.
+
+## prerequisites
+
+- Kubernetes 1.18+
+- Helm 3.0+
+
+## installing the chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+helm install my-release ./konnectivity-agent
+```
+
+This command deploys the Konnectivity Agent on the Kubernetes cluster with the default configuration.
+
+## uninstalling the chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+helm delete my-release
+```
+
+This command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## configuration
+
+The following table lists the configurable parameters of the Konnectivity Agent chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `image.repository` | Konnectivity Agent image repository | `registry.k8s.io/kas-network-proxy/proxy-agent` |
+| `image.tag` | Konnectivity Agent image tag | `v0.0.37` |
+| `proxyServer.host` | The host of the proxy server | `""` |
+| `proxyServer.port` | The port of the proxy server | `8132` |
+| `adminServer.port` | The port of the admin server | `8133` |
+| `healthServer.port` | The port of the health server | `8134` |
+
+You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

charts/konnectivity-agent/templates/agent.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    k8s-app: konnectivity-agent
+  namespace: kube-system
+  name: konnectivity-agent
+spec:
+  selector:
+    matchLabels:
+      k8s-app: konnectivity-agent
+  template:
+    metadata:
+      labels:
+        k8s-app: konnectivity-agent
+    spec:
+      priorityClassName: system-cluster-critical
+      tolerations:
+        - effect: NoSchedule
+          key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoExecute
+          key: node-role.kubernetes.io/master
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+      containers:
+        - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          name: konnectivity-agent
+          command: ["/proxy-agent"]
+          args: [
+                  "--logtostderr=true",
+                  "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+                  "--proxy-server-host={{ .Values.proxyServer.host }}",
+                  "--proxy-server-port={{ .Values.proxyServer.port }}",
+                  "--admin-server-port={{ .Values.adminServer.port }}",
+                  "--health-server-port={{ .Values.healthServer.port }}",
+                  "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token"
+                  ]
+          volumeMounts:
+            - mountPath: /var/run/secrets/tokens
+              name: konnectivity-agent-token
+          livenessProbe:
+            httpGet:
+              port: {{ .Values.healthServer.port }}
+              path: /healthz
+            initialDelaySeconds: 15
+            timeoutSeconds: 15
+      serviceAccountName: konnectivity-agent
+      volumes:
+        - name: konnectivity-agent-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  path: konnectivity-agent-token
+                  audience: system:konnectivity-server

charts/konnectivity-agent/templates/rbac.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:konnectivity-server
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: system:konnectivity-server
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: konnectivity-agent
+  namespace: kube-system
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+

charts/konnectivity-agent/values.yaml

@@ -0,0 +1,14 @@
+image:
+  repository: registry.k8s.io/kas-network-proxy/proxy-agent
+  tag: v0.0.37
+
+proxyServer:
+  # Needs to be set to the UpCloud Load Balancer address
+  host: ""
+  port: 8132
+
+adminServer:
+  port: 8133
+
+healthServer:
+  port: 8134

flake.nix

@@ -0,0 +1,27 @@
+{
+  inputs.nixpkgs.url = "github:nixos/nixpkgs";
+
+  outputs =
+    { self
+    , nixpkgs
+    ,
+    }:
+    let
+      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
+      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
+    in
+    {
+      devShells = forAllSystems (system:
+        let
+          pkgs = nixpkgsFor.${system};
+        in
+        {
+          default = pkgs.mkShell {
+            nativeBuildInputs = with pkgs; [
+              kubernetes-helm
+            ];
+          };
+        });
+    };
+}