From 8ca530156b4d6ddeb62d68bac945612a5cf5fcb7 Mon Sep 17 00:00:00 2001
From: Joseph Anttila Hall <jkh@google.com>
Date: Tue, 9 Apr 2024 20:15:24 +0000
Subject: [PATCH] Fix 'kind' example manifests.

---
 .github/workflows/e2e.yaml               | 10 ++++++----
 examples/kind/README.md                  |  8 ++++----
 examples/kind/konnectivity-agent-ds.yaml |  3 +--
 examples/kind/konnectivity-server.yaml   |  7 +++++--
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 34a8b2a67..0d248be3f 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -36,9 +36,11 @@ jobs:
         mkdir _output
 
         make docker-build/proxy-agent-amd64 REGISTRY=gcr.io/k8s-staging-kas-network-proxy TAG=local BASEIMAGE=${{ env.BASEIMAGE }}
-        docker save gcr.io/k8s-staging-kas-network-proxy/proxy-agent-amd64:local > _output/konnectivity-agent.tar
+        docker tag gcr.io/k8s-staging-kas-network-proxy/proxy-agent-amd64:local gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master
+        docker save gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master > _output/konnectivity-agent.tar
         make docker-build/proxy-server-amd64 REGISTRY=gcr.io/k8s-staging-kas-network-proxy TAG=local BASEIMAGE=${{ env.BASEIMAGE }}
-        docker save gcr.io/k8s-staging-kas-network-proxy/proxy-server-amd64:local > _output/konnectivity-server.tar
+        docker tag gcr.io/k8s-staging-kas-network-proxy/proxy-server-amd64:local gcr.io/k8s-staging-kas-network-proxy/proxy-server:master
+        docker save gcr.io/k8s-staging-kas-network-proxy/proxy-server:master > _output/konnectivity-server.tar
 
     - uses: actions/upload-artifact@v4
       with:
@@ -153,8 +155,8 @@ jobs:
         # preload konnectivity images
         docker load --input konnectivity-server.tar
         docker load --input konnectivity-agent.tar
-        /usr/local/bin/kind load docker-image gcr.io/k8s-staging-kas-network-proxy/proxy-server-amd64:local --name ${{ env.KIND_CLUSTER_NAME}}
-        /usr/local/bin/kind load docker-image gcr.io/k8s-staging-kas-network-proxy/proxy-agent-amd64:local --name ${{ env.KIND_CLUSTER_NAME}}
+        /usr/local/bin/kind load docker-image gcr.io/k8s-staging-kas-network-proxy/proxy-server:master --name ${{ env.KIND_CLUSTER_NAME}}
+        /usr/local/bin/kind load docker-image gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master --name ${{ env.KIND_CLUSTER_NAME}}
         kubectl apply -f examples/kind/konnectivity-server.yaml
         kubectl apply -f examples/kind/konnectivity-agent-ds.yaml
 
diff --git a/examples/kind/README.md b/examples/kind/README.md
index b5cac8ef1..1117318d4 100644
--- a/examples/kind/README.md
+++ b/examples/kind/README.md
@@ -35,7 +35,7 @@ $ kubectl apply -f konnectivity-agent-ds.yaml
 serviceaccount/konnectivity-agent created
 ```
 
-To validate that it works, run a custom image and try to exec into the pod (it goes through the konnectivity proxy):
+To validate that it works, run a custom image and get pod logs (it goes through the konnectivity proxy):
 ```sh
 $ kubectl run test --image httpd:2
 pod/test created
@@ -45,7 +45,7 @@ test   0/1     ContainerCreating   0          4s
 $ kubectl get pods
 NAME   READY   STATUS    RESTARTS   AGE
 test   1/1     Running   0          6s
-$ kubectl exec -it test bash
-kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
+$ kubectl logs test
+...
+[Tue Apr 09 20:58:36.756720 2024] [mpm_event:notice] [pid 1:tid 139788897408896] AH00489: Apache/2.4.59 (Unix) configured -- resuming normal operations
 ```
-
diff --git a/examples/kind/konnectivity-agent-ds.yaml b/examples/kind/konnectivity-agent-ds.yaml
index 3ef45d555..98f7cbd29 100644
--- a/examples/kind/konnectivity-agent-ds.yaml
+++ b/examples/kind/konnectivity-agent-ds.yaml
@@ -36,8 +36,7 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       containers:
       - name: konnectivity-agent-container
-        image: gcr.io/k8s-staging-kas-network-proxy/proxy-agent-amd64:local
-        imagePullPolicy: Never
+        image: gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master
         resources:
           requests:
             cpu: 50m
diff --git a/examples/kind/konnectivity-server.yaml b/examples/kind/konnectivity-server.yaml
index cfb7e3738..aefe69a95 100644
--- a/examples/kind/konnectivity-server.yaml
+++ b/examples/kind/konnectivity-server.yaml
@@ -55,17 +55,20 @@ spec:
       hostNetwork: true
       containers:
       - name: konnectivity-server-container
-        image: gcr.io/k8s-staging-kas-network-proxy/proxy-server-amd64:local
-        imagePullPolicy: Never
+        image: gcr.io/k8s-staging-kas-network-proxy/proxy-server:master
         resources:
           requests:
             cpu: 1m
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 0
         command: [ "/proxy-server"]
         args: [
           "--log-file=/var/log/konnectivity-server.log",
           "--logtostderr=true",
           "--log-file-max-size=0",
           "--uds-name=/etc/kubernetes/konnectivity-server/konnectivity-server.socket",
+          "--delete-existing-uds-file",
           "--cluster-cert=/etc/kubernetes/pki/apiserver.crt",
           "--cluster-key=/etc/kubernetes/pki/apiserver.key",
           "--server-port=0",