--- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: kube-controller-manager namespace: kube-system labels: tier: control-plane component: kube-controller-manager spec: replicas: 2 template: metadata: labels: tier: control-plane component: kube-controller-manager annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: tier operator: In values: - control-plane - key: component operator: In values: - kube-contoller-manager topologyKey: kubernetes.io/hostname containers: - name: kube-controller-manager image: quay.io/coreos/hyperkube:v1.6.2_coreos.0 command: - ./hyperkube - controller-manager - --allocate-node-cidrs=true - --cloud-provider= - --cluster-cidr=10.2.0.0/16 - --configure-cloud-routes=false - --leader-elect=true - --root-ca-file=/etc/kubernetes/secrets/ca.crt - --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key livenessProbe: httpGet: path: /healthz port: 10252 # Note: Using default port. Update if --port option is set differently. initialDelaySeconds: 15 timeoutSeconds: 15 volumeMounts: - name: secrets mountPath: /etc/kubernetes/secrets readOnly: true - name: ssl-host mountPath: /etc/ssl/certs readOnly: true nodeSelector: node-role.kubernetes.io/master: "" tolerations: - key: CriticalAddonsOnly operator: Exists - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule volumes: - name: secrets secret: secretName: kube-controller-manager - name: ssl-host hostPath: path: /usr/share/ca-certificates dnsPolicy: Default # Don't use cluster DNS.