61 lines
1.7 KiB
YAML
61 lines
1.7 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: bootstrap-kube-apiserver
|
|
namespace: kube-system
|
|
spec:
|
|
containers:
|
|
- name: kube-apiserver
|
|
image: quay.io/coreos/hyperkube:v1.6.2_coreos.0
|
|
command:
|
|
- /usr/bin/flock
|
|
- --exclusive
|
|
- --timeout=30
|
|
- /var/lock/api-server.lock
|
|
- /hyperkube
|
|
- apiserver
|
|
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
|
|
- --advertise-address=$(POD_IP)
|
|
- --allow-privileged=true
|
|
- --authorization-mode=RBAC
|
|
- --bind-address=0.0.0.0
|
|
- --client-ca-file=/etc/kubernetes/secrets/ca.crt
|
|
- --etcd-servers=http://10.3.0.15:2379,http://127.0.0.1:12379
|
|
- --insecure-port=0
|
|
- --kubelet-client-certificate=/etc/kubernetes/secrets/apiserver.crt
|
|
- --kubelet-client-key=/etc/kubernetes/secrets/apiserver.key
|
|
- --secure-port=443
|
|
- --service-account-key-file=/etc/kubernetes/secrets/service-account.pub
|
|
- --service-cluster-ip-range=10.3.0.0/24
|
|
- --storage-backend=etcd3
|
|
- --tls-ca-file=/etc/kubernetes/secrets/ca.crt
|
|
- --tls-cert-file=/etc/kubernetes/secrets/apiserver.crt
|
|
- --tls-private-key-file=/etc/kubernetes/secrets/apiserver.key
|
|
env:
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
volumeMounts:
|
|
- mountPath: /etc/ssl/certs
|
|
name: ssl-certs-host
|
|
readOnly: true
|
|
- mountPath: /etc/kubernetes/secrets
|
|
name: secrets
|
|
readOnly: true
|
|
- mountPath: /var/lock
|
|
name: var-lock
|
|
readOnly: false
|
|
hostNetwork: true
|
|
volumes:
|
|
- name: secrets
|
|
hostPath:
|
|
path: /etc/kubernetes/bootstrap-secrets
|
|
- name: ssl-certs-host
|
|
hostPath:
|
|
path: /usr/share/ca-certificates
|
|
- name: var-lock
|
|
hostPath:
|
|
path: /var/lock
|