49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-apiserver
|
|
namespace: kube-system
|
|
labels:
|
|
tier: control-plane
|
|
component: kube-apiserver
|
|
annotations:
|
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-apiserver
|
|
image: {{ config['Versions']['images']['kubernetes']['apiserver'] }}
|
|
command:
|
|
- /hyperkube
|
|
- apiserver
|
|
- --advertise-address={{ config['Node']['ip'] }}
|
|
- --authorization-mode=RBAC
|
|
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
|
|
- --anonymous-auth=false
|
|
- --client-ca-file=/etc/kubernetes/pki/cluster-ca.pem
|
|
- --insecure-port=8080
|
|
- --insecure-bind-address=127.0.0.1
|
|
- --bind-address=0.0.0.0
|
|
- --runtime-config=batch/v2alpha1=true
|
|
- --secure-port=6443
|
|
- --allow-privileged=true
|
|
- --etcd-servers=https://kubernetes:2379
|
|
- --etcd-cafile=/etc/kubernetes/pki/etcd-client-ca.pem
|
|
- --etcd-certfile=/etc/kubernetes/pki/etcd-client.pem
|
|
- --etcd-keyfile=/etc/kubernetes/pki/etcd-client-key.pem
|
|
- --service-cluster-ip-range={{ config['Network']['service_ip_cidr'] }}
|
|
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
|
- --service-account-key-file=/etc/kubernetes/pki/service-account.pub
|
|
- --tls-cert-file=/etc/kubernetes/pki/apiserver.pem
|
|
- --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem
|
|
- --v=5
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/kubernetes
|
|
readOnly: true
|
|
volumes:
|
|
- name: config
|
|
hostPath:
|
|
path: /etc/kubernetes/apiserver
|