| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 |
- {
- "apiVersion": "v1",
- "kind": "Pod",
- "metadata": {
- "name":"kube-apiserver",
- "namespace": "kube-system",
- "annotations": {
- "scheduler.alpha.kubernetes.io/critical-pod": "",
- "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
- },
- "labels": {
- "tier": "control-plane",
- "component": "kube-apiserver"
- }
- },
- "spec":{
- "hostNetwork": true,
- "containers":[
- {
- "name": "kube-apiserver",
- "image": "{{pillar['kube_docker_registry']}}/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}",
- "resources": {
- "requests": {
- "cpu": "250m"
- }
- },
- "command": [
- "/bin/sh",
- "-c",
- "exec /usr/local/bin/kube-apiserver {{params}} --allow-privileged={{pillar['allow_privileged']}} 1>>/var/log/kube-apiserver.log 2>&1"
- ],
- {{container_env}}
- "livenessProbe": {
- "httpGet": {
- "scheme": "HTTPS",
- "host": "127.0.0.1",
- "port": {{secure_port}},
- "path": "/healthz?exclude=etcd"
- },
- "initialDelaySeconds": {{liveness_probe_initial_delay}},
- "timeoutSeconds": 15
- },
- "readinessProbe": {
- "httpGet": {
- "scheme": "HTTPS",
- "host": "127.0.0.1",
- "port": {{secure_port}},
- "path": "/healthz"
- },
- "periodSeconds": 1,
- "timeoutSeconds": 15
- },
- "ports":[
- {{insecure_port_mapping}}
- { "name": "https",
- "containerPort": {{secure_port}},
- "hostPort": {{secure_port}}}
- ],
- "volumeMounts": [
- {{kms_socket_mount}}
- {{encryption_provider_mount}}
- {{cloud_config_mount}}
- {{additional_cloud_config_mount}}
- {{webhook_config_mount}}
- {{webhook_authn_config_mount}}
- {{audit_policy_config_mount}}
- {{audit_webhook_config_mount}}
- {{admission_controller_config_mount}}
- {{image_policy_webhook_config_mount}}
- { "name": "srvkube",
- "mountPath": "/etc/srv/kubernetes",
- "readOnly": true},
- { "name": "logfile",
- "mountPath": "/var/log/kube-apiserver.log",
- "readOnly": false},
- { "name": "auditlogfile",
- "mountPath": "/var/log/kube-apiserver-audit.log",
- "readOnly": false},
- { "name": "etcssl",
- "mountPath": "/etc/ssl",
- "readOnly": true},
- { "name": "usrsharecacerts",
- "mountPath": "/usr/share/ca-certificates",
- "readOnly": true},
- { "name": "varssl",
- "mountPath": "/var/ssl",
- "readOnly": true},
- { "name": "etcopenssl",
- "mountPath": "/etc/openssl",
- "readOnly": true},
- { "name": "etcpki",
- "mountPath": "/etc/srv/pki",
- "readOnly": true},
- { "name": "srvsshproxy",
- "mountPath": "{{srv_sshproxy_path}}",
- "readOnly": false}
- ]
- }
- ],
- "volumes":[
- {{kms_socket_volume}}
- {{encryption_provider_volume}}
- {{cloud_config_volume}}
- {{additional_cloud_config_volume}}
- {{webhook_config_volume}}
- {{webhook_authn_config_volume}}
- {{audit_policy_config_volume}}
- {{audit_webhook_config_volume}}
- {{admission_controller_config_volume}}
- {{image_policy_webhook_config_volume}}
- { "name": "srvkube",
- "hostPath": {
- "path": "/etc/srv/kubernetes"}
- },
- { "name": "logfile",
- "hostPath": {
- "path": "/var/log/kube-apiserver.log",
- "type": "FileOrCreate"}
- },
- { "name": "auditlogfile",
- "hostPath": {
- "path": "/var/log/kube-apiserver-audit.log",
- "type": "FileOrCreate"}
- },
- { "name": "etcssl",
- "hostPath": {
- "path": "/etc/ssl"}
- },
- { "name": "usrsharecacerts",
- "hostPath": {
- "path": "/usr/share/ca-certificates"}
- },
- { "name": "varssl",
- "hostPath": {
- "path": "/var/ssl"}
- },
- { "name": "etcopenssl",
- "hostPath": {
- "path": "/etc/openssl"}
- },
- { "name": "etcpki",
- "hostPath": {
- "path": "/etc/srv/pki"}
- },
- { "name": "srvsshproxy",
- "hostPath": {
- "path": "{{srv_sshproxy_path}}"}
- }
- ]
- }}
|
