github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/kube-apiserver/templates/kube-apiserver.yaml

github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/kube-apiserver/templates/kube-apiserver.yaml (about)

     1  apiVersion: v1
     2  kind: Pod
     3  metadata:
     4    labels:
     5      tier: control-plane
     6      component: kube-apiserver
     7      kismatic/host: {{ inventory_hostname }}
     8    annotations:
     9      version: "{{ official_images.kube_apiserver.version }}"
    10      kismatic/version: "{{ kismatic_short_version }}"
    11    name: kube-apiserver
    12    namespace: kube-system
    13  spec:
    14    hostNetwork: true
    15    containers:
    16    - name: kube-apiserver
    17      image: {{ images.kube_apiserver }}
    18      imagePullPolicy: IfNotPresent
    19      command:
    20        - kube-apiserver
    21  {% set combined_options = kubernetes_api_server_option_defaults | combine(kubernetes_api_server_option_overrides) -%}
    22  {% for option in combined_options | dictsort %}
    23  {% if option[1] is defined and option[1] | string | length > 0 %}
    24        - "--{{ option[0] }}={{ option[1] }}"
    25  {% endif %}
    26  {% endfor %}
    27      ports:
    28      - containerPort: {{ kubernetes_master_secure_port }}
    29        hostPort: {{ kubernetes_master_secure_port }}
    30        name: https
    31      volumeMounts:
    32      - mountPath: /etc/kubernetes
    33        name: ssl-certs-kubernetes
    34        readOnly: true
    35      - mountPath: /etc/ssl/certs
    36        name: ssl-certs-host
    37        readOnly: true
    38      - name: usr-ca-certs-host
    39        mountPath: /usr/share/ca-certificates
    40        readOnly: true
    41  {% if cloud_provider is defined and cloud_provider == 'aws' and ansible_os_family == 'RedHat' %}
    42      - mountPath: /etc/ssl/certs/ca-bundle.crt
    43        name: rhel-ca-bundle
    44        readOnly: true
    45  {% endif %}
    46      livenessProbe:
    47        httpGet:
    48          host: 127.0.0.1
    49          path: /healthz
    50          port: {{ kubernetes_master_secure_port }}
    51          scheme: HTTPS
    52        initialDelaySeconds: 15
    53        timeoutSeconds: 15
    54        failureThreshold: 8
    55    volumes:
    56    - hostPath:
    57        path: /etc/kubernetes
    58      name: ssl-certs-kubernetes
    59    - hostPath:
    60        path: /etc/ssl/certs/
    61      name: ssl-certs-host
    62    - hostPath:
    63        path: /usr/share/ca-certificates
    64      name: usr-ca-certs-host
    65  {% if cloud_provider is defined and cloud_provider == 'aws' and ansible_os_family == 'RedHat' %}
    66    - hostPath:
    67        path: /etc/ssl/certs/ca-bundle.crt
    68      name: rhel-ca-bundle
    69  {% endif %}