k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/gce/manifests/kube-apiserver.manifest (about) 1 { 2 "apiVersion": "v1", 3 "kind": "Pod", 4 "metadata": { 5 "name":"kube-apiserver", 6 "namespace": "kube-system", 7 "labels": { 8 "tier": "control-plane", 9 "component": "kube-apiserver" 10 } 11 }, 12 "spec":{ 13 "securityContext": { 14 {{runAsUser}} 15 {{runAsGroup}} 16 {{supplementalGroups}} 17 "seccompProfile": { 18 "type": "RuntimeDefault" 19 } 20 }, 21 "priorityClassName": "system-node-critical", 22 "priority": 2000001000, 23 "hostNetwork": true, 24 "containers":[ 25 { 26 "name": "kube-apiserver", 27 {{containerSecurityContext}} 28 "image": "{{pillar['kube_docker_registry']}}/kube-apiserver-amd64:{{pillar['kube-apiserver_docker_tag']}}", 29 "resources": { 30 "requests": { 31 "cpu": "250m" 32 } 33 }, 34 "command": [ 35 "/go-runner", "--log-file=/var/log/kube-apiserver.log", "--also-stdout=false", "--redirect-stderr=true", 36 "/usr/local/bin/kube-apiserver", 37 "--allow-privileged={{pillar['allow_privileged']}}", 38 {{params}} 39 ], 40 {{container_env}} 41 "livenessProbe": { 42 "httpGet": { 43 "scheme": "HTTPS", 44 "host": "{{healthcheck_ip}}", 45 "port": {{secure_port}}, 46 "path": "/livez?exclude=etcd&exclude=kms-provider-0&exclude=kms-provider-1" 47 }, 48 "initialDelaySeconds": {{liveness_probe_initial_delay}}, 49 "timeoutSeconds": 15 50 }, 51 "readinessProbe": { 52 "httpGet": { 53 "scheme": "HTTPS", 54 "host": "{{healthcheck_ip}}", 55 "port": {{secure_port}}, 56 "path": "/readyz" 57 }, 58 "periodSeconds": 1, 59 "timeoutSeconds": 15 60 }, 61 "ports":[ 62 {{insecure_port_mapping}} 63 { "name": "https", 64 "containerPort": {{secure_port}}, 65 "hostPort": {{secure_port}}} 66 ], 67 "volumeMounts": [ 68 {{kms_socket_mount}} 69 {{encryption_provider_mount}} 70 {{cloud_config_mount}} 71 {{additional_cloud_config_mount}} 72 {{webhook_config_mount}} 73 {{webhook_authn_config_mount}} 74 {{csc_config_mount}} 75 {{audit_policy_config_mount}} 76 {{audit_webhook_config_mount}} 77 {{konnectivity_socket_mount}} 78 { "name": "srvkube", 79 "mountPath": "/etc/srv/kubernetes", 80 "readOnly": true}, 81 { "name": "logfile", 82 "mountPath": "/var/log/kube-apiserver.log", 83 "readOnly": false}, 84 { "name": "auditlogfile", 85 "mountPath": "/var/log/kube-apiserver-audit.log", 86 "readOnly": false}, 87 { "name": "etcssl", 88 "mountPath": "/etc/ssl", 89 "readOnly": true}, 90 { "name": "usrsharecacerts", 91 "mountPath": "/usr/share/ca-certificates", 92 "readOnly": true}, 93 { "name": "varssl", 94 "mountPath": "/var/ssl", 95 "readOnly": true}, 96 { "name": "etcopenssl", 97 "mountPath": "/etc/openssl", 98 "readOnly": true}, 99 { "name": "etcpki", 100 "mountPath": "/etc/srv/pki", 101 "readOnly": true}, 102 { "name": "srvsshproxy", 103 "mountPath": "{{srv_sshproxy_path}}", 104 "readOnly": false} 105 ] 106 } 107 ], 108 "volumes":[ 109 {{kms_socket_volume}} 110 {{encryption_provider_volume}} 111 {{cloud_config_volume}} 112 {{additional_cloud_config_volume}} 113 {{webhook_config_volume}} 114 {{webhook_authn_config_volume}} 115 {{csc_config_volume}} 116 {{audit_policy_config_volume}} 117 {{audit_webhook_config_volume}} 118 {{konnectivity_socket_volume}} 119 { "name": "srvkube", 120 "hostPath": { 121 "path": "/etc/srv/kubernetes"} 122 }, 123 { "name": "logfile", 124 "hostPath": { 125 "path": "/var/log/kube-apiserver.log", 126 "type": "FileOrCreate"} 127 }, 128 { "name": "auditlogfile", 129 "hostPath": { 130 "path": "/var/log/kube-apiserver-audit.log", 131 "type": "FileOrCreate"} 132 }, 133 { "name": "etcssl", 134 "hostPath": { 135 "path": "/etc/ssl"} 136 }, 137 { "name": "usrsharecacerts", 138 "hostPath": { 139 "path": "/usr/share/ca-certificates"} 140 }, 141 { "name": "varssl", 142 "hostPath": { 143 "path": "/var/ssl"} 144 }, 145 { "name": "etcopenssl", 146 "hostPath": { 147 "path": "/etc/openssl"} 148 }, 149 { "name": "etcpki", 150 "hostPath": { 151 "path": "/etc/srv/pki"} 152 }, 153 { "name": "srvsshproxy", 154 "hostPath": { 155 "path": "{{srv_sshproxy_path}}"} 156 } 157 ] 158 }}