insecure-etcd-pod.yaml

Documentation: k8s.io/kube-aggregator/artifacts/hostpath-pods

     1apiVersion: v1
     2kind: Pod
     3metadata:
     4  name: kube-aggregator
     5  namespace: kube-public
     6spec:
     7  hostNetwork: true
     8  containers:
     9  - name: kube-aggregator
    10    image: kube-aggregator
    11    imagePullPolicy: IfNotPresent
    12    args:
    13    - "/usr/local/bin/kube-aggregator"
    14    - "--secure-port=9443"
    15    - "--kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
    16    - "--authentication-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
    17    - "--authorization-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
    18    - "--proxy-client-cert-file=/var/run/auth-proxy-client/client-auth-proxy.crt"
    19    - "--proxy-client-key-file=/var/run/auth-proxy-client/client-auth-proxy.key"
    20    - "--tls-cert-file=/var/run/serving-cert/serving-kube-aggregator.crt"
    21    - "--tls-private-key-file=/var/run/serving-cert/serving-kube-aggregator.key"
    22    - "--client-ca-file=/var/run/client-ca/client-ca.crt"
    23    - "--requestheader-username-headers=X-Remote-User"
    24    - "--requestheader-group-headers=X-Remote-Group"
    25    - "--requestheader-extra-headers-prefix=X-Remote-Extra-"
    26    - "--requestheader-client-ca-file=/var/run/request-header-ca/request-header-ca.crt"
    27    - "--etcd-servers=http://127.0.0.1:2379"
    28    ports:
    29    - containerPort: 9443
    30      hostPort: 9443
    31    volumeMounts:
    32    - mountPath: /var/run/request-header-ca
    33      name: volume-request-header-ca
    34      readOnly: true
    35    - mountPath: /var/run/client-ca
    36      name: volume-client-ca
    37      readOnly: true
    38    - mountPath: /var/run/auth-proxy-client
    39      name: volume-auth-proxy-client
    40      readOnly: true
    41    - mountPath: /var/run/etcd-client-cert
    42      name: volume-etcd-client-cert
    43      readOnly: true
    44    - mountPath: /var/run/serving-ca
    45      name: volume-serving-ca
    46      readOnly: true
    47    - mountPath: /var/run/serving-cert
    48      name: volume-serving-cert
    49      readOnly: true
    50    - mountPath: /var/run/etcd-ca
    51      name: volume-etcd-ca
    52      readOnly: true
    53    - mountPath: /var/run/auth-client
    54      name: volume-auth-client
    55      readOnly: true
    56  volumes:
    57  - name: volume-request-header-ca
    58    hostPath:
    59      path: /var/run/kubernetes/
    60  - name: volume-client-ca
    61    hostPath:
    62      path: /var/run/kubernetes/
    63  - name: volume-auth-proxy-client
    64    hostPath:
    65      path: /var/run/kubernetes/
    66  - name: volume-etcd-client-cert
    67    hostPath:
    68      path: /var/run/kubernetes/
    69  - name: volume-serving-cert
    70    hostPath:
    71      path: /var/run/kubernetes/
    72  - name: volume-serving-ca
    73    hostPath:
    74      path: /var/run/kubernetes/
    75  - name: volume-etcd-ca
    76    hostPath:
    77      path: /var/run/kubernetes/
    78  - name: volume-auth-client
    79    hostPath:
    80      path: /var/run/kubernetes/
View as plain text