...
1apiVersion: v1
2kind: Pod
3metadata:
4 name: kube-aggregator
5 namespace: kube-public
6spec:
7 hostNetwork: true
8 containers:
9 - name: kube-aggregator
10 image: kube-aggregator
11 imagePullPolicy: IfNotPresent
12 args:
13 - "/usr/local/bin/kube-aggregator"
14 - "--secure-port=9443"
15 - "--kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
16 - "--authentication-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
17 - "--authorization-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
18 - "--proxy-client-cert-file=/var/run/auth-proxy-client/client-auth-proxy.crt"
19 - "--proxy-client-key-file=/var/run/auth-proxy-client/client-auth-proxy.key"
20 - "--tls-cert-file=/var/run/serving-cert/serving-kube-aggregator.crt"
21 - "--tls-private-key-file=/var/run/serving-cert/serving-kube-aggregator.key"
22 - "--client-ca-file=/var/run/client-ca/client-ca.crt"
23 - "--requestheader-username-headers=X-Remote-User"
24 - "--requestheader-group-headers=X-Remote-Group"
25 - "--requestheader-extra-headers-prefix=X-Remote-Extra-"
26 - "--requestheader-client-ca-file=/var/run/request-header-ca/request-header-ca.crt"
27 - "--etcd-servers=http://127.0.0.1:2379"
28 ports:
29 - containerPort: 9443
30 hostPort: 9443
31 volumeMounts:
32 - mountPath: /var/run/request-header-ca
33 name: volume-request-header-ca
34 readOnly: true
35 - mountPath: /var/run/client-ca
36 name: volume-client-ca
37 readOnly: true
38 - mountPath: /var/run/auth-proxy-client
39 name: volume-auth-proxy-client
40 readOnly: true
41 - mountPath: /var/run/etcd-client-cert
42 name: volume-etcd-client-cert
43 readOnly: true
44 - mountPath: /var/run/serving-ca
45 name: volume-serving-ca
46 readOnly: true
47 - mountPath: /var/run/serving-cert
48 name: volume-serving-cert
49 readOnly: true
50 - mountPath: /var/run/etcd-ca
51 name: volume-etcd-ca
52 readOnly: true
53 - mountPath: /var/run/auth-client
54 name: volume-auth-client
55 readOnly: true
56 volumes:
57 - name: volume-request-header-ca
58 hostPath:
59 path: /var/run/kubernetes/
60 - name: volume-client-ca
61 hostPath:
62 path: /var/run/kubernetes/
63 - name: volume-auth-proxy-client
64 hostPath:
65 path: /var/run/kubernetes/
66 - name: volume-etcd-client-cert
67 hostPath:
68 path: /var/run/kubernetes/
69 - name: volume-serving-cert
70 hostPath:
71 path: /var/run/kubernetes/
72 - name: volume-serving-ca
73 hostPath:
74 path: /var/run/kubernetes/
75 - name: volume-etcd-ca
76 hostPath:
77 path: /var/run/kubernetes/
78 - name: volume-auth-client
79 hostPath:
80 path: /var/run/kubernetes/
View as plain text