apiVersion: v1
kind: Pod
metadata:
  name: kube-aggregator
  namespace: kube-public
spec:
  hostNetwork: true
  containers:
  - name: kube-aggregator
    image: kube-aggregator
    imagePullPolicy: IfNotPresent
    args:
    - "/usr/local/bin/kube-aggregator"
    - "--secure-port=9443"
    - "--kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
    - "--authentication-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
    - "--authorization-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
    - "--proxy-client-cert-file=/var/run/auth-proxy-client/client-auth-proxy.crt"
    - "--proxy-client-key-file=/var/run/auth-proxy-client/client-auth-proxy.key"
    - "--tls-cert-file=/var/run/serving-cert/serving-kube-aggregator.crt"
    - "--tls-private-key-file=/var/run/serving-cert/serving-kube-aggregator.key"
    - "--client-ca-file=/var/run/client-ca/client-ca.crt"
    - "--requestheader-username-headers=X-Remote-User"
    - "--requestheader-group-headers=X-Remote-Group"
    - "--requestheader-extra-headers-prefix=X-Remote-Extra-"
    - "--requestheader-client-ca-file=/var/run/request-header-ca/request-header-ca.crt"
    - "--etcd-servers=http://127.0.0.1:2379"
    ports:
    - containerPort: 9443
      hostPort: 9443
    volumeMounts:
    - mountPath: /var/run/request-header-ca
      name: volume-request-header-ca
      readOnly: true
    - mountPath: /var/run/client-ca
      name: volume-client-ca
      readOnly: true
    - mountPath: /var/run/auth-proxy-client
      name: volume-auth-proxy-client
      readOnly: true
    - mountPath: /var/run/etcd-client-cert
      name: volume-etcd-client-cert
      readOnly: true
    - mountPath: /var/run/serving-ca
      name: volume-serving-ca
      readOnly: true
    - mountPath: /var/run/serving-cert
      name: volume-serving-cert
      readOnly: true
    - mountPath: /var/run/etcd-ca
      name: volume-etcd-ca
      readOnly: true
    - mountPath: /var/run/auth-client
      name: volume-auth-client
      readOnly: true
  volumes:
  - name: volume-request-header-ca
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-client-ca
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-auth-proxy-client
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-etcd-client-cert
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-serving-cert
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-serving-ca
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-etcd-ca
    hostPath:
      path: /var/run/kubernetes/
  - name: volume-auth-client
    hostPath:
      path: /var/run/kubernetes/