apiVersion: v1 kind: Pod metadata: name: kube-aggregator namespace: kube-public spec: hostNetwork: true containers: - name: kube-aggregator image: kube-aggregator imagePullPolicy: IfNotPresent args: - "/usr/local/bin/kube-aggregator" - "--secure-port=9443" - "--kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig" - "--authentication-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig" - "--authorization-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig" - "--proxy-client-cert-file=/var/run/auth-proxy-client/client-auth-proxy.crt" - "--proxy-client-key-file=/var/run/auth-proxy-client/client-auth-proxy.key" - "--tls-cert-file=/var/run/serving-cert/serving-kube-aggregator.crt" - "--tls-private-key-file=/var/run/serving-cert/serving-kube-aggregator.key" - "--client-ca-file=/var/run/client-ca/client-ca.crt" - "--requestheader-username-headers=X-Remote-User" - "--requestheader-group-headers=X-Remote-Group" - "--requestheader-extra-headers-prefix=X-Remote-Extra-" - "--requestheader-client-ca-file=/var/run/request-header-ca/request-header-ca.crt" - "--etcd-servers=http://127.0.0.1:2379" ports: - containerPort: 9443 hostPort: 9443 volumeMounts: - mountPath: /var/run/request-header-ca name: volume-request-header-ca readOnly: true - mountPath: /var/run/client-ca name: volume-client-ca readOnly: true - mountPath: /var/run/auth-proxy-client name: volume-auth-proxy-client readOnly: true - mountPath: /var/run/etcd-client-cert name: volume-etcd-client-cert readOnly: true - mountPath: /var/run/serving-ca name: volume-serving-ca readOnly: true - mountPath: /var/run/serving-cert name: volume-serving-cert readOnly: true - mountPath: /var/run/etcd-ca name: volume-etcd-ca readOnly: true - mountPath: /var/run/auth-client name: volume-auth-client readOnly: true volumes: - name: volume-request-header-ca hostPath: path: /var/run/kubernetes/ - name: volume-client-ca hostPath: path: /var/run/kubernetes/ - name: volume-auth-proxy-client hostPath: path: /var/run/kubernetes/ - name: volume-etcd-client-cert hostPath: path: /var/run/kubernetes/ - name: volume-serving-cert hostPath: path: /var/run/kubernetes/ - name: volume-serving-ca hostPath: path: /var/run/kubernetes/ - name: volume-etcd-ca hostPath: path: /var/run/kubernetes/ - name: volume-auth-client hostPath: path: /var/run/kubernetes/