...
1kind: ReplicationController
2apiVersion: v1
3metadata:
4 name: kube-aggregator
5 labels:
6 kube-aggregator: "true"
7spec:
8 replicas: 1
9 selector:
10 kube-aggregator: "true"
11 template:
12 metadata:
13 labels:
14 kube-aggregator: "true"
15 spec:
16 containers:
17 - name: kube-aggregator
18 image: kube-aggregator:latest
19 imagePullPolicy: Never
20 livenessProbe:
21 failureThreshold: 3
22 httpGet:
23 path: /version
24 port: 443
25 scheme: HTTPS
26 periodSeconds: 10
27 successThreshold: 1
28 timeoutSeconds: 1
29 readinessProbe:
30 failureThreshold: 3
31 httpGet:
32 path: /version
33 port: 443
34 scheme: HTTPS
35 periodSeconds: 10
36 successThreshold: 1
37 timeoutSeconds: 1
38 args:
39 - "--proxy-client-cert-file=/var/run/auth-proxy-client/tls.crt"
40 - "--proxy-client-key-file=/var/run/auth-proxy-client/tls.key"
41 - "--tls-cert-file=/var/run/serving-cert/tls.crt"
42 - "--tls-private-key-file=/var/run/serving-cert/tls.key"
43 - "--etcd-servers=https://etcd.kube-public.svc:4001"
44 - "--etcd-certfile=/var/run/etcd-client-cert/tls.crt"
45 - "--etcd-keyfile=/var/run/etcd-client-cert/tls.key"
46 - "--etcd-cafile=/var/run/etcd-ca/ca.crt"
47 ports:
48 - containerPort: 443
49 volumeMounts:
50 - mountPath: /var/run/request-header-ca
51 name: volume-request-header-ca
52 - mountPath: /var/run/client-ca
53 name: volume-client-ca
54 - mountPath: /var/run/auth-proxy-client
55 name: volume-auth-proxy-client
56 - mountPath: /var/run/etcd-client-cert
57 name: volume-etcd-client-cert
58 - mountPath: /var/run/serving-ca
59 name: volume-serving-ca
60 - mountPath: /var/run/serving-cert
61 name: volume-serving-cert
62 - mountPath: /var/run/etcd-ca
63 name: volume-etcd-ca
64 serviceAccountName: kube-aggregator
65 volumes:
66 - configMap:
67 defaultMode: 420
68 name: request-header-ca
69 name: volume-request-header-ca
70 - configMap:
71 defaultMode: 420
72 name: client-ca
73 name: volume-client-ca
74 - name: volume-auth-proxy-client
75 secret:
76 defaultMode: 420
77 secretName: auth-proxy-client
78 - name: volume-etcd-client-cert
79 secret:
80 defaultMode: 420
81 secretName: kube-aggregator-etcd
82 - name: volume-serving-cert
83 secret:
84 defaultMode: 420
85 secretName: serving-kube-aggregator
86 - configMap:
87 defaultMode: 420
88 name: kube-aggregator-ca
89 name: volume-serving-ca
90 - configMap:
91 defaultMode: 420
92 name: etcd-ca
93 name: volume-etcd-ca
View as plain text