kind: ReplicationController
apiVersion: v1
metadata:
  name: kube-aggregator
  labels:
    kube-aggregator: "true"
spec:
  replicas: 1
  selector:
    kube-aggregator: "true"
  template:
    metadata:
      labels:
        kube-aggregator: "true"
    spec:
      containers:
      - name: kube-aggregator
        image: kube-aggregator:latest
        imagePullPolicy: Never
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /version
            port: 443
            scheme: HTTPS
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /version
            port: 443
            scheme: HTTPS
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        args:
        - "--proxy-client-cert-file=/var/run/auth-proxy-client/tls.crt"
        - "--proxy-client-key-file=/var/run/auth-proxy-client/tls.key"
        - "--tls-cert-file=/var/run/serving-cert/tls.crt"
        - "--tls-private-key-file=/var/run/serving-cert/tls.key"
        - "--etcd-servers=https://etcd.kube-public.svc:4001"
        - "--etcd-certfile=/var/run/etcd-client-cert/tls.crt"
        - "--etcd-keyfile=/var/run/etcd-client-cert/tls.key"
        - "--etcd-cafile=/var/run/etcd-ca/ca.crt"
        ports:
        - containerPort: 443
        volumeMounts:
        - mountPath: /var/run/request-header-ca
          name: volume-request-header-ca
        - mountPath: /var/run/client-ca
          name: volume-client-ca
        - mountPath: /var/run/auth-proxy-client
          name: volume-auth-proxy-client
        - mountPath: /var/run/etcd-client-cert
          name: volume-etcd-client-cert
        - mountPath: /var/run/serving-ca
          name: volume-serving-ca
        - mountPath: /var/run/serving-cert
          name: volume-serving-cert
        - mountPath: /var/run/etcd-ca
          name: volume-etcd-ca
      serviceAccountName: kube-aggregator
      volumes:
      - configMap:
          defaultMode: 420
          name: request-header-ca
        name: volume-request-header-ca
      - configMap:
          defaultMode: 420
          name: client-ca
        name: volume-client-ca
      - name: volume-auth-proxy-client
        secret:
          defaultMode: 420
          secretName: auth-proxy-client
      - name: volume-etcd-client-cert
        secret:
          defaultMode: 420
          secretName: kube-aggregator-etcd
      - name: volume-serving-cert
        secret:
          defaultMode: 420
          secretName: serving-kube-aggregator
      - configMap:
          defaultMode: 420
          name: kube-aggregator-ca
        name: volume-serving-ca
      - configMap:
          defaultMode: 420
          name: etcd-ca
        name: volume-etcd-ca