1{
2"apiVersion": "v1",
3"kind": "Pod",
4"metadata": {
5 "name":"kube-apiserver",
6 "namespace": "kube-system",
7 "labels": {
8 "tier": "control-plane",
9 "component": "kube-apiserver"
10 }
11},
12"spec":{
13"securityContext": {
14 {{runAsUser}}
15 {{runAsGroup}}
16 {{supplementalGroups}}
17 "seccompProfile": {
18 "type": "RuntimeDefault"
19 }
20},
21"priorityClassName": "system-node-critical",
22"priority": 2000001000,
23"hostNetwork": true,
24"containers":[
25 {
26 "name": "kube-apiserver",
27 {{containerSecurityContext}}
28 "image": "{{pillar['kube_docker_registry']}}/kube-apiserver-amd64:{{pillar['kube-apiserver_docker_tag']}}",
29 "resources": {
30 "requests": {
31 "cpu": "250m"
32 }
33 },
34 "command": [
35 "/go-runner", "--log-file=/var/log/kube-apiserver.log", "--also-stdout=false", "--redirect-stderr=true",
36 "/usr/local/bin/kube-apiserver",
37 "--allow-privileged={{pillar['allow_privileged']}}",
38 {{params}}
39 ],
40 {{container_env}}
41 "livenessProbe": {
42 "httpGet": {
43 "scheme": "HTTPS",
44 "host": "{{healthcheck_ip}}",
45 "port": {{secure_port}},
46 "path": "/livez?exclude=etcd&exclude=kms-provider-0&exclude=kms-provider-1"
47 },
48 "initialDelaySeconds": {{liveness_probe_initial_delay}},
49 "timeoutSeconds": 15
50 },
51 "readinessProbe": {
52 "httpGet": {
53 "scheme": "HTTPS",
54 "host": "{{healthcheck_ip}}",
55 "port": {{secure_port}},
56 "path": "/readyz"
57 },
58 "periodSeconds": 1,
59 "timeoutSeconds": 15
60 },
61 "ports":[
62 {{insecure_port_mapping}}
63 { "name": "https",
64 "containerPort": {{secure_port}},
65 "hostPort": {{secure_port}}}
66 ],
67 "volumeMounts": [
68 {{kms_socket_mount}}
69 {{encryption_provider_mount}}
70 {{cloud_config_mount}}
71 {{additional_cloud_config_mount}}
72 {{webhook_config_mount}}
73 {{webhook_authn_config_mount}}
74 {{csc_config_mount}}
75 {{audit_policy_config_mount}}
76 {{audit_webhook_config_mount}}
77 {{konnectivity_socket_mount}}
78 { "name": "srvkube",
79 "mountPath": "/etc/srv/kubernetes",
80 "readOnly": true},
81 { "name": "logfile",
82 "mountPath": "/var/log/kube-apiserver.log",
83 "readOnly": false},
84 { "name": "auditlogfile",
85 "mountPath": "/var/log/kube-apiserver-audit.log",
86 "readOnly": false},
87 { "name": "etcssl",
88 "mountPath": "/etc/ssl",
89 "readOnly": true},
90 { "name": "usrsharecacerts",
91 "mountPath": "/usr/share/ca-certificates",
92 "readOnly": true},
93 { "name": "varssl",
94 "mountPath": "/var/ssl",
95 "readOnly": true},
96 { "name": "etcopenssl",
97 "mountPath": "/etc/openssl",
98 "readOnly": true},
99 { "name": "etcpki",
100 "mountPath": "/etc/srv/pki",
101 "readOnly": true},
102 { "name": "srvsshproxy",
103 "mountPath": "{{srv_sshproxy_path}}",
104 "readOnly": false}
105 ]
106 }
107],
108"volumes":[
109 {{kms_socket_volume}}
110 {{encryption_provider_volume}}
111 {{cloud_config_volume}}
112 {{additional_cloud_config_volume}}
113 {{webhook_config_volume}}
114 {{webhook_authn_config_volume}}
115 {{csc_config_volume}}
116 {{audit_policy_config_volume}}
117 {{audit_webhook_config_volume}}
118 {{konnectivity_socket_volume}}
119 { "name": "srvkube",
120 "hostPath": {
121 "path": "/etc/srv/kubernetes"}
122 },
123 { "name": "logfile",
124 "hostPath": {
125 "path": "/var/log/kube-apiserver.log",
126 "type": "FileOrCreate"}
127 },
128 { "name": "auditlogfile",
129 "hostPath": {
130 "path": "/var/log/kube-apiserver-audit.log",
131 "type": "FileOrCreate"}
132 },
133 { "name": "etcssl",
134 "hostPath": {
135 "path": "/etc/ssl"}
136 },
137 { "name": "usrsharecacerts",
138 "hostPath": {
139 "path": "/usr/share/ca-certificates"}
140 },
141 { "name": "varssl",
142 "hostPath": {
143 "path": "/var/ssl"}
144 },
145 { "name": "etcopenssl",
146 "hostPath": {
147 "path": "/etc/openssl"}
148 },
149 { "name": "etcpki",
150 "hostPath": {
151 "path": "/etc/srv/pki"}
152 },
153 { "name": "srvsshproxy",
154 "hostPath": {
155 "path": "{{srv_sshproxy_path}}"}
156 }
157]
158}}
View as plain text