46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-apiserver
|
|
namespace: kube-system
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-apiserver
|
|
image: quay.io/coreos/hyperkube:HYPERKUBE_VERSION
|
|
command:
|
|
- /hyperkube
|
|
- apiserver
|
|
- --bind-address=0.0.0.0
|
|
- --etcd-servers=http://127.0.0.1:2379
|
|
- --allow-privileged=true
|
|
- --service-cluster-ip-range=PORTAL_NET
|
|
- --secure-port=443
|
|
- --advertise-address=ADVERTISE_IP
|
|
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota
|
|
- --tls-cert-file=/etc/kubernetes/ssl/controller.pem
|
|
- --tls-private-key-file=/etc/kubernetes/ssl/controller-key.pem
|
|
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
|
|
- --service-account-key-file=/etc/kubernetes/ssl/controller-key.pem
|
|
ports:
|
|
- containerPort: 443
|
|
hostPort: 443
|
|
name: https
|
|
- containerPort: 8080
|
|
hostPort: 8080
|
|
name: local
|
|
volumeMounts:
|
|
- mountPath: /etc/kubernetes/ssl
|
|
name: ssl-certs-kubernetes
|
|
readOnly: true
|
|
- mountPath: /etc/ssl/certs
|
|
name: ssl-certs-host
|
|
readOnly: true
|
|
volumes:
|
|
- hostPath:
|
|
path: /etc/kubernetes/ssl
|
|
name: ssl-certs-kubernetes
|
|
- hostPath:
|
|
path: /usr/share/ca-certificates
|
|
name: ssl-certs-host
|