| { |
| "apiVersion": "v1", |
| "kind": "Pod", |
| "metadata": { |
| "name":"kube-apiserver", |
| "namespace": "kube-system", |
| "annotations": { |
| "scheduler.alpha.kubernetes.io/critical-pod": "", |
| "seccomp.security.alpha.kubernetes.io/pod": "docker/default" |
| }, |
| "labels": { |
| "tier": "control-plane", |
| "component": "kube-apiserver" |
| } |
| }, |
| "spec":{ |
| "hostNetwork": true, |
| "containers":[ |
| { |
| "name": "kube-apiserver", |
| "image": "{{pillar['kube_docker_registry']}}/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}", |
| "resources": { |
| "requests": { |
| "cpu": "250m" |
| } |
| }, |
| "command": [ |
| "/bin/sh", |
| "-c", |
| "exec /usr/local/bin/kube-apiserver {{params}} --allow-privileged={{pillar['allow_privileged']}} 1>>/var/log/kube-apiserver.log 2>&1" |
| ], |
| {{container_env}} |
| "livenessProbe": { |
| "httpGet": { |
| "host": "127.0.0.1", |
| "port": 8080, |
| "path": "/healthz?exclude=etcd" |
| }, |
| "initialDelaySeconds": {{liveness_probe_initial_delay}}, |
| "timeoutSeconds": 15 |
| }, |
| "readinessProbe": { |
| "httpGet": { |
| "host": "127.0.0.1", |
| "port": 8080, |
| "path": "/healthz" |
| }, |
| "timeoutSeconds": 15 |
| }, |
| "ports":[ |
| { "name": "https", |
| "containerPort": {{secure_port}}, |
| "hostPort": {{secure_port}}},{ |
| "name": "local", |
| "containerPort": 8080, |
| "hostPort": 8080} |
| ], |
| "volumeMounts": [ |
| {{kms_socket_mount}} |
| {{encryption_provider_mount}} |
| {{cloud_config_mount}} |
| {{additional_cloud_config_mount}} |
| {{webhook_config_mount}} |
| {{webhook_authn_config_mount}} |
| {{audit_policy_config_mount}} |
| {{audit_webhook_config_mount}} |
| {{admission_controller_config_mount}} |
| {{image_policy_webhook_config_mount}} |
| { "name": "srvkube", |
| "mountPath": "/etc/srv/kubernetes", |
| "readOnly": true}, |
| { "name": "logfile", |
| "mountPath": "/var/log/kube-apiserver.log", |
| "readOnly": false}, |
| { "name": "auditlogfile", |
| "mountPath": "/var/log/kube-apiserver-audit.log", |
| "readOnly": false}, |
| { "name": "etcssl", |
| "mountPath": "/etc/ssl", |
| "readOnly": true}, |
| { "name": "usrsharecacerts", |
| "mountPath": "/usr/share/ca-certificates", |
| "readOnly": true}, |
| { "name": "varssl", |
| "mountPath": "/var/ssl", |
| "readOnly": true}, |
| { "name": "etcopenssl", |
| "mountPath": "/etc/openssl", |
| "readOnly": true}, |
| { "name": "etcpki", |
| "mountPath": "/etc/srv/pki", |
| "readOnly": true}, |
| { "name": "srvsshproxy", |
| "mountPath": "{{srv_sshproxy_path}}", |
| "readOnly": false} |
| ] |
| } |
| ], |
| "volumes":[ |
| {{kms_socket_volume}} |
| {{encryption_provider_volume}} |
| {{cloud_config_volume}} |
| {{additional_cloud_config_volume}} |
| {{webhook_config_volume}} |
| {{webhook_authn_config_volume}} |
| {{audit_policy_config_volume}} |
| {{audit_webhook_config_volume}} |
| {{admission_controller_config_volume}} |
| {{image_policy_webhook_config_volume}} |
| { "name": "srvkube", |
| "hostPath": { |
| "path": "/etc/srv/kubernetes"} |
| }, |
| { "name": "logfile", |
| "hostPath": { |
| "path": "/var/log/kube-apiserver.log", |
| "type": "FileOrCreate"} |
| }, |
| { "name": "auditlogfile", |
| "hostPath": { |
| "path": "/var/log/kube-apiserver-audit.log", |
| "type": "FileOrCreate"} |
| }, |
| { "name": "etcssl", |
| "hostPath": { |
| "path": "/etc/ssl"} |
| }, |
| { "name": "usrsharecacerts", |
| "hostPath": { |
| "path": "/usr/share/ca-certificates"} |
| }, |
| { "name": "varssl", |
| "hostPath": { |
| "path": "/var/ssl"} |
| }, |
| { "name": "etcopenssl", |
| "hostPath": { |
| "path": "/etc/openssl"} |
| }, |
| { "name": "etcpki", |
| "hostPath": { |
| "path": "/etc/srv/pki"} |
| }, |
| { "name": "srvsshproxy", |
| "hostPath": { |
| "path": "{{srv_sshproxy_path}}"} |
| } |
| ] |
| }} |