| apiVersion: v1 |
| kind: Pod |
| metadata: |
| name: kube-aggregator |
| namespace: kube-public |
| spec: |
| hostNetwork: true |
| containers: |
| - name: kube-aggregator |
| image: kube-aggregator |
| imagePullPolicy: IfNotPresent |
| args: |
| - "/usr/local/bin/kube-aggregator" |
| - "--secure-port=9443" |
| - "--kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig" |
| - "--authentication-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig" |
| - "--authorization-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig" |
| - "--proxy-client-cert-file=/var/run/auth-proxy-client/client-auth-proxy.crt" |
| - "--proxy-client-key-file=/var/run/auth-proxy-client/client-auth-proxy.key" |
| - "--tls-cert-file=/var/run/serving-cert/serving-kube-aggregator.crt" |
| - "--tls-private-key-file=/var/run/serving-cert/serving-kube-aggregator.key" |
| - "--client-ca-file=/var/run/client-ca/client-ca.crt" |
| - "--requestheader-username-headers=X-Remote-User" |
| - "--requestheader-group-headers=X-Remote-Group" |
| - "--requestheader-extra-headers-prefix=X-Remote-Extra-" |
| - "--requestheader-client-ca-file=/var/run/request-header-ca/request-header-ca.crt" |
| - "--etcd-servers=http://127.0.0.1:2379" |
| ports: |
| - containerPort: 9443 |
| hostPort: 9443 |
| volumeMounts: |
| - mountPath: /var/run/request-header-ca |
| name: volume-request-header-ca |
| readOnly: true |
| - mountPath: /var/run/client-ca |
| name: volume-client-ca |
| readOnly: true |
| - mountPath: /var/run/auth-proxy-client |
| name: volume-auth-proxy-client |
| readOnly: true |
| - mountPath: /var/run/etcd-client-cert |
| name: volume-etcd-client-cert |
| readOnly: true |
| - mountPath: /var/run/serving-ca |
| name: volume-serving-ca |
| readOnly: true |
| - mountPath: /var/run/serving-cert |
| name: volume-serving-cert |
| readOnly: true |
| - mountPath: /var/run/etcd-ca |
| name: volume-etcd-ca |
| readOnly: true |
| - mountPath: /var/run/auth-client |
| name: volume-auth-client |
| readOnly: true |
| volumes: |
| - name: volume-request-header-ca |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-client-ca |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-auth-proxy-client |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-etcd-client-cert |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-serving-cert |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-serving-ca |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-etcd-ca |
| hostPath: |
| path: /var/run/kubernetes/ |
| - name: volume-auth-client |
| hostPath: |
| path: /var/run/kubernetes/ |