config/static-pods/master/controller-manager.yaml

83 lines
2.4 KiB
YAML
Raw Normal View History

2023-05-15 14:36:48 +00:00
apiVersion: v1
kind: Pod
metadata:
namespace: kube-system
name: k8s-controller-manager
annotations:
novit.io/bootstrap-prio: "500"
labels:
component: k8s-controller-manager
tier: control-plane
spec:
hostNetwork: true
dnsPolicy: Default
priorityClassName: system-cluster-critical
automountServiceAccountToken: false
tolerations:
- key: node.kubernetes.io/not-ready
effect: NoSchedule
containers:
- name: controller-manager
image: {{ .vars.k8s_registry}}/kube-controller-manager:{{ .vars.kubernetes_version }}
command:
- kube-controller-manager
- --cluster-signing-cert-file=/tls-ca/cluster/ca.crt
- --cluster-signing-key-file=/tls-ca/cluster/ca.key
- --root-ca-file=/tls-ca/cluster/ca.crt
- --service-account-private-key-file=/tls-ca/service-accounts/ca.key
- --kubeconfig=/run/k8s/kubeconfig
- --allocate-node-cidrs
- --cluster-cidr={{ .cluster.subnets.pods }}
- --node-cidr-mask-size=24
- --controllers=*,bootstrapsigner,tokencleaner
- --authentication-kubeconfig=/run/k8s/kubeconfig
- --authorization-kubeconfig=/run/k8s/kubeconfig
{{ if .vars.control_plane.reserve_resources }}
resources:
requests:
cpu: 100m
memory: 320Mi
{{ end }}
volumeMounts:
- name: config
mountPath: /run/k8s
- name: etc-k8s
mountPath: /etc/kubernetes
- name: certs
mountPath: /etc/ssl/certs
- name: ca-cluster
mountPath: /tls-ca/cluster
- name: ca-service-accounts
mountPath: /tls-ca/service-accounts
- name: tls-cluster-client
mountPath: /etc/tls/cluster-client
livenessProbe:
httpGet:
scheme: HTTPS
host: 127.0.0.1
port: 10257
path: /healthz
initialDelaySeconds: 15
timeoutSeconds: 15
failureThreshold: 8
volumes:
- name: config
hostPath:
path: /etc/kubernetes/control-plane
- name: etc-k8s
hostPath:
path: /etc/kubernetes
- name: ca-cluster
hostPath:
path: /etc/tls-ca/cluster
- name: ca-service-accounts
hostPath:
path: /etc/tls-ca/service-accounts
- name: certs
hostPath:
path: /var/lib/kubelet/certs
- name: tls-cluster-client
hostPath:
path: /etc/tls/cluster-client