config/static-pods/master/controller-manager.yaml

apiVersion: v1
kind: Pod
metadata:
  namespace: kube-system
  name: k8s-controller-manager
  annotations:
    novit.io/bootstrap-prio: "500"
  labels:
    component: k8s-controller-manager
    tier: control-plane
spec:
    hostNetwork: true
    dnsPolicy: Default
    priorityClassName: system-cluster-critical
    automountServiceAccountToken: false
    tolerations:
    - key: node.kubernetes.io/not-ready
      effect: NoSchedule
    containers:
    - name: controller-manager
      image: {{ .vars.k8s_registry}}/kube-controller-manager:{{ .vars.kubernetes_version }}
      command:
      - kube-controller-manager
      - --cluster-signing-cert-file=/tls-ca/cluster/ca.crt
      - --cluster-signing-key-file=/tls-ca/cluster/ca.key
      - --root-ca-file=/tls-ca/cluster/ca.crt
      - --service-account-private-key-file=/tls-ca/service-accounts/ca.key
      - --kubeconfig=/run/k8s/kubeconfig
      - --allocate-node-cidrs
      - --cluster-cidr={{ .cluster.subnets.pods }}
      - --node-cidr-mask-size=24
      - --controllers=*,bootstrapsigner,tokencleaner
      - --authentication-kubeconfig=/run/k8s/kubeconfig
      - --authorization-kubeconfig=/run/k8s/kubeconfig
{{ if .vars.control_plane.reserve_resources }}
      resources:
        requests:
          cpu: 100m
          memory: 320Mi
{{ end }}
      volumeMounts:
      - name: config
        mountPath: /run/k8s
      - name: etc-k8s
        mountPath: /etc/kubernetes
      - name: certs
        mountPath: /etc/ssl/certs
      - name: ca-cluster
        mountPath: /tls-ca/cluster
      - name: ca-service-accounts
        mountPath: /tls-ca/service-accounts
      - name: tls-cluster-client
        mountPath: /etc/tls/cluster-client
      livenessProbe:
          httpGet:
              scheme: HTTPS
              host: 127.0.0.1
              port: 10257
              path: /healthz
          initialDelaySeconds: 15
          timeoutSeconds: 15
          failureThreshold: 8
    volumes:
    - name: config
      hostPath:
        path: /etc/kubernetes/control-plane
    - name: etc-k8s
      hostPath:
          path: /etc/kubernetes
    - name: ca-cluster
      hostPath:
          path: /etc/tls-ca/cluster
    - name: ca-service-accounts
      hostPath:
          path: /etc/tls-ca/service-accounts
    - name: certs
      hostPath:
        path: /var/lib/kubelet/certs
    - name: tls-cluster-client
      hostPath:
        path: /etc/tls/cluster-client