mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-03 02:29:29 +00:00
143 lines
3.8 KiB
Plaintext
143 lines
3.8 KiB
Plaintext
{
|
|
"apiVersion": "v1",
|
|
"kind": "Pod",
|
|
"metadata": {
|
|
"name":"kube-apiserver",
|
|
"namespace": "kube-system",
|
|
"annotations": {
|
|
"scheduler.alpha.kubernetes.io/critical-pod": "",
|
|
"seccomp.security.alpha.kubernetes.io/pod": "docker/default"
|
|
},
|
|
"labels": {
|
|
"tier": "control-plane",
|
|
"component": "kube-apiserver"
|
|
}
|
|
},
|
|
"spec":{
|
|
"hostNetwork": true,
|
|
"containers":[
|
|
{{kms_plugin_container}}
|
|
{
|
|
"name": "kube-apiserver",
|
|
"image": "{{pillar['kube_docker_registry']}}/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}",
|
|
"resources": {
|
|
"requests": {
|
|
"cpu": "250m"
|
|
}
|
|
},
|
|
"command": [
|
|
"/bin/sh",
|
|
"-c",
|
|
"exec /usr/local/bin/kube-apiserver {{params}} --allow-privileged={{pillar['allow_privileged']}} 1>>/var/log/kube-apiserver.log 2>&1"
|
|
],
|
|
{{container_env}}
|
|
"livenessProbe": {
|
|
"httpGet": {
|
|
"host": "127.0.0.1",
|
|
"port": 8080,
|
|
"path": "/healthz"
|
|
},
|
|
"initialDelaySeconds": {{liveness_probe_initial_delay}},
|
|
"timeoutSeconds": 15
|
|
},
|
|
"ports":[
|
|
{ "name": "https",
|
|
"containerPort": {{secure_port}},
|
|
"hostPort": {{secure_port}}},{
|
|
"name": "local",
|
|
"containerPort": 8080,
|
|
"hostPort": 8080}
|
|
],
|
|
"volumeMounts": [
|
|
{{kms_socket_mount}}
|
|
{{encryption_provider_mount}}
|
|
{{cloud_config_mount}}
|
|
{{additional_cloud_config_mount}}
|
|
{{webhook_config_mount}}
|
|
{{webhook_authn_config_mount}}
|
|
{{audit_policy_config_mount}}
|
|
{{audit_webhook_config_mount}}
|
|
{{admission_controller_config_mount}}
|
|
{{image_policy_webhook_config_mount}}
|
|
{ "name": "srvkube",
|
|
"mountPath": "{{srv_kube_path}}",
|
|
"readOnly": true},
|
|
{ "name": "logfile",
|
|
"mountPath": "/var/log/kube-apiserver.log",
|
|
"readOnly": false},
|
|
{ "name": "auditlogfile",
|
|
"mountPath": "/var/log/kube-apiserver-audit.log",
|
|
"readOnly": false},
|
|
{ "name": "etcssl",
|
|
"mountPath": "/etc/ssl",
|
|
"readOnly": true},
|
|
{ "name": "usrsharecacerts",
|
|
"mountPath": "/usr/share/ca-certificates",
|
|
"readOnly": true},
|
|
{ "name": "varssl",
|
|
"mountPath": "/var/ssl",
|
|
"readOnly": true},
|
|
{ "name": "etcopenssl",
|
|
"mountPath": "/etc/openssl",
|
|
"readOnly": true},
|
|
{ "name": "etcpki",
|
|
"mountPath": "/etc/srv/pki",
|
|
"readOnly": true},
|
|
{ "name": "srvsshproxy",
|
|
"mountPath": "{{srv_sshproxy_path}}",
|
|
"readOnly": false}
|
|
]
|
|
}
|
|
],
|
|
"volumes":[
|
|
{{kms_socket_volume}}
|
|
{{encryption_provider_volume}}
|
|
{{cloud_config_volume}}
|
|
{{additional_cloud_config_volume}}
|
|
{{webhook_config_volume}}
|
|
{{webhook_authn_config_volume}}
|
|
{{audit_policy_config_volume}}
|
|
{{audit_webhook_config_volume}}
|
|
{{admission_controller_config_volume}}
|
|
{{image_policy_webhook_config_volume}}
|
|
{ "name": "srvkube",
|
|
"hostPath": {
|
|
"path": "{{srv_kube_path}}"}
|
|
},
|
|
{ "name": "logfile",
|
|
"hostPath": {
|
|
"path": "/var/log/kube-apiserver.log",
|
|
"type": "FileOrCreate"}
|
|
},
|
|
{ "name": "auditlogfile",
|
|
"hostPath": {
|
|
"path": "/var/log/kube-apiserver-audit.log",
|
|
"type": "FileOrCreate"}
|
|
},
|
|
{ "name": "etcssl",
|
|
"hostPath": {
|
|
"path": "/etc/ssl"}
|
|
},
|
|
{ "name": "usrsharecacerts",
|
|
"hostPath": {
|
|
"path": "/usr/share/ca-certificates"}
|
|
},
|
|
{ "name": "varssl",
|
|
"hostPath": {
|
|
"path": "/var/ssl"}
|
|
},
|
|
{ "name": "etcopenssl",
|
|
"hostPath": {
|
|
"path": "/etc/openssl"}
|
|
},
|
|
{ "name": "etcpki",
|
|
"hostPath": {
|
|
"path": "/etc/srv/pki"}
|
|
},
|
|
{ "name": "srvsshproxy",
|
|
"hostPath": {
|
|
"path": "{{srv_sshproxy_path}}"}
|
|
}
|
|
]
|
|
}}
|