apiVersion: v1 kind: Pod metadata: name: kube-controller-manager namespace: kube-system spec: hostNetwork: true containers: - name: kube-controller-manager image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} command: - /hyperkube - controller-manager {% if kube_controller_insecure %} - --master={{ kube_apiserver_insecure_endpoint }} {% else %} - --master={{ kube_apiserver_endpoint }} {% endif %} - --leader-elect=true - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - --root-ca-file={{ kube_cert_dir }}/ca.pem - --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }} - --v={{ kube_log_level | default('2') }} {% if cloud_provider is defined and cloud_provider == "openstack" %} - --cloud-provider=openstack - --cloud-config={{ kube_config_dir }}/cloud_config {% endif %} livenessProbe: httpGet: host: 127.0.0.1 path: /healthz port: 10252 initialDelaySeconds: 30 timeoutSeconds: 10 volumeMounts: - mountPath: {{ kube_cert_dir }} name: ssl-certs-kubernetes readOnly: true - mountPath: /etc/ssl/certs name: ssl-certs-host readOnly: true {% if cloud_provider is defined and cloud_provider == "openstack" %} - mountPath: {{ kube_config_dir }}/cloud_config name: cloudconfig readOnly: true {% endif %} volumes: - hostPath: path: {{ kube_cert_dir }} name: ssl-certs-kubernetes - hostPath: path: /etc/ssl/certs/ name: ssl-certs-host {% if cloud_provider is defined and cloud_provider == "openstack" %} - hostPath: path: {{ kube_config_dir }}/cloud_config name: cloudconfig {% endif %}