apiVersion: v1 kind: Pod metadata: name: kube-controller-manager namespace: {{system_namespace}} labels: k8s-app: kube-controller spec: hostNetwork: true containers: - name: kube-controller-manager image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} securityContext: runAsUser: {{ kubelet_user_id }} fsGroup: {{ kubelet_group_id }} supplementalGroups: - {{ kube_cert_group_id }} - {{ etcd_cert_group_id }} capabilities: drop: {% for c in apps_drop_cap %} - {{ c.upper() }} {% endfor %} resources: limits: cpu: {{ kube_controller_cpu_limit }} memory: {{ kube_controller_memory_limit }} requests: cpu: {{ kube_controller_cpu_requests }} memory: {{ kube_controller_memory_requests }} command: - /hyperkube - controller-manager - --master={{ kube_apiserver_endpoint }} - --leader-elect=true - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - --root-ca-file={{ kube_cert_dir }}/ca.pem - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem - --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }} - --v={{ kube_log_level }} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %} - --cloud-provider={{cloud_provider}} - --cloud-config={{ kube_config_dir }}/cloud_config {% elif cloud_provider is defined and cloud_provider == "aws" %} - --cloud-provider={{cloud_provider}} {% endif %} {% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %} - --allocate-node-cidrs=true - --configure-cloud-routes=true - --cluster-cidr={{ kube_pods_subnet }} {% endif %} livenessProbe: httpGet: host: 127.0.0.1 path: /healthz port: 10252 initialDelaySeconds: 30 timeoutSeconds: 10 volumeMounts: - mountPath: {{ kube_cert_dir }} name: ssl-certs-kubernetes readOnly: true {% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %} - mountPath: {{ kube_config_dir }}/cloud_config name: cloudconfig readOnly: true {% endif %} volumes: - hostPath: path: {{ kube_cert_dir }} name: ssl-certs-kubernetes {% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %} - hostPath: path: {{ kube_config_dir }}/cloud_config name: cloudconfig {% endif %}