{
  "kind": "Pod",
  "apiVersion": "v1",
  "metadata": {
    "name": "kube-apiserver",
    "namespace": "kube-system",
    "creationTimestamp": null,
    "labels": {
      "component": "kube-apiserver",
      "tier": "control-plane"
    }
  },
  "spec": {
    "volumes": [
      {
        "name": "certs",
        "hostPath": {
          "path": "/etc/ssl/certs"
        }
      },
      {
        "name": "pki",
        "hostPath": {
        "path": "{{ kube_config_dir }}"
        }
      }
    ],
    "containers": [
      {
        "name": "kube-apiserver",
        "image": "{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}",
        "command": [
          "/hyperkube",
          "apiserver",
          "--v={{ kube_log_level | default('2') }}",
          "--advertise-address={{ ip | default(ansible_default_ipv4.address) }}",
          "--apiserver-count={{ kube_apiserver_count }}",
          "--insecure-bind-address={{ kube_apiserver_insecure_bind_address }}",
          "--etcd-servers={{ etcd_access_endpoint }}",
          "--etcd-quorum-read=true",
          "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
          "--service-cluster-ip-range={{ kube_service_addresses }}",
          "--service-account-key-file={{ kubeadm_certs_dir }}/apiserver-key.pem",
          "--client-ca-file={{ kubeadm_certs_dir }}/ca.pem",
          "--tls-cert-file={{ kubeadm_certs_dir }}/apiserver.pem",
          "--tls-private-key-file={{ kubeadm_certs_dir }}/apiserver-key.pem",
          "--token-auth-file={{ kubeadm_certs_dir }}/tokens.csv",
          "--basic-auth-file={{ kubeadm_certs_dir }}/tokens.csv",
          "--secure-port={{ kube_apiserver_port }}",
{% if kube_api_runtime_config is defined %}
{%   for conf in kube_api_runtime_config %}
          "--runtime-config={{ conf }}",
{%   endfor %}
{% endif %}
{% if enable_network_policy is defined and enable_network_policy == True %}
         "--runtime-config=extensions/v1beta1/networkpolicies=true",
{% endif %}
         "--v={{ kube_log_level | default('2') }}",
         "--allow-privileged=true",
{% if cloud_provider is defined and cloud_provider == "openstack" %}
         "--cloud-provider={{ cloud_provider }}",
         "--cloud-config={{ kube_config_dir }}/cloud_config",
{% elif cloud_provider is defined and cloud_provider == "aws" %}
         "--cloud-provider={{ cloud_provider }},"
{% endif %}
          "--insecure-port={{ kube_apiserver_insecure_port }}"
        ],
        "resources": {
          "requests": {
            "cpu": "250m"
          }
        },
        "volumeMounts": [
          {
            "name": "certs",
            "mountPath": "/etc/ssl/certs"
          },
          {
            "name": "pki",
            "readOnly": true,
            "mountPath": "{{ kube_config_dir }}"
          }
        ],
        "livenessProbe": {
          "httpGet": {
            "path": "/healthz",
            "port": {{ kube_apiserver_insecure_port }},
            "host": "{{ kube_apiserver_insecure_bind_address }}"
          },
          "initialDelaySeconds": 15,
          "timeoutSeconds": 15
        }
      }
    ],
    "hostNetwork": true
  },
  "status": {}
}