523c9d77df
Fix unreliable waiting for the apiserver to become ready. Remove logfile mount to align with the rest of static pods and because containers shall write logs to stdout only. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
77 lines
2.7 KiB
Django/Jinja
77 lines
2.7 KiB
Django/Jinja
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-apiserver
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: kube-apiserver
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-apiserver
|
|
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
|
command:
|
|
- /hyperkube
|
|
- apiserver
|
|
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
|
- --etcd-servers={{ etcd_access_endpoint }}
|
|
- --etcd-quorum-read=true
|
|
- --etcd-cafile={{ etcd_cert_dir }}/ca.pem
|
|
- --etcd-certfile={{ etcd_cert_dir }}/node.pem
|
|
- --etcd-keyfile={{ etcd_cert_dir }}/node-key.pem
|
|
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
|
|
- --apiserver-count={{ kube_apiserver_count }}
|
|
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
|
|
- --service-cluster-ip-range={{ kube_service_addresses }}
|
|
- --service-node-port-range={{ kube_apiserver_node_port_range }}
|
|
- --client-ca-file={{ kube_cert_dir }}/ca.pem
|
|
- --basic-auth-file={{ kube_users_dir }}/known_users.csv
|
|
- --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
|
|
- --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
|
- --token-auth-file={{ kube_token_dir }}/known_tokens.csv
|
|
- --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
|
- --secure-port={{ kube_apiserver_port }}
|
|
- --insecure-port={{ kube_apiserver_insecure_port }}
|
|
{% if kube_api_runtime_config is defined %}
|
|
{% for conf in kube_api_runtime_config %}
|
|
- --runtime-config={{ conf }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if enable_network_policy is defined and enable_network_policy == True %}
|
|
- --runtime-config=extensions/v1beta1/networkpolicies=true
|
|
{% endif %}
|
|
- --v={{ kube_log_level | default('2') }}
|
|
- --allow-privileged=true
|
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
|
- --cloud-provider={{ cloud_provider }}
|
|
- --cloud-config={{ kube_config_dir }}/cloud_config
|
|
{% elif cloud_provider is defined and cloud_provider == "aws" %}
|
|
- --cloud-provider={{ cloud_provider }}
|
|
{% endif %}
|
|
livenessProbe:
|
|
httpGet:
|
|
host: 127.0.0.1
|
|
path: /healthz
|
|
port: 8080
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 10
|
|
volumeMounts:
|
|
- mountPath: {{ kube_config_dir }}
|
|
name: kubernetes-config
|
|
readOnly: true
|
|
- mountPath: /etc/ssl/certs
|
|
name: ssl-certs-host
|
|
readOnly: true
|
|
- mountPath: {{ etcd_cert_dir }}
|
|
name: etcd-certs
|
|
readOnly: true
|
|
volumes:
|
|
- hostPath:
|
|
path: {{ kube_config_dir }}
|
|
name: kubernetes-config
|
|
- hostPath:
|
|
path: /etc/ssl/certs/
|
|
name: ssl-certs-host
|
|
- hostPath:
|
|
path: {{ etcd_cert_dir }}
|
|
name: etcd-certs
|