c12s-kubespray/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2

apiVersion: v1
kind: Pod
metadata:
  name: kube-controller-manager
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-controller-manager
    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
    command:
    - /hyperkube
    - controller-manager
    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
    - --leader-elect=true
    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
    - --root-ca-file={{ kube_cert_dir }}/ca.pem
    - --v={{ kube_log_level | default('2') }}
{% if cloud_provider is defined and cloud_provider == "openstack" %}
    - --cloud-provider=openstack
    - --cloud-config={{ kube_config_dir }}/cloud_config
{% endif %}
    livenessProbe:
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 10252
      initialDelaySeconds: 30
      timeoutSeconds: 10
    volumeMounts:
    - mountPath: {{ kube_cert_dir }}
      name: ssl-certs-kubernetes
      readOnly: true
    - mountPath: /etc/ssl/certs
      name: ssl-certs-host
      readOnly: true
{% if cloud_provider is defined and cloud_provider == "openstack" %}
    - mountPath: {{ kube_config_dir }}/cloud_config
      name: cloudconfig
      readOnly: true
{% endif %}
  volumes:
  - hostPath:
      path: {{ kube_cert_dir }}
    name: ssl-certs-kubernetes
  - hostPath:
      path: /usr/share/ca-certificates
    name: ssl-certs-host
{% if cloud_provider is defined and cloud_provider == "openstack" %}
  - hostPath:
      path: {{ kube_config_dir }}/cloud_config
    name: cloudconfig
{% endif %}