{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name":"kube-apiserver",
"namespace": "kube-system",
"labels": {
"tier": "control-plane",
"component": "kube-apiserver"
}
},
"spec":{
"securityContext": {
{{runAsUser}}
{{runAsGroup}}
{{supplementalGroups}}
"seccompProfile": {
"type": "RuntimeDefault"
}
},
"priorityClassName": "system-node-critical",
"priority": 2000001000,
"hostNetwork": true,
"containers":[
{
"name": "kube-apiserver",
{{containerSecurityContext}}
"image": "{{pillar['kube_docker_registry']}}/kube-apiserver-amd64:{{pillar['kube-apiserver_docker_tag']}}",
"resources": {
"requests": {
"cpu": "250m"
}
},
"command": [
"/go-runner", "--log-file=/var/log/kube-apiserver.log", "--also-stdout=false", "--redirect-stderr=true",
"/usr/local/bin/kube-apiserver",
"--allow-privileged={{pillar['allow_privileged']}}",
{{params}}
],
{{container_env}}
"livenessProbe": {
"httpGet": {
"scheme": "HTTPS",
"host": "{{healthcheck_ip}}",
"port": {{secure_port}},
"path": "/livez?exclude=etcd&exclude=kms-provider-0&exclude=kms-provider-1"
},
"initialDelaySeconds": {{liveness_probe_initial_delay}},
"timeoutSeconds": 15
},
"readinessProbe": {
"httpGet": {
"scheme": "HTTPS",
"host": "{{healthcheck_ip}}",
"port": {{secure_port}},
"path": "/readyz"
},
"periodSeconds": 1,
"timeoutSeconds": 15
},
"ports":[
{{insecure_port_mapping}}
{ "name": "https",
"containerPort": {{secure_port}},
"hostPort": {{secure_port}}}
],
"volumeMounts": [
{{kms_socket_mount}}
{{encryption_provider_mount}}
{{cloud_config_mount}}
{{additional_cloud_config_mount}}
{{webhook_config_mount}}
{{webhook_authn_config_mount}}
{{csc_config_mount}}
{{audit_policy_config_mount}}
{{audit_webhook_config_mount}}
{{konnectivity_socket_mount}}
{ "name": "srvkube",
"mountPath": "/etc/srv/kubernetes",
"readOnly": true},
{ "name": "logfile",
"mountPath": "/var/log/kube-apiserver.log",
"readOnly": false},
{ "name": "auditlogfile",
"mountPath": "/var/log/kube-apiserver-audit.log",
"readOnly": false},
{ "name": "etcssl",
"mountPath": "/etc/ssl",
"readOnly": true},
{ "name": "usrsharecacerts",
"mountPath": "/usr/share/ca-certificates",
"readOnly": true},
{ "name": "varssl",
"mountPath": "/var/ssl",
"readOnly": true},
{ "name": "etcopenssl",
"mountPath": "/etc/openssl",
"readOnly": true},
{ "name": "etcpki",
"mountPath": "/etc/srv/pki",
"readOnly": true},
{ "name": "srvsshproxy",
"mountPath": "{{srv_sshproxy_path}}",
"readOnly": false}
]
}
],
"volumes":[
{{kms_socket_volume}}
{{encryption_provider_volume}}
{{cloud_config_volume}}
{{additional_cloud_config_volume}}
{{webhook_config_volume}}
{{webhook_authn_config_volume}}
{{csc_config_volume}}
{{audit_policy_config_volume}}
{{audit_webhook_config_volume}}
{{konnectivity_socket_volume}}
{ "name": "srvkube",
"hostPath": {
"path": "/etc/srv/kubernetes"}
},
{ "name": "logfile",
"hostPath": {
"path": "/var/log/kube-apiserver.log",
"type": "FileOrCreate"}
},
{ "name": "auditlogfile",
"hostPath": {
"path": "/var/log/kube-apiserver-audit.log",
"type": "FileOrCreate"}
},
{ "name": "etcssl",
"hostPath": {
"path": "/etc/ssl"}
},
{ "name": "usrsharecacerts",
"hostPath": {
"path": "/usr/share/ca-certificates"}
},
{ "name": "varssl",
"hostPath": {
"path": "/var/ssl"}
},
{ "name": "etcopenssl",
"hostPath": {
"path": "/etc/openssl"}
},
{ "name": "etcpki",
"hostPath": {
"path": "/etc/srv/pki"}
},
{ "name": "srvsshproxy",
"hostPath": {
"path": "{{srv_sshproxy_path}}"}
}
]
}}
Codebase Browser
kubernetes