kind: ReplicationController
apiVersion: v1
metadata:
name: kube-aggregator
labels:
kube-aggregator: "true"
spec:
replicas: 1
selector:
kube-aggregator: "true"
template:
metadata:
labels:
kube-aggregator: "true"
spec:
containers:
- name: kube-aggregator
image: kube-aggregator:latest
imagePullPolicy: Never
livenessProbe:
failureThreshold: 3
httpGet:
path: /version
port: 443
scheme: HTTPS
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /version
port: 443
scheme: HTTPS
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
args:
- "--proxy-client-cert-file=/var/run/auth-proxy-client/tls.crt"
- "--proxy-client-key-file=/var/run/auth-proxy-client/tls.key"
- "--tls-cert-file=/var/run/serving-cert/tls.crt"
- "--tls-private-key-file=/var/run/serving-cert/tls.key"
- "--etcd-servers=https://etcd.kube-public.svc:4001"
- "--etcd-certfile=/var/run/etcd-client-cert/tls.crt"
- "--etcd-keyfile=/var/run/etcd-client-cert/tls.key"
- "--etcd-cafile=/var/run/etcd-ca/ca.crt"
ports:
- containerPort: 443
volumeMounts:
- mountPath: /var/run/request-header-ca
name: volume-request-header-ca
- mountPath: /var/run/client-ca
name: volume-client-ca
- mountPath: /var/run/auth-proxy-client
name: volume-auth-proxy-client
- mountPath: /var/run/etcd-client-cert
name: volume-etcd-client-cert
- mountPath: /var/run/serving-ca
name: volume-serving-ca
- mountPath: /var/run/serving-cert
name: volume-serving-cert
- mountPath: /var/run/etcd-ca
name: volume-etcd-ca
serviceAccountName: kube-aggregator
volumes:
- configMap:
defaultMode: 420
name: request-header-ca
name: volume-request-header-ca
- configMap:
defaultMode: 420
name: client-ca
name: volume-client-ca
- name: volume-auth-proxy-client
secret:
defaultMode: 420
secretName: auth-proxy-client
- name: volume-etcd-client-cert
secret:
defaultMode: 420
secretName: kube-aggregator-etcd
- name: volume-serving-cert
secret:
defaultMode: 420
secretName: serving-kube-aggregator
- configMap:
defaultMode: 420
name: kube-aggregator-ca
name: volume-serving-ca
- configMap:
defaultMode: 420
name: etcd-ca
name: volume-etcd-ca