X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fkube_master%2Ftemplates%2Fapiserver.yml;fp=ansible%2Froles%2Fkube_master%2Ftemplates%2Fapiserver.yml;h=d083f1c861e6aefc5466c7064c54c1b9d4460ff2;hb=8321feb501701dcb4023e3c052cb6a982d5db3fa;hp=0000000000000000000000000000000000000000;hpb=5c0c2acd0caea77595026e996555547312518395;p=ta%2Fcaas-kubernetes.git

diff --git a/ansible/roles/kube_master/templates/apiserver.yml b/ansible/roles/kube_master/templates/apiserver.yml
new file mode 100644
index 0000000..d083f1c
--- /dev/null
+++ b/ansible/roles/kube_master/templates/apiserver.yml
@@ -0,0 +1,63 @@
+{#
+Copyright 2019 Nokia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+#}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kube-apiserver
+  namespace: kube-system
+spec:
+  hostNetwork: true
+  containers:
+    - name: kube-apiserver
+      image: {{ container_image_names | select('search', '/hyperkube') | list | last }}
+      securityContext:
+        runAsUser: {{ caas.uid.kube }}
+      command:
+        - "/kube-apiserver"
+        {{ apiserver_params | to_nice_yaml | indent(8) }}
+      volumeMounts:
+        - name: secret-kubernetes
+          mountPath: /etc/kubernetes/ssl
+          readOnly: true
+        - name: secret-root-ca
+          mountPath: /etc/openssl/ca.pem
+          readOnly: true
+        - name: secret-etcd
+          mountPath: /etc/etcd/ssl
+          readOnly: true
+        - name: audit-kube-apiserver
+          mountPath: /var/log/audit/kube_apiserver/
+          readOnly: false
+        - name: audit-policy-dir
+          mountPath: {{ caas.caas_policy_directory }}
+          readOnly: true
+  volumes:
+    - name: secret-kubernetes
+      hostPath:
+        path: /etc/kubernetes/ssl
+    - name: secret-root-ca
+      hostPath:
+        path: /etc/openssl/ca.pem
+    - name: secret-etcd
+      hostPath:
+        path: /etc/etcd/ssl
+    - name: audit-kube-apiserver
+      hostPath:
+        path: /var/log/audit/kube_apiserver/
+    - name: audit-policy-dir
+      hostPath:
+        path: {{ caas.caas_policy_directory }}