ansible/roles/kube_master/templates/apiserver.yml

   1 {#
   2 Copyright 2019 Nokia
   3
   4 Licensed under the Apache License, Version 2.0 (the "License");
   5 you may not use this file except in compliance with the License.
   6 You may obtain a copy of the License at
   7
   8     http://www.apache.org/licenses/LICENSE-2.0
   9
  10 Unless required by applicable law or agreed to in writing, software
  11 distributed under the License is distributed on an "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 See the License for the specific language governing permissions and
  14 limitations under the License.
  15 #}
  16 ---
  17 apiVersion: v1
  18 kind: Pod
  19 metadata:
  20   name: kube-apiserver
  21   namespace: kube-system
  22 spec:
  23   hostNetwork: true
  24   containers:
  25     - name: kube-apiserver
  26       image: {{ container_image_names | select('search', '/hyperkube') | list | last }}
  27       securityContext:
  28         runAsUser: {{ caas.uid.kube }}
  29       command:
  30         - "/kube-apiserver"
  31         {{ apiserver_params | to_nice_yaml | indent(8) }}
  32       volumeMounts:
  33         - name: time-mount
  34           mountPath: /etc/localtime
  35           readOnly: true
  36         - name: secret-kubernetes
  37           mountPath: /etc/kubernetes/ssl
  38           readOnly: true
  39         - name: secret-root-ca
  40           mountPath: /etc/openssl/ca.pem
  41           readOnly: true
  42         - name: secret-etcd
  43           mountPath: /etc/etcd/ssl
  44           readOnly: true
  45         - name: audit-kube-apiserver
  46           mountPath: /var/log/audit/kube_apiserver/
  47           readOnly: false
  48         - name: audit-policy-dir
  49           mountPath: {{ caas.caas_policy_directory }}
  50           readOnly: true
  51   volumes:
  52     - name: time-mount
  53       hostPath:
  54         path: /etc/localtime
  55     - name: secret-kubernetes
  56       hostPath:
  57         path: /etc/kubernetes/ssl
  58     - name: secret-root-ca
  59       hostPath:
  60         path: /etc/openssl/ca.pem
  61     - name: secret-etcd
  62       hostPath:
  63         path: /etc/etcd/ssl
  64     - name: audit-kube-apiserver
  65       hostPath:
  66         path: /var/log/audit/kube_apiserver/
  67     - name: audit-policy-dir
  68       hostPath:
  69         path: {{ caas.caas_policy_directory }}