Code Review / ta / caas-kubernetes.git / blob
? search:


27d6f264a32cadfdf02a74aa9bcf34b139cb631c
[ta/caas-kubernetes.git] / ansible / roles / kube_master / templates / cm.yml
1 {#
2 Copyright 2019 Nokia
3
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7
8     http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 #}
16 ---
17 apiVersion: v1
18 kind: Pod
19 metadata:
20   name: kube-controller-manager
21   namespace: kube-system
22 spec:
23   hostNetwork: true
24   dnsPolicy: ClusterFirst
25   containers:
26     - name: kube-controller-manager
27       image: {{ container_image_names | select('search', '/hyperkube') | list | last }}
28       securityContext:
29         runAsUser: {{ caas.uid.kube }}
30       command:
31         - "/kube-controller-manager"
32         - "--feature-gates={{ controllermanager_feature_gates | get_kube_options }}"
33         - "--horizontal-pod-autoscaler-use-rest-clients=true"
34         - "--kubeconfig=/etc/kubernetes/kubeconfig/cmc.yml"
35         - "--service-account-private-key-file=/etc/kubernetes/ssl/service-account-key.pem"
36         - "--root-ca-file=/etc/openssl/ca.pem"
37         - "{% if groups['caas_master']|length|int > 1 %}--leader-elect=true{% endif %}"
38         - "--cluster-cidr=10.244.0.0/16"
39         - "--use-service-account-credentials=true"
40         - "--allocate-node-cidrs=true"
41         - "--cluster-signing-cert-file=/etc/openssl/ca.pem"
42         - "--cluster-signing-key-file=/etc/openssl/ca-key.pem"
43       livenessProbe:
44         httpGet:
45           host: 127.0.0.1
46           path: /healthz
47           port: 10252
48         initialDelaySeconds: 15
49         timeoutSeconds: 1
50       volumeMounts:
51         - name: time-mount
52           mountPath: /etc/localtime
53           readOnly: true
54         - name: secret-kubernetes
55           mountPath: /etc/kubernetes/ssl
56           readOnly: true
57         - name: secret-root-ca
58           mountPath: /etc/openssl/ca.pem
59           readOnly: true
60         - name: secret-root-ca-key
61           mountPath: /etc/openssl/ca-key.pem
62           readOnly: true
63         - name: kubeconfig
64           mountPath: /etc/kubernetes/kubeconfig
65           readOnly: true
66   volumes:
67     - name: time-mount
68       hostPath:
69         path: /etc/localtime
70     - name: secret-kubernetes
71       hostPath:
72         path: /etc/kubernetes/ssl
73     - name: secret-root-ca
74       hostPath:
75         path: /etc/openssl/ca.pem
76     - name: secret-root-ca-key
77       hostPath:
78         path: /etc/openssl/ca-key.pem
79     - name: kubeconfig
80       hostPath:
81         path: /etc/kubernetes/kubeconfig
packages, configures, and integrates the major components of the Kubernetes management plane (https://github.com/kubernetes/kubernetes ). Includes the code related to deploying the API server, scheduler, controller-manager, kube-proxy, and kubelet components.