Code Review / ta / caas-kubernetes.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Manifest update
[ta/caas-kubernetes.git] / ansible / roles / kube_master / templates / cm.yml
1 {#
2 Copyright 2019 Nokia
3
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7
8     http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 #}
16 ---
17 apiVersion: v1
18 kind: Pod
19 metadata:
20   name: kube-controller-manager
21   namespace: kube-system
22 spec:
23   hostNetwork: true
24   dnsPolicy: ClusterFirst
25   containers:
26     - name: kube-controller-manager
27       image: {{ container_image_names | select('search', '/hyperkube') | list | last }}
28       securityContext:
29         runAsUser: {{ caas.uid.kube }}
30       command:
31         - "/kube-controller-manager"
32         - "--feature-gates={{ controllermanager_feature_gates | get_kube_options }}"
33         - "--horizontal-pod-autoscaler-use-rest-clients=true"
34         - "--kubeconfig=/etc/kubernetes/kubeconfig/cmc.yml"
35         - "--service-account-private-key-file=/etc/kubernetes/ssl/service-account-key.pem"
36         - "--root-ca-file=/etc/openssl/ca.pem"
37         - "{% if groups['caas_master']|length|int > 1 %}--leader-elect=true{% endif %}"
38         - "--cluster-cidr=10.244.0.0/16"
39         - "--use-service-account-credentials=true"
40         - "--allocate-node-cidrs=true"
41         - "--cluster-signing-cert-file=/etc/openssl/ca.pem"
42         - "--cluster-signing-key-file=/etc/openssl/ca-key.pem"
43       livenessProbe:
44         httpGet:
45           host: 127.0.0.1
46           path: /healthz
47           port: 10252
48         initialDelaySeconds: 15
49         timeoutSeconds: 1
50       resources:
51         requests:
52           cpu: "10m"
53       volumeMounts:
54         - name: time-mount
55           mountPath: /etc/localtime
56           readOnly: true
57         - name: secret-kubernetes
58           mountPath: /etc/kubernetes/ssl
59           readOnly: true
60         - name: secret-root-ca
61           mountPath: /etc/openssl/ca.pem
62           readOnly: true
63         - name: secret-root-ca-key
64           mountPath: /etc/openssl/ca-key.pem
65           readOnly: true
66         - name: kubeconfig
67           mountPath: /etc/kubernetes/kubeconfig
68           readOnly: true
69   volumes:
70     - name: time-mount
71       hostPath:
72         path: /etc/localtime
73     - name: secret-kubernetes
74       hostPath:
75         path: /etc/kubernetes/ssl
76     - name: secret-root-ca
77       hostPath:
78         path: /etc/openssl/ca.pem
79     - name: secret-root-ca-key
80       hostPath:
81         path: /etc/openssl/ca-key.pem
82     - name: kubeconfig
83       hostPath:
84         path: /etc/kubernetes/kubeconfig
packages, configures, and integrates the major components of the Kubernetes management plane (https://github.com/kubernetes/kubernetes ). Includes the code related to deploying the API server, scheduler, controller-manager, kube-proxy, and kubelet components.