Code Review / ta / caas-kubernetes.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Added seed code for caas-kubernetes.
[ta/caas-kubernetes.git] / ansible / roles / kube_master / templates / cm.yml
1 {#
2 Copyright 2019 Nokia
3
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7
8     http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 #}
16 ---
17 apiVersion: v1
18 kind: Pod
19 metadata:
20   name: kube-controller-manager
21   namespace: kube-system
22 spec:
23   hostNetwork: true
24   dnsPolicy: ClusterFirst
25   containers:
26     - name: kube-controller-manager
27       image: {{ container_image_names | select('search', '/hyperkube') | list | last }}
28       securityContext:
29         runAsUser: {{ caas.uid.kube }}
30       command:
31         - "/kube-controller-manager"
32         - "--feature-gates={{ controllermanager_feature_gates | get_kube_options }}"
33         - "--horizontal-pod-autoscaler-use-rest-clients=true"
34         - "--kubeconfig=/etc/kubernetes/kubeconfig/cmc.yml"
35         - "--service-account-private-key-file=/etc/kubernetes/ssl/service-account-key.pem"
36         - "--root-ca-file=/etc/openssl/ca.pem"
37         - "{% if groups['caas_master']|length|int > 1 %}--leader-elect=true{% endif %}"
38         - "--cluster-cidr=10.244.0.0/16"
39         - "--use-service-account-credentials=true"
40         - "--allocate-node-cidrs=true"
41         - "--cluster-signing-cert-file=/etc/openssl/ca.pem"
42         - "--cluster-signing-key-file=/etc/openssl/ca-key.pem"
43       livenessProbe:
44         httpGet:
45           host: 127.0.0.1
46           path: /healthz
47           port: 10252
48         initialDelaySeconds: 15
49         timeoutSeconds: 1
50       volumeMounts:
51         - name: secret-kubernetes
52           mountPath: /etc/kubernetes/ssl
53           readOnly: true
54         - name: secret-root-ca
55           mountPath: /etc/openssl/ca.pem
56           readOnly: true
57         - name: secret-root-ca-key
58           mountPath: /etc/openssl/ca-key.pem
59           readOnly: true
60         - name: kubeconfig
61           mountPath: /etc/kubernetes/kubeconfig
62           readOnly: true
63   volumes:
64     - name: secret-kubernetes
65       hostPath:
66         path: /etc/kubernetes/ssl
67     - name: secret-root-ca
68       hostPath:
69         path: /etc/openssl/ca.pem
70     - name: secret-root-ca-key
71       hostPath:
72         path: /etc/openssl/ca-key.pem
73     - name: kubeconfig
74       hostPath:
75         path: /etc/kubernetes/kubeconfig
packages, configures, and integrates the major components of the Kubernetes management plane (https://github.com/kubernetes/kubernetes ). Includes the code related to deploying the API server, scheduler, controller-manager, kube-proxy, and kubelet components.