手动搭建Kubernetes1.8高可用集群(4)Master-BravePro
apiVersion: v1 kind: Podmetadata:
name: kube-apiserver
namespace: kube-system
labels:
k8s-app: kube-apiserver
kubespray: v2
spec:
hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: kube-apiserver
image: gcr.io/google_containers/hyperkube:v1.8.3
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 800m
memory: 2000M
requests:
cpu: 100m
memory: 256M
command:
- /hyperkube
- apiserver
- --advertise-address=192.168.1.121
- --etcd-servers=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.126:2379
- --etcd-quorum-read=true
- --etcd-cafile=/etc/ssl/etcd/ssl/ca.pem
- --etcd-certfile=/etc/ssl/etcd/ssl/node-node1.pem
- --etcd-keyfile=/etc/ssl/etcd/ssl/node-node1-key.pem
- --insecure-bind-address=127.0.0.1
- --apiserver-count=2
- --admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,GenericAdmissionWebhook,ResourceQuota
- --service-cluster-ip-range=10.233.0.0/18
- --service-node-port-range=30000-32767
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
- --profiling=false
- --repair-malformed-updates=false
- --kubelet-client-certificate=/etc/kubernetes/ssl/node-node1.pem
- --kubelet-client-key=/etc/kubernetes/ssl/node-node1-key.pem
- --service-account-lookup=true
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --proxy-client-cert-file=/etc/kubernetes/ssl/apiserver.pem
- --proxy-client-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --secure-port=6443
- --insecure-port=8080
- --storage-backend=etcd3
- --runtime-config=admissionregistration.k8s.io/v1alpha1
- --v=2
- --allow-privileged=true
- --anonymous-auth=False
- --authorization-mode=Node,RBAC
- --feature-gates=Initializers=true,PersistentLocalVolumes=False
livenessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 10
volumeMounts:
- mountPath: /etc/kubernetes
name: kubernetes-config
readOnly: true
- mountPath: /etc/ssl
name: ssl-certs-host
readOnly: true
- mountPath: /etc/pki/tls
name: etc-pki-tls
readOnly: true
- mountPath: /etc/pki/ca-trust
name: etc-pki-ca-trust
readOnly: true
- mountPath: /etc/ssl/etcd/ssl
name: etcd-certs
readOnly: true
volumes:
- hostPath:
path: /etc/kubernetes
name: kubernetes-config
- name: ssl-certs-host
hostPath:
path: /etc/ssl
- name: etc-pki-tls
hostPath:
path: /etc/pki/tls
- name: etc-pki-ca-trust
hostPath:
path: /etc/pki/ca-trust
- hostPath:
path: /etc/ssl/etcd/ssl
name: etcd-certs
页:
[1]