|
#根据挂载配置创建相关目录
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
hostNetwork: true
containers:
- command:
- /bin/sh
- -c
- /usr/local/bin/kube-apiserver
--kubelet-https=true
--enable-bootstrap-token-auth=true
--token-auth-file=/etc/kubernetes/token.csv
--service-cluster-ip-range=10.96.0.0/12
--tls-cert-file=/etc/kubernetes/pki/kubernetes.pem
--tls-private-key-file=/etc/kubernetes/pki/kubernetes-key.pem
--client-ca-file=/etc/kubernetes/pki/ca.pem
--service-account-key-file=/etc/kubernetes/pki/ca-key.pem
--insecure-port=9080
--secure-port=6443
--insecure-bind-address=0.0.0.0
--bind-address=0.0.0.0
--advertise-address=master_IP
--storage-backend=etcd3
--etcd-servers=http://master_IP1:2379,http://master_IP2:2379,http://master_IP3:2379
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction
--allow-privileged=true
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--authorization-mode=Node,RBAC
--v=2 1>>/var/log/kube-apiserver.log 2>&1
image: foxchan/google_containers/kube-apiserver-amd64:v1.8.1
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 6443
scheme: HTTPS
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-apiserver
resources:
requests:
cpu: 250m
volumeMounts:
- mountPath: /etc/kubernetes/
name: k8s
readOnly: true
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /etc/pki
name: pki
- mountPath: /var/log/kube-apiserver.log
name: logfile
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes
name: k8s
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /etc/pki
name: pki
- hostPath:
path: /var/log/kube-apiserver.log
name: logfile
status: {}
|
|
|