kubespray/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2

apiVersion: v1
kind: Pod
metadata:
  name: kube-controller-manager
  namespace: {{system_namespace}}
  labels:
    k8s-app: kube-controller
spec:
  hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
  dnsPolicy: ClusterFirstWithHostNet
{% endif %}
  containers:
  - name: kube-controller-manager
    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
    imagePullPolicy: {{ k8s_image_pull_policy }}
    resources:
      limits:
        cpu: {{ kube_controller_cpu_limit }}
        memory: {{ kube_controller_memory_limit }}
      requests:
        cpu: {{ kube_controller_cpu_requests }}
        memory: {{ kube_controller_memory_requests }}
    command:
    - /hyperkube
    - controller-manager
    - --master={{ kube_apiserver_endpoint }}
    - --leader-elect=true
    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
    - --root-ca-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem
    - --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }}
    - --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }}
    - --node-monitor-period={{ kube_controller_node_monitor_period }}
    - --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
    - --v={{ kube_log_level }}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
    - --cloud-provider={{cloud_provider}}
    - --cloud-config={{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider == "aws" %}
    - --cloud-provider={{cloud_provider}}
{% endif %}
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
    - --allocate-node-cidrs=true
    - --configure-cloud-routes=true
    - --cluster-cidr={{ kube_pods_subnet }}
{% endif %}
    livenessProbe:
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 10252
      initialDelaySeconds: 30
      timeoutSeconds: 10
    volumeMounts:
    - mountPath: {{ kube_cert_dir }}
      name: ssl-certs-kubernetes
      readOnly: true
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere" ] %}
    - mountPath: {{ kube_config_dir }}/cloud_config
      name: cloudconfig
      readOnly: true
{% endif %}
  volumes:
  - hostPath:
      path: {{ kube_cert_dir }}
    name: ssl-certs-kubernetes
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
  - hostPath:
      path: {{ kube_config_dir }}/cloud_config
    name: cloudconfig
{% endif %}