|
|
apiVersion: v1kind: Podmetadata: name: kube-controller-manager namespace: {{system_namespace}} labels: k8s-app: kube-controller-manager annotations: kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}" kubespray.controller-manager-cert/serial: "{{ controller_manager_cert_serial }}"spec: hostNetwork: true{% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirst{% endif %} containers: - name: kube-controller-manager image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: limits: cpu: {{ kube_controller_cpu_limit }} memory: {{ kube_controller_memory_limit }} requests: cpu: {{ kube_controller_cpu_requests }} memory: {{ kube_controller_memory_requests }} command: - /hyperkube - controller-manager - --kubeconfig={{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml - --leader-elect=true - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - --root-ca-file={{ kube_cert_dir }}/ca.pem - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem - --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }} - --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }} - --node-monitor-period={{ kube_controller_node_monitor_period }} - --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }} - --profiling=false - --terminated-pod-gc-threshold=12500 - --v={{ kube_log_level }}{% if rbac_enabled %} - --use-service-account-credentials=true{% endif %}{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %} - --cloud-provider={{cloud_provider}} - --cloud-config={{ kube_config_dir }}/cloud_config{% elif cloud_provider is defined and cloud_provider in ["aws", "external"] %} - --cloud-provider={{cloud_provider}}{% endif %}{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %} - --configure-cloud-routes=true{% endif %}{% if kube_network_plugin is defined and kube_network_plugin in ["cloud", "flannel", "canal"] %} - --allocate-node-cidrs=true - --cluster-cidr={{ kube_pods_subnet }} - --service-cluster-ip-range={{ kube_service_addresses }} - --node-cidr-mask-size={{ kube_network_node_prefix }}{% endif %}{% if kube_feature_gates %} - --feature-gates={{ kube_feature_gates|join(',') }}{% endif %}{% if controller_mgr_custom_flags is string %} - {{ controller_mgr_custom_flags }}{% else %}{% for flag in controller_mgr_custom_flags %} - {{ flag }}{% endfor %}{% endif %} livenessProbe: httpGet: host: 127.0.0.1 path: /healthz port: 10252 initialDelaySeconds: 30 timeoutSeconds: 10 volumeMounts: - mountPath: /etc/ssl name: ssl-certs-host readOnly: true{% for dir in ssl_ca_dirs %} - mountPath: {{ dir }} name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }} readOnly: true{% endfor %} - mountPath: "{{kube_config_dir}}/ssl" name: etc-kube-ssl readOnly: true - mountPath: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml" name: kubeconfig readOnly: true{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere" ] %} - mountPath: "{{ kube_config_dir }}/cloud_config" name: cloudconfig readOnly: true{% endif %} volumes: - name: ssl-certs-host hostPath: path: /etc/ssl{% for dir in ssl_ca_dirs %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }} hostPath: path: {{ dir }}{% endfor %} - name: etc-kube-ssl hostPath: path: "{{ kube_config_dir }}/ssl" - name: kubeconfig hostPath: path: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %} - hostPath: path: "{{ kube_config_dir }}/cloud_config" name: cloudconfig{% endif %}
|
