| {%- from "kubernetes/map.jinja" import master with context %} |
| {%- from "kubernetes/map.jinja" import common with context %} |
| apiVersion: v1 |
| kind: Pod |
| metadata: |
| name: kube-controller-manager |
| namespace: kube-system |
| spec: |
| dnsPolicy: ClusterFirst |
| hostNetwork: true |
| restartPolicy: Always |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: kube-controller-manager |
| image: {{ common.hyperkube.image }} |
| command: |
| - /hyperkube |
| - controller-manager |
| --kubeconfig /etc/kubernetes/controller-manager.kubeconfig |
| --cluster-name=kubernetes |
| --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key |
| --v={{ master.get('verbosity', 2) }} |
| --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt |
| --leader-elect=true |
| {%- for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).items() %} |
| --{{ key }}={{ value }} |
| {%- endfor %} |
| 1>>/var/log/kube-controller-manager.log 2>&1 |
| imagePullPolicy: IfNotPresent |
| livenessProbe: |
| httpGet: |
| host: 127.0.0.1 |
| path: /healthz |
| port: 10252 |
| scheme: HTTP |
| initialDelaySeconds: 15 |
| timeoutSeconds: 15 |
| resources: |
| limits: |
| cpu: 200m |
| requests: |
| cpu: 200m |
| volumeMounts: |
| - mountPath: /srv/kubernetes |
| name: srvkube |
| readOnly: true |
| - mountPath: /var/log/kube-controller-manager.log |
| name: logfile |
| - mountPath: /etc/kubernetes/ |
| name: etckube |
| readOnly: true |
| - mountPath: /usr/share/ca-certificates |
| name: usrsharecacerts |
| readOnly: true |
| volumes: |
| - hostPath: |
| path: /srv/kubernetes |
| name: srvkube |
| - hostPath: |
| path: /var/log/kube-controller-manager.log |
| name: logfile |
| - hostPath: |
| path: /etc/kubernetes/ |
| name: etckube |
| - hostPath: |
| path: /usr/share/ca-certificates |
| name: usrsharecacerts |