Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@master:~# rkt list
- UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS
- f75089f7 hyperkube quay.io/coreos/hyperkube:v1.6.2_coreos.0 running 9 minutes ago 9 minutes ago
- root@master:~# rkt enter f75089f7 /bin/cat /etc/kubernetes/manifests/kube-apiserver.yaml
- ---
- apiVersion: v1
- kind: Pod
- metadata:
- name: kube-apiserver
- namespace: kube-system
- spec:
- hostNetwork: true
- containers:
- - name: kube-apiserver
- image: quay.io/coreos/hyperkube:v1.6.2_coreos.0
- command:
- - /hyperkube
- - apiserver
- - --bind-address=0.0.0.0
- - --etcd-servers=http://10.0.4.6:2379,http://10.0.4.7:2379,http://10.0.4.2:2379
- - --storage-backend=etcd2
- - --allow-privileged=true
- - --service-cluster-ip-range=10.3.0.0/24
- - --secure-port=443
- - --insecure-bind-address=127.0.0.1
- - --insecure-port=8080
- - --advertise-address=10.0.4.9
- - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
- - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
- - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- - --client-ca-file=/etc/kubernetes/ssl/ca.pem
- - --cloud-provider=openstack
- - --cloud-config=/etc/kubernetes/cloud/cloud.conf
- # this means that any client cert+key signed by ca.pem is authenticated...including e.g. the apiserver server cert (the key of which clients don't have, hopefully)
- - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- - --runtime-config=extensions/v1beta1/networkpolicies=true
- - --anonymous-auth=false
- livenessProbe:
- httpGet:
- host: 127.0.0.1
- port: 8080
- path: /healthz
- initialDelaySeconds: 15
- timeoutSeconds: 15
- ports:
- - containerPort: 443
- hostPort: 443
- name: https
- - containerPort: 8080
- hostPort: 8080
- name: local
- volumeMounts:
- - mountPath: /etc/kubernetes/ssl
- name: ssl-certs-kubernetes
- readOnly: true
- - mountPath: /etc/ssl/certs
- name: ssl-certs-host
- readOnly: true
- - mountPath: /etc/kubernetes/cloud
- name: cloud-config-host
- readOnly: true
- volumes:
- - hostPath:
- path: /etc/kubernetes/ssl
- name: ssl-certs-kubernetes
- - hostPath:
- path: /usr/share/ca-certificates
- name: ssl-certs-host
- - hostPath:
- path: /etc/kubernetes/cloud
- name: cloud-config-host
- root@master:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement