root@master:~# rkt listUUID APP IMAGE NAME

1. root@master:~# rkt list
2. UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS
3. f75089f7 hyperkube quay.io/coreos/hyperkube:v1.6.2_coreos.0 running 9 minutes ago 9 minutes ago
4. root@master:~# rkt enter f75089f7 /bin/cat /etc/kubernetes/manifests/kube-apiserver.yaml
5. ---
6. apiVersion: v1
7. kind: Pod
8. metadata:
9. name: kube-apiserver
10. namespace: kube-system
11. spec:
12. hostNetwork: true
13. containers:
14. - name: kube-apiserver
15. image: quay.io/coreos/hyperkube:v1.6.2_coreos.0
16. command:
17. - /hyperkube
18. - apiserver
19. - --bind-address=0.0.0.0
20. - --etcd-servers=http://10.0.4.6:2379,http://10.0.4.7:2379,http://10.0.4.2:2379
21. - --storage-backend=etcd2
22. - --allow-privileged=true
23. - --service-cluster-ip-range=10.3.0.0/24
24. - --secure-port=443
25. - --insecure-bind-address=127.0.0.1
26. - --insecure-port=8080
27. - --advertise-address=10.0.4.9
28. - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
29. - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
30. - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
31. - --client-ca-file=/etc/kubernetes/ssl/ca.pem
32. - --cloud-provider=openstack
33. - --cloud-config=/etc/kubernetes/cloud/cloud.conf
34. # this means that any client cert+key signed by ca.pem is authenticated...including e.g. the apiserver server cert (the key of which clients don't have, hopefully)
35. - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
36. - --runtime-config=extensions/v1beta1/networkpolicies=true
37. - --anonymous-auth=false
38. livenessProbe:
39. httpGet:
40. host: 127.0.0.1
41. port: 8080
42. path: /healthz
43. initialDelaySeconds: 15
44. timeoutSeconds: 15
45. ports:
46. - containerPort: 443
47. hostPort: 443
48. name: https
49. - containerPort: 8080
50. hostPort: 8080
51. name: local
52. volumeMounts:
53. - mountPath: /etc/kubernetes/ssl
54. name: ssl-certs-kubernetes
55. readOnly: true
56. - mountPath: /etc/ssl/certs
57. name: ssl-certs-host
58. readOnly: true
59. - mountPath: /etc/kubernetes/cloud
60. name: cloud-config-host
61. readOnly: true
62. volumes:
63. - hostPath:
64. path: /etc/kubernetes/ssl
65. name: ssl-certs-kubernetes
66. - hostPath:
67. path: /usr/share/ca-certificates
68. name: ssl-certs-host
69. - hostPath:
70. path: /etc/kubernetes/cloud
71. name: cloud-config-host
72. root@master:~#