apiVersion: v1
kind: Pod
metadata:
name: kube-controller-manager
namespace: {{system_namespace}}
labels:
k8s-app: kube-controller
spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
{% endif %}
containers:
- name: kube-controller-manager
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:
cpu: {{ kube_controller_cpu_limit }}
memory: {{ kube_controller_memory_limit }}
requests:
cpu: {{ kube_controller_cpu_requests }}
memory: {{ kube_controller_memory_requests }}
command:
- /hyperkube
- controller-manager
- --kubeconfig={{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml
- --leader-elect=true
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --root-ca-file={{ kube_cert_dir }}/ca.pem
- --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
- --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem
- --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }}
- --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }}
- --node-monitor-period={{ kube_controller_node_monitor_period }}
- --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
- --v={{ kube_log_level }}
{% if rbac_enabled %}
- --use-service-account-credentials
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
- --cloud-provider={{cloud_provider}}
- --cloud-config={{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider == "aws" %}
- --cloud-provider={{cloud_provider}}
{% endif %}
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
- --allocate-node-cidrs=true
- --configure-cloud-routes=true
- --cluster-cidr={{ kube_pods_subnet }}
{% endif %}
{% if kube_feature_gates %}
- --feature-gates={{ kube_feature_gates|join(',') }}
{% endif %}
{% if controller_mgr_custom_flags is string %}
- {{ controller_mgr_custom_flags }}
{% else %}
{% for flag in controller_mgr_custom_flags %}
- {{ flag }}
{% endfor %}
{% endif %}
livenessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: 10252
initialDelaySeconds: 30
timeoutSeconds: 10
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs-host
readOnly: true
- mountPath: "{{kube_config_dir}}/ssl"
name: etc-kube-ssl
readOnly: true
- mountPath: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
name: kubeconfig
readOnly: true
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere" ] %}
- mountPath: "{{ kube_config_dir }}/cloud_config"
name: cloudconfig
readOnly: true
{% endif %}
volumes:
- name: ssl-certs-host
hostPath:
{% if ansible_os_family == 'RedHat' %}
path: /etc/pki/tls
{% else %}
path: /usr/share/ca-certificates
{% endif %}
- name: etc-kube-ssl
hostPath:
path: "{{ kube_config_dir }}/ssl"
- name: kubeconfig
hostPath:
path: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
- hostPath:
path: "{{ kube_config_dir }}/cloud_config"
name: cloudconfig
{% endif %}