1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4.   creationTimestamp: null
    5.   labels:
    6.     component: kube-apiserver
    7.     tier: control-plane
    8.   name: kube-apiserver
    9.   namespace: kube-system
    10. spec:
    11.   containers:
    12.   - command:
    13.     - kube-apiserver
    14.     - --service-node-port-range=1-65535
    15.     - --advertise-address=192.168.26.10
    16.     - --allow-privileged=true
    17.     - --authorization-mode=Node,RBAC
    18.     - --client-ca-file=/etc/kubernetes/pki/ca.crt
    19.     - --enable-admission-plugins=NodeRestriction
    20.     - --enable-bootstrap-token-auth=true
    21.     - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    22.     - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    23.     - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    24.     - --etcd-servers=https://127.0.0.1:2379
    25.     - --insecure-port=0
    26.     - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    27.     - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    28.     - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    29.     - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    30.     - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    31.     - --requestheader-allowed-names=front-proxy-client
    32.     - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    33.     - --requestheader-extra-headers-prefix=X-Remote-Extra-
    34.     - --requestheader-group-headers=X-Remote-Group
    35.     - --requestheader-username-headers=X-Remote-User
    36.     - --secure-port=6443
    37.     - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    38.     - --service-cluster-ip-range=10.96.0.0/12
    39.     - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    40.     - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    41.     image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.2
    42.     imagePullPolicy: IfNotPresent
    43.     livenessProbe:
    44.       failureThreshold: 8
    45.       httpGet:
    46.         host: 192.168.26.10
    47.         path: /healthz
    48.         port: 6443
    49.         scheme: HTTPS
    50.       initialDelaySeconds: 15
    51.       timeoutSeconds: 15
    52.     name: kube-apiserver
    53.     resources:
    54.       requests:
    55.         cpu: 250m
    56.     volumeMounts:
    57.     - mountPath: /etc/ssl/certs
    58.       name: ca-certs
    59.       readOnly: true
    60.     - mountPath: /etc/pki
    61.       name: etc-pki
    62.       readOnly: true
    63.     - mountPath: /etc/kubernetes/pki
    64.       name: k8s-certs
    65.       readOnly: true
    66.   hostNetwork: true
    67.   priorityClassName: system-cluster-critical
    68.   volumes:
    69.   - hostPath:
    70.       path: /etc/ssl/certs
    71.       type: DirectoryOrCreate
    72.     name: ca-certs
    73.   - hostPath:
    74.       path: /etc/pki
    75.       type: DirectoryOrCreate
    76.     name: etc-pki
    77.   - hostPath:
    78.       path: /etc/kubernetes/pki
    79.       type: DirectoryOrCreate
    80.     name: k8s-certs
    81. status: {}