-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path03-sample-apiserver-deployment.yaml
More file actions
76 lines (75 loc) · 2.79 KB
/
03-sample-apiserver-deployment.yaml
File metadata and controls
76 lines (75 loc) · 2.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# This manifest creates an EtcdStorage resource, which provides the etcd storage for the API server,
# and deploys the sample-apiserver from the `xmudrii/k8s-sample-apiserver` image.
# The APIService resource is also created to register the API with the Kubernetes API Server.
---
# Creates the etcd stroage for the aggregated API server.
# The etcd is available on http://sample-apiserver.kube-apiserver-storage.svc:2379.
apiVersion: etcd.xmudrii.com/v1alpha1
kind: EtcdStorage
metadata:
name: sample-apiserver
spec:
caCertConfigMap:
- name: etcd-serving-ca
namespace: k8s-sample-apiserver
clientCertSecret:
- name: etcd-client-cert
namespace: k8s-sample-apiserver
signingCertificateValidity: 730h
servingCertificateValidity: 730h
clientCertificateValidity: 730h
---
# Deploys the sample-apiserver (https://github.com/kubernetes/sample-apiserver).
# The Deployment uses the xmudrii/kube-sample-apiserver image.
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: apiserver
namespace: k8s-sample-apiserver
spec:
replicas: 1
selector:
matchLabels:
apiserver: sample-apiserver
template:
metadata:
labels:
apiserver: sample-apiserver
spec:
serviceAccountName: apiserver
containers:
- name: sample-apiserver
image: xmudrii/kube-sample-apiserver
imagePullPolicy: Always
command: ["/kube-sample-apiserver", "--etcd-servers=https://etcd-sample-apiserver.kube-apiserver-storage.svc:2379", "--etcd-cafile=/etc/etcd-certs/ca/serving-ca.crt", "--etcd-certfile=/etc/etcd-certs/client/tls.crt", "--etcd-keyfile=/etc/etcd-certs/client/tls.key", "--v=7"]
volumeMounts:
- mountPath: /etc/etcd-certs/ca
name: etcd-serving-ca
- mountPath: /etc/etcd-certs/client
name: etcd-client-cert
volumes:
- name: etcd-serving-ca
configMap:
name: etcd-serving-ca
- name: etcd-client-cert
secret:
secretName: etcd-client-cert
---
# APIService used to register the API and the API resources with the Kubernetes API.
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1alpha1.wardle.k8s.io
spec:
# When running the sample-apiserver, self-generated certificates are generated to ensure secure communication.
# However, as those certificates are self-generated, TLS errors can occur, so we're disabling checks to prevent errors.
# We're also providing the CA certificate to the sample-apiserver, to let users use the API with their client certificate.
# The cilent certificates for the sample-apiserver are provided in the 'sample-apiserver-clientcert' Secret.
insecureSkipTLSVerify: true
group: wardle.k8s.io
groupPriorityMinimum: 1000
versionPriority: 15
service:
name: api
namespace: k8s-sample-apiserver
version: v1alpha1