diff options
Diffstat (limited to 'systemd/kube-apiserver.service')
| -rw-r--r-- | systemd/kube-apiserver.service | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/systemd/kube-apiserver.service b/systemd/kube-apiserver.service new file mode 100644 index 0000000..7e4f2c6 --- /dev/null +++ b/systemd/kube-apiserver.service @@ -0,0 +1,46 @@ +[Unit] +Description=Kubernetes API Server +Documentation=https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ +After=network.target etcd.service cluster-detect.service +Wants=etcd.service + +[Service] +Type=notify +EnvironmentFile=/etc/cluster-config/environment/kube-apiserver.env +ExecStartPre=/usr/local/bin/kube-apiserver-config-generator.sh +ExecStart=/usr/bin/kube-apiserver \ + --advertise-address=${NODE_IP} \ + --allow-privileged=true \ + --authorization-mode=Node,RBAC \ + --client-ca-file=/etc/kubernetes/pki/ca.crt \ + --enable-admission-plugins=NodeRestriction \ + --enable-bootstrap-token-auth=true \ + --etcd-servers=https://127.0.0.1:2379 \ + --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt \ + --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt \ + --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key \ + --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt \ + --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key \ + --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \ + --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt \ + --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key \ + --requestheader-allowed-names=front-proxy-client \ + --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt \ + --requestheader-extra-headers-prefix=X-Remote-Extra- \ + --requestheader-group-headers=X-Remote-Group \ + --requestheader-username-headers=X-Remote-User \ + --secure-port=6443 \ + --service-account-issuer=https://kubernetes.default.svc.cluster.local \ + --service-account-key-file=/etc/kubernetes/pki/sa.pub \ + --service-account-signing-key-file=/etc/kubernetes/pki/sa.key \ + --service-cluster-ip-range=${SERVICE_CIDR} \ + --tls-cert-file=/etc/kubernetes/pki/apiserver.crt \ + --tls-private-key-file=/etc/kubernetes/pki/apiserver.key + +Restart=always +RestartSec=10 + +LimitNOFILE=65536 + +[Install] +WantedBy=kubernetes-master.target |