2017-11-11 19:14:21 +08:00
|
|
|
[Unit]
|
|
|
|
Description=Kubernetes API Server
|
|
|
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart={{ bin_dir }}/kube-apiserver \
|
2019-07-06 22:06:11 +08:00
|
|
|
--allow-privileged=true \
|
2017-11-11 19:14:21 +08:00
|
|
|
--anonymous-auth=false \
|
2020-12-18 10:23:55 +08:00
|
|
|
--api-audiences=api,istio-ca \
|
2019-07-06 22:06:11 +08:00
|
|
|
--authorization-mode=Node,RBAC \
|
2022-01-05 12:43:03 +08:00
|
|
|
--bind-address=0.0.0.0 \
|
2017-11-11 19:14:21 +08:00
|
|
|
--client-ca-file={{ ca_dir }}/ca.pem \
|
2019-07-06 22:06:11 +08:00
|
|
|
--endpoint-reconciler-type=lease \
|
2017-11-11 19:14:21 +08:00
|
|
|
--etcd-cafile={{ ca_dir }}/ca.pem \
|
|
|
|
--etcd-certfile={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--etcd-keyfile={{ ca_dir }}/kubernetes-key.pem \
|
|
|
|
--etcd-servers={{ ETCD_ENDPOINTS }} \
|
2020-01-31 17:22:32 +08:00
|
|
|
--kubelet-certificate-authority={{ ca_dir }}/ca.pem \
|
2020-12-30 11:25:54 +08:00
|
|
|
--kubelet-client-certificate={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--kubelet-client-key={{ ca_dir }}/kubernetes-key.pem \
|
2021-04-02 18:53:46 +08:00
|
|
|
--secure-port={{ SECURE_PORT }} \
|
2021-04-25 20:28:48 +08:00
|
|
|
--service-account-issuer=https://kubernetes.default.svc \
|
2020-12-18 10:23:55 +08:00
|
|
|
--service-account-signing-key-file={{ ca_dir }}/ca-key.pem \
|
2020-01-31 17:22:32 +08:00
|
|
|
--service-account-key-file={{ ca_dir }}/ca.pem \
|
2019-07-06 22:06:11 +08:00
|
|
|
--service-cluster-ip-range={{ SERVICE_CIDR }} \
|
|
|
|
--service-node-port-range={{ NODE_PORT_RANGE }} \
|
|
|
|
--tls-cert-file={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--tls-private-key-file={{ ca_dir }}/kubernetes-key.pem \
|
2018-06-17 10:46:25 +08:00
|
|
|
--requestheader-client-ca-file={{ ca_dir }}/ca.pem \
|
2018-07-05 15:46:42 +08:00
|
|
|
--requestheader-allowed-names= \
|
2018-06-17 10:46:25 +08:00
|
|
|
--requestheader-extra-headers-prefix=X-Remote-Extra- \
|
|
|
|
--requestheader-group-headers=X-Remote-Group \
|
|
|
|
--requestheader-username-headers=X-Remote-User \
|
2018-06-17 13:07:57 +08:00
|
|
|
--proxy-client-cert-file={{ ca_dir }}/aggregator-proxy.pem \
|
|
|
|
--proxy-client-key-file={{ ca_dir }}/aggregator-proxy-key.pem \
|
2018-06-17 10:46:25 +08:00
|
|
|
--enable-aggregator-routing=true \
|
2017-11-11 19:14:21 +08:00
|
|
|
--v=2
|
2019-07-19 13:47:10 +08:00
|
|
|
Restart=always
|
2017-11-11 19:14:21 +08:00
|
|
|
RestartSec=5
|
|
|
|
Type=notify
|
|
|
|
LimitNOFILE=65536
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|