kubeasz/roles/kube-master/templates/kube-apiserver.service.j2

45 lines
1.5 KiB
Plaintext
Raw Normal View History

2017-11-11 19:14:21 +08:00
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
ExecStart={{ bin_dir }}/kube-apiserver \
2017-12-03 16:26:33 +08:00
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \
--bind-address={{ inventory_hostname }} \
2017-11-11 19:14:21 +08:00
--insecure-bind-address=127.0.0.1 \
--authorization-mode=Node,RBAC \
--kubelet-https=true \
2018-05-17 22:51:15 +08:00
--kubelet-client-certificate={{ ca_dir }}/kubernetes.pem \
--kubelet-client-key={{ ca_dir }}/kubernetes-key.pem \
2017-11-11 19:14:21 +08:00
--anonymous-auth=false \
--basic-auth-file={{ ca_dir }}/basic-auth.csv \
2017-12-04 20:20:17 +08:00
--enable-bootstrap-token-auth \
2017-11-11 19:14:21 +08:00
--token-auth-file={{ ca_dir }}/token.csv \
--service-cluster-ip-range={{ SERVICE_CIDR }} \
--service-node-port-range={{ NODE_PORT_RANGE }} \
--tls-cert-file={{ ca_dir }}/kubernetes.pem \
--tls-private-key-file={{ ca_dir }}/kubernetes-key.pem \
--client-ca-file={{ ca_dir }}/ca.pem \
--service-account-key-file={{ ca_dir }}/ca-key.pem \
--etcd-cafile={{ ca_dir }}/ca.pem \
--etcd-certfile={{ ca_dir }}/kubernetes.pem \
--etcd-keyfile={{ ca_dir }}/kubernetes-key.pem \
--etcd-servers={{ ETCD_ENDPOINTS }} \
--enable-swagger-ui=true \
--endpoint-reconciler-type=lease \
2017-11-11 19:14:21 +08:00
--allow-privileged=true \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/var/lib/audit.log \
--event-ttl=1h \
--v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target