2017-11-11 19:14:21 +08:00
|
|
|
[Unit]
|
|
|
|
Description=Kubernetes API Server
|
|
|
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart={{ bin_dir }}/kube-apiserver \
|
2017-12-03 16:26:33 +08:00
|
|
|
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \
|
2018-06-09 22:19:20 +08:00
|
|
|
--bind-address={{ inventory_hostname }} \
|
2017-11-11 19:14:21 +08:00
|
|
|
--insecure-bind-address=127.0.0.1 \
|
|
|
|
--authorization-mode=Node,RBAC \
|
|
|
|
--kubelet-https=true \
|
2018-05-17 22:51:15 +08:00
|
|
|
--kubelet-client-certificate={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--kubelet-client-key={{ ca_dir }}/kubernetes-key.pem \
|
2017-11-11 19:14:21 +08:00
|
|
|
--anonymous-auth=false \
|
|
|
|
--basic-auth-file={{ ca_dir }}/basic-auth.csv \
|
2017-12-04 20:20:17 +08:00
|
|
|
--enable-bootstrap-token-auth \
|
2017-11-11 19:14:21 +08:00
|
|
|
--token-auth-file={{ ca_dir }}/token.csv \
|
|
|
|
--service-cluster-ip-range={{ SERVICE_CIDR }} \
|
|
|
|
--service-node-port-range={{ NODE_PORT_RANGE }} \
|
|
|
|
--tls-cert-file={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--tls-private-key-file={{ ca_dir }}/kubernetes-key.pem \
|
|
|
|
--client-ca-file={{ ca_dir }}/ca.pem \
|
|
|
|
--service-account-key-file={{ ca_dir }}/ca-key.pem \
|
|
|
|
--etcd-cafile={{ ca_dir }}/ca.pem \
|
|
|
|
--etcd-certfile={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--etcd-keyfile={{ ca_dir }}/kubernetes-key.pem \
|
|
|
|
--etcd-servers={{ ETCD_ENDPOINTS }} \
|
|
|
|
--enable-swagger-ui=true \
|
2018-04-08 09:39:59 +08:00
|
|
|
--endpoint-reconciler-type=lease \
|
2017-11-11 19:14:21 +08:00
|
|
|
--allow-privileged=true \
|
|
|
|
--audit-log-maxage=30 \
|
|
|
|
--audit-log-maxbackup=3 \
|
|
|
|
--audit-log-maxsize=100 \
|
|
|
|
--audit-log-path=/var/lib/audit.log \
|
|
|
|
--event-ttl=1h \
|
|
|
|
--v=2
|
|
|
|
Restart=on-failure
|
|
|
|
RestartSec=5
|
|
|
|
Type=notify
|
|
|
|
LimitNOFILE=65536
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|