2017-11-11 19:14:21 +08:00
|
|
|
[Unit]
|
|
|
|
Description=Kubernetes API Server
|
|
|
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart={{ bin_dir }}/kube-apiserver \
|
2019-05-23 23:22:25 +08:00
|
|
|
--advertise-address={{ inventory_hostname }} \
|
2019-07-06 22:06:11 +08:00
|
|
|
--allow-privileged=true \
|
2017-11-11 19:14:21 +08:00
|
|
|
--anonymous-auth=false \
|
2019-07-06 22:06:11 +08:00
|
|
|
--authorization-mode=Node,RBAC \
|
2019-03-14 23:51:04 +08:00
|
|
|
{% if BASIC_AUTH_ENABLE == "yes" %}
|
2020-11-05 10:36:45 +08:00
|
|
|
--token-auth-file={{ ca_dir }}/basic-auth.csv \
|
2019-03-14 23:51:04 +08:00
|
|
|
{% endif %}
|
2019-07-06 22:06:11 +08:00
|
|
|
--bind-address={{ inventory_hostname }} \
|
2017-11-11 19:14:21 +08:00
|
|
|
--client-ca-file={{ ca_dir }}/ca.pem \
|
2019-07-06 22:06:11 +08:00
|
|
|
--endpoint-reconciler-type=lease \
|
2017-11-11 19:14:21 +08:00
|
|
|
--etcd-cafile={{ ca_dir }}/ca.pem \
|
|
|
|
--etcd-certfile={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--etcd-keyfile={{ ca_dir }}/kubernetes-key.pem \
|
|
|
|
--etcd-servers={{ ETCD_ENDPOINTS }} \
|
2020-01-31 17:22:32 +08:00
|
|
|
--kubelet-certificate-authority={{ ca_dir }}/ca.pem \
|
2019-07-06 22:06:11 +08:00
|
|
|
--kubelet-client-certificate={{ ca_dir }}/admin.pem \
|
|
|
|
--kubelet-client-key={{ ca_dir }}/admin-key.pem \
|
2020-01-31 17:22:32 +08:00
|
|
|
--kubelet-https=true \
|
|
|
|
--service-account-key-file={{ ca_dir }}/ca.pem \
|
2019-07-06 22:06:11 +08:00
|
|
|
--service-cluster-ip-range={{ SERVICE_CIDR }} \
|
|
|
|
--service-node-port-range={{ NODE_PORT_RANGE }} \
|
|
|
|
--tls-cert-file={{ ca_dir }}/kubernetes.pem \
|
|
|
|
--tls-private-key-file={{ ca_dir }}/kubernetes-key.pem \
|
2018-06-17 10:46:25 +08:00
|
|
|
--requestheader-client-ca-file={{ ca_dir }}/ca.pem \
|
2018-07-05 15:46:42 +08:00
|
|
|
--requestheader-allowed-names= \
|
2018-06-17 10:46:25 +08:00
|
|
|
--requestheader-extra-headers-prefix=X-Remote-Extra- \
|
|
|
|
--requestheader-group-headers=X-Remote-Group \
|
|
|
|
--requestheader-username-headers=X-Remote-User \
|
2018-06-17 13:07:57 +08:00
|
|
|
--proxy-client-cert-file={{ ca_dir }}/aggregator-proxy.pem \
|
|
|
|
--proxy-client-key-file={{ ca_dir }}/aggregator-proxy-key.pem \
|
2018-06-17 10:46:25 +08:00
|
|
|
--enable-aggregator-routing=true \
|
2017-11-11 19:14:21 +08:00
|
|
|
--v=2
|
2019-07-19 13:47:10 +08:00
|
|
|
Restart=always
|
2017-11-11 19:14:21 +08:00
|
|
|
RestartSec=5
|
|
|
|
Type=notify
|
|
|
|
LimitNOFILE=65536
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|