forked from andyrepton/k8s-multi-tenancy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-customer.yml
113 lines (112 loc) · 3.65 KB
/
aws-customer.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "2"
creationTimestamp: null
generation: 1
labels:
run: customer2
name: customer2
selfLink: /apis/extensions/v1beta1/namespaces//deployments/customer2
spec:
replicas: 3
selector:
matchLabels:
run: customer2
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
run: customer2
spec:
containers:
- command:
- /usr/local/bin/kube-apiserver
- --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
- --runtime-config=api/v1
- --allow-privileged=true
- --insecure-bind-address=0.0.0.0
- --bind-address=0.0.0.0
- --insecure-port=8080
- --secure-port=6443
- --service-cluster-ip-range=10.100.0.0/24
- --etcd-servers=http://etcd-client:2379
- --etcd-prefix="/customer2/"
- --advertise-address=85.222.238.107
- --service-account-key-file=/opt/kube-serviceaccount.key/kube-serviceaccount.key
- --service-account-lookup=false
- --token-auth-file=/opt/tokens/tokens.csv
- --authorization-policy-file=/opt/auth/auth-policy.json
- --authorization-mode=ABAC
- --client-ca-file=/opt/ca.pem/ca.pem
- --tls-cert-file=/opt/kubernetes.pem/kubernetes.pem
- --tls-private-key-file=/opt/kubernetes-key.pem/kubernetes-key.pem
image: gcr.io/google_containers/kube-apiserver:v1.3.4
imagePullPolicy: Always
name: kube-apiserver
volumeMounts:
- name: kube-serviceaccount-key
mountPath: /opt/kube-serviceaccount.key
- name: tokens
mountPath: /opt/tokens
- name: auth
mountPath: /opt/auth
- name: ca-pem
mountPath: /opt/ca.pem
- name: kubernetes-pem
mountPath: /opt/kubernetes.pem
- name: kubernetes-key-pem
mountPath: /opt/kubernetes-key.pem
- name: cloud-config
mountPath: /opt/cloud-config
- command:
- /usr/local/bin/kube-controller-manager
- --master=http://127.0.0.1:8080
- --service-account-private-key-file=/opt/kube-serviceaccount.key/kube-serviceaccount.key
- --leader-elect=true
volumeMounts:
- name: kube-serviceaccount-key
mountPath: /opt/kube-serviceaccount.key
image: gcr.io/google_containers/kube-controller-manager:v1.3.4
imagePullPolicy: Always
name: kube-controller-manager
- command:
- /usr/local/bin/kube-scheduler
- --master=http://127.0.0.1:8080
- --leader-elect=true
image: gcr.io/google_containers/kube-scheduler:v1.3.4
imagePullPolicy: Always
name: kube-scheduler
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: kube-serviceaccount-key
secret:
secretName: kube-serviceaccount.key
- name: tokens
secret:
secretName: tokens
- name: auth
secret:
secretName: auth
- name: ca-pem
secret:
secretName: ca.pem
- name: kubernetes-pem
secret:
secretName: kubernetes.pem
- name: kubernetes-key-pem
secret:
secretName: kubernetes-key.pem
- name: cloud-config
secret:
secretName: cloud-config
status: {}