harsh-px/kube-controller-manager.yaml

## kube-controller-manager.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kube-controller-manager
  namespace: kube-system
  labels:
    tier: control-plane
    k8s-app: kube-controller-manager
spec:
  replicas: 2
  template:
    metadata:
      labels:
        tier: control-plane
        k8s-app: kube-controller-manager
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
    spec:
      hostNetwork: true
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: tier
                  operator: In
                  values:
                  - control-plane
                - key: k8s-app
                  operator: In
                  values:
                  - kube-contoller-manager
              topologyKey: kubernetes.io/hostname
      containers:
      - name: kube-controller-manager
        image: ${hyperkube_image}
        command:
        - ./hyperkube
        - controller-manager
        - --allocate-node-cidrs=true
        - --configure-cloud-routes=false
        - --cluster-cidr=${cluster_cidr}
        - --root-ca-file=/etc/kubernetes/secrets/ca.crt
        - --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key
        - --leader-elect=true
        - --cloud-provider=${cloud_provider}
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10252  # Note: Using default port. Update if --port option is set differently.
          initialDelaySeconds: 15
          timeoutSeconds: 15
        volumeMounts:
        - name: secrets
          mountPath: /etc/kubernetes/secrets
          readOnly: true
        - name: ssl-host
          mountPath: /etc/ssl/certs
          readOnly: true
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
      - key: "node-role.kubernetes.io/master"
        operator: "Exists"
        effect: "NoSchedule"
      nodeSelector:
        node-role.kubernetes.io/master: ""
      volumes:
      - name: secrets
        secret:
          secretName: kube-controller-manager
      - name: ssl-host
        hostPath:
          path: /usr/share/ca-certificates
      dnsPolicy: Default # Don't use cluster DNS.
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: kube-controller-manager
	namespace: kube-system
	labels:
	tier: control-plane
	k8s-app: kube-controller-manager
	spec:
	replicas: 2
	template:
	metadata:
	labels:
	tier: control-plane
	k8s-app: kube-controller-manager
	annotations:
	scheduler.alpha.kubernetes.io/critical-pod: ""
	spec:
	hostNetwork: true
	affinity:
	podAntiAffinity:
	preferredDuringSchedulingIgnoredDuringExecution:
	- weight: 100
	podAffinityTerm:
	labelSelector:
	matchExpressions:
	- key: tier
	operator: In
	values:
	- control-plane
	- key: k8s-app
	operator: In
	values:
	- kube-contoller-manager
	topologyKey: kubernetes.io/hostname
	containers:
	- name: kube-controller-manager
	image: ${hyperkube_image}
	command:
	- ./hyperkube
	- controller-manager
	- --allocate-node-cidrs=true
	- --configure-cloud-routes=false
	- --cluster-cidr=${cluster_cidr}
	- --root-ca-file=/etc/kubernetes/secrets/ca.crt
	- --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key
	- --leader-elect=true
	- --cloud-provider=${cloud_provider}
	livenessProbe:
	httpGet:
	path: /healthz
	port: 10252 # Note: Using default port. Update if --port option is set differently.
	initialDelaySeconds: 15
	timeoutSeconds: 15
	volumeMounts:
	- name: secrets
	mountPath: /etc/kubernetes/secrets
	readOnly: true
	- name: ssl-host
	mountPath: /etc/ssl/certs
	readOnly: true
	tolerations:
	- key: "CriticalAddonsOnly"
	operator: "Exists"
	- key: "node-role.kubernetes.io/master"
	operator: "Exists"
	effect: "NoSchedule"
	nodeSelector:
	node-role.kubernetes.io/master: ""
	volumes:
	- name: secrets
	secret:
	secretName: kube-controller-manager
	- name: ssl-host
	hostPath:
	path: /usr/share/ca-certificates
	dnsPolicy: Default # Don't use cluster DNS.