Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Typical arguments of kube-apiserver built by kops on aws
mkfifo /tmp/pipe;
(tee -a /var/log/kube-apiserver.log < /tmp/pipe & ) ;
exec /usr/local/bin/kube-apiserver
--allow-privileged=true
--anonymous-auth=false
--apiserver-count=1
--authorization-mode=RBAC
--basic-auth-file=/srv/kubernetes/basic_auth.csv
--bind-address=0.0.0.0
--client-ca-file=/srv/kubernetes/ca.crt
--cloud-provider=aws
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,NodeRestriction,ResourceQuota
--etcd-cafile=/etc/kubernetes/pki/kube-apiserver/etcd-ca.crt
--etcd-certfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.crt
--etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key
--etcd-servers-overrides=/events#https://127.0.0.1:4002
--etcd-servers=https://127.0.0.1:4001
--insecure-bind-address=127.0.0.1
--insecure-port=8080
--kubelet-client-certificate=/srv/kubernetes/kubelet-api.pem
--kubelet-client-key=/srv/kubernetes/kubelet-api-key.pem
--kubelet-preferred-address-types=InternalIP,Hostname,ExternalIP
--proxy-client-cert-file=/srv/kubernetes/apiserver-aggregator.cert
--proxy-client-key-file=/srv/kubernetes/apiserver-aggregator.key
--requestheader-allowed-names=aggregator
--requestheader-client-ca-file=/srv/kubernetes/apiserver-aggregator-ca.cert
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers=X-Remote-Group
--requestheader-username-headers=X-Remote-User
--secure-port=443
--service-cluster-ip-range=100.64.0.0/13
--storage-backend=etcd3
--tls-cert-file=/srv/kubernetes/server.cert
--tls-private-key-file=/srv/kubernetes/server.key
--token-auth-file=/srv/kubernetes/known_tokens.csv
--v=2
> /tmp/pipe 2>&1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.