cert-exporter/docs/kops-masters.yaml at master · joe-elliott/cert-exporter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    app: cert-exporter-masters
  name: cert-exporter-masters
spec:
  selector:
    matchLabels:
      name: cert-exporter-masters
  template:
    metadata:
      annotations:
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      labels:
        name: cert-exporter-masters
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - image: joeelliott/cert-exporter:v2.18.0
        name: cert-exporter-masters
        command: ["./app"]
        args:
        - --include-kubeconfig-glob=/var/lib/*/kubeconfig
        - --include-cert-glob=/etc/kubernetes/pki/*/*.crt
        - --include-cert-glob=/srv/kubernetes/*.crt
        - --include-cert-glob=/srv/kubernetes/*.cert
        env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        volumeMounts:
        - mountPath: /var/lib/kubelet
          mountPropagation: HostToContainer
          name: kubelet
          readOnly: true
        - mountPath: /var/lib/kube-controller-manager
          name: kube-controller-manager
          readOnly: true
        - mountPath: /var/lib/kubectl
          name: kubectl
          readOnly: true
        - mountPath: /var/lib/kube-proxy
          name: kube-proxy
          readOnly: true
        - mountPath: /var/lib/kube-scheduler
          name: kube-scheduler
          readOnly: true
        - mountPath: /var/lib/kops
          name: kops
          readOnly: true
        - mountPath: /etc/kubernetes/pki
          name: etcd-pki
          readOnly: true
        - mountPath: /srv/kubernetes
          name: kube-root
          readOnly: true
        securityContext:
          runAsUser: 0
      volumes:
      - name: kubelet
        hostPath:
          path: /var/lib/kubelet
          type: Directory
      - name: kube-controller-manager
        hostPath:
          path: /var/lib/kube-controller-manager
          type: Directory
      - name: kubectl
        hostPath:
          path: /var/lib/kubectl
          type: Directory
      - name: kube-proxy
        hostPath:
          path: /var/lib/kube-proxy
          type: Directory
      - name: kube-scheduler
        hostPath:
          path: /var/lib/kube-scheduler
          type: Directory
      - name: kops
        hostPath:
          path: /var/lib/kops
          type: Directory
      - name: etcd-pki
        hostPath:
          path: /etc/kubernetes/pki
          type: Directory
      - name: kube-root
        hostPath:
          path: /srv/kubernetes
          type: Directory