Skip to content

kube-apiserver job from kubo/0.17.0

Github source: ad9ef809 or master branch

Properties

admin-password

The password for the admin account

admin-username

The admin username for the Kubernetes cluster

allow_privileged

Allows privileged containers for the Kubernetes cluster

Default
false

anonymous_auth

Allows anonymous authentication for the API server. This is often useful to allow unauthenticated users to view discovery endpoints such as /healthz or /version. This is also useful when configuring load balancer health checks against the TLS port.

Default
true

authorization-mode

The authorization mode for kube-apiserver. Should be ‘abac’ or ‘rbac’

Default
rbac

deny_escalating_exec

Enable the DenyEscalatingExec admission controller.

Default
true

enable_audit_logs

Enables audit logs

Default
true

feature_gates

A map of key=value pairs that describe alpha or experimental features.

http_proxy

http_proxy env var for the kubernetes-api binary (i.e. for cloud provider interactions)

https_proxy

https_proxy env var for the kubernetes-api binary (i.e. for cloud provider interactions)

kube-controller-manager-password

The password for the system:kube-controller-manager user

kube-proxy-password

The password for the kube-proxy user

kube-scheduler-password

The password for the system:kube-scheduler user

kubelet-drain-password

The password for the kubelet drain user

kubelet-password

The password for the kubelet user

logging-level

V-leveled logging at the specified level. See https://github.com/golang/glog

Default
2

no_proxy

no_proxy env var for the kubernetes-api binary (i.e. for cloud provider interactions)

oidc

ca

Certificate for the CA that signed your identity provider’s web certificate

client-id

A client id that all tokens must be issued for

Example
kubernetes

groups-claim

JWT claim to use as the user’s group

Example
groups

groups-prefix

Prefix prepended to group claims to prevent clashes

Example
'oidc:'

issuer-url

URL of the provider which allows the API server to discover public signing keys

username-claim

JWT claim to use as the user name

Example
sub

username-prefix

Prefix prepended to username claims to prevent clashes

Example
'oidc:'

port

Default
1235
Example
81

route-sync-password

The password for the route-sync user

service-account-public-key

Public key used to verify service account tokens

tls

kubernetes

ca

CA Certificate for the Kubernetes master

certificate

Certificate for the Kubernetes master

private_key

Private key for the Kubernetes master

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/kube-apiserver/ directory (learn more).

  • bin/ensure_apiserver_healthy (from bin/ensure_apiserver_healthy.erb)
  • bin/post-start (from bin/post-start.erb)
  • bin/pre-start (from bin/pre-start.erb)
  • config/audit_policy.yml (from config/audit_policy.yml)
  • config/authorization_policy.jsonl (from config/authorization_policy.jsonl.erb)
  • config/bpm.yml (from config/bpm.yml.erb)
  • config/cloud-provider.ini (from config/cloud-provider.ini.erb)
  • config/etcd-ca.crt (from config/etcd-ca.crt.erb)
  • config/etcd-client.crt (from config/etcd-client.crt.erb)
  • config/etcd-client.key (from config/etcd-client.key.erb)
  • config/kubernetes-key.pem (from config/kubernetes-key.pem.erb)
  • config/kubernetes.pem (from config/kubernetes.pem.erb)
  • config/oidc-ca.pem (from config/oidc-ca.pem.erb)
  • config/openstack-ca.crt (from config/openstack-ca.crt.erb)
  • config/service-account-public-key.pem (from config/service-account-public-key.pem.erb)
  • config/service_key.json (from config/service_key.json.erb)
  • config/tokens.csv (from config/tokens.csv.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.