jayunit100 · May 23, 2023 18:16
diff --git a/gistfile1.txt b/gistfile1.txt
 apiVersion: v1
 kind: Pod
 metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 10.92.172.229:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
 spec:
  containers:
  - command:
    - kube-apiserver
    - --admission-control-config-file=/etc/kubernetes/admission-control-config.yaml
    - --advertise-address=10.92.172.229
    - --allow-privileged=true
    - --audit-log-maxage=30
    - --audit-log-maxbackup=10
    - --audit-log-maxsize=100
    - --audit-log-path=/var/log/kubernetes/audit.log
    - --audit-policy-file=/etc/kubernetes/audit-policy.yaml
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --cloud-provider=external
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-issuer=https://kubernetes.default.svc.cluster.local
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
    - --service-cluster-ip-range=100.64.0.0/13
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    image: projects.registry.vmware.com/tkg/kube-apiserver:v1.25.7_vmware.2
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 8
      httpGet:
        host: 10.92.172.229
        path: /livez
        port: 6443
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    name: kube-apiserver
    readinessProbe:
      failureThreshold: 3
      httpGet:
        host: 10.92.172.229
        path: /readyz
        port: 6443
        scheme: HTTPS
      periodSeconds: 1
      timeoutSeconds: 15
    resources:
      requests:
        cpu: 250m
    startupProbe:
      failureThreshold: 48
      httpGet:
        host: 10.92.172.229
        path: /livez
        port: 6443
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    volumeMounts:
    - mountPath: /etc/kubernetes/admission-control-config.yaml
      name: admin-control-conf
      readOnly: true
    - mountPath: /var/log/kubernetes
      name: audit-logs
    - mountPath: /etc/kubernetes/audit-policy.yaml
      name: audit-policy
    - mountPath: /etc/ssl/certs
      name: ca-certs
      readOnly: true
    - mountPath: /etc/ca-certificates
      name: etc-ca-certificates
      readOnly: true
    - mountPath: /etc/kubernetes/pki
      name: k8s-certs
      readOnly: true
    - mountPath: /usr/local/share/ca-certificates
      name: usr-local-share-ca-certificates
      readOnly: true
    - mountPath: /usr/share/ca-certificates
      name: usr-share-ca-certificates
      readOnly: true
  hostNetwork: true
  priorityClassName: system-node-critical
  securityContext:
    seccompProfile:
      type: RuntimeDefault
  volumes:
  - hostPath:
      path: /etc/kubernetes/admission-control-config.yaml
      type: File
    name: admin-control-conf
  - hostPath:
      path: /var/log/kubernetes
      type: ""
    name: audit-logs
  - hostPath:
      path: /etc/kubernetes/audit-policy.yaml
      type: ""
    name: audit-policy
  - hostPath:
      path: /etc/ssl/certs
      type: DirectoryOrCreate
    name: ca-certs
  - hostPath:
      path: /etc/ca-certificates
      type: DirectoryOrCreate
    name: etc-ca-certificates
  - hostPath:
      path: /etc/kubernetes/pki
      type: DirectoryOrCreate
    name: k8s-certs
  - hostPath:
      path: /usr/local/share/ca-certificates
      type: DirectoryOrCreate
    name: usr-local-share-ca-certificates
  - hostPath:
      path: /usr/share/ca-certificates
      type: DirectoryOrCreate
    name: usr-share-ca-certificates
 status: {}
	apiVersion: v1
	kind: Pod
	metadata:
	annotations:
	kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 10.92.172.229:6443
	creationTimestamp: null
	labels:
	component: kube-apiserver
	tier: control-plane
	name: kube-apiserver
	namespace: kube-system
	spec:
	containers:
	- command:
	- kube-apiserver
	- --admission-control-config-file=/etc/kubernetes/admission-control-config.yaml
	- --advertise-address=10.92.172.229
	- --allow-privileged=true
	- --audit-log-maxage=30
	- --audit-log-maxbackup=10
	- --audit-log-maxsize=100
	- --audit-log-path=/var/log/kubernetes/audit.log
	- --audit-policy-file=/etc/kubernetes/audit-policy.yaml
	- --authorization-mode=Node,RBAC
	- --client-ca-file=/etc/kubernetes/pki/ca.crt
	- --cloud-provider=external
	- --enable-admission-plugins=NodeRestriction
	- --enable-bootstrap-token-auth=true
	- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
	- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
	- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
	- --etcd-servers=https://127.0.0.1:2379
	- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
	- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
	- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
	- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
	- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
	- --requestheader-allowed-names=front-proxy-client
	- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
	- --requestheader-extra-headers-prefix=X-Remote-Extra-
	- --requestheader-group-headers=X-Remote-Group
	- --requestheader-username-headers=X-Remote-User
	- --secure-port=6443
	- --service-account-issuer=https://kubernetes.default.svc.cluster.local
	- --service-account-key-file=/etc/kubernetes/pki/sa.pub
	- --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
	- --service-cluster-ip-range=100.64.0.0/13
	- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
	- --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
	- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
	image: projects.registry.vmware.com/tkg/kube-apiserver:v1.25.7_vmware.2
	imagePullPolicy: IfNotPresent
	livenessProbe:
	failureThreshold: 8
	httpGet:
	host: 10.92.172.229
	path: /livez
	port: 6443
	scheme: HTTPS
	initialDelaySeconds: 10
	periodSeconds: 10
	timeoutSeconds: 15
	name: kube-apiserver
	readinessProbe:
	failureThreshold: 3
	httpGet:
	host: 10.92.172.229
	path: /readyz
	port: 6443
	scheme: HTTPS
	periodSeconds: 1
	timeoutSeconds: 15
	resources:
	requests:
	cpu: 250m
	startupProbe:
	failureThreshold: 48
	httpGet:
	host: 10.92.172.229
	path: /livez
	port: 6443
	scheme: HTTPS
	initialDelaySeconds: 10
	periodSeconds: 10
	timeoutSeconds: 15
	volumeMounts:
	- mountPath: /etc/kubernetes/admission-control-config.yaml
	name: admin-control-conf
	readOnly: true
	- mountPath: /var/log/kubernetes
	name: audit-logs
	- mountPath: /etc/kubernetes/audit-policy.yaml
	name: audit-policy
	- mountPath: /etc/ssl/certs
	name: ca-certs
	readOnly: true
	- mountPath: /etc/ca-certificates
	name: etc-ca-certificates
	readOnly: true
	- mountPath: /etc/kubernetes/pki
	name: k8s-certs
	readOnly: true
	- mountPath: /usr/local/share/ca-certificates
	name: usr-local-share-ca-certificates
	readOnly: true
	- mountPath: /usr/share/ca-certificates
	name: usr-share-ca-certificates
	readOnly: true
	hostNetwork: true
	priorityClassName: system-node-critical
	securityContext:
	seccompProfile:
	type: RuntimeDefault
	volumes:
	- hostPath:
	path: /etc/kubernetes/admission-control-config.yaml
	type: File
	name: admin-control-conf
	- hostPath:
	path: /var/log/kubernetes
	type: ""
	name: audit-logs
	- hostPath:
	path: /etc/kubernetes/audit-policy.yaml
	type: ""
	name: audit-policy
	- hostPath:
	path: /etc/ssl/certs
	type: DirectoryOrCreate
	name: ca-certs
	- hostPath:
	path: /etc/ca-certificates
	type: DirectoryOrCreate
	name: etc-ca-certificates
	- hostPath:
	path: /etc/kubernetes/pki
	type: DirectoryOrCreate
	name: k8s-certs
	- hostPath:
	path: /usr/local/share/ca-certificates
	type: DirectoryOrCreate
	name: usr-local-share-ca-certificates
	- hostPath:
	path: /usr/share/ca-certificates
	type: DirectoryOrCreate
	name: usr-share-ca-certificates
	status: {}