Skip to content

Instantly share code, notes, and snippets.

@yuanying

yuanying/10-kubeadm.conf

Last active June 1, 2017 05:39
Show Gist options
  • Save yuanying/0908bd4aed765fc0eafa316f5c184990 to your computer and use it in GitHub Desktop.
Save yuanying/0908bd4aed765fc0eafa316f5c184990 to your computer and use it in GitHub Desktop.
Download ZIP
kubeadm research v1.6.4
Raw
10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true"
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_EXTRA_ARGS
Raw
admin.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 164904778220323487 (0x249dc05a796429f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:36 2018 GMT
Subject: O=system:masters, CN=kubernetes-admin
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b5:de:aa:ed:df:ae:05:ed:e4:9c:d7:4b:87:d6:
2f:8b:94:1f:28:16:a4:f9:4b:64:6f:7c:11:ce:e7:
ba:75:57:64:e3:77:be:c3:a6:06:49:43:87:39:b9:
cd:1a:c2:6d:39:e4:38:bf:33:48:5c:3c:c2:bc:2c:
79:12:d9:9c:33:20:9d:06:f6:4d:d8:ca:f5:4a:2a:
46:07:9a:17:69:62:e6:a8:00:b3:a9:8f:e0:84:51:
54:d0:25:ea:2e:96:65:82:44:ef:c4:3e:c5:1d:ae:
c4:48:9b:48:43:fc:ec:ce:db:94:cb:f0:5d:a0:d9:
3e:00:41:b9:0d:3c:a5:80:8b:1a:46:9f:5e:f1:0a:
2f:f2:85:34:e1:bf:84:37:34:65:a4:36:19:9c:f2:
d3:1f:b3:42:0e:27:a0:8a:c6:70:d9:45:9a:83:da:
c6:1b:d9:db:f8:7c:08:a2:6d:4b:f4:f8:e1:34:cb:
b9:b4:12:c4:0a:90:0d:13:9b:a5:43:16:a1:6b:fe:
de:3c:de:03:d8:5c:c2:b7:fe:da:15:a5:9a:6a:d2:
74:99:ac:32:50:b3:4c:81:a5:25:cb:9b:e0:38:ad:
05:ff:58:cc:b1:11:9a:db:bc:52:72:05:ed:ab:47:
ae:2c:1d:0d:fb:75:e3:ca:12:7e:f5:50:1f:6f:7b:
f0:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
23:79:cb:41:cb:78:b3:cf:89:60:51:88:fa:95:a3:67:2c:74:
c8:8a:6a:a6:3a:88:5d:9e:2a:f1:7a:be:13:ab:7a:68:34:d7:
95:bd:3b:e6:fd:c5:79:de:b0:d5:5a:1c:ec:e8:95:dd:16:fd:
fc:78:95:af:8c:14:1d:15:ee:69:db:53:7a:aa:e9:e5:0e:71:
e1:e0:d0:8f:35:1e:30:fb:51:fd:bd:e4:20:e4:90:79:e4:d8:
cb:f6:dd:83:61:da:28:4f:c2:10:6e:2e:74:be:47:ae:0b:a8:
46:fc:13:25:a8:f0:12:fa:69:7a:03:70:63:18:17:85:25:ba:
22:22:a0:e7:25:7d:c7:a6:76:f3:06:0a:0f:99:98:73:4d:a6:
43:af:48:b6:9e:a0:dc:90:5f:26:69:9b:fd:55:2f:e3:b2:7b:
fa:03:c2:07:f4:2d:66:06:a8:7b:10:f2:36:36:e0:01:ec:3a:
95:3d:97:f3:28:62:75:d9:91:b1:8f:7f:90:85:f2:df:72:5d:
07:18:0a:b1:5b:77:12:c3:b9:bc:12:ff:e6:18:0d:10:b7:50:
26:da:1e:42:13:4f:b6:9c:88:f0:c9:e0:32:a6:90:1e:e9:02:
d1:e3:2f:38:2b:39:8d:fd:c0:c6:b7:1f:f4:85:0d:8b:fb:c7:
e4:ae:fb:b1
-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIIAkncBaeWQp8wDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzZaMDQx
FzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMRkwFwYDVQQDExBrdWJlcm5ldGVzLWFk
bWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtd6q7d+uBe3knNdL
h9Yvi5QfKBak+Utkb3wRzue6dVdk43e+w6YGSUOHObnNGsJtOeQ4vzNIXDzCvCx5
EtmcMyCdBvZN2Mr1SipGB5oXaWLmqACzqY/ghFFU0CXqLpZlgkTvxD7FHa7ESJtI
Q/zsztuUy/BdoNk+AEG5DTylgIsaRp9e8Qov8oU04b+ENzRlpDYZnPLTH7NCDieg
isZw2UWag9rGG9nb+HwIom1L9PjhNMu5tBLECpANE5ulQxaha/7ePN4D2FzCt/7a
FaWaatJ0mawyULNMgaUly5vgOK0F/1jMsRGa27xScgXtq0euLB0N+3XjyhJ+9VAf
b3vw8QIDAQABoycwJTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwDQYJKoZIhvcNAQELBQADggEBACN5y0HLeLPPiWBRiPqVo2csdMiKaqY6iF2e
KvF6vhOremg015W9O+b9xXnesNVaHOzold0W/fx4la+MFB0V7mnbU3qq6eUOceHg
0I81HjD7Uf295CDkkHnk2Mv23YNh2ihPwhBuLnS+R64LqEb8EyWo8BL6aXoDcGMY
F4UluiIioOclfcemdvMGCg+ZmHNNpkOvSLaeoNyQXyZpm/1VL+Oye/oDwgf0LWYG
qHsQ8jY24AHsOpU9l/MoYnXZkbGPf5CF8t9yXQcYCrFbdxLDubwS/+YYDRC3UCba
HkITT7aciPDJ4DKmkB7pAtHjLzgrOY39wMa3H/SFDYv7x+Su+7E=
-----END CERTIFICATE-----
Raw
apiserver-kubelet-client.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7422818211387097905 (0x670325d5e2074331)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:35 2018 GMT
Subject: O=system:masters, CN=kube-apiserver-kubelet-client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:27:c9:11:25:17:df:22:3a:a0:61:4e:56:b6:
7b:c5:5e:b2:10:37:15:a7:5c:13:9d:1d:9b:91:eb:
1b:fd:66:05:ce:bc:d8:7a:c4:4e:75:89:b5:7e:7e:
e7:a4:42:26:ed:54:2e:2e:10:e1:b3:e5:2a:76:73:
36:86:a8:0b:54:b0:f6:11:18:e8:30:77:d6:cf:07:
a7:6a:e0:a3:22:c7:50:d9:ba:e4:5d:31:8f:d8:28:
eb:7d:d0:38:00:49:fd:c5:d7:4a:80:12:d4:42:81:
e7:25:73:32:74:60:56:27:7f:85:4b:e8:b3:03:94:
a1:f1:ca:5a:87:a8:81:65:d7:5d:55:56:0f:63:74:
ba:e9:0d:ca:6f:5e:60:d9:bc:ed:15:88:7d:15:54:
5c:90:12:f9:fc:fc:97:7a:5f:9e:43:49:fd:99:cf:
ea:61:68:df:f4:b0:20:75:0a:cc:ac:f6:e8:39:fc:
f7:7f:bc:db:eb:eb:8c:c9:0a:b6:be:1c:08:a1:75:
3a:00:fb:7a:dc:a5:11:07:97:2b:a1:a1:bc:2a:83:
13:3e:14:91:0f:b4:69:c7:6f:2d:9f:8e:a1:25:a3:
75:57:85:8d:47:31:03:f6:1a:2a:10:c5:45:32:c9:
e7:e7:ca:98:4e:04:a1:b9:47:e6:ad:ba:31:01:a2:
2a:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
10:dd:57:49:ed:d7:94:66:6d:59:c0:f2:41:be:fe:45:8c:f5:
45:c4:84:9e:11:0c:de:c9:fb:3f:7b:71:45:bf:f0:eb:23:cd:
75:ce:16:bc:da:0d:0b:cb:fa:34:b9:a3:97:e3:78:48:ad:7f:
e9:c7:4c:fe:3e:7c:d6:b1:e9:99:1e:2a:7f:2a:83:6d:16:d3:
09:fa:57:4a:41:f5:e4:45:75:5e:77:e7:c7:28:f2:aa:48:d6:
5b:0b:13:ab:fd:8d:93:e0:02:6e:98:b0:a3:85:b9:41:1a:6f:
b3:6d:e7:71:67:55:c0:ae:22:37:d8:b5:90:98:1f:5a:77:bf:
47:80:ae:03:ed:8a:9d:3a:46:7e:ce:e8:f5:94:4a:44:ae:bc:
33:dc:38:50:4b:87:e0:8d:9a:83:d4:71:d8:ff:6f:42:ed:7f:
b4:14:7a:7d:3d:44:42:78:73:42:13:17:b5:49:d2:c0:3f:36:
49:7c:a2:88:07:35:a4:f3:07:06:6f:6d:81:44:d1:e4:8f:19:
c1:f8:28:a0:41:cb:74:2a:5b:8f:cd:58:9d:7b:6b:04:11:14:
4f:44:98:f8:11:fc:37:90:ff:8b:cd:ab:59:c1:03:18:dd:ee:
15:0f:ff:87:f9:b3:62:df:9c:44:02:cc:ce:07:c5:86:3f:8a:
71:9e:ba:34
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIIZwMl1eIHQzEwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzVaMEEx
FzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMSYwJAYDVQQDEx1rdWJlLWFwaXNlcnZl
ci1rdWJlbGV0LWNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANUnyRElF98iOqBhTla2e8VeshA3FadcE50dm5HrG/1mBc682HrETnWJtX5+56RC
Ju1ULi4Q4bPlKnZzNoaoC1Sw9hEY6DB31s8Hp2rgoyLHUNm65F0xj9go633QOABJ
/cXXSoAS1EKB5yVzMnRgVid/hUvoswOUofHKWoeogWXXXVVWD2N0uukNym9eYNm8
7RWIfRVUXJAS+fz8l3pfnkNJ/ZnP6mFo3/SwIHUKzKz26Dn893+82+vrjMkKtr4c
CKF1OgD7etylEQeXK6GhvCqDEz4UkQ+0acdvLZ+OoSWjdVeFjUcxA/YaKhDFRTLJ
5+fKmE4EoblH5q26MQGiKn8CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgWgMBMGA1Ud
JQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAQ3VdJ7deUZm1ZwPJB
vv5FjPVFxISeEQzeyfs/e3FFv/DrI811zha82g0Ly/o0uaOX43hIrX/px0z+PnzW
semZHip/KoNtFtMJ+ldKQfXkRXVed+fHKPKqSNZbCxOr/Y2T4AJumLCjhblBGm+z
bedxZ1XAriI32LWQmB9ad79HgK4D7YqdOkZ+zuj1lEpErrwz3DhQS4fgjZqD1HHY
/29C7X+0FHp9PURCeHNCExe1SdLAPzZJfKKIBzWk8wcGb22BRNHkjxnB+CigQct0
KluPzVide2sEERRPRJj4Efw3kP+LzatZwQMY3e4VD/+H+bNi35xEAszOB8WGP4px
nro0
-----END CERTIFICATE-----
Raw
apiserver.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3753725781124257026 (0x3417e9b5b8231502)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:35 2018 GMT
Subject: CN=kube-apiserver
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:83:33:72:cc:e8:c1:73:94:58:26:f1:91:00:
02:03:34:5c:a8:61:85:8c:09:9e:d0:8d:dd:e3:84:
e6:ff:70:2a:1c:37:3a:12:a2:46:72:71:4d:32:9a:
3f:c1:77:f2:5e:50:f7:46:82:51:5b:59:fa:3e:85:
19:04:08:f1:34:30:97:22:5b:2e:9a:56:4a:40:71:
0f:f6:7d:d1:6b:0c:b1:39:01:4d:b9:9f:e5:99:5f:
ca:38:d4:56:6b:85:45:d0:e5:f2:48:54:90:65:36:
cc:4f:3f:a2:56:0d:03:09:71:d9:34:78:7a:2e:32:
e0:24:7d:9e:29:95:e3:82:e1:ec:76:aa:5f:d5:c8:
a5:1e:f0:c3:8b:08:b0:b3:b2:c0:c3:bb:80:d7:26:
a1:97:0f:62:78:78:db:e1:d7:3a:4e:c0:f6:c9:e2:
97:37:3d:12:78:31:27:c6:0c:33:b2:b3:58:7f:b2:
31:fc:c4:c8:c1:7c:95:5d:e7:b3:39:fd:bf:a9:70:
03:2b:18:4f:d1:2e:fc:19:c1:ee:b0:c8:23:3f:11:
ae:9f:db:0a:4d:37:da:b2:56:04:1e:f6:9f:dd:3f:
35:a2:c4:8d:2b:3b:0e:ae:0b:36:d0:c0:8d:85:29:
30:6c:ff:5e:b3:9f:f8:4e:35:fa:ed:64:7a:34:07:
c1:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:master01, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:10.96.0.1, IP Address:192.168.204.111
Signature Algorithm: sha256WithRSAEncryption
b4:6e:6b:e2:38:2d:3d:e7:2b:86:8e:fa:7a:87:07:0f:3b:b6:
d5:78:51:eb:f1:82:c2:57:82:79:bc:ec:d8:c8:86:ac:1d:11:
37:49:37:82:a4:0c:99:38:6d:54:c0:73:18:f5:4e:af:cd:80:
a3:4c:4c:3f:67:29:99:13:15:ac:49:6b:9d:b4:5b:e7:4d:b5:
1e:8d:9e:b2:f1:9b:70:d1:aa:d4:df:aa:a3:4f:e2:9a:9d:ec:
e5:59:49:43:54:aa:30:3c:58:3b:3f:38:0b:b0:dc:42:ee:ab:
55:e0:8b:cd:39:de:91:55:4f:1f:d8:05:77:f5:1a:55:a3:57:
59:e9:25:1e:98:0b:67:f1:bd:ee:3c:05:61:8b:b1:dd:c2:cd:
c5:cc:0d:8b:3f:09:7c:1b:bf:39:53:af:55:e4:c0:b5:1c:4a:
a8:3f:b8:59:75:ec:d4:42:55:12:b1:2d:45:11:62:2e:25:01:
39:cc:77:e2:98:b9:35:d6:2b:04:18:b5:89:a1:96:ee:c3:57:
ef:b2:e7:12:31:24:18:d1:50:8f:db:03:14:85:15:77:f4:bb:
c4:e9:8e:14:77:50:18:75:47:ec:d2:03:ba:dc:7d:7a:e4:bc:
39:5f:0a:96:b1:ea:9a:02:4f:87:e8:d8:85:0d:73:1b:14:ae:
7d:3f:b4:e4
-----BEGIN CERTIFICATE-----
MIIDWDCCAkCgAwIBAgIINBfptbgjFQIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzVaMBkx
FzAVBgNVBAMTDmt1YmUtYXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2YMzcszowXOUWCbxkQACAzRcqGGFjAme0I3d44Tm/3AqHDc6EqJG
cnFNMpo/wXfyXlD3RoJRW1n6PoUZBAjxNDCXIlsumlZKQHEP9n3RawyxOQFNuZ/l
mV/KONRWa4VF0OXySFSQZTbMTz+iVg0DCXHZNHh6LjLgJH2eKZXjguHsdqpf1cil
HvDDiwiws7LAw7uA1yahlw9ieHjb4dc6TsD2yeKXNz0SeDEnxgwzsrNYf7Ix/MTI
wXyVXeezOf2/qXADKxhP0S78GcHusMgjPxGun9sKTTfaslYEHvaf3T81osSNKzsO
rgs20MCNhSkwbP9es5/4TjX67WR6NAfBYwIDAQABo4GnMIGkMA4GA1UdDwEB/wQE
AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATB9BgNVHREEdjB0gghtYXN0ZXIwMYIK
a3ViZXJuZXRlc4ISa3ViZXJuZXRlcy5kZWZhdWx0ghZrdWJlcm5ldGVzLmRlZmF1
bHQuc3ZjgiRrdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWyHBApg
AAGHBMCozG8wDQYJKoZIhvcNAQELBQADggEBALRua+I4LT3nK4aO+nqHBw87ttV4
UevxgsJXgnm87NjIhqwdETdJN4KkDJk4bVTAcxj1Tq/NgKNMTD9nKZkTFaxJa520
W+dNtR6NnrLxm3DRqtTfqqNP4pqd7OVZSUNUqjA8WDs/OAuw3ELuq1Xgi8053pFV
Tx/YBXf1GlWjV1npJR6YC2fxve48BWGLsd3CzcXMDYs/CXwbvzlTr1XkwLUcSqg/
uFl17NRCVRKxLUURYi4lATnMd+KYuTXWKwQYtYmhlu7DV++y5xIxJBjRUI/bAxSF
FXf0u8TpjhR3UBh1R+zSA7rcfXrkvDlfCpax6poCT4fo2IUNcxsUrn0/tOQ=
-----END CERTIFICATE-----
Raw
ca.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 27 03:07:35 2027 GMT
Subject: CN=kubernetes
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dc:86:f6:e2:cb:ec:ad:da:38:29:3b:16:95:27:
8b:32:1d:7d:c1:3b:6d:e3:b1:18:37:9a:8f:c0:2b:
7c:5c:a7:db:d2:74:c0:62:37:cf:9a:f9:29:90:db:
c7:b2:1c:bd:5b:b0:09:20:cd:13:0c:75:ad:70:b4:
9a:be:7a:37:72:87:95:40:7c:7a:ee:31:02:a5:a1:
ab:30:1e:d0:3a:6b:a6:a8:2e:77:40:a3:36:9c:81:
ff:9c:e5:ca:ed:00:03:36:9d:7f:da:62:79:46:03:
10:2b:ef:73:09:7f:4b:88:52:8d:c2:27:58:b4:77:
c2:d3:d0:9a:e2:18:5a:f2:1b:84:cd:87:c3:8f:f2:
aa:f9:02:31:d6:b8:88:bf:a6:ba:e1:7f:86:8c:08:
59:6c:6a:75:80:59:fc:e7:57:71:ec:b6:45:df:f2:
3d:62:40:dd:3a:6a:a1:74:5f:78:ca:8a:52:dc:8d:
ac:3a:82:5d:c5:6b:60:3f:9c:0d:97:d6:21:5b:db:
b8:8b:61:c7:b6:0c:80:36:dc:38:3e:41:28:45:74:
8f:d9:77:e0:42:3d:44:96:62:74:c1:f5:59:e9:6c:
3e:c3:06:ed:10:dc:a4:98:b8:6c:64:53:72:d0:77:
8c:77:e2:df:c5:18:1f:52:9a:b1:e7:5c:be:90:06:
a7:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
96:0c:34:4c:c5:ed:15:67:ba:65:1b:6e:38:1b:d1:2d:4d:ee:
d4:53:b3:6a:66:b5:25:1d:80:3b:9f:09:35:5e:7f:45:ea:5e:
aa:33:84:90:16:2f:ee:50:cf:5a:a3:d4:5d:fa:d0:58:7c:aa:
10:5d:53:c6:2c:ae:97:f6:d7:fe:3b:9a:18:9d:29:5c:0c:de:
82:89:7e:82:48:e9:18:f2:3b:14:82:2c:67:8e:90:d2:9b:92:
f2:9c:73:9d:ef:f0:d3:1a:52:af:04:f4:16:39:44:f2:38:df:
30:0c:e0:da:78:46:87:3e:f9:aa:78:d7:0c:54:a0:ea:78:12:
ee:e5:57:a1:61:43:8d:24:96:78:cd:25:48:10:42:af:cd:c8:
74:d5:69:09:bc:07:2e:ac:ec:f2:3e:82:9d:44:83:ed:e9:f3:
43:1b:9a:d6:f0:4b:c4:81:36:b7:c6:ed:ac:fe:2f:d5:f9:32:
e8:ca:5c:d3:66:93:5a:eb:8b:c4:f7:49:29:7d:ff:7c:38:ae:
8f:25:40:40:15:c2:36:4e:2b:f4:52:91:72:b6:28:89:c3:ee:
03:f6:48:1b:0b:fa:78:8d:46:09:06:b1:8a:da:af:85:a5:80:
53:5f:c7:0e:7b:42:b2:d3:1b:06:fd:4e:e2:66:33:5d:fd:4a:
41:5a:2a:42
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTE3MDUyOTAzMDczNVoXDTI3MDUyNzAzMDczNVowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyG
9uLL7K3aOCk7FpUnizIdfcE7beOxGDeaj8ArfFyn29J0wGI3z5r5KZDbx7IcvVuw
CSDNEwx1rXC0mr56N3KHlUB8eu4xAqWhqzAe0Dprpqgud0CjNpyB/5zlyu0AAzad
f9pieUYDECvvcwl/S4hSjcInWLR3wtPQmuIYWvIbhM2Hw4/yqvkCMda4iL+muuF/
howIWWxqdYBZ/OdXcey2Rd/yPWJA3TpqoXRfeMqKUtyNrDqCXcVrYD+cDZfWIVvb
uIthx7YMgDbcOD5BKEV0j9l34EI9RJZidMH1WelsPsMG7RDcpJi4bGRTctB3jHfi
38UYH1KasedcvpAGp5UCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJYMNEzF7RVnumUbbjgb0S1N7tRT
s2pmtSUdgDufCTVef0XqXqozhJAWL+5Qz1qj1F360Fh8qhBdU8Ysrpf21/47mhid
KVwM3oKJfoJI6RjyOxSCLGeOkNKbkvKcc53v8NMaUq8E9BY5RPI43zAM4Np4Roc+
+ap41wxUoOp4Eu7lV6FhQ40klnjNJUgQQq/NyHTVaQm8By6s7PI+gp1Eg+3p80Mb
mtbwS8SBNrfG7az+L9X5MujKXNNmk1rri8T3SSl9/3w4ro8lQEAVwjZOK/RSkXK2
KInD7gP2SBsL+niNRgkGsYrar4WlgFNfxw57QrLTGwb9TuJmM139SkFaKkI=
-----END CERTIFICATE-----
Raw
controller-manager.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7704741511743211672 (0x6aecbd955da90898)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:37 2018 GMT
Subject: CN=system:kube-controller-manager
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:a7:1a:65:dc:3d:00:5f:bb:e1:7d:bf:44:7a:
6c:f2:fb:4c:f1:62:99:1b:e7:e4:01:47:cc:12:0f:
84:5c:6c:d4:e2:a0:45:90:1a:15:95:92:ee:22:40:
5e:46:7e:d9:dd:de:55:df:8a:50:6c:2d:a0:2d:e9:
4f:cf:ee:0c:5d:50:37:b0:18:37:23:c2:a2:ff:90:
36:46:16:68:c4:a2:03:1a:46:52:a6:aa:cc:b4:c8:
1e:f3:54:17:9d:9a:b6:21:60:4e:f3:b5:44:5c:91:
1b:bf:51:04:a8:ad:96:d4:ba:95:33:0b:f9:16:05:
8d:95:c3:cf:95:db:e0:0d:64:5b:b3:eb:18:2e:fb:
75:15:1b:92:27:a4:82:1b:54:fe:e7:59:55:7e:58:
d7:ae:76:71:2a:40:90:37:29:fa:57:35:44:e7:0a:
de:81:7d:3c:ba:2c:f3:e1:08:3c:7a:0d:d1:1f:a8:
88:98:10:25:3e:c6:33:a4:f4:a2:06:8e:df:a8:38:
21:55:9b:a2:cb:f0:00:42:7e:69:14:3d:6c:69:12:
1d:e6:21:55:46:f7:68:e5:13:22:6e:ce:13:53:21:
25:61:e9:5b:a5:e5:c0:83:c9:4f:58:bd:10:40:c0:
09:0d:b8:d8:c7:29:54:77:56:06:d3:43:35:1a:a0:
bd:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
c0:8b:67:fd:d2:b3:40:d2:a5:ec:f0:79:26:9b:cb:74:73:74:
ed:73:eb:75:d9:59:a9:9f:05:e5:32:c5:8b:6f:25:d3:eb:fb:
f3:fa:e2:36:8c:a4:ac:f5:5e:8a:ac:d2:19:48:b8:2b:e2:15:
2c:26:40:e8:99:78:77:97:d4:9f:78:3a:e2:cc:e4:35:7d:d5:
0f:65:0e:77:5e:3c:a2:f6:ce:52:d5:8f:bf:a4:e6:cc:9a:8b:
7c:18:c1:02:35:4a:70:12:78:73:6c:fc:cb:1b:a5:43:75:5d:
67:e5:b9:7b:3b:2c:45:0b:41:90:e1:e0:1b:75:ae:4b:a5:2f:
05:2f:62:c9:6d:74:e2:2b:63:5b:69:03:06:93:77:03:9f:ea:
a2:f0:0c:f4:43:f1:bc:96:fc:de:5c:00:38:9b:b0:4f:a4:be:
e9:87:4c:d4:f8:3f:f3:2b:60:df:3c:d6:99:c3:79:4b:49:9f:
8e:9e:52:e9:68:31:5a:3b:5b:f0:f8:4b:14:f8:58:81:26:1e:
bc:d0:ec:9b:43:05:bc:f9:6f:fe:47:e2:1c:c4:54:0c:6a:e6:
a4:b7:e5:61:4b:6a:17:89:0e:ab:1b:3e:7c:a7:c8:1d:2a:94:
b5:c0:e0:bd:30:17:14:df:00:07:df:b8:94:3b:44:ae:b5:51:
aa:14:9c:02
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIIauy9lV2pCJgwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzdaMCkx
JzAlBgNVBAMTHnN5c3RlbTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6nGmXcPQBfu+F9v0R6bPL7TPFimRvn
5AFHzBIPhFxs1OKgRZAaFZWS7iJAXkZ+2d3eVd+KUGwtoC3pT8/uDF1QN7AYNyPC
ov+QNkYWaMSiAxpGUqaqzLTIHvNUF52atiFgTvO1RFyRG79RBKitltS6lTML+RYF
jZXDz5Xb4A1kW7PrGC77dRUbkiekghtU/udZVX5Y1652cSpAkDcp+lc1ROcK3oF9
PLos8+EIPHoN0R+oiJgQJT7GM6T0ogaO36g4IVWbosvwAEJ+aRQ9bGkSHeYhVUb3
aOUTIm7OE1MhJWHpW6XlwIPJT1i9EEDACQ242McpVHdWBtNDNRqgvTkCAwEAAaMn
MCUwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3
DQEBCwUAA4IBAQDAi2f90rNA0qXs8Hkmm8t0c3Ttc+t12VmpnwXlMsWLbyXT6/vz
+uI2jKSs9V6KrNIZSLgr4hUsJkDomXh3l9SfeDrizOQ1fdUPZQ53Xjyi9s5S1Y+/
pObMmot8GMECNUpwEnhzbPzLG6VDdV1n5bl7OyxFC0GQ4eAbda5LpS8FL2LJbXTi
K2NbaQMGk3cDn+qi8Az0Q/G8lvzeXAA4m7BPpL7ph0zU+D/zK2DfPNaZw3lLSZ+O
nlLpaDFaO1vw+EsU+FiBJh680OybQwW8+W/+R+IcxFQMauakt+VhS2oXiQ6rGz58
p8gdKpS1wOC9MBcU3wAH37iUO0SutVGqFJwC
-----END CERTIFICATE-----
Raw
front-proxy-ca.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 27 03:07:35 2027 GMT
Subject: CN=kubernetes
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:9b:ae:d2:07:ef:c5:21:87:ba:1e:9e:c4:2c:
20:fe:fa:51:a0:e7:4b:ec:fc:db:32:74:58:ea:b6:
5a:59:98:b0:f7:be:38:3d:a4:ec:04:82:0d:cb:76:
5c:40:d9:a5:e7:43:d2:73:5e:82:48:19:c1:16:cc:
70:83:2b:41:d5:c6:7e:df:8b:9f:99:cb:06:f0:dc:
74:ce:25:cb:97:cf:53:df:7b:87:4d:09:eb:ce:be:
76:5f:9c:ee:91:8e:b2:7e:d3:4d:4d:18:0f:87:54:
27:5f:b8:5d:3e:62:cf:52:be:82:86:71:b8:8c:1f:
b9:b5:a2:fb:15:3a:cd:94:94:b8:d6:09:97:07:4e:
52:0d:29:c7:1c:8a:e8:05:33:52:18:f8:32:52:72:
11:6a:4c:16:61:ff:55:52:c5:2e:f5:5f:59:8b:e5:
7c:62:52:b8:12:f7:f3:6c:46:be:4b:70:c2:3c:64:
d5:1f:00:80:a1:d2:04:96:96:27:90:67:f3:da:0a:
bf:bc:04:44:15:1a:1a:34:6b:2d:27:60:25:8b:29:
03:b0:e6:d3:db:6f:48:1e:58:a2:86:a7:92:66:3a:
b2:35:a7:cf:79:5f:d3:2c:64:05:41:37:51:69:eb:
6b:59:25:be:29:6b:1e:19:65:cc:53:8f:71:b5:fe:
d3:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
92:ce:6b:34:d4:78:93:16:08:d8:3c:78:ed:7a:7e:6f:8c:0b:
20:04:a4:e5:d4:cd:c6:d2:9b:83:9e:63:f1:30:04:e3:c9:db:
89:c7:b8:c5:69:e1:1a:d1:2a:a9:ce:58:8c:c3:58:75:34:e2:
ab:da:88:0a:1c:26:e2:72:7a:06:b9:a3:5f:04:fa:f0:ae:3b:
a2:22:8f:a7:77:ad:37:fb:73:1d:cf:cc:93:4a:be:0f:fd:4f:
fb:fb:22:f4:5d:b8:36:c5:7a:1f:24:51:e7:37:81:a0:cd:44:
6d:7c:58:66:36:be:05:9a:67:d4:55:c2:32:4a:b2:f5:94:d4:
1e:69:84:1b:26:c3:30:a3:f6:0b:41:dc:19:85:eb:48:e2:26:
6d:4d:16:ab:e2:98:77:a6:dd:98:e3:16:2c:75:04:0e:2a:46:
64:8d:8a:dd:3b:90:fc:c1:ff:31:ac:ef:8c:df:e2:93:c5:5a:
32:b5:02:b8:49:96:d7:b3:65:78:92:ae:25:64:b4:81:db:96:
eb:9c:4f:74:fb:12:63:3d:4c:16:f4:a5:47:df:15:0f:d0:ad:
ab:0a:bb:41:65:f8:29:65:39:ed:0d:f0:14:ed:cc:ed:e7:a8:
83:d8:f6:03:5d:dd:75:69:3f:07:42:cb:7f:d9:ab:43:cc:c2:
7b:db:85:1b
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTE3MDUyOTAzMDczNVoXDTI3MDUyNzAzMDczNVowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALab
rtIH78Uhh7oensQsIP76UaDnS+z82zJ0WOq2WlmYsPe+OD2k7ASCDct2XEDZpedD
0nNegkgZwRbMcIMrQdXGft+Ln5nLBvDcdM4ly5fPU997h00J686+dl+c7pGOsn7T
TU0YD4dUJ1+4XT5iz1K+goZxuIwfubWi+xU6zZSUuNYJlwdOUg0pxxyK6AUzUhj4
MlJyEWpMFmH/VVLFLvVfWYvlfGJSuBL382xGvktwwjxk1R8AgKHSBJaWJ5Bn89oK
v7wERBUaGjRrLSdgJYspA7Dm09tvSB5YooankmY6sjWnz3lf0yxkBUE3UWnra1kl
vilrHhllzFOPcbX+00sCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJLOazTUeJMWCNg8eO16fm+MCyAE
pOXUzcbSm4OeY/EwBOPJ24nHuMVp4RrRKqnOWIzDWHU04qvaiAocJuJyega5o18E
+vCuO6Iij6d3rTf7cx3PzJNKvg/9T/v7IvRduDbFeh8kUec3gaDNRG18WGY2vgWa
Z9RVwjJKsvWU1B5phBsmwzCj9gtB3BmF60jiJm1NFqvimHem3ZjjFix1BA4qRmSN
it07kPzB/zGs74zf4pPFWjK1ArhJltezZXiSriVktIHbluucT3T7EmM9TBb0pUff
FQ/QrasKu0Fl+CllOe0N8BTtzO3nqIPY9gNd3XVpPwdCy3/Zq0PMwnvbhRs=
-----END CERTIFICATE-----
Raw
front-proxy-client.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5611793280337734684 (0x4de1184183746c1c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:36 2018 GMT
Subject: CN=front-proxy-client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ba:ee:cc:78:b0:6d:1d:46:c6:77:25:74:84:49:
d2:3f:7d:78:60:2a:58:42:4d:f0:e4:5e:a2:6a:b5:
87:54:56:6f:5d:ea:72:83:e0:da:fb:f2:ad:30:2f:
14:6e:73:87:39:d0:31:db:47:3c:f2:6c:c2:41:ff:
28:62:ad:99:fd:e4:10:10:ae:ec:5d:15:a1:b6:69:
6e:42:fb:66:96:35:2a:5f:d6:e4:d2:17:a1:31:2e:
31:a7:8e:49:6c:8f:40:2e:93:42:e0:c2:ec:b0:58:
0d:34:51:14:39:1d:89:ab:75:94:fd:38:2a:62:4c:
0b:45:85:8a:90:13:af:4a:31:4f:e3:d5:84:e7:aa:
df:89:86:80:c0:09:30:7b:db:cc:09:10:bd:fc:b6:
2a:fd:c3:f4:e2:8a:a0:ad:aa:32:87:4e:fd:71:d0:
8d:13:56:ce:f6:25:4d:87:d5:c6:22:35:07:5f:4f:
c1:b1:12:e5:4e:03:32:7a:eb:83:f3:4d:7a:15:cc:
0c:74:ad:52:a6:7e:9e:43:e4:1d:e7:5c:6d:ae:83:
43:2f:7a:1a:68:c6:05:68:20:da:07:e1:9f:5e:ec:
f9:39:6e:ac:e8:83:84:64:00:1d:d3:49:26:45:72:
96:d3:56:88:df:7b:93:5c:c2:5e:5e:55:4e:7e:32:
49:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
3e:70:c9:f0:3b:49:88:7f:f1:9b:15:94:30:a9:c9:eb:f6:36:
a5:c7:f0:dd:7d:78:92:4f:4e:d5:1c:69:bc:3f:e9:ab:0a:f4:
68:85:18:19:1b:4f:d7:e2:a6:04:17:c8:67:c8:d7:2b:a7:b4:
be:00:ff:08:b5:9b:f4:4a:d5:35:67:06:1c:3a:a0:e2:6e:49:
cf:b5:a7:aa:e5:db:0e:96:33:59:b1:c7:5b:73:87:8c:06:0b:
4d:74:84:65:81:88:14:32:6a:f3:3d:94:55:ef:d0:15:24:ba:
52:65:7b:70:d5:86:ed:d6:a8:58:7c:99:79:d5:50:48:2c:ad:
49:5a:f9:c7:9f:17:4a:7f:7b:88:1f:fe:0a:ff:61:0d:e8:fa:
4b:40:b6:83:96:35:fd:03:ce:c3:40:67:ae:ad:18:18:03:44:
14:38:9f:44:63:33:81:9f:5a:12:2f:6e:a9:6e:82:4d:4d:77:
14:ce:f9:c6:b7:64:1b:e2:ae:cd:25:fd:24:66:e9:ea:b4:3c:
23:bf:7e:f8:35:4a:0d:19:0b:d8:07:ef:ac:e3:24:7e:0e:f2:
eb:6b:df:d9:41:d9:f4:8d:ae:99:bc:e3:95:3a:a6:f7:46:f6:
62:5e:ff:94:50:f1:0a:3d:02:b8:4d:14:a3:46:9a:12:6c:d0:
a1:d8:14:46
-----BEGIN CERTIFICATE-----
MIIC2zCCAcOgAwIBAgIITeEYQYN0bBwwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzZaMB0x
GzAZBgNVBAMTEmZyb250LXByb3h5LWNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALruzHiwbR1GxncldIRJ0j99eGAqWEJN8OReomq1h1RWb13q
coPg2vvyrTAvFG5zhznQMdtHPPJswkH/KGKtmf3kEBCu7F0VobZpbkL7ZpY1Kl/W
5NIXoTEuMaeOSWyPQC6TQuDC7LBYDTRRFDkdiat1lP04KmJMC0WFipATr0oxT+PV
hOeq34mGgMAJMHvbzAkQvfy2Kv3D9OKKoK2qModO/XHQjRNWzvYlTYfVxiI1B19P
wbES5U4DMnrrg/NNehXMDHStUqZ+nkPkHedcba6DQy96GmjGBWgg2gfhn17s+Tlu
rOiDhGQAHdNJJkVyltNWiN97k1zCXl5VTn4ySTECAwEAAaMnMCUwDgYDVR0PAQH/
BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA+
cMnwO0mIf/GbFZQwqcnr9jalx/DdfXiST07VHGm8P+mrCvRohRgZG0/X4qYEF8hn
yNcrp7S+AP8ItZv0StU1ZwYcOqDibknPtaeq5dsOljNZscdbc4eMBgtNdIRlgYgU
MmrzPZRV79AVJLpSZXtw1Ybt1qhYfJl51VBILK1JWvnHnxdKf3uIH/4K/2EN6PpL
QLaDljX9A87DQGeurRgYA0QUOJ9EYzOBn1oSL26pboJNTXcUzvnGt2Qb4q7NJf0k
ZunqtDwjv374NUoNGQvYB++s4yR+DvLra9/ZQdn0ja6ZvOOVOqb3RvZiXv+UUPEK
PQK4TRSjRpoSbNCh2BRG
-----END CERTIFICATE-----
Raw
kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --secure-port=6443
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- --allow-privileged=true
- --requestheader-username-headers=X-Remote-User
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --experimental-bootstrap-token-auth=true
- --storage-backend=etcd3
- --requestheader-group-headers=X-Remote-Group
- --service-account-key-file=/etc/kubernetes/pki/sa.pub
- --service-cluster-ip-range=10.96.0.0/12
- --insecure-port=0
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-allowed-names=front-proxy-client
- --authorization-mode=RBAC
- --advertise-address=192.168.204.111
- --etcd-servers=http://127.0.0.1:2379
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 6443
scheme: HTTPS
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-apiserver
resources:
requests:
cpu: 250m
volumeMounts:
- mountPath: /etc/kubernetes/
name: k8s
readOnly: true
- mountPath: /etc/ssl/certs
name: certs
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes
name: k8s
- hostPath:
path: /etc/ssl/certs
name: certs
status: {}
Raw
kube-controller-manager.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-controller-manager
tier: control-plane
name: kube-controller-manager
namespace: kube-system
spec:
containers:
- command:
- kube-controller-manager
- --use-service-account-credentials=true
- --controllers=*,bootstrapsigner,tokencleaner
- --service-account-private-key-file=/etc/kubernetes/pki/sa.key
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
- --address=127.0.0.1
- --insecure-experimental-approve-all-kubelet-csrs-for-group=system:bootstrappers
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --root-ca-file=/etc/kubernetes/pki/ca.crt
- --leader-elect=true
- --allocate-node-cidrs=true
- --cluster-cidr=10.244.0.0/16
image: gcr.io/google_containers/kube-controller-manager-amd64:v1.6.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 10252
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-controller-manager
resources:
requests:
cpu: 200m
volumeMounts:
- mountPath: /etc/kubernetes/
name: k8s
readOnly: true
- mountPath: /etc/ssl/certs
name: certs
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes
name: k8s
- hostPath:
path: /etc/ssl/certs
name: certs
status: {}
Raw
kube-dns.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: kube-dns
spec:
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
rollingUpdate:
maxSurge: 10%
maxUnavailable: 0
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
volumes:
- name: kube-dns-config
configMap:
name: kube-dns
optional: true
containers:
- name: kubedns
image: {{ .ImageRepository }}/k8s-dns-kube-dns-{{ .Arch }}:{{ .Version }}
imagePullPolicy: IfNotPresent
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
# guaranteed class. Currently, this container falls into the
# "burstable" category so the kubelet doesn't backoff from restarting it.
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
livenessProbe:
httpGet:
path: /healthcheck/kubedns
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /readiness
port: 8081
scheme: HTTP
# we poll on pod startup for the Kubernetes master service and
# only setup the /readiness HTTP server once that's available.
initialDelaySeconds: 3
timeoutSeconds: 5
args:
- --domain={{ .DNSDomain }}.
- --dns-port=10053
- --config-dir=/kube-dns-config
- --v=2
env:
- name: PROMETHEUS_PORT
value: "10055"
ports:
- containerPort: 10053
name: dns-local
protocol: UDP
- containerPort: 10053
name: dns-tcp-local
protocol: TCP
- containerPort: 10055
name: metrics
protocol: TCP
volumeMounts:
- name: kube-dns-config
mountPath: /kube-dns-config
- name: dnsmasq
image: {{ .ImageRepository }}/k8s-dns-dnsmasq-nanny-{{ .Arch }}:{{ .Version }}
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args:
- -v=2
- -logtostderr
- -configDir=/etc/k8s/dns/dnsmasq-nanny
- -restartDnsmasq=true
- --
- -k
- --cache-size=1000
- --log-facility=-
- --server=/{{ .DNSDomain }}/127.0.0.1#10053
- --server=/in-addr.arpa/127.0.0.1#10053
- --server=/ip6.arpa/127.0.0.1#10053
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
# see: https://github.com/kubernetes/kubernetes/issues/29055 for details
resources:
requests:
cpu: 150m
memory: 20Mi
volumeMounts:
- name: kube-dns-config
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: {{ .ImageRepository }}/k8s-dns-sidecar-{{ .Arch }}:{{ .Version }}
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args:
- --v=2
- --logtostderr
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ .DNSDomain }},5,A
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ .DNSDomain }},5,A
ports:
- containerPort: 10054
name: metrics
protocol: TCP
resources:
requests:
memory: 20Mi
cpu: 10m
dnsPolicy: Default # Don't use cluster DNS.
serviceAccountName: kube-dns
# TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
# tolerations:
# - key: CriticalAddonsOnly
# operator: Exists
# - key: {{ .MasterTaintKey }}
# effect: NoSchedule
# TODO: Remove this affinity field as soon as we are using manifest lists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- {{ .Arch }}
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "KubeDNS"
name: kube-dns
namespace: kube-system
spec:
clusterIP: {{ .DNSIP }}
ports:
- name: dns
port: 53
protocol: UDP
targetPort: 53
- name: dns-tcp
port: 53
protocol: TCP
targetPort: 53
selector:
k8s-app: kube-dns
Raw
kube-proxy.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-proxy
namespace: kube-system
labels:
app: kube-proxy
data:
kubeconfig.conf: |
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: {{ .MasterEndpoint }}
name: default
contexts:
- context:
cluster: default
namespace: default
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
k8s-app: kube-proxy
name: kube-proxy
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: kube-proxy
template:
metadata:
labels:
k8s-app: kube-proxy
spec:
containers:
- name: kube-proxy
image: {{ .Image }}
imagePullPolicy: IfNotPresent
command:
- /usr/local/bin/kube-proxy
- --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
{{ .ClusterCIDR }}
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/kube-proxy
name: kube-proxy
hostNetwork: true
serviceAccountName: kube-proxy
# TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
# tolerations:
# - key: {{ .MasterTaintKey }}
# effect: NoSchedule
volumes:
- name: kube-proxy
configMap:
name: kube-proxy
Raw
kube-scheduler.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-scheduler
tier: control-plane
name: kube-scheduler
namespace: kube-system
spec:
containers:
- command:
- kube-scheduler
- --address=127.0.0.1
- --leader-elect=true
- --kubeconfig=/etc/kubernetes/scheduler.conf
image: gcr.io/google_containers/kube-scheduler-amd64:v1.6.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 10251
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-scheduler
resources:
requests:
cpu: 100m
volumeMounts:
- mountPath: /etc/kubernetes/
name: k8s
readOnly: true
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes
name: k8s
status: {}
Raw
kubelet.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5944979912284244853 (0x5280cfbb7c890b75)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:37 2018 GMT
Subject: O=system:nodes, CN=system:node:master01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:1c:ff:d3:dc:cf:16:c9:04:71:13:e2:cd:ed:
fe:40:52:1f:6e:b3:5c:a1:f3:cf:bb:64:0b:43:61:
f3:6a:26:35:f2:d7:48:d6:f2:ce:21:d8:06:d7:cf:
e3:19:f9:50:6b:32:e8:05:71:0d:8c:5a:58:aa:c4:
a2:f9:0a:58:a8:18:cf:d8:c3:35:9f:9a:0e:5d:a6:
da:4b:4f:20:54:16:65:31:d1:91:00:73:d7:21:df:
83:f2:a7:00:98:32:90:81:ad:0b:82:54:28:de:27:
fd:6c:98:21:23:36:d4:41:da:eb:25:13:0c:a0:26:
1d:52:3b:ea:29:fd:c4:bf:11:2e:14:0e:7d:59:2e:
fd:dd:54:4a:18:98:b4:27:eb:5b:e8:3e:4b:ee:c0:
20:ba:c7:02:d9:59:5a:b7:15:9c:1e:9f:87:eb:76:
ac:16:4c:76:27:cf:c6:21:ae:39:5b:b4:df:3a:fd:
3f:f4:f5:6d:23:ad:9d:e9:dc:68:e5:6b:0c:d9:8e:
52:28:83:29:0b:ef:b9:1f:09:12:64:93:42:38:dc:
9c:cd:fc:d7:79:ed:ce:7e:3f:e9:92:83:01:7b:54:
c5:6a:1d:21:f2:d1:f9:bf:b4:29:a8:f0:98:36:85:
6e:98:e4:40:ad:e4:77:ad:3d:97:e2:cd:7d:5a:10:
50:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
99:5e:1a:a6:f3:01:e6:7c:53:ff:74:78:6f:e7:c1:4f:86:11:
1f:ca:8d:09:d1:dd:22:4f:ad:e9:48:61:34:a7:5d:43:e9:74:
e8:0d:a2:46:99:2b:e6:7b:f6:a9:b7:84:d6:6a:3a:87:6a:1e:
af:dc:99:98:dd:6d:66:6b:66:fb:97:50:b3:46:6f:65:b3:32:
ca:4a:98:8f:55:b9:ee:cb:f2:56:54:88:17:17:b0:14:d1:b5:
15:06:73:7a:5f:dc:98:bc:ff:07:99:0c:eb:d0:2f:c2:11:d4:
d0:a6:0c:0d:85:89:7f:23:c8:e5:d0:a2:dc:84:22:24:d5:8f:
9c:7a:30:66:94:3f:cb:48:42:b7:b3:5b:17:b8:7c:98:10:e0:
8d:3a:75:09:e6:c5:34:25:7f:dd:a6:e8:49:c6:4e:4e:4c:6f:
1a:75:b0:a4:03:c3:fd:cb:b6:3b:73:57:5b:3b:d1:71:78:2d:
8f:a9:50:5b:db:9c:b2:c1:51:79:f3:a3:21:5f:f7:20:28:b8:
ce:56:84:97:53:e8:c6:4a:3b:45:2f:63:f3:14:fc:db:e9:46:
00:64:c5:f4:e3:86:7f:3c:bf:1b:af:5f:82:e7:2d:f6:de:6a:
2c:31:89:ed:a5:c7:26:e5:92:42:4a:e2:1e:45:b3:ed:05:9c:
92:74:5d:e5
-----BEGIN CERTIFICATE-----
MIIC9DCCAdygAwIBAgIIUoDPu3yJC3UwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzdaMDYx
FTATBgNVBAoTDHN5c3RlbTpub2RlczEdMBsGA1UEAxMUc3lzdGVtOm5vZGU6bWFz
dGVyMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIHP/T3M8WyQRx
E+LN7f5AUh9us1yh88+7ZAtDYfNqJjXy10jW8s4h2AbXz+MZ+VBrMugFcQ2MWliq
xKL5ClioGM/YwzWfmg5dptpLTyBUFmUx0ZEAc9ch34PypwCYMpCBrQuCVCjeJ/1s
mCEjNtRB2uslEwygJh1SO+op/cS/ES4UDn1ZLv3dVEoYmLQn61voPkvuwCC6xwLZ
WVq3FZwen4frdqwWTHYnz8YhrjlbtN86/T/09W0jrZ3p3GjlawzZjlIogykL77kf
CRJkk0I43JzN/Nd57c5+P+mSgwF7VMVqHSHy0fm/tCmo8Jg2hW6Y5ECt5HetPZfi
zX1aEFChAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEF
BQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAmV4apvMB5nxT/3R4b+fBT4YRH8qNCdHd
Ik+t6UhhNKddQ+l06A2iRpkr5nv2qbeE1mo6h2oer9yZmN1tZmtm+5dQs0ZvZbMy
ykqYj1W57svyVlSIFxewFNG1FQZzel/cmLz/B5kM69AvwhHU0KYMDYWJfyPI5dCi
3IQiJNWPnHowZpQ/y0hCt7NbF7h8mBDgjTp1CebFNCV/3aboScZOTkxvGnWwpAPD
/cu2O3NXWzvRcXgtj6lQW9ucssFRefOjIV/3ICi4zlaEl1Poxko7RS9j8xT82+lG
AGTF9OOGfzy/G69fguct9t5qLDGJ7aXHJuWSQkriHkWz7QWcknRd5Q==
-----END CERTIFICATE-----
Raw
scheduler.certs
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2620968126046616770 (0x245f8c9fc8a13cc2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: May 29 03:07:35 2017 GMT
Not After : May 29 03:07:36 2018 GMT
Subject: CN=system:kube-scheduler
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:fd:f8:bc:e9:76:45:ce:5f:ce:ce:0f:ca:9b:
f9:b6:87:9b:57:d9:c8:f5:cb:80:a3:1d:34:17:8b:
ea:fa:79:a4:06:e1:b9:1b:2f:5b:95:71:a7:a7:07:
cd:1e:33:87:e1:40:e7:fd:b4:99:a0:04:25:fa:59:
5b:8f:dc:75:4f:05:8a:ee:04:f8:22:73:12:10:99:
ee:b1:ba:ed:1e:d6:b4:f9:9c:26:6f:a4:a9:7b:a2:
f0:b7:92:48:66:e5:a3:df:db:1f:a5:00:3d:8b:31:
6c:3f:12:ca:67:63:c6:d0:58:43:1a:a1:0c:51:65:
97:fe:35:fa:f9:dc:de:fd:cf:72:3a:c3:72:6a:9b:
8f:d3:25:72:68:5e:9d:8a:30:d0:8e:bb:9d:eb:7e:
9c:07:d6:f5:f0:fb:80:f0:c9:85:7e:23:87:a8:73:
04:f4:dd:49:fc:b6:8d:7e:94:cd:ec:fa:2d:bb:76:
93:73:be:2a:41:79:f6:32:65:f1:9c:00:e2:89:e5:
08:e7:b8:6d:94:07:f3:0f:6e:85:a5:e4:bc:f8:82:
a4:67:10:df:eb:6d:63:63:50:2e:be:e6:96:54:7b:
94:9f:ee:67:d5:3f:14:bd:f1:34:f1:e2:17:8b:0d:
5c:d4:19:1a:d2:c9:cf:be:47:aa:bb:04:c7:59:1b:
ba:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
8a:82:28:b5:2d:80:53:c8:1b:89:e9:69:f3:b7:00:8c:23:e1:
06:30:42:3d:ad:82:c1:92:3f:c4:88:45:26:94:5a:0f:08:a5:
93:01:7c:d0:49:62:4f:4e:13:4f:b7:c1:39:b5:a3:3e:cf:b0:
32:83:95:6e:25:32:81:14:33:a4:1d:ec:e3:c0:05:4a:b0:f0:
8a:42:e9:7b:d9:f5:b1:ff:14:92:8f:d0:a9:cc:d1:a9:b4:a3:
ae:17:d1:a4:92:71:b9:62:a9:08:68:b4:49:f7:65:12:2c:43:
05:78:a5:d7:c2:87:46:c7:e1:f2:06:2b:d5:d7:d6:8c:29:d3:
5d:8b:c2:9b:4a:70:07:2d:1f:38:2b:30:1c:fd:e0:02:4f:6f:
f8:ab:0b:bd:46:ae:09:58:3a:89:a5:48:95:06:43:c4:21:e2:
91:62:1e:37:82:a7:37:3b:2d:1a:68:07:60:ec:02:fd:85:88:
dc:31:81:36:95:4d:df:59:5e:d8:8f:81:0a:7b:1b:4d:a4:cc:
46:ce:4f:87:73:95:c9:67:8e:a4:7e:a2:b2:ab:42:18:6a:7d:
04:8b:2a:d8:52:3a:ff:aa:5e:12:f9:0b:a6:2b:ab:91:11:72:
42:8d:35:4e:9a:74:b2:fc:e5:5f:5e:4e:b3:d9:c6:ca:cc:20:
78:f4:a1:0f
-----BEGIN CERTIFICATE-----
MIIC3jCCAcagAwIBAgIIJF+Mn8ihPMIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0xNzA1MjkwMzA3MzVaFw0xODA1MjkwMzA3MzZaMCAx
HjAcBgNVBAMTFXN5c3RlbTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALv9+LzpdkXOX87OD8qb+baHm1fZyPXLgKMdNBeL6vp5
pAbhuRsvW5Vxp6cHzR4zh+FA5/20maAEJfpZW4/cdU8Fiu4E+CJzEhCZ7rG67R7W
tPmcJm+kqXui8LeSSGblo9/bH6UAPYsxbD8SymdjxtBYQxqhDFFll/41+vnc3v3P
cjrDcmqbj9MlcmhenYow0I67net+nAfW9fD7gPDJhX4jh6hzBPTdSfy2jX6Uzez6
Lbt2k3O+KkF59jJl8ZwA4onlCOe4bZQH8w9uhaXkvPiCpGcQ3+ttY2NQLr7mllR7
lJ/uZ9U/FL3xNPHiF4sNXNQZGtLJz75HqrsEx1kbuiECAwEAAaMnMCUwDgYDVR0P
AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB
AQCKgii1LYBTyBuJ6WnztwCMI+EGMEI9rYLBkj/EiEUmlFoPCKWTAXzQSWJPThNP
t8E5taM+z7Ayg5VuJTKBFDOkHezjwAVKsPCKQul72fWx/xSSj9CpzNGptKOuF9Gk
knG5YqkIaLRJ92USLEMFeKXXwodGx+HyBivV19aMKdNdi8KbSnAHLR84KzAc/eAC
T2/4qwu9Rq4JWDqJpUiVBkPEIeKRYh43gqc3Oy0aaAdg7AL9hYjcMYE2lU3fWV7Y
j4EKextNpMxGzk+Hc5XJZ46kfqKyq0IYan0EiyrYUjr/ql4S+QumK6uREXJCjTVO
mnSy/OVfXk6z2cbKzCB49KEP
-----END CERTIFICATE-----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment