apiVersion: v1
kind: Pod
metadata:
  name: kube-controller-manager-kubernetes-master
  namespace: kube-system
spec:
  containers:
  - command:
    - /bin/sh
    - -c
    - /usr/local/bin/kube-controller-manager
      --master=127.0.0.1:8080
      --cluster-name=${INSTANCE_PREFIX}
      --cluster-cidr=${CLUSTER_IP_RANGE}
      --allocate-node-cidrs=true
      --cloud-provider=gce
      --service-account-private-key-file=/srv/kubernetes/server.key
      --v=2
      --root-ca-file=/srv/kubernetes/ca.crt
      1>>/var/log/kube-controller-manager.log 2>&1
    image: gcr.io/google_containers/kube-controller-manager:${KUBE_CONTROLLER_MANAGER_DOCKER_TAG}
    imagePullPolicy: IfNotPresent
    livenessProbe:
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 10252
        scheme: HTTP
      initialDelaySeconds: 15
      timeoutSeconds: 15
    name: kube-controller-manager
    resources:
      limits:
        cpu: 200m
      requests:
        cpu: 200m
    volumeMounts:
    - mountPath: /srv/kubernetes
      name: srvkube
      readOnly: true
    - mountPath: /var/log/kube-controller-manager.log
      name: logfile
    - mountPath: /etc/ssl
      name: etcssl
      readOnly: true
    - mountPath: /usr/share/ca-certificates
      name: usrsharecacerts
      readOnly: true
  dnsPolicy: ClusterFirst
  hostNetwork: true
  restartPolicy: Always
  terminationGracePeriodSeconds: 30
  volumes:
  - hostPath:
      path: /srv/kubernetes
    name: srvkube
  - hostPath:
      path: /var/log/kube-controller-manager.log
    name: logfile
  - hostPath:
      path: /etc/ssl
    name: etcssl
  - hostPath:
      path: /usr/share/ca-certificates
    name: usrsharecacerts