{{- if eq .Values.installMode "host" }} {{- $name := include "karmada.name" . -}} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ $name }}-aggregated-apiserver namespace: {{ include "karmada.namespace" . }} labels: {{- include "karmada.aggregatedApiserver.labels" . | nindent 4}} spec: selector: matchLabels: {{- include "karmada.aggregatedApiserver.labels" . | nindent 6}} replicas: {{ .Values.aggregatedApiServer.replicaCount }} {{- with .Values.aggregatedApiServer.strategy }} strategy: {{- toYaml . | nindent 8 }} {{- end }} template: metadata: {{- with .Values.aggregatedApiServer.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "karmada.aggregatedApiserver.labels" . | nindent 8}} {{- include "karmada.aggregatedApiserver.podLabels" . | nindent 8}} spec: automountServiceAccountToken: false containers: - name: {{ $name }}-aggregated-apiserver image: "{{ .Values.aggregatedApiServer.image.repository }}:{{ .Values.aggregatedApiServer.image.tag | default "latest" }}" imagePullPolicy: {{ .Values.aggregatedApiServer.image.pullPolicy }} volumeMounts: {{- include "karmada.kubeconfig.volumeMount" . | nindent 12}} - name: etcd-cert mountPath: /etc/etcd/pki readOnly: true - name: apiserver-cert mountPath: /etc/kubernetes/pki readOnly: true command: - /bin/karmada-aggregated-apiserver - --kubeconfig=/etc/kubeconfig - --authentication-kubeconfig=/etc/kubeconfig - --authorization-kubeconfig=/etc/kubeconfig - --karmada-config=/etc/kubeconfig {{- if eq .Values.etcd.mode "external" }} - --etcd-cafile=/etc/etcd/pki/ca.crt - --etcd-certfile=/etc/etcd/pki/tls.crt - --etcd-keyfile=/etc/etcd/pki/tls.key - --etcd-servers={{ .Values.etcd.external.servers }} - --etcd-prefix={{ .Values.etcd.external.registryPrefix }} {{- end }} {{- if eq .Values.etcd.mode "internal" }} - --etcd-cafile=/etc/etcd/pki/server-ca.crt - --etcd-certfile=/etc/etcd/pki/karmada.crt - --etcd-keyfile=/etc/etcd/pki/karmada.key - --etcd-servers=https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379 {{- end }} - --tls-cert-file=/etc/kubernetes/pki/karmada.crt - --tls-private-key-file=/etc/kubernetes/pki/karmada.key - --audit-log-path=- - --feature-gates=APIPriorityAndFairness=false - --audit-log-maxage=0 - --audit-log-maxbackup=0 resources: {{- toYaml .Values.aggregatedApiServer.resources | nindent 12 }} {{- with .Values.aggregatedApiServer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.aggregatedApiServer.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.aggregatedApiServer.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: {{- include "karmada.kubeconfig.volume" . | nindent 8}} - name: apiserver-cert secret: secretName: {{ $name }}-cert - name: etcd-cert secret: {{- if eq .Values.etcd.mode "internal" }} secretName: {{ $name }}-cert {{- end }} {{- if eq .Values.etcd.mode "external" }} secretName: external-etcd-cert {{- end }} --- apiVersion: v1 kind: Service metadata: name: {{ $name }}-aggregated-apiserver namespace: {{ include "karmada.namespace" . }} labels: {{- include "karmada.aggregatedApiserver.labels" . | nindent 4}} spec: ports: - port: 443 protocol: TCP targetPort: 443 selector: {{- include "karmada.aggregatedApiserver.labels" . | nindent 4}} {{- end }}