in operator/pkg/controllers/master/kubescheduler.go [69:127]
func schedulerPodSpecFor(controlPlane *v1alpha1.ControlPlane) v1.PodSpec {
hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
return v1.PodSpec{
TerminationGracePeriodSeconds: aws.Int64(1),
HostNetwork: true,
DNSPolicy: v1.DNSClusterFirstWithHostNet,
PriorityClassName: "system-node-critical",
Tolerations: []v1.Toleration{{Operator: v1.TolerationOpExists}},
NodeSelector: nodeSelector(controlPlane.ClusterName()),
Containers: []v1.Container{{
Name: "scheduler",
Image: imageprovider.KubeScheduler(controlPlane.Spec.KubernetesVersion),
Command: []string{"kube-scheduler"},
Resources: v1.ResourceRequirements{
Requests: map[v1.ResourceName]resource.Quantity{
v1.ResourceCPU: resource.MustParse("1"),
},
},
Args: []string{
"--authentication-kubeconfig=/etc/kubernetes/config/scheduler/scheduler.conf",
"--authorization-kubeconfig=/etc/kubernetes/config/scheduler/scheduler.conf",
"--bind-address=127.0.0.1",
"--kubeconfig=/etc/kubernetes/config/scheduler/scheduler.conf",
"--leader-elect=true",
"--port=0",
},
VolumeMounts: []v1.VolumeMount{{
Name: "ca-certs",
MountPath: "/etc/ssl/certs",
ReadOnly: true,
}, {
Name: "scheduler-config",
MountPath: "/etc/kubernetes/config/scheduler",
ReadOnly: true,
}},
}},
Volumes: []v1.Volume{{
Name: "ca-certs",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/ssl/certs",
Type: &hostPathDirectoryOrCreate,
},
},
}, {
Name: "scheduler-config",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: KubeSchedulerSecretNameFor(controlPlane.ClusterName()),
DefaultMode: aws.Int32(0400),
Items: []v1.KeyToPath{{
Key: "config",
Path: "scheduler.conf",
}},
},
},
}},
}
}