Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 18dbb7bb8b
Branches Tags
okd
/
roles
/
openshift_service_catalog
/
templates
/
api_server.j2

api_server.j2 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. apiVersion: extensions/v1beta1
    2. 

  2. kind: DaemonSet
    3. 

  3. metadata:
    4. 

  4.   labels:
    5. 

  5.     app: apiserver
    6. 

  6.   name: apiserver
    7. 

  7. spec:
    8. 

  8.   selector:
    9. 

  9.     matchLabels:
    10. 

  10.       app: apiserver
    11. 

  11.   updateStrategy:
    12. 

  12.     rollingUpdate:
    13. 

  13.       maxUnavailable: 1
    14. 

  14.     type: RollingUpdate
    15. 

  15.   template:
    16. 

  16.     metadata:
    17. 

  17.       annotations:
    18. 

  18.         ca_hash: {{ ca_hash }}
    19. 

  19.       labels:
    20. 

  20.         app: apiserver
    21. 

  21.     spec:
    22. 

  22.       serviceAccountName: service-catalog-apiserver
    23. 

  23.       nodeSelector:
    24. 

  24. {% for key, value in node_selector.items() %}
    25. 

  25.           {{key}}: "{{value}}"
    26. 

  26. {% endfor %}
    27. 

  27.       containers:
    28. 

  28.       - args:
    29. 

  29.         - apiserver
    30. 

  30.         - --storage-type
    31. 

  31.         - etcd
    32. 

  32.         - --secure-port
    33. 

  33.         - "6443"
    34. 

  34.         - --etcd-servers
    35. 

  35.         - {{ etcd_servers }}
    36. 

  36.         - --etcd-cafile
    37. 

  37.         - {{ etcd_cafile }}
    38. 

  38.         - --etcd-certfile
    39. 

  39.         - /etc/origin/master/master.etcd-client.crt
    40. 

  40.         - --etcd-keyfile
    41. 

  41.         - /etc/origin/master/master.etcd-client.key
    42. 

  42.         - -v
    43. 

  43.         - "3"
    44. 

  44.         - --cors-allowed-origins
    45. 

  45.         - {{ cors_allowed_origin }}
    46. 

  46.         - --enable-admission-plugins
    47. 

  47.         - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck
    48. 

  48.         - --feature-gates
    49. 

  49.         - OriginatingIdentity=true
    50. 

  50. {% if openshift_service_catalog_namespaced_service_brokers_enabled | bool %}
    51. 

  51.         - --feature-gates
    52. 

  52.         - NamespacedServiceBroker=true
    53. 

  53. {% endif %}
    54. 

  54.         image: {{ openshift_service_catalog_image }}
    55. 

  55.         command: ["/usr/bin/service-catalog"]
    56. 

  56.         imagePullPolicy: IfNotPresent
    57. 

  57.         name: apiserver
    58. 

  58.         ports:
    59. 

  59.         - containerPort: 6443
    60. 

  60.           protocol: TCP
    61. 

  61.         resources: {}
    62. 

  62.         terminationMessagePath: /dev/termination-log
    63. 

  63.         volumeMounts:
    64. 

  64.         - mountPath: /var/run/kubernetes-service-catalog
    65. 

  65.           name: apiserver-ssl
    66. 

  66.           readOnly: true
    67. 

  67.         - mountPath: /etc/origin/master
    68. 

  68.           name: etcd-host-cert
    69. 

  69.           readOnly: true
    70. 

  70.       dnsPolicy: ClusterFirst
    71. 

  71.       restartPolicy: Always
    72. 

  72.       securityContext: {}
    73. 

  73.       terminationGracePeriodSeconds: 30
    74. 

  74.       volumes:
    75. 

  75.       - name: apiserver-ssl
    76. 

  76.         secret:
    77. 

  77.           defaultMode: 420
    78. 

  78.           secretName: apiserver-ssl
    79. 

  79.           items:
    80. 

  80.           - key: tls.crt
    81. 

  81.             path: apiserver.crt
    82. 

  82.           - key: tls.key
    83. 

  83.             path: apiserver.key
    84. 

  84.       - hostPath:
    85. 

  85.           path: /etc/origin/master
    86. 

  86.         name: etcd-host-cert
    87. 

  87.       - emptyDir: {}
    88. 

  88.         name: data-dir
    89.