Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 37636c325a
Branches Tags
okd
/
roles
/
openshift_service_catalog
/
templates
/
api_server.j2

api_server.j2 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. apiVersion: extensions/v1beta1
    2. 

  2. kind: DaemonSet
    3. 

  3. metadata:
    4. 

  4.   labels:
    5. 

  5.     app: apiserver
    6. 

  6.   name: apiserver
    7. 

  7. spec:
    8. 

  8.   selector:
    9. 

  9.     matchLabels:
    10. 

  10.       app: apiserver
    11. 

  11.   updateStrategy:
    12. 

  12.     rollingUpdate:
    13. 

  13.       maxUnavailable: 1
    14. 

  14.     type: RollingUpdate
    15. 

  15.   template:
    16. 

  16.     metadata:
    17. 

  17.       labels:
    18. 

  18.         app: apiserver
    19. 

  19.     spec:
    20. 

  20.       serviceAccountName: service-catalog-apiserver
    21. 

  21.       nodeSelector:
    22. 

  22. {% for key, value in node_selector.items() %}
    23. 

  23.           {{key}}: "{{value}}"
    24. 

  24. {% endfor %}
    25. 

  25.       containers:
    26. 

  26.       - args:
    27. 

  27.         - apiserver
    28. 

  28.         - --storage-type
    29. 

  29.         - etcd
    30. 

  30.         - --secure-port
    31. 

  31.         - "6443"
    32. 

  32.         - --etcd-servers
    33. 

  33.         - {{ etcd_servers }}
    34. 

  34.         - --etcd-cafile
    35. 

  35.         - {{ etcd_cafile }}
    36. 

  36.         - --etcd-certfile
    37. 

  37.         - /etc/origin/master/master.etcd-client.crt
    38. 

  38.         - --etcd-keyfile
    39. 

  39.         - /etc/origin/master/master.etcd-client.key
    40. 

  40.         - -v
    41. 

  41.         - "10"
    42. 

  42.         - --cors-allowed-origins
    43. 

  43.         - {{ cors_allowed_origin }}
    44. 

  44.         - --admission-control
    45. 

  45.         - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck
    46. 

  46.         - --feature-gates
    47. 

  47.         - OriginatingIdentity=true
    48. 

  48.         image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }}
    49. 

  49.         command: ["/usr/bin/service-catalog"]
    50. 

  50.         imagePullPolicy: Always
    51. 

  51.         name: apiserver
    52. 

  52.         ports:
    53. 

  53.         - containerPort: 6443
    54. 

  54.           protocol: TCP
    55. 

  55.         resources: {}
    56. 

  56.         terminationMessagePath: /dev/termination-log
    57. 

  57.         volumeMounts:
    58. 

  58.         - mountPath: /var/run/kubernetes-service-catalog
    59. 

  59.           name: apiserver-ssl
    60. 

  60.           readOnly: true
    61. 

  61.         - mountPath: /etc/origin/master
    62. 

  62.           name: etcd-host-cert
    63. 

  63.           readOnly: true
    64. 

  64.       dnsPolicy: ClusterFirst
    65. 

  65.       restartPolicy: Always
    66. 

  66.       securityContext: {}
    67. 

  67.       terminationGracePeriodSeconds: 30
    68. 

  68.       volumes:
    69. 

  69.       - name: apiserver-ssl
    70. 

  70.         secret:
    71. 

  71.           defaultMode: 420
    72. 

  72.           secretName: apiserver-ssl
    73. 

  73.           items:
    74. 

  74.           - key: tls.crt
    75. 

  75.             path: apiserver.crt
    76. 

  76.           - key: tls.key
    77. 

  77.             path: apiserver.key
    78. 

  78.       - hostPath:
    79. 

  79.           path: /etc/origin/master
    80. 

  80.         name: etcd-host-cert
    81. 

  81.       - emptyDir: {}
    82. 

  82.         name: data-dir
    83.