ホーム エクスプローラ ヘルプ
登録 サインイン
shixiong
/
okd
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 7dceb6260a
ブランチ タグ
okd
/
roles
/
openshift_service_catalog
/
templates
/
api_server.j2

api_server.j2 2.3 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. apiVersion: extensions/v1beta1
    2. 

  2. kind: DaemonSet
    3. 

  3. metadata:
    4. 

  4.   labels:
    5. 

  5.     app: apiserver
    6. 

  6.   name: apiserver
    7. 

  7. spec:
    8. 

  8.   selector:
    9. 

  9.     matchLabels:
    10. 

  10.       app: apiserver
    11. 

  11.   updateStrategy:
    12. 

  12.     rollingUpdate:
    13. 

  13.       maxUnavailable: 1
    14. 

  14.     type: RollingUpdate
    15. 

  15.   template:
    16. 

  16.     metadata:
    17. 

  17.       annotations:
    18. 

  18.         ca_hash: {{ ca_hash }}
    19. 

  19.       labels:
    20. 

  20.         app: apiserver
    21. 

  21.     spec:
    22. 

  22.       serviceAccountName: service-catalog-apiserver
    23. 

  23.       nodeSelector:
    24. 

  24. {% for key, value in node_selector.items() %}
    25. 

  25.           {{key}}: "{{value}}"
    26. 

  26. {% endfor %}
    27. 

  27.       containers:
    28. 

  28.       - args:
    29. 

  29.         - apiserver
    30. 

  30.         - --storage-type
    31. 

  31.         - etcd
    32. 

  32.         - --secure-port
    33. 

  33.         - "6443"
    34. 

  34.         - --etcd-servers
    35. 

  35.         - {{ etcd_servers }}
    36. 

  36.         - --etcd-cafile
    37. 

  37.         - {{ etcd_cafile }}
    38. 

  38.         - --etcd-certfile
    39. 

  39.         - /etc/origin/master/master.etcd-client.crt
    40. 

  40.         - --etcd-keyfile
    41. 

  41.         - /etc/origin/master/master.etcd-client.key
    42. 

  42.         - -v
    43. 

  43.         - "10"
    44. 

  44.         - --cors-allowed-origins
    45. 

  45.         - {{ cors_allowed_origin }}
    46. 

  46.         - --admission-control
    47. 

  47.         - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck
    48. 

  48.         - --feature-gates
    49. 

  49.         - OriginatingIdentity=true
    50. 

  50.         image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }}
    51. 

  51.         command: ["/usr/bin/service-catalog"]
    52. 

  52.         imagePullPolicy: IfNotPresent
    53. 

  53.         name: apiserver
    54. 

  54.         ports:
    55. 

  55.         - containerPort: 6443
    56. 

  56.           protocol: TCP
    57. 

  57.         resources: {}
    58. 

  58.         terminationMessagePath: /dev/termination-log
    59. 

  59.         volumeMounts:
    60. 

  60.         - mountPath: /var/run/kubernetes-service-catalog
    61. 

  61.           name: apiserver-ssl
    62. 

  62.           readOnly: true
    63. 

  63.         - mountPath: /etc/origin/master
    64. 

  64.           name: etcd-host-cert
    65. 

  65.           readOnly: true
    66. 

  66.       dnsPolicy: ClusterFirst
    67. 

  67.       restartPolicy: Always
    68. 

  68.       securityContext: {}
    69. 

  69.       terminationGracePeriodSeconds: 30
    70. 

  70.       volumes:
    71. 

  71.       - name: apiserver-ssl
    72. 

  72.         secret:
    73. 

  73.           defaultMode: 420
    74. 

  74.           secretName: apiserver-ssl
    75. 

  75.           items:
    76. 

  76.           - key: tls.crt
    77. 

  77.             path: apiserver.crt
    78. 

  78.           - key: tls.key
    79. 

  79.             path: apiserver.key
    80. 

  80.       - hostPath:
    81. 

  81.           path: /etc/origin/master
    82. 

  82.         name: etcd-host-cert
    83. 

  83.       - emptyDir: {}
    84. 

  84.         name: data-dir
    85.