blob: 4f51b8c3c6b08f4f35d45080604382b41fe3e045 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
app: apiserver
name: apiserver
spec:
selector:
matchLabels:
app: apiserver
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: apiserver
spec:
serviceAccountName: service-catalog-apiserver
nodeSelector:
{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
containers:
- args:
- apiserver
- --storage-type
- etcd
- --secure-port
- "6443"
- --etcd-servers
- {{ etcd_servers }}
- --etcd-cafile
- {{ etcd_cafile }}
- --etcd-certfile
- /etc/origin/master/master.etcd-client.crt
- --etcd-keyfile
- /etc/origin/master/master.etcd-client.key
- -v
- "10"
- --cors-allowed-origins
- {{ cors_allowed_origin }}
- --admission-control
- KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck
- --feature-gates
- OriginatingIdentity=true
image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }}
command: ["/usr/bin/service-catalog"]
imagePullPolicy: Always
name: apiserver
ports:
- containerPort: 6443
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /var/run/kubernetes-service-catalog
name: apiserver-ssl
readOnly: true
- mountPath: /etc/origin/master
name: etcd-host-cert
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: apiserver-ssl
secret:
defaultMode: 420
secretName: apiserver-ssl
items:
- key: tls.crt
path: apiserver.crt
- key: tls.key
path: apiserver.key
- hostPath:
path: /etc/origin/master
name: etcd-host-cert
- emptyDir: {}
name: data-dir
|
