# Copyright 2017 AT&T Intellectual Property. All other rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. release_group: null images: tags: anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2 apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2 pull_policy: "IfNotPresent" labels: kubernetes_apiserver: node_selector_key: kubernetes-apiserver node_selector_value: enabled anchor: dns_policy: Default kubelet: manifest_path: /etc/kubernetes/manifests period: 15 files_to_copy: - source: /certs/apiserver.pem dest: /etc/kubernetes/apiserver/pki/apiserver.pem - source: /certs/kubelet-client.pem dest: /etc/kubernetes/apiserver/pki/kubelet-client.pem - source: /certs/kubelet-client-ca.pem dest: /etc/kubernetes/apiserver/pki/kubelet-client-ca.pem - source: /certs/cluster-ca.pem dest: /etc/kubernetes/apiserver/pki/cluster-ca.pem - source: /certs/etcd-client-ca.pem dest: /etc/kubernetes/apiserver/pki/etcd-client-ca.pem - source: /certs/etcd-client.pem dest: /etc/kubernetes/apiserver/pki/etcd-client.pem - source: /certs/service-account.pub dest: /etc/kubernetes/apiserver/pki/service-account.pub - source: /keys/apiserver-key.pem dest: /etc/kubernetes/apiserver/pki/apiserver-key.pem - source: /keys/kubelet-client-key.pem dest: /etc/kubernetes/apiserver/pki/kubelet-client-key.pem - source: /keys/etcd-client-key.pem dest: /etc/kubernetes/apiserver/pki/etcd-client-key.pem - source: /tmp/etc/kubernetes-apiserver.yaml dest: /etc/kubernetes/manifests/kubernetes-apiserver.yaml - source: /tmp/etc/kubeconfig.yaml dest: /etc/kubernetes/apiserver/kubeconfig.yaml command_prefix: - /apiserver - --authorization-mode=Node,RBAC - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds - --apiserver-count=3 - --service-cluster-ip-range=10.96.0.0/16 - --v=5 apiserver: host_etc_path: /etc/kubernetes/apiserver etcd: endpoints: https://kubernetes-etcd.kube-system.svc.cluster.local network: kubernetes_apiserver: ingress: public: true classes: namespace: "nginx-cluster" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-read-timeout: "120" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" name: kubernetes-apiserver port: 6443 node_port: enabled: false port: 31943 service: name: kubernetes-apiserver ip: null secrets: tls: ca: placeholder cert: placeholder key: placeholder service_account: public_key: placeholder etcd: tls: ca: placeholder cert: placeholder key: placeholder kubelet: tls: ca: null cert: null key: null # typically overriden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local kubernetes_apiserver: name: kubernetes-apiserver hosts: default: kubernetes-apiserver port: https: default: 6443 public: 443 path: default: / scheme: default: https public: https host_fqdn_override: default: null # NOTE: this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null pod: mounts: kubernetes_apiserver: init_container: null kubernetes_apiserver: replicas: apiserver: 3 lifecycle: upgrades: daemonsets: pod_replacement_strategy: RollingUpdate kubernetes_apiserver: enabled: false min_ready_seconds: 0 max_unavailable: 1 termination_grace_period: kubernetes_apiserver: timeout: 3600 resources: enabled: false anchor_pod: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" kubernetes_apiserver: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" manifests: configmap_bin: true configmap_certs: true configmap_etc: true ingress_api: false kubernetes_apiserver: true secret: true secret_ingress_tls: false service: true service_ingress: false