###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#

# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.32.0.0/24"

# default admission control policies
KUBE_ADMISSION_CONTROL="--enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"

KUBE_BIND_ADDRESS="--bind-address='::'"
KUBE_ADVERTISE_ADDRESS="--advertise-address='::"

# Kubernetes certs
KUBE_CLIENT_CA="--client-ca-file=/var/lib/kubernetes/certs/ca.pem"
KUBE_SERVICE_ACCOUNT_KEY_FILE="--service-account-key-file=/var/lib/kubernetes/certs/service-account.pem"

# Required flags, without them run failed.
KUBE_SERVICE_ACCOUNT_SIGNING_KEY="--service-account-signing-key-file=/var/lib/kubernetes/certs/service-account-key.pem"
KUBE_SERVICE_ACCOUNT_ISSUER="--service-account-issuer=https://$(hostname):6443"

KUBE_TLS_CERT_FILE="--tls-cert-file=/var/lib/kubernetes/certs/kubernetes.pem"
KUBE_TLS_PRIVATE_KEY_FILE="--tls-private-key-file=/var/lib/kubernetes/certs/kubernetes-key.pem"

KUBELET_CERTIFICATE_AUTHORITY="--kubelet-certificate-authority=/var/lib/kubernetes/certs/ca.pem"
KUBELET_CLIENT_CERTIFICATE="--kubelet-client-certificate=/var/lib/kubernetes/certs/kubernetes.pem"
KUBELET_CLIENT_KEY="--kubelet-client-key=/var/lib/kubernetes/certs/kubernetes-key.pem"

# Authentication config for webhook auth proxy
KUBE_AUTHENTICATION_TOKEN_WEBHOOK_CONFIG_FILE="--authentication-token-webhook-config-file /etc/kubernetes/auth-webhook-config.yaml"

# Add your own!
KUBE_API_ARGS=""
CORS="--cors-allowed-origins=http://localhost:5000"
