CONF_DIR='/etc/kubernetes'
PKI_DIR="$CONF_DIR/pki"

# A comma-separated list of etcd endpoints.
#ETCD_SERVERS='--etcd-servers=https://etcd-1.example.com:2379,https://etcd-2.example.com:2379,https://etcd-3.example.com:2379'
ETCD_SERVERS=

# IP address range (in CIDR notation) from which to assign service cluster IPs.
# This must not overlap with any IP ranges assigned to nodes for pods.
SERVICE_CLUSTER_IP_RANGE='10.0.0.0/24'

# Advertise the API server to cluster members on this address.
#ADVERTISE_ADDRESS='--advertise-address=192.168.0.42'
ADVERTISE_ADDRESS=

DAEMON_ARGS="
--secure-port=6443
--allow-privileged=true
--authorization-mode=Node,RBAC
--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--service-account-key-file=$PKI_DIR/sa.pub
--client-ca-file=$PKI_DIR/ca.crt
--tls-cert-file=$PKI_DIR/apiserver.crt
--kubelet-client-certificate=$PKI_DIR/apiserver-kubelet-client.crt
--kubelet-client-key=$PKI_DIR/apiserver-kubelet-client.key
--enable-bootstrap-token-auth=true
--service-cluster-ip-range=$SERVICE_CLUSTER_IP_RANGE
--tls-private-key-file=$PKI_DIR/apiserver.key
--proxy-client-key-file=$PKI_DIR/front-proxy-client.key
--proxy-client-cert-file=$PKI_DIR/front-proxy-client.crt
--feature-gates CustomResourceValidation=true
--requestheader-allowed-names=front-proxy-client
--requestheader-client-ca-file=$PKI_DIR/front-proxy-ca.crt
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers=X-Remote-Group
--requestheader-username-headers=X-Remote-User
$ADVERTISE_ADDRESS
$ETCD_SERVERS
"
