apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: {{.FEDERATION_APISERVER_DEPLOYMENT_NAME}}
  namespace: {{.FEDERATION_NAMESPACE}}
  labels:
    app: federated-cluster
spec:
  template:
    metadata:
      name: federation-apiserver
      labels:
        app: federated-cluster
        module: federation-apiserver
    spec:
      containers:
      - name: apiserver
        image: {{.FEDERATION_APISERVER_IMAGE_REPO}}:{{.FEDERATION_APISERVER_IMAGE_TAG}}
        command:
        - /hyperkube
        - federation-apiserver
        - --bind-address=0.0.0.0
        - --etcd-servers=http://localhost:2379
        - --secure-port=443
        {{if eq .IS_DNS_NAME "false"}}
        - --advertise-address={{.FEDERATION_API_HOST}}
        {{end}}
        - --client-ca-file=/srv/kubernetes/ca.crt
        - --basic-auth-file=/srv/kubernetes/basic-auth.csv
        - --tls-cert-file=/srv/kubernetes/server.cert
        - --tls-private-key-file=/srv/kubernetes/server.key
        - --admission-control={{.FEDERATION_ADMISSION_CONTROL}}
        - --token-auth-file=/srv/kubernetes/known-tokens.csv
        - --anonymous-auth=false
        - --storage-backend=etcd2
        ports:
        - containerPort: 443
          name: https
        - containerPort: 8080
          name: local
        volumeMounts:
        - name: federation-apiserver-secrets
          mountPath: /srv/kubernetes/
          readOnly: true
      - name: etcd
        image: gcr.io/google_containers/etcd:3.0.14-alpha.1
        command:
          - /usr/local/bin/etcd
          - --data-dir
          - /var/etcd/data
        volumeMounts:
        - mountPath: /var/etcd
          name: varetcd
      volumes:
      - name: federation-apiserver-secrets
        secret:
          secretName: federation-apiserver-secrets
      - name: varetcd
        persistentVolumeClaim:
          claimName: {{.FEDERATION_APISERVER_DEPLOYMENT_NAME}}-etcd-claim