#cloud-config
merge_how: dict(recurse_array)+list(append)
bootcmd:
  - mkdir -p /srv/salt-overlay/salt/kube-apiserver
  - mkdir -p /srv/salt-overlay/salt/kubelet
write_files:
  - path: /srv/salt-overlay/salt/kube-apiserver/basic_auth.csv
    permissions: "0600"
    content: |
      $apiserver_password,$apiserver_user,admin
  - path: /srv/salt-overlay/salt/kube-apiserver/known_tokens.csv
    permissions: "0600"
    content: |
      $token_kubelet,kubelet,kubelet
      $token_kube_proxy,kube_proxy,kube_proxy
      TokenSystemScheduler,system:scheduler,system:scheduler
      TokenSystemControllerManager,system:controller_manager,system:controller_manager
      TokenSystemLogging,system:logging,system:logging
      TokenSystemMonitoring,system:monitoring,system:monitoring
      TokenSystemDns,system:dns,system:dns
  - path: /srv/salt-overlay/salt/kubelet/kubernetes_auth
    permissions: "0600"
    content: |
      {"BearerToken": "$token_kubelet", "Insecure": true }
  - path: /srv/salt-overlay/salt/kubelet/kubeconfig
    permissions: "0600"
    content: |
      apiVersion: v1
      kind: Config
      users:
        - name: kubelet
          user:
            token: $token_kubelet
      clusters:
        - name: local
          cluster:
            insecure-skip-tls-verify: true
      contexts:
        - context:
            cluster: local
            user: kubelet
          name: service-account-context
      current-context: service-account-context