{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #}
{#  #}
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
{# TODO: this is ugly but we want to create our own token so we can #}
{# better control it's lifetime #}
bootstrapTokens:
- ttl: "1s"
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: {{ kubernetes_version }}
clusterName: {{ kubernetes.cluster_name }}
imageRepository: k8s.gcr.io
controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443"
networking:
  dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }}
  podSubnet: {{ kubernetes.pod_ip_range }}
  serviceSubnet: {{ kubernetes.service_ip_range }}
apiServer:
  extraArgs:
    advertise-address: {{ kubernetes_kubelet_node_ip }}
  #   encryption-provider-config: /etc/kubernetes/encryption/config
  # extraVolumes:
  # - name: encryption-config
  #   hostPath: /etc/kubernetes/encryption
  #   mountPath: /etc/kubernetes/encryption
  #   readOnly: true
  #   pathType: Directory
{% if (kubernetes.api_extra_sans | default([]) | length) == 0 %}
  certSANs: []
{% else %}
  certSANs:
  {{ kubernetes.api_extra_sans | to_nice_yaml | indent(width=2) }}
{% endif %}
controllerManager:
  extraArgs:
    node-cidr-mask-size: "{{ kubernetes.pod_ip_range_size }}"
scheduler: {}
dns:
  type: CoreDNS