{% set cluster_name = "" -%}
{% set cluster_cidr = "" -%}
{% set allocate_node_cidrs = "" -%}
{% set enable_experimental = "" -%}

{% if pillar['instance_prefix'] is defined -%}
  {% set cluster_name = "--cluster-name=" + pillar['instance_prefix'] -%}
{% endif -%}
{% if pillar['cluster_cidr'] is defined and pillar['cluster_cidr'] != "" -%}
  {% set cluster_cidr = "--cluster-cidr=" + pillar['cluster_cidr'] -%}
{% endif -%}
{% if pillar['allocate_node_cidrs'] is defined -%}
  {% set allocate_node_cidrs = "--allocate-node-cidrs=" + pillar['allocate_node_cidrs'] -%}
{% endif -%}
{% if pillar['enable_experimental_api'] is defined -%}
  {% set enable_experimental = "--enable-experimental=" + pillar['enable_experimental_api'] -%}
{% endif -%}

{% set cloud_provider = "" -%}
{% set cloud_config = "" -%}
{% set cloud_config_mount = "" -%}
{% set cloud_config_volume = "" -%}

{% if grains.cloud is defined -%}
  {% set cloud_provider = "--cloud-provider=" + grains.cloud -%}
  {% set service_account_key = " --service-account-private-key-file=/srv/kubernetes/server.key " -%}

  {% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%}
    {% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
    {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
    {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%}
  {% endif -%}
{% endif -%}

{% set root_ca_file = "" -%}

{% if grains['cloud'] is defined and grains.cloud in [ 'aws', 'gce', 'vagrant' ]    %}
   {% set root_ca_file = "--root-ca-file=/srv/kubernetes/ca.crt" -%}
{% endif -%}

{% set params = "--master=127.0.0.1:8080" + " " + cluster_name + " " + cluster_cidr + " " + allocate_node_cidrs + " " + enable_experimental + " " + cloud_provider  + " " + cloud_config + service_account_key + pillar['log_level'] + " " + root_ca_file -%}

# test_args has to be kept at the end, so they'll overwrite any prior configuration
{% if pillar['controller_manager_test_args'] is defined -%}
{% set params = params + " " + pillar['controller_manager_test_args'] -%}
{% endif -%}

{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
  "name":"kube-controller-manager",
  "namespace": "kube-system"
},
"spec":{
"hostNetwork": true,
"containers":[
    {
    "name": "kube-controller-manager",
    "image": "gcr.io/google_containers/kube-controller-manager:{{pillar['kube-controller-manager_docker_tag']}}",
    "resources": {
      "limits": {
        "cpu": "200m"
      }
    },
    "command": [
                 "/bin/sh",
                 "-c",
                 "/usr/local/bin/kube-controller-manager {{params}} 1>>/var/log/kube-controller-manager.log 2>&1"
               ],
    "livenessProbe": {
      "httpGet": {
        "host": "127.0.0.1",
        "port": 10252,
        "path": "/healthz"
      },
      "initialDelaySeconds": 15,
      "timeoutSeconds": 15
    },
    "volumeMounts": [
        {{cloud_config_mount}}
        { "name": "srvkube",
        "mountPath": "/srv/kubernetes",
        "readOnly": true},
        { "name": "logfile",
        "mountPath": "/var/log/kube-controller-manager.log",
        "readOnly": false},
        { "name": "etcssl",
        "mountPath": "/etc/ssl",
        "readOnly": true},
        { "name": "usrsharessl",
        "mountPath": "/usr/share/ssl",
        "readOnly": true},
        { "name": "varssl",
        "mountPath": "/var/ssl",
        "readOnly": true},
        { "name": "usrssl",
        "mountPath": "/usr/ssl",
        "readOnly": true},
        { "name": "usrlibssl",
        "mountPath": "/usr/lib/ssl",
        "readOnly": true},
        { "name": "usrlocalopenssl",
        "mountPath": "/usr/local/openssl",
        "readOnly": true},
        { "name": "etcopenssl",
        "mountPath": "/etc/openssl",
        "readOnly": true},
        { "name": "etcpkitls",
        "mountPath": "/etc/pki/tls",
        "readOnly": true}
      ]
    }
],
"volumes":[
  {{cloud_config_volume}}
  { "name": "srvkube",
    "hostPath": {
        "path": "/srv/kubernetes"}
  },
  { "name": "logfile",
    "hostPath": {
        "path": "/var/log/kube-controller-manager.log"}
  },
  { "name": "etcssl",
    "hostPath": {
        "path": "/etc/ssl"}
  },
  { "name": "usrsharessl",
    "hostPath": {
        "path": "/usr/share/ssl"}
  },
  { "name": "varssl",
    "hostPath": {
        "path": "/var/ssl"}
  },
  { "name": "usrssl",
    "hostPath": {
        "path": "/usr/ssl"}
  },
  { "name": "usrlibssl",
    "hostPath": {
        "path": "/usr/lib/ssl"}
  },
  { "name": "usrlocalopenssl",
    "hostPath": {
        "path": "/usr/local/openssl"}
  },
  { "name": "etcopenssl",
    "hostPath": {
        "path": "/etc/openssl"}
  },
  { "name": "etcpkitls",
    "hostPath": {
        "path": "/etc/pki/tls"}
  }
]
}}