examples/ClusterManagerTemplate.yaml

apiVersion: v1
kind: Secret
metadata:
  name: cluster-manager-provider-access-keys
  namespace: $FEDERATION_NAMESPACE
type: Opaque
data:
  awsAccessKeyId: "$AWS_ACCESS_KEY_ID_BASE64"
  awsSecretAccessKey: "$AWS_SECRET_ACCESS_KEY_BASE64"
  okeBearerToken: "$OKE_BEARER_TOKEN_BASE64"
  okeAuthGroup: "$OKE_AUTH_GROUP_BASE64"
  okeCloudAuthId: "$OKE_CLOUD_AUTH_ID_BASE64"
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: cluster-manager
  namespace: $FEDERATION_NAMESPACE
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: cluster-manager
    spec:
      containers:
      - name: cluster-manager
        image: ${IMAGE_REPOSITORY}/cluster-manager:${IMAGE_VERSION}
        imagePullPolicy: Always
        env:
        - name: AWS_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: cluster-manager-provider-access-keys
              key: awsAccessKeyId
        - name: AWS_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: cluster-manager-provider-access-keys
              key: awsSecretAccessKey
        - name: OKE_BEARER_TOKEN
          valueFrom:
            secretKeyRef:
              name: cluster-manager-provider-access-keys
              key: okeBearerToken
        - name: OKE_AUTH_GROUP
          valueFrom:
            secretKeyRef:
              name: cluster-manager-provider-access-keys
              key: okeAuthGroup
        - name: OKE_CLOUD_AUTH_ID
          valueFrom:
            secretKeyRef:
              name: cluster-manager-provider-access-keys
              key: okeCloudAuthId
        command:
        - /cluster-manager
        - --v=2
        - --domain=$DOMAIN
        - --fkubeApiServer=https://$FEDERATION_CONTEXT-apiserver
        - --fkubeName=$FEDERATION_CONTEXT
        - --fkubeNamespace=$FEDERATION_NAMESPACE
        - --okeApiHost=api.cluster.us-ashburn-1.oracledx.com
        - --statestore=$KOPS_STATE_STORE
        volumeMounts:
        - mountPath: /etc/federation/controller-manager
          name: $FEDERATION_CONTEXT-controller-manager-kubeconfig
          readOnly: true
      serviceAccountName: federation-controller-manager
      serviceAccount: federation-controller-manager
      volumes:
      - name: $FEDERATION_CONTEXT-controller-manager-kubeconfig
        secret:
          secretName: $FEDERATION_CONTEXT-controller-manager-kubeconfig