{% set daemon_args = "$DAEMON_ARGS" -%}
{% if grains['os_family'] == 'RedHat' -%}
	{% set daemon_args = "" -%}
{% endif -%}

{% set cloud_provider = "" -%}
{% set cloud_config = "" -%}

{% if grains.cloud is defined -%}
{% set cloud_provider = "--cloud_provider=" + grains.cloud -%}

{% if grains.cloud == 'gce' -%}
  {% if grains.cloud_config is defined -%}
    {% set cloud_config = "--cloud_config=" + grains.cloud_config -%}
  {% endif -%}

{% elif grains.cloud == 'aws' -%}
  {% set cloud_config = "--cloud_config=/etc/aws.conf" -%}
{% endif -%}

{% endif -%} # grains.cloud is defined

{% set address = "--address=127.0.0.1" -%}

{% if pillar['instance_prefix'] is defined -%}
  {% set cluster_name = "--cluster_name=" + pillar['instance_prefix'] -%}
{% endif -%}

{% set publicAddressOverride = "" -%}
{% if grains.publicAddressOverride is defined -%}
  {% set publicAddressOverride = "--public_address_override=" + grains.publicAddressOverride -%}
{% endif -%}

{% set etcd_servers = "--etcd_servers=http://127.0.0.1:4001" -%}

{% if pillar['portal_net'] is defined -%}
  {% set portal_net = "--portal_net=" + pillar['portal_net'] -%}
{% endif -%}

{% set cert_file = "--tls_cert_file=/srv/kubernetes/server.cert" -%}
{% set key_file = "--tls_private_key_file=/srv/kubernetes/server.key" -%}

{% set secure_port = "--secure_port=6443" -%}
{% set token_auth_file = "--token_auth_file=/dev/null" -%}

{% if grains.cloud is defined -%}
{% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%}
    # TODO: generate and distribute tokens for other cloud providers.
    {% set token_auth_file = "--token_auth_file=/srv/kubernetes/known_tokens.csv" -%}
{% endif -%}
{% endif -%}

{% set admission_control = "" -%}
{% if pillar['admission_control'] is defined -%}
 {% set admission_control = "--admission_control=" + pillar['admission_control'] -%}
{% endif -%}

{% set runtime_config = "" -%}
{% if grains.runtime_config is defined -%}
 {% set runtime_config = "--runtime_config=" + grains.runtime_config -%}
{% endif -%}

DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} {{ cloud_config }} {{ runtime_config }} {{admission_control}} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}}  {{cluster_name}} {{cert_file}} {{key_file}} {{secure_port}} {{token_auth_file}} {{publicAddressOverride}} {{pillar['log_level']}}"
