From db4d8d96f0ec54b49109aaea3492ad34a1ef1229 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Fri, 20 Mar 2015 15:27:55 -0400
Subject: [PATCH 1/2] Set default admission control policies in example init
 files

---
 contrib/init/systemd/environ/apiserver      | 3 +++
 contrib/init/systemd/kube-apiserver.service | 1 +
 2 files changed, 4 insertions(+)

diff --git a/contrib/init/systemd/environ/apiserver b/contrib/init/systemd/environ/apiserver
index f81930f85d4..0564cfcbd28 100644
--- a/contrib/init/systemd/environ/apiserver
+++ b/contrib/init/systemd/environ/apiserver
@@ -19,5 +19,8 @@ KUBELET_PORT="--kubelet_port=10250"
 # Address range to use for services
 KUBE_SERVICE_ADDRESSES="--portal_net=10.254.0.0/16"
 
+# default admission control policies
+KUBE_ADMISSION_CONTROL="--admission_control=NamespaceAutoProvision,LimitRanger,ResourceQuota"
+
 # Add you own!
 KUBE_API_ARGS=""
diff --git a/contrib/init/systemd/kube-apiserver.service b/contrib/init/systemd/kube-apiserver.service
index 467536f52a4..dd915896a61 100644
--- a/contrib/init/systemd/kube-apiserver.service
+++ b/contrib/init/systemd/kube-apiserver.service
@@ -15,6 +15,7 @@ ExecStart=/usr/bin/kube-apiserver \
 	    $KUBELET_PORT \
 	    $KUBE_ALLOW_PRIV \
 	    $KUBE_SERVICE_ADDRESSES \
+	    $KUBE_ADMISSION_CONTROL \
 	    $KUBE_API_ARGS
 Restart=on-failure
 LimitNOFILE=65536

From be3c219181492d97095456489ccee164619f5a81 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Fri, 20 Mar 2015 15:49:58 -0400
Subject: [PATCH 2/2] update example systemd files to be more obvious

only set the etcd servers in the apiserver config
set the --master= in the global config
  still need --api_servers= different in kubelet because, ummmm, we do
comment out the apiserver config in controller and scheduler, not needed
point the proxy to api, not to etcd
---
 contrib/init/systemd/README.md                       |  2 +-
 contrib/init/systemd/environ/apiserver               | 10 +++++-----
 contrib/init/systemd/environ/config                  |  7 +++----
 contrib/init/systemd/environ/kubelet                 |  2 +-
 contrib/init/systemd/kube-controller-manager.service |  1 -
 contrib/init/systemd/kube-proxy.service              |  2 +-
 contrib/init/systemd/kube-scheduler.service          |  1 -
 7 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/contrib/init/systemd/README.md b/contrib/init/systemd/README.md
index 5554ad20bbf..266d719c54a 100644
--- a/contrib/init/systemd/README.md
+++ b/contrib/init/systemd/README.md
@@ -31,4 +31,4 @@ It may seem reasonable to use --option=${OPTION} in the .service file instead of
 
 While some command line options to the daemons use the default when passed an empty option some cause the daemon to fail to launch.  --allow_privileged= (without a value of true/false) will cause the kube-apiserver and kubelet to refuse to launch.
 
-It also may seem reasonable to just use ${DAEMON_ARGS} and string all of these into one line in the environment file.  While that makes the .service file simple it makes the admin job more difficult to locate and make appropriate changes to the config.  This is a tradeoff between having to update the .service file to add new options or having the config files easy for an admin to work with.  I choose: "easy for adminmost of the time".
+It also may seem reasonable to just use $DAEMON_ARGS and string all of these into one line in the environment file.  While that makes the .service file simple it makes the admin job more difficult to locate and make appropriate changes to the config.  This is a tradeoff between having to update the .service file to add new options or having the config files easy for an admin to work with.  I choose: "easy for admin most of the time".
diff --git a/contrib/init/systemd/environ/apiserver b/contrib/init/systemd/environ/apiserver
index 0564cfcbd28..2972ac8be6a 100644
--- a/contrib/init/systemd/environ/apiserver
+++ b/contrib/init/systemd/environ/apiserver
@@ -8,13 +8,13 @@
 KUBE_API_ADDRESS="--address=127.0.0.1"
 
 # The port on the local server to listen on.
-KUBE_API_PORT="--port=8080"
-
-# How the replication controller and scheduler find the kube-apiserver
-KUBE_MASTER="--master=127.0.0.1:8080"
+# KUBE_API_PORT="--port=8080"
 
 # Port minions listen on
-KUBELET_PORT="--kubelet_port=10250"
+# KUBELET_PORT="--kubelet_port=10250"
+
+# Comma separated list of nodes in the etcd cluster
+KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:4001"
 
 # Address range to use for services
 KUBE_SERVICE_ADDRESSES="--portal_net=10.254.0.0/16"
diff --git a/contrib/init/systemd/environ/config b/contrib/init/systemd/environ/config
index 39959d83259..b90a756a531 100644
--- a/contrib/init/systemd/environ/config
+++ b/contrib/init/systemd/environ/config
@@ -9,10 +9,6 @@
 #   kube-scheduler.service
 #   kubelet.service
 #   kube-proxy.service
-
-# Comma separated list of nodes in the etcd cluster
-KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:4001"
-
 # logging to stderr means we get it in the systemd journal
 KUBE_LOGTOSTDERR="--logtostderr=true"
 
@@ -21,3 +17,6 @@ KUBE_LOG_LEVEL="--v=0"
 
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow_privileged=false"
+
+# How the controller-manager, scheduler, and proxy find the apiserver
+KUBE_MASTER="--master=http://127.0.0.1:8080"
diff --git a/contrib/init/systemd/environ/kubelet b/contrib/init/systemd/environ/kubelet
index 0c0d217fd91..64a7b25c454 100644
--- a/contrib/init/systemd/environ/kubelet
+++ b/contrib/init/systemd/environ/kubelet
@@ -5,7 +5,7 @@
 KUBELET_ADDRESS="--address=127.0.0.1"
 
 # The port for the info server to serve on
-KUBELET_PORT="--port=10250"
+# KUBELET_PORT="--port=10250"
 
 # You may leave this blank to use the actual hostname
 KUBELET_HOSTNAME="--hostname_override=127.0.0.1"
diff --git a/contrib/init/systemd/kube-controller-manager.service b/contrib/init/systemd/kube-controller-manager.service
index 422b4677cd6..3c135154095 100644
--- a/contrib/init/systemd/kube-controller-manager.service
+++ b/contrib/init/systemd/kube-controller-manager.service
@@ -4,7 +4,6 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 
 [Service]
 EnvironmentFile=-/etc/kubernetes/config
-EnvironmentFile=-/etc/kubernetes/apiserver
 EnvironmentFile=-/etc/kubernetes/controller-manager
 User=kube
 ExecStart=/usr/bin/kube-controller-manager \
diff --git a/contrib/init/systemd/kube-proxy.service b/contrib/init/systemd/kube-proxy.service
index 7b95755d53e..9e065a309fb 100644
--- a/contrib/init/systemd/kube-proxy.service
+++ b/contrib/init/systemd/kube-proxy.service
@@ -9,7 +9,7 @@ EnvironmentFile=-/etc/kubernetes/proxy
 ExecStart=/usr/bin/kube-proxy \
 	    $KUBE_LOGTOSTDERR \
 	    $KUBE_LOG_LEVEL \
-	    $KUBE_ETCD_SERVERS \
+	    $KUBE_MASTER \
 	    $KUBE_PROXY_ARGS
 Restart=on-failure
 LimitNOFILE=65536
diff --git a/contrib/init/systemd/kube-scheduler.service b/contrib/init/systemd/kube-scheduler.service
index a726407945b..6b9453e0210 100644
--- a/contrib/init/systemd/kube-scheduler.service
+++ b/contrib/init/systemd/kube-scheduler.service
@@ -4,7 +4,6 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 
 [Service]
 EnvironmentFile=-/etc/kubernetes/config
-EnvironmentFile=-/etc/kubernetes/apiserver
 EnvironmentFile=-/etc/kubernetes/scheduler
 User=kube
 ExecStart=/usr/bin/kube-scheduler \