diff --git a/pkg/model/iam/subject.go b/pkg/model/iam/subject.go index d8e8d51a1a..49688cae97 100644 --- a/pkg/model/iam/subject.go +++ b/pkg/model/iam/subject.go @@ -23,6 +23,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/kops/pkg/apis/kops" "k8s.io/kops/pkg/wellknownusers" + "k8s.io/kops/upup/pkg/fi" ) // Subject represents an IAM identity, to which permissions are granted. @@ -85,7 +86,22 @@ func ServiceAccountIssuer(clusterName string, clusterSpec *kops.ClusterSpec) str if clusterSpec.KubeAPIServer != nil && clusterSpec.KubeAPIServer.ServiceAccountIssuer != nil { return *clusterSpec.KubeAPIServer.ServiceAccountIssuer } - return "https://api." + clusterName + if supportsPublicJWKS(clusterSpec) { + return "https://api." + clusterName + } + return "https://api.internal." + clusterName +} + +func supportsPublicJWKS(clusterSpec *kops.ClusterSpec) bool { + if !fi.BoolValue(clusterSpec.KubeAPIServer.AnonymousAuth) { + return false + } + for _, cidr := range clusterSpec.KubernetesAPIAccess { + if cidr == "0.0.0.0/0" { + return true + } + } + return false } // AddServiceAccountRole adds the appropriate mounts / env vars to enable a pod to use a service-account role diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data index 7653b9674a..33950eb105 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.bastionuserdata.example.com - serviceAccountJWKSURI: https://api.bastionuserdata.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.bastionuserdata.example.com + serviceAccountJWKSURI: https://api.internal.bastionuserdata.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml index d657764f88..1a9bdc62bd 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml @@ -220,8 +220,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.complex.example.com - serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.complex.example.com + serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data b/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data index 24dc9c1cf1..402ec2ddb4 100644 --- a/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data +++ b/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data @@ -219,8 +219,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.complex.example.com - serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.complex.example.com + serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data index fe6f7cf38b..676f1b8a7e 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data @@ -144,7 +144,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/+xWbW/bthN/709B9I+ibxrJSvLvNqEF5jnd4jXpPLsPA4ZioMmzzJki1SOpxMM+/HCkbMtOsm7ry80GbPGeeA+/u5PQNsixNUtVlQPGam54BXNvkVcw1tw5cCXzGGAgrPFcGcBZMF7VULIdRe6ZkqyIaO+HFhCVhJL9PmCMsRbQKWvYC3Y6iISfGx0qZdyHdNwTskfKZnuTWYWNyNoiE6ge7YT/mniP3tP827oZpqDdgZF/boYexIcDU4x1zF/8pgH2gh2ZJI2sPX00ONL6LBcy23hlqQTs6DPfOA+1HFdoQ8NeJAwwpm11BS3okimztINdVUtWZOfZ2UBasQYkELi1aibGea51hyAwAjfxvg5wzAStB+CFHOvgPKAjRWjB+PjUs36WnWfFWUSoMvfz1mEBo+lkDtgmD7jW9maKqlUaKpDlNgZurNnUNrhR8KuSLbl2kdyoUZAKjIB4+wkji2jAg8tcKzIJSx60T6LpmrENxpesIFrwK4vqN04BXlvC/Ujf8I0bkRsDxhbKyJGUCM6VbJjFLzULdeAUbaskYMn4jaMcGL7QMJK1chTjNJU4efWa1+AaLuBKLUFshIZIvlK18jNuKsB4JgeVgJEQ5GMkTSljzoPx76wONVzxBejIuUih9Ru/T39jNWAMbA7CGpmY18Fzr0y1c/M9LFbWriPzHddKPsx+bSXMwHlUgsxG2gycDSjgx2A9pyR4IVOau8hX3jdlnhenX8TsFeX5cFgcCm6HTqeRJzD97z7N0wFjquYVlGz9pcsqgZmyOdX8hDfKJRi1RXaa6kQMDX6KsARE2JbyzabZXjYxHtBwPZnG46V13vA6VeflbY+3byLyAeFjAOdXwCVgBAvIWONklVcVQsW9xWPZl7ce+WV8JK/U7Vblp5MZ1NbDSZQ4Odb7jlo66R0rRNax/FtHrtdwvwpxqd1BBISpRV+y8/OzSOkDcOJcIHxTJVyZ57xRmbB1QznM4JbXjQYi3FH8/v2r+dvZ5NOauW3AKJm3Rf7rzdrtDXXDZTKN3VGyYjjMnp0TEPI4UlxC/TdcrMHIMsIpjZOxNR6t1oDXcTHuxorgHgjC48nFzO0Hi/dcrC6AfmfUKEJpmG+MmAIqK0tW1EP3UMuL5CVZTC5+9Sy5WOyZBAvau/emLW3dgDAm8zMbPO3u7XR7AOliF+FJ3YW4h7xOMNMQezRN3R6tvLsUCM/BweHsGSNIMF5xvU0VXT1Fe7spPxl4E2YJi5FHca66vtq/Xzz5mt+4Jw8H2cSrenH1/CWBuViBDDqV9wEbbifzefnpxkj58B4SceVeoKL5w1zawzv6zFpfsvwTKLp4Pe/hvBj2ODZu0O0xIyzr3ca5gEWoKmWqS26kpmbfxgBtmtSXHGXJaqgtbjLecqVJ73kxHF6rp8ZKWLoD8uMtUdG/+xYBnv//8dOY5TuiW+qB7J+XnPKZkD/llMW85Zhrtci7ROd7gTtINeBvLK7Tdu16yyhiWHPN3ccAyFOPHw4NSmdj5TU3agnOdxeDF/n+jSGvO64b1Jwy/eq/wv/bCk97tKIXLuwmDMW7rfcfAAAA//8BAAD//5CIzc16DQAA" | base64 -d | gzip -d > conf/cluster_spec.yaml +echo "H4sIAAAAAAAA/+xW648bNRD/nr/CKqr6pbebvTsKrFqJkCtc6N0Rkj6QUIUce7Ix8drbsb13QfzxaOzN8y6U0o+QSMl6Xp7Hb2ZWaBvk0Jq5qsoeYzU3vIKpt8grGGruHLiSeQzQE9Z4rgzgJBivaijZhiK3TElWRLT3UwuISkLJ/uwxxlgL6JQ17AU77UXCr40OlTLufTpuCdkjZbOtyazCRmRtkQlUjzbC/0x8h76j+cm6Gaag3Z6Rf2+GHsT7PVOMdczf/KoB9oIdmCSNrD191DvQ+iwXMtt4ZakE7OAzXTkPtRxWaEPDXiQMMKZtdQUt6JIpM7e9TVVLVmTn2VlPWrEEJBC4pWpGxnmudYcgMAJX8b4OcMwErXvghRzq4DygI0Vowfj4tGP9LDvPirOIUGUe5i3DDAbj0RSwTR5wre3tGFWrNFQgy3UM3Fizqm1wg+AXJZtz7SK5UYMgFRgB8fYTRhbRgAeXuVZkEuY8aJ9E0zVDG4wvWUG04BcW1R+cAry2hPuBvuUrNyA3eozNlJEDKRGcK1k/i19qFurAMdpWScCS8VtHOTB8pmEga+UoxnEqcfLqhtfgGi7gSs1BrISGSL5StfITbirAeCYHlYCBEORjJI0pY86D8W+tDjVc8RnoyLlIoe02/i79tdWAMbApCGtkYl4Hz70y1cbNdzBbWLuMzLdcK3mcfWMlTMB5VILMRtoEnA0o4OdgPackeCFTmrvIF943ZZ4Xp1/F7BXleb9f7Auuh06nkScwffGQ5mmPMVXzCkq2/NpllcBM2ZxqfsIb5RKM2iI7TXUihgY/RpgDIqxL+XrVrC8bGQ9ouB6N4/HSOm94narz8m6Ht20i8gHhQwDnF8AlYAQLyFjjZJVXFULFvcVD2Zd3HvllfCSv1N1a5ZeTCdTWw0mUODnU+4FaOukdKkTWofwbR67X8LAKcandQQSEsUVfsvPzs0jZBeDIuUD4pkq4Ms95ozLVJSwTtm4omRnc8brRQIR7Fn5892r6ZjL6BBO5bcAombdF/vvt0m0tduNmNI79UrKi38+enRM08jhkXOqD77hYgpFlBFgaMENrPFqtAa/jqtwMGsE9EKiHo4uJ244a77lYXAD9Tqh1hNIwXRkxBlRWlqyo++7YEBDJS7KYXPzmWXKx2DIJKLSJH8xf2sMBYUjmJzZ42ubreXcE+2IT4UndhbhtAp2ApyF2bZrDO7Ty/poghAcH+9NoiCDBeMX1OlV09Rjt3ar8aOBNmCR0Rh7Fueg6bfvG8eRbfuueHA+yiVftxLXjLwlMxQJk0Km8R2y4jczn5acbLOXxzSTiEr5ARROJubSZN/SJtb5k+UdQdHEz3cF50d/h2LhT18eMsKw3O+gCZqGqlKkuuZGa2n8dA7Rpdl9ylCWroba4ynjLlSa950W/f62eGith7vbIj9dERf/uewR4/uXjpzHL90TX1D3Zvy855TMhf8wpi3nLMddqlneJzrcC95BqwN9aXKZ92/WWUcSw5pq7DwGQpx7fHxqUzsbKa27UHJzvLgYv8u07RF53XNerOWX61f+F/68VnjZrRa9g2E0Yindd778AAAD//wEAAP//mzuXKIwNAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml index dda4272410..33203955c4 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml @@ -224,8 +224,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.containerd.example.com - serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.containerd.example.com + serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml index 4bc2339bd8..1cc18ec7f0 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.containerd.example.com - serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.containerd.example.com + serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml index 885b30fa03..1218dcae40 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.docker.example.com - serviceAccountJWKSURI: https://api.docker.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.docker.example.com + serviceAccountJWKSURI: https://api.internal.docker.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data index 960180b655..17cac0098b 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data index 0c6ccdb2b4..18532b9f89 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data index f212de766e..11871070f0 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml index 428ee5e83d..bceb227f52 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data index 9646b9b7e2..cbf8b9c1d0 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data index 3f8b5218d4..e9a1a7acfc 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data index 26dab88212..82070902d2 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml index 2898da14d5..74294851b7 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externallb.example.com - serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externallb.example.com + serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data index 8f8be345a5..14991dee8c 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externallb.example.com - serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externallb.example.com + serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data index 4a084c81f0..bac3b72d16 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data @@ -206,8 +206,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externalpolicies.example.com - serviceAccountJWKSURI: https://api.externalpolicies.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externalpolicies.example.com + serviceAccountJWKSURI: https://api.internal.externalpolicies.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data index edfdd5bd16..8f9e46a9c1 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data index 63df47c3a7..9d71545f08 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data index b66e779819..e843a3409a 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script index 44bff7a33a..730d995242 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script index 6126dbd96f..de6ccb3a28 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script index f1609222a4..1f83fa5b6a 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml index 8bb4c2fd13..893a7600a7 100644 --- a/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -546,8 +546,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -886,8 +886,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1cmasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data index 0aa45b8f69..bd1f1e8b8b 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data index bca82a307d..0136300eac 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data index 16d44ba25e..95c128151f 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml index 428ee5e83d..bceb227f52 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml index 428ee5e83d..bceb227f52 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index bd216df67e..5040491305 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data index 5b34410b47..579b810b1e 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data +++ b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data @@ -1 +1 @@ -IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQKc2V0IC1vIG5vdW5zZXQKc2V0IC1vIHBpcGVmYWlsCgpOT0RFVVBfVVJMX0FNRDY0PWh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FtZDY0L25vZGV1cCxodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjIxLjAtYWxwaGEuMS9ub2RldXAtbGludXgtYW1kNjQsaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIX0FNRDY0PTU4NWZiZGEwZjBhNDMxODQ2NTZiNGJmYzBjYzVmMGMwYjg1NjEyZmFmNDNiODgxNmFjY2ExZjk5ZDQyMmM5MjQKTk9ERVVQX1VSTF9BUk02ND1odHRwczovL2FydGlmYWN0cy5rOHMuaW8vYmluYXJpZXMva29wcy8xLjIxLjAtYWxwaGEuMS9saW51eC9hcm02NC9ub2RldXAsaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvbm9kZXVwLWxpbnV4LWFybTY0LGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FybTY0L25vZGV1cApOT0RFVVBfSEFTSF9BUk02ND03NjAzNjc1Mzc5Njk5MTA1YTliOTkxNWZmOTc3MThlYTk5YjFiYmIwMWE0YzE4NGUyZjgyN2M4YTk2ZThlODY1CgpleHBvcnQgQVdTX1JFR0lPTj11cy10ZXN0LTEKCgoKCnN5c2N0bCAtdyBuZXQuaXB2NC50Y3Bfcm1lbT0nNDA5NiAxMjU4MjkxMiAxNjc3NzIxNicgfHwgdHJ1ZQoKCmZ1bmN0aW9uIGVuc3VyZS1pbnN0YWxsLWRpcigpIHsKICBJTlNUQUxMX0RJUj0iL29wdC9rb3BzIgogICMgT24gQ29udGFpbmVyT1MsIHdlIGluc3RhbGwgdW5kZXIgL3Zhci9saWIvdG9vbGJveDsgL29wdCBpcyBybyBhbmQgbm9leGVjCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva29wcyIKICBmaQogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2JpbgogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2NvbmYKICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBhcmdzOiBuYW1lLCBzaGEsIHVybDEsIHVybDIuLi4KZG93bmxvYWQtb3ItYnVzdCgpIHsKICBsb2NhbCAtciBmaWxlPSIkMSIKICBsb2NhbCAtciBoYXNoPSIkMiIKICBzaGlmdCAyCgogIHVybHM9KCAkKiApCiAgd2hpbGUgdHJ1ZTsgZG8KICAgIGZvciB1cmwgaW4gIiR7dXJsc1tAXX0iOyBkbwogICAgICBjb21tYW5kcz0oCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC0tY29tcHJlc3NlZCAtTG8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0IDIwIC0tcmV0cnkgNiAtLXJldHJ5LWRlbGF5IDEwIgogICAgICAgICJ3Z2V0IC0taW5ldDQtb25seSAtLWNvbXByZXNzaW9uPWF1dG8gLU8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0PTIwIC0tdHJpZXM9NiAtLXdhaXQ9MTAiCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC1MbyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQgMjAgLS1yZXRyeSA2IC0tcmV0cnktZGVsYXkgMTAiCiAgICAgICAgIndnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwIgogICAgICApCiAgICAgIGZvciBjbWQgaW4gIiR7Y29tbWFuZHNbQF19IjsgZG8KICAgICAgICBlY2hvICJBdHRlbXB0aW5nIGRvd25sb2FkIHdpdGg6ICR7Y21kfSB7dXJsfSIKICAgICAgICBpZiAhICgke2NtZH0gIiR7dXJsfSIpOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZCBmYWlsZWQgd2l0aCAke2NtZH0gPT0iCiAgICAgICAgICBjb250aW51ZQogICAgICAgIGZpCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dICYmICEgdmFsaWRhdGUtaGFzaCAiJHtmaWxlfSIgIiR7aGFzaH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICAgICAgcm0gLWYgIiR7ZmlsZX0iCiAgICAgICAgZWxzZQogICAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9IChTSEExID0gJHtoYXNofSkgPT0iCiAgICAgICAgICBlbHNlCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgICAgZmkKICAgICAgICAgIHJldHVybgogICAgICAgIGZpCiAgICAgIGRvbmUKICAgIGRvbmUKCiAgICBlY2hvICJBbGwgZG93bmxvYWRzIGZhaWxlZDsgc2xlZXBpbmcgYmVmb3JlIHJldHJ5aW5nIgogICAgc2xlZXAgNjAKICBkb25lCn0KCnZhbGlkYXRlLWhhc2goKSB7CiAgbG9jYWwgLXIgZmlsZT0iJDEiCiAgbG9jYWwgLXIgZXhwZWN0ZWQ9IiQyIgogIGxvY2FsIGFjdHVhbAoKICBhY3R1YWw9JChzaGEyNTZzdW0gJHtmaWxlfSB8IGF3ayAneyBwcmludCAkMSB9JykgfHwgdHJ1ZQogIGlmIFtbICIke2FjdHVhbH0iICE9ICIke2V4cGVjdGVkfSIgXV07IHRoZW4KICAgIGVjaG8gIj09ICR7ZmlsZX0gY29ycnVwdGVkLCBoYXNoICR7YWN0dWFsfSBkb2Vzbid0IG1hdGNoIGV4cGVjdGVkICR7ZXhwZWN0ZWR9ID09IgogICAgcmV0dXJuIDEKICBmaQp9CgpmdW5jdGlvbiBzcGxpdC1jb21tYXMoKSB7CiAgZWNobyAkMSB8IHRyICIsIiAiXG4iCn0KCmZ1bmN0aW9uIHRyeS1kb3dubG9hZC1yZWxlYXNlKCkgewogIGxvY2FsIC1yIG5vZGV1cF91cmxzPSggJChzcGxpdC1jb21tYXMgIiR7Tk9ERVVQX1VSTH0iKSApCiAgaWYgW1sgLW4gIiR7Tk9ERVVQX0hBU0g6LX0iIF1dOyB0aGVuCiAgICBsb2NhbCAtciBub2RldXBfaGFzaD0iJHtOT0RFVVBfSEFTSH0iCiAgZWxzZQogICMgVE9ETzogUmVtb3ZlPwogICAgZWNobyAiRG93bmxvYWRpbmcgc2hhMjU2IChub3QgZm91bmQgaW4gZW52KSIKICAgIGRvd25sb2FkLW9yLWJ1c3Qgbm9kZXVwLnNoYTI1NiAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGEyNTZ9IgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9JChjYXQgbm9kZXVwLnNoYTI1NikKICBmaQoKICBlY2hvICJEb3dubG9hZGluZyBub2RldXAgKCR7bm9kZXVwX3VybHNbQF19KSIKICBkb3dubG9hZC1vci1idXN0IG5vZGV1cCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgY2FzZSAiJCh1bmFtZSAtbSkiIGluCiAgeDg2XzY0KnxpPzg2XzY0KnxhbWQ2NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQU1ENjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQU1ENjR9IgogICAgOzsKICBhYXJjaDY0Knxhcm02NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQVJNNjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQVJNNjR9IgogICAgOzsKICAqKQogICAgZWNobyAiVW5zdXBwb3J0ZWQgaG9zdCBhcmNoOiAkKHVuYW1lIC1tKSIgPiYyCiAgICBleGl0IDEKICAgIDs7CiAgZXNhYwoKICAjIEluIGNhc2Ugb2YgZmFpbHVyZSBjaGVja2luZyBpbnRlZ3JpdHkgb2YgcmVsZWFzZSwgcmV0cnkuCiAgY2QgJHtJTlNUQUxMX0RJUn0vYmluCiAgdW50aWwgdHJ5LWRvd25sb2FkLXJlbGVhc2U7IGRvCiAgICBzbGVlcCAxNQogICAgZWNobyAiQ291bGRuJ3QgZG93bmxvYWQgcmVsZWFzZS4gUmV0cnlpbmcuLi4iCiAgZG9uZQoKICBlY2hvICJSdW5uaW5nIG5vZGV1cCIKICAjIFdlIGNhbid0IHJ1biBpbiB0aGUgZm9yZWdyb3VuZCBiZWNhdXNlIG9mIGh0dHBzOi8vZ2l0aHViLmNvbS9kb2NrZXIvZG9ja2VyL2lzc3Vlcy8yMzc5MwogICggY2QgJHtJTlNUQUxMX0RJUn0vYmluOyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9jb25mL2t1YmVfZW52LnlhbWwgLS12PTggICkKfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgovYmluL3N5c3RlbWQtbWFjaGluZS1pZC1zZXR1cCB8fCBlY2hvICJmYWlsZWQgdG8gc2V0IHVwIGVuc3VyZSBtYWNoaW5lLWlkIGNvbmZpZ3VyZWQiCgplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgc3RhcnRpbmcgPT0iCmVuc3VyZS1pbnN0YWxsLWRpcgoKY2F0ID4gY29uZi9jbHVzdGVyX3NwZWMueWFtbCA8PCAnX19FT0ZfQ0xVU1RFUl9TUEVDJwpjbG91ZENvbmZpZzoKICBtYW5hZ2VTdG9yYWdlQ2xhc3NlczogdHJ1ZQpjb250YWluZXJSdW50aW1lOiBjb250YWluZXJkCmNvbnRhaW5lcmQ6CiAgY29uZmlnT3ZlcnJpZGU6IHwKICAgIHZlcnNpb24gPSAyCgogICAgW3BsdWdpbnNdCgogICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSJdCgogICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkXQoKICAgICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzXQoKICAgICAgICAgICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMucnVuY10KICAgICAgICAgICAgICBydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgoKICAgICAgICAgICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdCiAgICAgICAgICAgICAgICBTeXN0ZW1kQ2dyb3VwID0gdHJ1ZQogIGxvZ0xldmVsOiBpbmZvCiAgdmVyc2lvbjogMS40LjMKZG9ja2VyOgogIHNraXBJbnN0YWxsOiB0cnVlCmVuY3J5cHRpb25Db25maWc6IG51bGwKZXRjZENsdXN0ZXJzOgogIGV2ZW50czoKICAgIHZlcnNpb246IDMuNC4xMwogIG1haW46CiAgICB2ZXJzaW9uOiAzLjQuMTMKa3ViZUFQSVNlcnZlcjoKICBhbGxvd1ByaXZpbGVnZWQ6IHRydWUKICBhbm9ueW1vdXNBdXRoOiBmYWxzZQogIGFwaUF1ZGllbmNlczoKICAtIGt1YmVybmV0ZXMuc3ZjLmRlZmF1bHQKICBhcGlTZXJ2ZXJDb3VudDogMQogIGF1dGhvcml6YXRpb25Nb2RlOiBBbHdheXNBbGxvdwogIGJpbmRBZGRyZXNzOiAwLjAuMC4wCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgZW5hYmxlQWRtaXNzaW9uUGx1Z2luczoKICAtIE5hbWVzcGFjZUxpZmVjeWNsZQogIC0gTGltaXRSYW5nZXIKICAtIFNlcnZpY2VBY2NvdW50CiAgLSBQZXJzaXN0ZW50Vm9sdW1lTGFiZWwKICAtIERlZmF1bHRTdG9yYWdlQ2xhc3MKICAtIERlZmF1bHRUb2xlcmF0aW9uU2Vjb25kcwogIC0gTXV0YXRpbmdBZG1pc3Npb25XZWJob29rCiAgLSBWYWxpZGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gTm9kZVJlc3RyaWN0aW9uCiAgLSBSZXNvdXJjZVF1b3RhCiAgZXRjZFNlcnZlcnM6CiAgLSBodHRwOi8vMTI3LjAuMC4xOjQwMDEKICBldGNkU2VydmVyc092ZXJyaWRlczoKICAtIC9ldmVudHMjaHR0cDovLzEyNy4wLjAuMTo0MDAyCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1hcGlzZXJ2ZXI6djEuMjAuMAogIGt1YmVsZXRQcmVmZXJyZWRBZGRyZXNzVHlwZXM6CiAgLSBJbnRlcm5hbElQCiAgLSBIb3N0bmFtZQogIC0gRXh0ZXJuYWxJUAogIGxvZ0xldmVsOiAyCiAgcmVxdWVzdGhlYWRlckFsbG93ZWROYW1lczoKICAtIGFnZ3JlZ2F0b3IKICByZXF1ZXN0aGVhZGVyRXh0cmFIZWFkZXJQcmVmaXhlczoKICAtIFgtUmVtb3RlLUV4dHJhLQogIHJlcXVlc3RoZWFkZXJHcm91cEhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Hcm91cAogIHJlcXVlc3RoZWFkZXJVc2VybmFtZUhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Vc2VyCiAgc2VjdXJlUG9ydDogNDQzCiAgc2VydmljZUFjY291bnRJc3N1ZXI6IGh0dHBzOi8vYXBpLm1pbmltYWwtanNvbi5leGFtcGxlLmNvbQogIHNlcnZpY2VBY2NvdW50SldLU1VSSTogaHR0cHM6Ly9hcGkubWluaW1hbC1qc29uLmV4YW1wbGUuY29tL29wZW5pZC92MS9qd2tzCiAgc2VydmljZUNsdXN0ZXJJUFJhbmdlOiAxMDAuNjQuMC4wLzEzCiAgc3RvcmFnZUJhY2tlbmQ6IGV0Y2QzCmt1YmVDb250cm9sbGVyTWFuYWdlcjoKICBhbGxvY2F0ZU5vZGVDSURSczogdHJ1ZQogIGF0dGFjaERldGFjaFJlY29uY2lsZVN5bmNQZXJpb2Q6IDFtMHMKICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyQ0lEUjogMTAwLjk2LjAuMC8xMQogIGNsdXN0ZXJOYW1lOiBtaW5pbWFsLWpzb24uZXhhbXBsZS5jb20KICBjb25maWd1cmVDbG91ZFJvdXRlczogZmFsc2UKICBpbWFnZTogazhzLmdjci5pby9rdWJlLWNvbnRyb2xsZXItbWFuYWdlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCiAgdXNlU2VydmljZUFjY291bnRDcmVkZW50aWFsczogdHJ1ZQprdWJlUHJveHk6CiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjcHVSZXF1ZXN0OiAxMDBtCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1wcm94eTp2MS4yMC4wCiAgbG9nTGV2ZWw6IDIKa3ViZVNjaGVkdWxlcjoKICBpbWFnZTogazhzLmdjci5pby9rdWJlLXNjaGVkdWxlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFub255bW91c0F1dGg6IGZhbHNlCiAgY2dyb3VwRHJpdmVyOiBzeXN0ZW1kCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTmFtZTogY25pCiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBjb25mL2lnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKe30KCl9fRU9GX0lHX1NQRUMKCmNhdCA+IGNvbmYva3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKICBhbWQ2NDoKICAtIGZmMjQyMjU3MWM0YzFlOTY5NmUzNjdmNWYyNTQ2NmI5NmZiNmU1MDFmMjhhZWQyOWY0MTRiMTUyNGE1MmRlYTBAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKICAtIGE1ODk1MDA3ZjMzMWYwOGQyZTA4MmViMTI0NTg3NjQ5NDk1NTlmMzBiY2M1YmVhZTI2YzM4ZjNlMjcyNDI2MmNAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKICAtIDk3NzgyNDkzMmQ1NjY3YzdhMzdhYTZhM2NiYmE0MDEwMGE2ODczZTdiZDk3ZTgzZThiZTgzN2UzZTdhZmQwYThAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2s4cy1hcnRpZmFjdHMtY25pL3JlbGVhc2UvdjAuOC43L2NuaS1wbHVnaW5zLWxpbnV4LWFtZDY0LXYwLjguNy50Z3oKICAtIDI2OTdhMzQyZTM0NzdjMjExYWI0ODMxM2UyNTlmZDdlMzJhZDFmNWRlZDE5MzIwZTZhNTU5ZjUwYTgyYmZmM2RAaHR0cHM6Ly9naXRodWIuY29tL2NvbnRhaW5lcmQvY29udGFpbmVyZC9yZWxlYXNlcy9kb3dubG9hZC92MS40LjMvY3JpLWNvbnRhaW5lcmQtY25pLTEuNC4zLWxpbnV4LWFtZDY0LnRhci5negogIGFybTY0OgogIC0gNDdhYjZjNDI3M2ZjM2JiMGNiOGVjOTUxNzI3MWQ5MTU4OTBjNWE2YjBlNTRiMjk5MWU3YThmYmJlNzdiMDZlNEBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWxldAogIC0gMjVlNDQ2NTg3MGM5OTE2N2U2YzQ2NjYyM2VkOGYwNWExZDIwZmJjYjQ4Y2FiNjY4ODEwOTM4OWI1MmQ4NzYyM0BodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWN0bAogIC0gYWUxM2Q3YjVjMDViZDE4MGVhOWI1YjY4ZjQ0YmRhYTdiZmI0MTAzNGEyZWYxZDY4ZmQ4ZTEyNTk3OTdkNjQyZkBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20vazhzLWFydGlmYWN0cy1jbmkvcmVsZWFzZS92MC44LjcvY25pLXBsdWdpbnMtbGludXgtYXJtNjQtdjAuOC43LnRnegogIC0gNmUzZjgwZTg0NTFlY2JlN2IzNTU5MjQ3NzIxYzNlMjI2YmU2YjIyOGFjYWFkZWU3ZTEzNjgzZjgwYzIwZTgxY0BodHRwczovL2Rvd25sb2FkLmRvY2tlci5jb20vbGludXgvc3RhdGljL3N0YWJsZS9hYXJjaDY0L2RvY2tlci0yMC4xMC4wLnRnegpDbHVzdGVyTmFtZTogbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkNvbmZpZ0Jhc2U6IG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkluc3RhbmNlR3JvdXBOYW1lOiBtYXN0ZXItdXMtdGVzdC0xYQpJbnN0YW5jZUdyb3VwUm9sZTogTWFzdGVyCkt1YmVsZXRDb25maWc6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub2RlTGFiZWxzOgogICAga29wcy5rOHMuaW8va29wcy1jb250cm9sbGVyLXBraTogIiIKICAgIGt1YmVybmV0ZXMuaW8vcm9sZTogbWFzdGVyCiAgICBub2RlLXJvbGUua3ViZXJuZXRlcy5pby9jb250cm9sLXBsYW5lOiAiIgogICAgbm9kZS1yb2xlLmt1YmVybmV0ZXMuaW8vbWFzdGVyOiAiIgogICAgbm9kZS5rdWJlcm5ldGVzLmlvL2V4Y2x1ZGUtZnJvbS1leHRlcm5hbC1sb2FkLWJhbGFuY2VyczogIiIKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwogIHJlZ2lzdGVyU2NoZWR1bGFibGU6IGZhbHNlCmNoYW5uZWxzOgotIG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC1qc29uLmV4YW1wbGUuY29tL2FkZG9ucy9ib290c3RyYXAtY2hhbm5lbC55YW1sCmV0Y2RNYW5pZmVzdHM6Ci0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLWpzb24uZXhhbXBsZS5jb20vbWFuaWZlc3RzL2V0Y2QvbWFpbi55YW1sCi0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLWpzb24uZXhhbXBsZS5jb20vbWFuaWZlc3RzL2V0Y2QvZXZlbnRzLnlhbWwKcHJvdG9rdWJlSW1hZ2U6CiAgYW1kNjQ6CiAgICBoYXNoOiA4ZTYyZDRkMWJjYTIzN2I4MjE0MDIwYzcxNWRhNDE1YmYzZmNjZmFiYmI1ZTAxYjNkMzcxMmQ4ZWRiMTk1NWYzCiAgICBuYW1lOiBwcm90b2t1YmU6MS4yMS4wLWFscGhhLjEKICAgIHNvdXJjZXM6CiAgICAtIGh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYW1kNjQudGFyLmd6CiAgICAtIGh0dHBzOi8vZ2l0aHViLmNvbS9rdWJlcm5ldGVzL2tvcHMvcmVsZWFzZXMvZG93bmxvYWQvdjEuMjEuMC1hbHBoYS4xL2ltYWdlcy1wcm90b2t1YmUtYW1kNjQudGFyLmd6CiAgICAtIGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYW1kNjQudGFyLmd6CiAgYXJtNjQ6CiAgICBoYXNoOiAwMWU5ZWY4YjUyNTRjZTMyZjhkZGQyM2FhODYzZDZkYTViMTQ3YmI4NGEyNjczY2VmNTljYTBmYzczZjJiOWNmCiAgICBuYW1lOiBwcm90b2t1YmU6MS4yMS4wLWFscGhhLjEKICAgIHNvdXJjZXM6CiAgICAtIGh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYXJtNjQudGFyLmd6CiAgICAtIGh0dHBzOi8vZ2l0aHViLmNvbS9rdWJlcm5ldGVzL2tvcHMvcmVsZWFzZXMvZG93bmxvYWQvdjEuMjEuMC1hbHBoYS4xL2ltYWdlcy1wcm90b2t1YmUtYXJtNjQudGFyLmd6CiAgICAtIGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYXJtNjQudGFyLmd6CnN0YXRpY01hbmlmZXN0czoKLSBrZXk6IGt1YmUtYXBpc2VydmVyLWhlYWx0aGNoZWNrCiAgcGF0aDogbWFuaWZlc3RzL3N0YXRpYy9rdWJlLWFwaXNlcnZlci1oZWFsdGhjaGVjay55YW1sCgpfX0VPRl9LVUJFX0VOVgoKZG93bmxvYWQtcmVsZWFzZQplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgZG9uZSA9PSIK +IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQKc2V0IC1vIG5vdW5zZXQKc2V0IC1vIHBpcGVmYWlsCgpOT0RFVVBfVVJMX0FNRDY0PWh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FtZDY0L25vZGV1cCxodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjIxLjAtYWxwaGEuMS9ub2RldXAtbGludXgtYW1kNjQsaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIX0FNRDY0PTU4NWZiZGEwZjBhNDMxODQ2NTZiNGJmYzBjYzVmMGMwYjg1NjEyZmFmNDNiODgxNmFjY2ExZjk5ZDQyMmM5MjQKTk9ERVVQX1VSTF9BUk02ND1odHRwczovL2FydGlmYWN0cy5rOHMuaW8vYmluYXJpZXMva29wcy8xLjIxLjAtYWxwaGEuMS9saW51eC9hcm02NC9ub2RldXAsaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvbm9kZXVwLWxpbnV4LWFybTY0LGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FybTY0L25vZGV1cApOT0RFVVBfSEFTSF9BUk02ND03NjAzNjc1Mzc5Njk5MTA1YTliOTkxNWZmOTc3MThlYTk5YjFiYmIwMWE0YzE4NGUyZjgyN2M4YTk2ZThlODY1CgpleHBvcnQgQVdTX1JFR0lPTj11cy10ZXN0LTEKCgoKCnN5c2N0bCAtdyBuZXQuaXB2NC50Y3Bfcm1lbT0nNDA5NiAxMjU4MjkxMiAxNjc3NzIxNicgfHwgdHJ1ZQoKCmZ1bmN0aW9uIGVuc3VyZS1pbnN0YWxsLWRpcigpIHsKICBJTlNUQUxMX0RJUj0iL29wdC9rb3BzIgogICMgT24gQ29udGFpbmVyT1MsIHdlIGluc3RhbGwgdW5kZXIgL3Zhci9saWIvdG9vbGJveDsgL29wdCBpcyBybyBhbmQgbm9leGVjCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva29wcyIKICBmaQogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2JpbgogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2NvbmYKICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBhcmdzOiBuYW1lLCBzaGEsIHVybDEsIHVybDIuLi4KZG93bmxvYWQtb3ItYnVzdCgpIHsKICBsb2NhbCAtciBmaWxlPSIkMSIKICBsb2NhbCAtciBoYXNoPSIkMiIKICBzaGlmdCAyCgogIHVybHM9KCAkKiApCiAgd2hpbGUgdHJ1ZTsgZG8KICAgIGZvciB1cmwgaW4gIiR7dXJsc1tAXX0iOyBkbwogICAgICBjb21tYW5kcz0oCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC0tY29tcHJlc3NlZCAtTG8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0IDIwIC0tcmV0cnkgNiAtLXJldHJ5LWRlbGF5IDEwIgogICAgICAgICJ3Z2V0IC0taW5ldDQtb25seSAtLWNvbXByZXNzaW9uPWF1dG8gLU8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0PTIwIC0tdHJpZXM9NiAtLXdhaXQ9MTAiCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC1MbyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQgMjAgLS1yZXRyeSA2IC0tcmV0cnktZGVsYXkgMTAiCiAgICAgICAgIndnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwIgogICAgICApCiAgICAgIGZvciBjbWQgaW4gIiR7Y29tbWFuZHNbQF19IjsgZG8KICAgICAgICBlY2hvICJBdHRlbXB0aW5nIGRvd25sb2FkIHdpdGg6ICR7Y21kfSB7dXJsfSIKICAgICAgICBpZiAhICgke2NtZH0gIiR7dXJsfSIpOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZCBmYWlsZWQgd2l0aCAke2NtZH0gPT0iCiAgICAgICAgICBjb250aW51ZQogICAgICAgIGZpCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dICYmICEgdmFsaWRhdGUtaGFzaCAiJHtmaWxlfSIgIiR7aGFzaH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICAgICAgcm0gLWYgIiR7ZmlsZX0iCiAgICAgICAgZWxzZQogICAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9IChTSEExID0gJHtoYXNofSkgPT0iCiAgICAgICAgICBlbHNlCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgICAgZmkKICAgICAgICAgIHJldHVybgogICAgICAgIGZpCiAgICAgIGRvbmUKICAgIGRvbmUKCiAgICBlY2hvICJBbGwgZG93bmxvYWRzIGZhaWxlZDsgc2xlZXBpbmcgYmVmb3JlIHJldHJ5aW5nIgogICAgc2xlZXAgNjAKICBkb25lCn0KCnZhbGlkYXRlLWhhc2goKSB7CiAgbG9jYWwgLXIgZmlsZT0iJDEiCiAgbG9jYWwgLXIgZXhwZWN0ZWQ9IiQyIgogIGxvY2FsIGFjdHVhbAoKICBhY3R1YWw9JChzaGEyNTZzdW0gJHtmaWxlfSB8IGF3ayAneyBwcmludCAkMSB9JykgfHwgdHJ1ZQogIGlmIFtbICIke2FjdHVhbH0iICE9ICIke2V4cGVjdGVkfSIgXV07IHRoZW4KICAgIGVjaG8gIj09ICR7ZmlsZX0gY29ycnVwdGVkLCBoYXNoICR7YWN0dWFsfSBkb2Vzbid0IG1hdGNoIGV4cGVjdGVkICR7ZXhwZWN0ZWR9ID09IgogICAgcmV0dXJuIDEKICBmaQp9CgpmdW5jdGlvbiBzcGxpdC1jb21tYXMoKSB7CiAgZWNobyAkMSB8IHRyICIsIiAiXG4iCn0KCmZ1bmN0aW9uIHRyeS1kb3dubG9hZC1yZWxlYXNlKCkgewogIGxvY2FsIC1yIG5vZGV1cF91cmxzPSggJChzcGxpdC1jb21tYXMgIiR7Tk9ERVVQX1VSTH0iKSApCiAgaWYgW1sgLW4gIiR7Tk9ERVVQX0hBU0g6LX0iIF1dOyB0aGVuCiAgICBsb2NhbCAtciBub2RldXBfaGFzaD0iJHtOT0RFVVBfSEFTSH0iCiAgZWxzZQogICMgVE9ETzogUmVtb3ZlPwogICAgZWNobyAiRG93bmxvYWRpbmcgc2hhMjU2IChub3QgZm91bmQgaW4gZW52KSIKICAgIGRvd25sb2FkLW9yLWJ1c3Qgbm9kZXVwLnNoYTI1NiAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGEyNTZ9IgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9JChjYXQgbm9kZXVwLnNoYTI1NikKICBmaQoKICBlY2hvICJEb3dubG9hZGluZyBub2RldXAgKCR7bm9kZXVwX3VybHNbQF19KSIKICBkb3dubG9hZC1vci1idXN0IG5vZGV1cCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgY2FzZSAiJCh1bmFtZSAtbSkiIGluCiAgeDg2XzY0KnxpPzg2XzY0KnxhbWQ2NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQU1ENjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQU1ENjR9IgogICAgOzsKICBhYXJjaDY0Knxhcm02NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQVJNNjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQVJNNjR9IgogICAgOzsKICAqKQogICAgZWNobyAiVW5zdXBwb3J0ZWQgaG9zdCBhcmNoOiAkKHVuYW1lIC1tKSIgPiYyCiAgICBleGl0IDEKICAgIDs7CiAgZXNhYwoKICAjIEluIGNhc2Ugb2YgZmFpbHVyZSBjaGVja2luZyBpbnRlZ3JpdHkgb2YgcmVsZWFzZSwgcmV0cnkuCiAgY2QgJHtJTlNUQUxMX0RJUn0vYmluCiAgdW50aWwgdHJ5LWRvd25sb2FkLXJlbGVhc2U7IGRvCiAgICBzbGVlcCAxNQogICAgZWNobyAiQ291bGRuJ3QgZG93bmxvYWQgcmVsZWFzZS4gUmV0cnlpbmcuLi4iCiAgZG9uZQoKICBlY2hvICJSdW5uaW5nIG5vZGV1cCIKICAjIFdlIGNhbid0IHJ1biBpbiB0aGUgZm9yZWdyb3VuZCBiZWNhdXNlIG9mIGh0dHBzOi8vZ2l0aHViLmNvbS9kb2NrZXIvZG9ja2VyL2lzc3Vlcy8yMzc5MwogICggY2QgJHtJTlNUQUxMX0RJUn0vYmluOyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9jb25mL2t1YmVfZW52LnlhbWwgLS12PTggICkKfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgovYmluL3N5c3RlbWQtbWFjaGluZS1pZC1zZXR1cCB8fCBlY2hvICJmYWlsZWQgdG8gc2V0IHVwIGVuc3VyZSBtYWNoaW5lLWlkIGNvbmZpZ3VyZWQiCgplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgc3RhcnRpbmcgPT0iCmVuc3VyZS1pbnN0YWxsLWRpcgoKY2F0ID4gY29uZi9jbHVzdGVyX3NwZWMueWFtbCA8PCAnX19FT0ZfQ0xVU1RFUl9TUEVDJwpjbG91ZENvbmZpZzoKICBtYW5hZ2VTdG9yYWdlQ2xhc3NlczogdHJ1ZQpjb250YWluZXJSdW50aW1lOiBjb250YWluZXJkCmNvbnRhaW5lcmQ6CiAgY29uZmlnT3ZlcnJpZGU6IHwKICAgIHZlcnNpb24gPSAyCgogICAgW3BsdWdpbnNdCgogICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSJdCgogICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkXQoKICAgICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzXQoKICAgICAgICAgICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMucnVuY10KICAgICAgICAgICAgICBydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgoKICAgICAgICAgICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdCiAgICAgICAgICAgICAgICBTeXN0ZW1kQ2dyb3VwID0gdHJ1ZQogIGxvZ0xldmVsOiBpbmZvCiAgdmVyc2lvbjogMS40LjMKZG9ja2VyOgogIHNraXBJbnN0YWxsOiB0cnVlCmVuY3J5cHRpb25Db25maWc6IG51bGwKZXRjZENsdXN0ZXJzOgogIGV2ZW50czoKICAgIHZlcnNpb246IDMuNC4xMwogIG1haW46CiAgICB2ZXJzaW9uOiAzLjQuMTMKa3ViZUFQSVNlcnZlcjoKICBhbGxvd1ByaXZpbGVnZWQ6IHRydWUKICBhbm9ueW1vdXNBdXRoOiBmYWxzZQogIGFwaUF1ZGllbmNlczoKICAtIGt1YmVybmV0ZXMuc3ZjLmRlZmF1bHQKICBhcGlTZXJ2ZXJDb3VudDogMQogIGF1dGhvcml6YXRpb25Nb2RlOiBBbHdheXNBbGxvdwogIGJpbmRBZGRyZXNzOiAwLjAuMC4wCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgZW5hYmxlQWRtaXNzaW9uUGx1Z2luczoKICAtIE5hbWVzcGFjZUxpZmVjeWNsZQogIC0gTGltaXRSYW5nZXIKICAtIFNlcnZpY2VBY2NvdW50CiAgLSBQZXJzaXN0ZW50Vm9sdW1lTGFiZWwKICAtIERlZmF1bHRTdG9yYWdlQ2xhc3MKICAtIERlZmF1bHRUb2xlcmF0aW9uU2Vjb25kcwogIC0gTXV0YXRpbmdBZG1pc3Npb25XZWJob29rCiAgLSBWYWxpZGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gTm9kZVJlc3RyaWN0aW9uCiAgLSBSZXNvdXJjZVF1b3RhCiAgZXRjZFNlcnZlcnM6CiAgLSBodHRwOi8vMTI3LjAuMC4xOjQwMDEKICBldGNkU2VydmVyc092ZXJyaWRlczoKICAtIC9ldmVudHMjaHR0cDovLzEyNy4wLjAuMTo0MDAyCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1hcGlzZXJ2ZXI6djEuMjAuMAogIGt1YmVsZXRQcmVmZXJyZWRBZGRyZXNzVHlwZXM6CiAgLSBJbnRlcm5hbElQCiAgLSBIb3N0bmFtZQogIC0gRXh0ZXJuYWxJUAogIGxvZ0xldmVsOiAyCiAgcmVxdWVzdGhlYWRlckFsbG93ZWROYW1lczoKICAtIGFnZ3JlZ2F0b3IKICByZXF1ZXN0aGVhZGVyRXh0cmFIZWFkZXJQcmVmaXhlczoKICAtIFgtUmVtb3RlLUV4dHJhLQogIHJlcXVlc3RoZWFkZXJHcm91cEhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Hcm91cAogIHJlcXVlc3RoZWFkZXJVc2VybmFtZUhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Vc2VyCiAgc2VjdXJlUG9ydDogNDQzCiAgc2VydmljZUFjY291bnRJc3N1ZXI6IGh0dHBzOi8vYXBpLmludGVybmFsLm1pbmltYWwtanNvbi5leGFtcGxlLmNvbQogIHNlcnZpY2VBY2NvdW50SldLU1VSSTogaHR0cHM6Ly9hcGkuaW50ZXJuYWwubWluaW1hbC1qc29uLmV4YW1wbGUuY29tL29wZW5pZC92MS9qd2tzCiAgc2VydmljZUNsdXN0ZXJJUFJhbmdlOiAxMDAuNjQuMC4wLzEzCiAgc3RvcmFnZUJhY2tlbmQ6IGV0Y2QzCmt1YmVDb250cm9sbGVyTWFuYWdlcjoKICBhbGxvY2F0ZU5vZGVDSURSczogdHJ1ZQogIGF0dGFjaERldGFjaFJlY29uY2lsZVN5bmNQZXJpb2Q6IDFtMHMKICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyQ0lEUjogMTAwLjk2LjAuMC8xMQogIGNsdXN0ZXJOYW1lOiBtaW5pbWFsLWpzb24uZXhhbXBsZS5jb20KICBjb25maWd1cmVDbG91ZFJvdXRlczogZmFsc2UKICBpbWFnZTogazhzLmdjci5pby9rdWJlLWNvbnRyb2xsZXItbWFuYWdlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCiAgdXNlU2VydmljZUFjY291bnRDcmVkZW50aWFsczogdHJ1ZQprdWJlUHJveHk6CiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjcHVSZXF1ZXN0OiAxMDBtCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1wcm94eTp2MS4yMC4wCiAgbG9nTGV2ZWw6IDIKa3ViZVNjaGVkdWxlcjoKICBpbWFnZTogazhzLmdjci5pby9rdWJlLXNjaGVkdWxlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFub255bW91c0F1dGg6IGZhbHNlCiAgY2dyb3VwRHJpdmVyOiBzeXN0ZW1kCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTmFtZTogY25pCiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBjb25mL2lnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKe30KCl9fRU9GX0lHX1NQRUMKCmNhdCA+IGNvbmYva3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKICBhbWQ2NDoKICAtIGZmMjQyMjU3MWM0YzFlOTY5NmUzNjdmNWYyNTQ2NmI5NmZiNmU1MDFmMjhhZWQyOWY0MTRiMTUyNGE1MmRlYTBAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKICAtIGE1ODk1MDA3ZjMzMWYwOGQyZTA4MmViMTI0NTg3NjQ5NDk1NTlmMzBiY2M1YmVhZTI2YzM4ZjNlMjcyNDI2MmNAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKICAtIDk3NzgyNDkzMmQ1NjY3YzdhMzdhYTZhM2NiYmE0MDEwMGE2ODczZTdiZDk3ZTgzZThiZTgzN2UzZTdhZmQwYThAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2s4cy1hcnRpZmFjdHMtY25pL3JlbGVhc2UvdjAuOC43L2NuaS1wbHVnaW5zLWxpbnV4LWFtZDY0LXYwLjguNy50Z3oKICAtIDI2OTdhMzQyZTM0NzdjMjExYWI0ODMxM2UyNTlmZDdlMzJhZDFmNWRlZDE5MzIwZTZhNTU5ZjUwYTgyYmZmM2RAaHR0cHM6Ly9naXRodWIuY29tL2NvbnRhaW5lcmQvY29udGFpbmVyZC9yZWxlYXNlcy9kb3dubG9hZC92MS40LjMvY3JpLWNvbnRhaW5lcmQtY25pLTEuNC4zLWxpbnV4LWFtZDY0LnRhci5negogIGFybTY0OgogIC0gNDdhYjZjNDI3M2ZjM2JiMGNiOGVjOTUxNzI3MWQ5MTU4OTBjNWE2YjBlNTRiMjk5MWU3YThmYmJlNzdiMDZlNEBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWxldAogIC0gMjVlNDQ2NTg3MGM5OTE2N2U2YzQ2NjYyM2VkOGYwNWExZDIwZmJjYjQ4Y2FiNjY4ODEwOTM4OWI1MmQ4NzYyM0BodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWN0bAogIC0gYWUxM2Q3YjVjMDViZDE4MGVhOWI1YjY4ZjQ0YmRhYTdiZmI0MTAzNGEyZWYxZDY4ZmQ4ZTEyNTk3OTdkNjQyZkBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20vazhzLWFydGlmYWN0cy1jbmkvcmVsZWFzZS92MC44LjcvY25pLXBsdWdpbnMtbGludXgtYXJtNjQtdjAuOC43LnRnegogIC0gNmUzZjgwZTg0NTFlY2JlN2IzNTU5MjQ3NzIxYzNlMjI2YmU2YjIyOGFjYWFkZWU3ZTEzNjgzZjgwYzIwZTgxY0BodHRwczovL2Rvd25sb2FkLmRvY2tlci5jb20vbGludXgvc3RhdGljL3N0YWJsZS9hYXJjaDY0L2RvY2tlci0yMC4xMC4wLnRnegpDbHVzdGVyTmFtZTogbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkNvbmZpZ0Jhc2U6IG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkluc3RhbmNlR3JvdXBOYW1lOiBtYXN0ZXItdXMtdGVzdC0xYQpJbnN0YW5jZUdyb3VwUm9sZTogTWFzdGVyCkt1YmVsZXRDb25maWc6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub2RlTGFiZWxzOgogICAga29wcy5rOHMuaW8va29wcy1jb250cm9sbGVyLXBraTogIiIKICAgIGt1YmVybmV0ZXMuaW8vcm9sZTogbWFzdGVyCiAgICBub2RlLXJvbGUua3ViZXJuZXRlcy5pby9jb250cm9sLXBsYW5lOiAiIgogICAgbm9kZS1yb2xlLmt1YmVybmV0ZXMuaW8vbWFzdGVyOiAiIgogICAgbm9kZS5rdWJlcm5ldGVzLmlvL2V4Y2x1ZGUtZnJvbS1leHRlcm5hbC1sb2FkLWJhbGFuY2VyczogIiIKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwogIHJlZ2lzdGVyU2NoZWR1bGFibGU6IGZhbHNlCmNoYW5uZWxzOgotIG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC1qc29uLmV4YW1wbGUuY29tL2FkZG9ucy9ib290c3RyYXAtY2hhbm5lbC55YW1sCmV0Y2RNYW5pZmVzdHM6Ci0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLWpzb24uZXhhbXBsZS5jb20vbWFuaWZlc3RzL2V0Y2QvbWFpbi55YW1sCi0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLWpzb24uZXhhbXBsZS5jb20vbWFuaWZlc3RzL2V0Y2QvZXZlbnRzLnlhbWwKcHJvdG9rdWJlSW1hZ2U6CiAgYW1kNjQ6CiAgICBoYXNoOiA4ZTYyZDRkMWJjYTIzN2I4MjE0MDIwYzcxNWRhNDE1YmYzZmNjZmFiYmI1ZTAxYjNkMzcxMmQ4ZWRiMTk1NWYzCiAgICBuYW1lOiBwcm90b2t1YmU6MS4yMS4wLWFscGhhLjEKICAgIHNvdXJjZXM6CiAgICAtIGh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYW1kNjQudGFyLmd6CiAgICAtIGh0dHBzOi8vZ2l0aHViLmNvbS9rdWJlcm5ldGVzL2tvcHMvcmVsZWFzZXMvZG93bmxvYWQvdjEuMjEuMC1hbHBoYS4xL2ltYWdlcy1wcm90b2t1YmUtYW1kNjQudGFyLmd6CiAgICAtIGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYW1kNjQudGFyLmd6CiAgYXJtNjQ6CiAgICBoYXNoOiAwMWU5ZWY4YjUyNTRjZTMyZjhkZGQyM2FhODYzZDZkYTViMTQ3YmI4NGEyNjczY2VmNTljYTBmYzczZjJiOWNmCiAgICBuYW1lOiBwcm90b2t1YmU6MS4yMS4wLWFscGhhLjEKICAgIHNvdXJjZXM6CiAgICAtIGh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYXJtNjQudGFyLmd6CiAgICAtIGh0dHBzOi8vZ2l0aHViLmNvbS9rdWJlcm5ldGVzL2tvcHMvcmVsZWFzZXMvZG93bmxvYWQvdjEuMjEuMC1hbHBoYS4xL2ltYWdlcy1wcm90b2t1YmUtYXJtNjQudGFyLmd6CiAgICAtIGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2ltYWdlcy9wcm90b2t1YmUtYXJtNjQudGFyLmd6CnN0YXRpY01hbmlmZXN0czoKLSBrZXk6IGt1YmUtYXBpc2VydmVyLWhlYWx0aGNoZWNrCiAgcGF0aDogbWFuaWZlc3RzL3N0YXRpYy9rdWJlLWFwaXNlcnZlci1oZWFsdGhjaGVjay55YW1sCgpfX0VPRl9LVUJFX0VOVgoKZG93bmxvYWQtcmVsZWFzZQplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgZG9uZSA9PSIK diff --git a/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index bd216df67e..5040491305 100644 --- a/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script index ac36d11a1d..2f8713402b 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal-gce.example.com - serviceAccountJWKSURI: https://api.minimal-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal-gce.example.com + serviceAccountJWKSURI: https://api.internal.minimal-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml index 66f7164f4b..cd9a694715 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -546,8 +546,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -886,8 +886,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index 32a47aae72..ddb93c1ea2 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index 8088967464..0aa2a01257 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 0c464b6dfc..4e2c00ec1c 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml index 66f7164f4b..cd9a694715 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -546,8 +546,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -886,8 +886,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index 32a47aae72..ddb93c1ea2 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index 8088967464..0aa2a01257 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 0c464b6dfc..4e2c00ec1c 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml index db487e5a05..22b135816d 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatesharedipexamplecom.Pro requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-ip.example.com - serviceAccountJWKSURI: https://api.private-shared-ip.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-ip.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-ip.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data index f9df6859cf..827b4ad688 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-ip.example.com - serviceAccountJWKSURI: https://api.private-shared-ip.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-ip.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-ip.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data index ade499a6c5..a9ff13f442 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-subnet.example.com - serviceAccountJWKSURI: https://api.private-shared-subnet.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-subnet.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-subnet.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml index a5956e06b6..05eea2b89e 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecalico.example.com - serviceAccountJWKSURI: https://api.privatecalico.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecalico.example.com + serviceAccountJWKSURI: https://api.internal.privatecalico.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data index 48db27ff82..83037b80e8 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecalico.example.com - serviceAccountJWKSURI: https://api.privatecalico.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecalico.example.com + serviceAccountJWKSURI: https://api.internal.privatecalico.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data index f0b4fb54c8..0a52afc0f6 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecanal.example.com - serviceAccountJWKSURI: https://api.privatecanal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecanal.example.com + serviceAccountJWKSURI: https://api.internal.privatecanal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml index 22a642ae54..5f0d6ae2e7 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivateciliumexamplecom.Prope requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecilium.example.com - serviceAccountJWKSURI: https://api.privatecilium.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecilium.example.com + serviceAccountJWKSURI: https://api.internal.privatecilium.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index 2492e64fed..aa3ef1056a 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecilium.example.com - serviceAccountJWKSURI: https://api.privatecilium.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecilium.example.com + serviceAccountJWKSURI: https://api.internal.privatecilium.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml index b83c11cf7d..7562ce4e33 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml @@ -209,8 +209,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivateciliumadvancedexamplec requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateciliumadvanced.example.com - serviceAccountJWKSURI: https://api.privateciliumadvanced.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateciliumadvanced.example.com + serviceAccountJWKSURI: https://api.internal.privateciliumadvanced.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data index b37a7b24ae..d20e21878f 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateciliumadvanced.example.com - serviceAccountJWKSURI: https://api.privateciliumadvanced.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateciliumadvanced.example.com + serviceAccountJWKSURI: https://api.internal.privateciliumadvanced.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data b/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data index c85f7f587f..4fb2553db3 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data +++ b/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatedns1.example.com - serviceAccountJWKSURI: https://api.privatedns1.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatedns1.example.com + serviceAccountJWKSURI: https://api.internal.privatedns1.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data index 4980a836b8..381355df89 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatedns2.example.com - serviceAccountJWKSURI: https://api.privatedns2.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatedns2.example.com + serviceAccountJWKSURI: https://api.internal.privatedns2.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data index 66618d711e..473014a67b 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateflannel.example.com - serviceAccountJWKSURI: https://api.privateflannel.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateflannel.example.com + serviceAccountJWKSURI: https://api.internal.privateflannel.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data index e8caa4f0e1..ceddf1f602 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatekopeio.example.com - serviceAccountJWKSURI: https://api.privatekopeio.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatekopeio.example.com + serviceAccountJWKSURI: https://api.internal.privatekopeio.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data b/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data index dd3931e125..96adcb30a9 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data +++ b/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateweave.example.com - serviceAccountJWKSURI: https://api.privateweave.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateweave.example.com + serviceAccountJWKSURI: https://api.internal.privateweave.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data index 84eec3abae..ecb91d75d1 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.sharedsubnet.example.com - serviceAccountJWKSURI: https://api.sharedsubnet.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.sharedsubnet.example.com + serviceAccountJWKSURI: https://api.internal.sharedsubnet.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data index 385a391867..488df0fb19 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.sharedvpc.example.com - serviceAccountJWKSURI: https://api.sharedvpc.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.sharedvpc.example.com + serviceAccountJWKSURI: https://api.internal.sharedvpc.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data index 51093de0bf..f1f156a0b2 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.unmanaged.example.com - serviceAccountJWKSURI: https://api.unmanaged.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.unmanaged.example.com + serviceAccountJWKSURI: https://api.internal.unmanaged.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: