Remove dead code

2021-10-02 20:55:54 -07:00 · 2021-10-02 20:55:54 -07:00 · 0fd4dca30e
parent 8e6214c046
commit 0fd4dca30e
10 changed files with 10 additions and 88 deletions
--- a/k8s/crds/kops.k8s.io_clusters.yaml
+++ b/k8s/crds/kops.k8s.io_clusters.yaml
@ -939,12 +939,10 @@ spec:
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    enableEtcdTLS:
-                      description: EnableEtcdTLS indicates the etcd service should
-                        use TLS between peers and clients
+                      description: EnableEtcdTLS is unused.
                      type: boolean
                    enableTLSAuth:
-                      description: EnableTLSAuth indicates client and peer TLS auth
-                        should be enforced
+                      description: EnableTLSAuth is unused.
                      type: boolean
                    etcdMembers:
                      description: Members stores the configurations for each member
--- a/nodeup/pkg/model/context.go
+++ b/nodeup/pkg/model/context.go
@ -359,41 +359,12 @@ func (c *NodeupModelContext) IsKubernetesLT(version string) bool {
 	return !c.IsKubernetesGTE(version)
 }

-// UseEtcdTLS checks if the etcd cluster has TLS enabled bool
-func (c *NodeupModelContext) UseEtcdTLS() bool {
-	// @note: because we enforce that 'both' have to be enabled for TLS we only need to check one here.
-	for _, x := range c.Cluster.Spec.EtcdClusters {
-		if x.EnableEtcdTLS {
-			return true
-		}
-	}
-
-	return false
-}
-
 // UseVolumeMounts is used to check if we have volume mounts enabled as we need to
 // insert requires and afters in various places
 func (c *NodeupModelContext) UseVolumeMounts() bool {
 	return len(c.NodeupConfig.VolumeMounts) > 0
 }

-// UseEtcdTLSAuth checks the peer-auth is set in both cluster
-// @NOTE: in retrospect i think we should have consolidated the common config in the wrapper struct; it
-// feels weird we set things like version, tls etc per cluster since they both have to be the same.
-func (c *NodeupModelContext) UseEtcdTLSAuth() bool {
-	if !c.UseEtcdTLS() {
-		return false
-	}
-
-	for _, x := range c.Cluster.Spec.EtcdClusters {
-		if x.EnableTLSAuth {
-			return true
-		}
-	}
-
-	return false
-}
-
 // UseKopsControllerForNodeBootstrap checks if nodeup should use kops-controller to bootstrap.
 func (c *NodeupModelContext) UseKopsControllerForNodeBootstrap() bool {
 	return model.UseKopsControllerForNodeBootstrap(c.Cluster)
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@ -565,9 +565,9 @@ type EtcdClusterSpec struct {
 	Provider EtcdProviderType `json:"provider,omitempty"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`
-	// EnableEtcdTLS indicates the etcd service should use TLS between peers and clients
+	// EnableEtcdTLS is unused.
 	EnableEtcdTLS bool `json:"enableEtcdTLS,omitempty"`
-	// EnableTLSAuth indicates client and peer TLS auth should be enforced
+	// EnableTLSAuth is unused.
 	EnableTLSAuth bool `json:"enableTLSAuth,omitempty"`
 	// Version is the version of etcd to run.
 	Version string `json:"version,omitempty"`
--- a/pkg/apis/kops/v1alpha2/cluster.go
+++ b/pkg/apis/kops/v1alpha2/cluster.go
@ -563,9 +563,9 @@ type EtcdClusterSpec struct {
 	Provider EtcdProviderType `json:"provider,omitempty"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`
-	// EnableEtcdTLS indicates the etcd service should use TLS between peers and clients
+	// EnableEtcdTLS is unused.
 	EnableEtcdTLS bool `json:"enableEtcdTLS,omitempty"`
-	// EnableTLSAuth indicates client and peer TLS auth should be enforced
+	// EnableTLSAuth is unused.
 	EnableTLSAuth bool `json:"enableTLSAuth,omitempty"`
 	// Version is the version of etcd to run.
 	Version string `json:"version,omitempty"`
--- a/pkg/apis/kops/v1alpha3/cluster.go
+++ b/pkg/apis/kops/v1alpha3/cluster.go
@ -563,9 +563,9 @@ type EtcdClusterSpec struct {
 	Provider EtcdProviderType `json:"provider,omitempty"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`
-	// EnableEtcdTLS indicates the etcd service should use TLS between peers and clients
+	// EnableEtcdTLS is unused.
 	EnableEtcdTLS bool `json:"enableEtcdTLS,omitempty"`
-	// EnableTLSAuth indicates client and peer TLS auth should be enforced
+	// EnableTLSAuth is unused.
 	EnableTLSAuth bool `json:"enableTLSAuth,omitempty"`
 	// Version is the version of etcd to run.
 	Version string `json:"version,omitempty"`
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@ -201,7 +201,6 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 				allErrs = append(allErrs, validateEtcdClusterSpec(etcdCluster, c, fieldEtcdClusters.Index(i))...)
 			}
 			allErrs = append(allErrs, validateEtcdBackupStore(spec.EtcdClusters, fieldEtcdClusters)...)
-			allErrs = append(allErrs, validateEtcdTLS(spec.EtcdClusters, fieldEtcdClusters)...)
 			allErrs = append(allErrs, validateEtcdStorage(spec.EtcdClusters, fieldEtcdClusters)...)
 		}
 	}
@ -1035,23 +1034,6 @@ func validateEtcdBackupStore(specs []kops.EtcdClusterSpec, fieldPath *field.Path
 	return allErrs
 }

-// validateEtcdTLS checks the TLS settings for etcd are valid
-func validateEtcdTLS(specs []kops.EtcdClusterSpec, fieldPath *field.Path) field.ErrorList {
-	allErrs := field.ErrorList{}
-	var usingTLS int
-	for _, x := range specs {
-		if x.EnableEtcdTLS {
-			usingTLS++
-		}
-	}
-	// check both clusters are using tls if one is enabled
-	if usingTLS > 0 && usingTLS != len(specs) {
-		allErrs = append(allErrs, field.Forbidden(fieldPath.Index(0).Child("enableEtcdTLS"), "both etcd clusters must have TLS enabled or none at all"))
-	}
-
-	return allErrs
-}
-
 // validateEtcdStorage is responsible for checking versions are identical.
 func validateEtcdStorage(specs []kops.EtcdClusterSpec, fieldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
--- a/pkg/model/components/apiserver.go
+++ b/pkg/model/components/apiserver.go
@ -141,15 +141,11 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 	c.EtcdServersOverrides = nil

 	for _, etcdCluster := range clusterSpec.EtcdClusters {
-		protocol := "http"
-		if etcdCluster.EnableEtcdTLS {
-			protocol = "https"
-		}
 		switch etcdCluster.Name {
 		case "main":
-			c.EtcdServers = append(c.EtcdServers, protocol+"://127.0.0.1:4001")
+			c.EtcdServers = append(c.EtcdServers, "https://127.0.0.1:4001")
 		case "events":
-			c.EtcdServersOverrides = append(c.EtcdServersOverrides, "/events#"+protocol+"://127.0.0.1:4002")
+			c.EtcdServersOverrides = append(c.EtcdServersOverrides, "/events#https://127.0.0.1:4002")
 		}
 	}

--- a/pkg/model/components/etcd.go
+++ b/pkg/model/components/etcd.go
@ -64,9 +64,6 @@ func (b *EtcdOptionsBuilder) BuildOptions(o interface{}) error {
 		if !strings.HasPrefix(version, "3.") {
 			return fmt.Errorf("unexpected etcd version %q", c.Version)
 		}
-
-		c.EnableEtcdTLS = true
-		c.EnableTLSAuth = true
 	}

 	return nil
--- a/pkg/model/context.go
+++ b/pkg/model/context.go
@ -310,17 +310,6 @@ func (b *KopsModelContext) UseNetworkLoadBalancer() bool {
 	return b.Cluster.Spec.API.LoadBalancer.Class == kops.LoadBalancerClassNetwork
 }

-// UseEtcdTLS checks to see if etcd tls is enabled
-func (b *KopsModelContext) UseEtcdTLS() bool {
-	for _, x := range b.Cluster.Spec.EtcdClusters {
-		if x.EnableEtcdTLS {
-			return true
-		}
-	}
-
-	return false
-}
-
 // UseSSHKey returns true if SSHKeyName from the cluster spec is set to a nonempty string
 // or there is an SSH public key provisioned in the key store.
 func (b *KopsModelContext) UseSSHKey() bool {
--- a/upup/pkg/fi/cloudup/template_functions.go
+++ b/upup/pkg/fi/cloudup/template_functions.go
@ -71,12 +71,10 @@ type TemplateFunctions struct {
 func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretStore) (err error) {
 	cluster := tf.Cluster

-	dest["EtcdScheme"] = tf.EtcdScheme
 	dest["SharedVPC"] = tf.SharedVPC
 	dest["ToJSON"] = tf.ToJSON
 	dest["ToYAML"] = tf.ToYAML
 	dest["UseBootstrapTokens"] = tf.UseBootstrapTokens
-	dest["UseEtcdTLS"] = tf.UseEtcdTLS
 	// Remember that we may be on a different arch from the target.  Hard-code for now.
 	dest["replace"] = func(s, find, replace string) string {
 		return strings.Replace(s, find, replace, -1)
@ -280,15 +278,6 @@ func (tf *TemplateFunctions) ToYAML(data interface{}) string {
 	return string(encoded)
 }

-// EtcdScheme parses and grabs the protocol to the etcd cluster
-func (tf *TemplateFunctions) EtcdScheme() string {
-	if tf.UseEtcdTLS() {
-		return "https"
-	}
-
-	return "http"
-}
-
 // SharedVPC is a simple helper function which makes the templates for a shared VPC clearer
 func (tf *TemplateFunctions) SharedVPC() bool {
 	return tf.Cluster.SharedVPC()