diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index 797a4085d1..7f8a219f68 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -69,7 +69,6 @@ type integrationTest struct { discovery bool lifecycleOverrides []string sshKey bool - jsonOutput bool bastionUserData bool ciliumEtcd bool // nth is true if we should check for files created by nth queue processor add on @@ -112,11 +111,6 @@ func (i *integrationTest) withLifecycleOverrides(lco []string) *integrationTest return i } -func (i *integrationTest) withJSONOutput() *integrationTest { - i.jsonOutput = true - return i -} - func (i *integrationTest) withPrivate() *integrationTest { i.private = true return i @@ -313,19 +307,6 @@ func TestBastionAdditionalUserData(t *testing.T) { runTestTerraformAWS(t) } -// TestMinimalJSON runs the test on a minimal data set and outputs JSON -func TestMinimalJSON(t *testing.T) { - featureflag.ParseFlags("+TerraformJSON") - unsetFeatureFlags := func() { - featureflag.ParseFlags("-TerraformJSON") - } - defer unsetFeatureFlags() - - newIntegrationTest("minimal-json.example.com", "minimal-json").withJSONOutput(). - withAddons(dnsControllerAddon). - runTestTerraformAWS(t) -} - const weaveAddon = "networking.weave-k8s-1.12" // TestPrivateWeave runs the test on a configuration with private topology, weave networking @@ -978,14 +959,9 @@ func storeKeyset(t *testing.T, keyStore fi.Keystore, name string, testingKeyset } func (i *integrationTest) runTestTerraformAWS(t *testing.T) { - tfFileName := "" h := testutils.NewIntegrationTestHarness(t) defer h.Close() - if i.jsonOutput { - tfFileName = "kubernetes.tf.json" - } - h.MockKopsVersion("1.21.0-alpha.1") h.SetupMockAWS() @@ -1061,7 +1037,7 @@ func (i *integrationTest) runTestTerraformAWS(t *testing.T) { } expectedFilenames = append(expectedFilenames, i.expectServiceAccountRolePolicies...) - i.runTest(t, h, expectedFilenames, tfFileName, tfFileName, nil) + i.runTest(t, h, expectedFilenames, "", "", nil) } func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) { diff --git a/docs/releases/1.22-NOTES.md b/docs/releases/1.22-NOTES.md index 7d44c35903..1fce3a1717 100644 --- a/docs/releases/1.22-NOTES.md +++ b/docs/releases/1.22-NOTES.md @@ -136,6 +136,8 @@ For file assets, it means adding an explicit path as shown below: * The `node-role.kubernetes.io/master` and `kubernetes.io/role` labels are deprecated and might be removed from control plane nodes in kOps 1.23. +* The `TerraformJSON` feature flag is deprecated and will be removed in kOps 1.23. Only native HCL2 Terraform output will be supported. + * Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider. * Due to lack of maintainers, the CloudFormation support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this target. diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_masters.minimal-json.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_masters.minimal-json.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_nodes.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_nodes.minimal-json.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_nodes.minimal-json.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy deleted file mode 100644 index 3c5e5638b6..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy +++ /dev/null @@ -1,237 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:AttachVolume", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal-json.example.com", - "aws:ResourceTag/k8s.io/role/master": "1" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:Get*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/*" - }, - { - "Action": [ - "s3:GetObject", - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-json.example.com/backups/etcd/main/*" - }, - { - "Action": [ - "s3:GetObject", - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-json.example.com/backups/etcd/events/*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::placeholder-write-bucket" - ] - }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:ListResourceRecordSets", - "route53:GetHostedZone" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "CreateVolume", - "CreateSnapshot" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "CreateVolume", - "CreateSnapshot" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - }, - { - "Action": "ec2:DeleteTags", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal-json.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "ec2:AssignIpv6Addresses", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeAccountAttributes", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:DescribeKey", - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal-json.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "ec2:CreateVolume", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal-json.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy deleted file mode 100644 index fa166ef2e0..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy +++ /dev/null @@ -1,43 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "s3:Get*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/addons/*", - "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/cluster-completed.spec", - "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/igconfig/node/*", - "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/secrets/dockerconfig" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignIpv6Addresses", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-json/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data deleted file mode 100644 index 25c6ccf1eb..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data +++ /dev/null @@ -1,252 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - local -r file="$1" - local -r hash="$2" - local -r urls=( $(split-commas "$3") ) - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O "${file}" --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O "${file}" --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "Attempting download with: ${cmd} {url}" - if ! (${cmd} "${url}"); then - echo "== Download failed with ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Hash validation of ${url} failed. Retrying. ==" - rm -f "${file}" - else - echo "== Downloaded ${url} (SHA256 = ${hash}) ==" - return - fi - done - done - - echo "All downloads failed; sleeping before retrying" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum ${file} | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== ${file} corrupted, hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo $1 | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "Running nodeup" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "failed to set up ensure machine-id configured" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' -cloudConfig: - awsEBSCSIDriver: - enabled: false - manageStorageClasses: true -containerRuntime: containerd -containerd: - logLevel: info - version: 1.4.9 -docker: - skipInstall: true -encryptionConfig: null -etcdClusters: - events: - version: 3.4.13 - main: - version: 3.4.13 -kubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: aws - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - PersistentVolumeLabel - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - image: k8s.gcr.io/kube-apiserver:v1.21.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://api.internal.minimal-json.example.com - serviceAccountJWKSURI: https://api.internal.minimal-json.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 -kubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: aws - clusterCIDR: 100.96.0.0/11 - clusterName: minimal-json.example.com - configureCloudRoutes: false - image: k8s.gcr.io/kube-controller-manager:v1.21.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true -kubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - hostnameOverride: '@aws' - image: k8s.gcr.io/kube-proxy:v1.21.0 - logLevel: 2 -kubeScheduler: - image: k8s.gcr.io/kube-scheduler:v1.21.0 - leaderElection: - leaderElect: true - logLevel: 2 -kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests -masterKubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests - registerSchedulable: false - -__EOF_CLUSTER_SPEC - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ConfigBase: memfs://clusters.example.com/minimal-json.example.com -InstanceGroupName: master-us-test-1a -InstanceGroupRole: Master -NodeupConfigHash: jKZkaFYMcbQsqTFrrEJRuXmaNIjuz0Cb9ZZktcyJzlo= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_nodes.minimal-json.example.com_user_data b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_nodes.minimal-json.example.com_user_data deleted file mode 100644 index ea1b0237bb..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_nodes.minimal-json.example.com_user_data +++ /dev/null @@ -1,170 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - local -r file="$1" - local -r hash="$2" - local -r urls=( $(split-commas "$3") ) - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O "${file}" --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O "${file}" --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "Attempting download with: ${cmd} {url}" - if ! (${cmd} "${url}"); then - echo "== Download failed with ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Hash validation of ${url} failed. Retrying. ==" - rm -f "${file}" - else - echo "== Downloaded ${url} (SHA256 = ${hash}) ==" - return - fi - done - done - - echo "All downloads failed; sleeping before retrying" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum ${file} | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== ${file} corrupted, hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo $1 | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "Running nodeup" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "failed to set up ensure machine-id configured" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' -cloudConfig: - awsEBSCSIDriver: - enabled: false - manageStorageClasses: true -containerRuntime: containerd -containerd: - logLevel: info - version: 1.4.9 -docker: - skipInstall: true -kubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - hostnameOverride: '@aws' - image: k8s.gcr.io/kube-proxy:v1.21.0 - logLevel: 2 -kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests - -__EOF_CLUSTER_SPEC - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ConfigBase: memfs://clusters.example.com/minimal-json.example.com -InstanceGroupName: nodes -InstanceGroupRole: Node -NodeupConfigHash: lfhKRu9JeY6+NRCASqjT13TVQxw0VuLbXDN2uZ1KbFs= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_cluster-completed.spec_content deleted file mode 100644 index 6e91c4de63..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_cluster-completed.spec_content +++ /dev/null @@ -1,188 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal-json.example.com -spec: - api: - dns: {} - authorization: - alwaysAllow: {} - channel: stable - cloudConfig: - awsEBSCSIDriver: - enabled: false - manageStorageClasses: true - cloudProvider: aws - clusterDNSDomain: cluster.local - configBase: memfs://clusters.example.com/minimal-json.example.com - configStore: memfs://clusters.example.com/minimal-json.example.com - containerRuntime: containerd - containerd: - logLevel: info - version: 1.4.9 - dnsZone: Z1AFAKE1ZON3YO - docker: - skipInstall: true - etcdClusters: - - backups: - backupStore: memfs://clusters.example.com/minimal-json.example.com/backups/etcd/main - enableEtcdTLS: true - enableTLSAuth: true - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - provider: Manager - version: 3.4.13 - - backups: - backupStore: memfs://clusters.example.com/minimal-json.example.com/backups/etcd/events - enableEtcdTLS: true - enableTLSAuth: true - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - provider: Manager - version: 3.4.13 - externalDns: - provider: dns-controller - iam: - legacy: false - keyStore: memfs://clusters.example.com/minimal-json.example.com/pki - kubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: aws - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - PersistentVolumeLabel - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - image: k8s.gcr.io/kube-apiserver:v1.21.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://api.internal.minimal-json.example.com - serviceAccountJWKSURI: https://api.internal.minimal-json.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - kubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: aws - clusterCIDR: 100.96.0.0/11 - clusterName: minimal-json.example.com - configureCloudRoutes: false - image: k8s.gcr.io/kube-controller-manager:v1.21.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - kubeDNS: - cacheMaxConcurrent: 150 - cacheMaxSize: 1000 - cpuRequest: 100m - domain: cluster.local - memoryLimit: 170Mi - memoryRequest: 70Mi - nodeLocalDNS: - cpuRequest: 25m - enabled: false - image: k8s.gcr.io/dns/k8s-dns-node-cache:1.20.0 - memoryRequest: 5Mi - provider: CoreDNS - replicas: 2 - serverIP: 100.64.0.10 - kubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - hostnameOverride: '@aws' - image: k8s.gcr.io/kube-proxy:v1.21.0 - logLevel: 2 - kubeScheduler: - image: k8s.gcr.io/kube-scheduler:v1.21.0 - leaderElection: - leaderElect: true - logLevel: 2 - kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests - kubernetesApiAccess: - - 0.0.0.0/0 - kubernetesVersion: 1.21.0 - masterInternalName: api.internal.minimal-json.example.com - masterKubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests - registerSchedulable: false - masterPublicName: api.minimal-json.example.com - networkCIDR: 172.20.0.0/16 - networking: - cni: {} - nonMasqueradeCIDR: 100.64.0.0/10 - podCIDR: 100.96.0.0/11 - secretStore: memfs://clusters.example.com/minimal-json.example.com/secrets - serviceClusterIPRange: 100.64.0.0/13 - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - topology: - dns: - type: Public - masters: public - nodes: public diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_etcd-cluster-spec-events_content deleted file mode 100644 index bb8ddb0e2e..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_etcd-cluster-spec-events_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.4.13" -} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_etcd-cluster-spec-main_content deleted file mode 100644 index bb8ddb0e2e..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_etcd-cluster-spec-main_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.4.13" -} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_kops-version.txt_content deleted file mode 100644 index b7340298dc..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_kops-version.txt_content +++ /dev/null @@ -1 +0,0 @@ -1.21.0-alpha.1 diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-etcdmanager-events_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-etcdmanager-events_content deleted file mode 100644 index 8f530af091..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-etcdmanager-events_content +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - creationTimestamp: null - labels: - k8s-app: etcd-manager-events - name: etcd-manager-events - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal-json.example.com/backups/etcd/events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal-json.example.com --grpc-port=3997 --peer-urls=https://__name__:2381 - --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events - --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/master=1 - --volume-tag=kubernetes.io/cluster/minimal-json.example.com=owned > /tmp/pipe - 2>&1 - image: k8s.gcr.io/etcdadm/etcd-manager:3.0.20210707 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-events - type: DirectoryOrCreate - name: pki - - hostPath: - path: /var/log/etcd-events.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-etcdmanager-main_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-etcdmanager-main_content deleted file mode 100644 index 3fd2217115..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-etcdmanager-main_content +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - creationTimestamp: null - labels: - k8s-app: etcd-manager-main - name: etcd-manager-main - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal-json.example.com/backups/etcd/main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal-json.example.com --grpc-port=3996 --peer-urls=https://__name__:2380 - --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main - --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/master=1 - --volume-tag=kubernetes.io/cluster/minimal-json.example.com=owned > /tmp/pipe - 2>&1 - image: k8s.gcr.io/etcdadm/etcd-manager:3.0.20210707 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-main - type: DirectoryOrCreate - name: pki - - hostPath: - path: /var/log/etcd.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-static-kube-apiserver-healthcheck_content deleted file mode 100644 index d2c9e468c7..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_manifests-static-kube-apiserver-healthcheck_content +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null -spec: - containers: - - args: - - --ca-cert=/secrets/ca.crt - - --client-cert=/secrets/client.crt - - --client-key=/secrets/client.key - command: - - /kube-apiserver-healthcheck - image: k8s.gcr.io/kops/kube-apiserver-healthcheck:1.23.0-alpha.1 - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /.kube-apiserver-healthcheck/healthz - port: 3990 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: healthcheck - resources: {} - volumeMounts: - - mountPath: /secrets - name: healthcheck-secrets - readOnly: true - volumes: - - hostPath: - path: /etc/kubernetes/kube-apiserver-healthcheck/secrets - type: Directory - name: healthcheck-secrets -status: {} diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-bootstrap_content deleted file mode 100644 index 8edef07acb..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-bootstrap_content +++ /dev/null @@ -1,47 +0,0 @@ -kind: Addons -metadata: - creationTimestamp: null - name: bootstrap -spec: - addons: - - id: k8s-1.16 - manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 5424433845a11783e6a010b5952882226ba3353efee79993287c512d09aacd2a - name: kops-controller.addons.k8s.io - needsRollingUpdate: control-plane - selector: - k8s-addon: kops-controller.addons.k8s.io - - manifest: core.addons.k8s.io/v1.4.0.yaml - manifestHash: 18233793a8442224d052e44891e737c67ccfb4e051e95216392319653f4cb0e5 - name: core.addons.k8s.io - selector: - k8s-addon: core.addons.k8s.io - - id: k8s-1.12 - manifest: coredns.addons.k8s.io/k8s-1.12.yaml - manifestHash: 3bf8c29c45f0f7dbbb1671b577f302a19418b55d214f6847ff586f1ee9d1ba71 - name: coredns.addons.k8s.io - selector: - k8s-addon: coredns.addons.k8s.io - - id: k8s-1.9 - manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml - manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81 - name: kubelet-api.rbac.addons.k8s.io - selector: - k8s-addon: kubelet-api.rbac.addons.k8s.io - - manifest: limit-range.addons.k8s.io/v1.5.0.yaml - manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 - name: limit-range.addons.k8s.io - selector: - k8s-addon: limit-range.addons.k8s.io - - id: k8s-1.12 - manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml - manifestHash: 3c65b7e57090250314919fe504c42463af8cbfca9a06d2e645a3c9f312f69fca - name: dns-controller.addons.k8s.io - selector: - k8s-addon: dns-controller.addons.k8s.io - - id: v1.15.0 - manifest: storage-aws.addons.k8s.io/v1.15.0.yaml - manifestHash: 065ae832ddac8d0931e9992d6a76f43a33a36975a38003b34f4c5d86a7d42780 - name: storage-aws.addons.k8s.io - selector: - k8s-addon: storage-aws.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-core.addons.k8s.io_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-core.addons.k8s.io_content deleted file mode 100644 index a334917278..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-core.addons.k8s.io_content +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: core.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: core.addons.k8s.io - name: kube-system - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: core.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: core.addons.k8s.io - name: kube-dns - namespace: kube-system - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: core.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: core.addons.k8s.io - name: kube-proxy - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: core.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: core.addons.k8s.io - name: kubeadm:node-proxier -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:node-proxier -subjects: -- apiGroup: "" - kind: ServiceAccount - name: kube-proxy - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index d17f51ced5..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,383 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: coredns - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system - ---- - -apiVersion: v1 -data: - Corefile: |- - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local. in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - addonmanager.kubernetes.io/mode: EnsureExists - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: coredns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - k8s-app: kube-dns - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: k8s-app - operator: In - values: - - kube-dns - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - -conf - - /etc/coredns/Corefile - image: k8s.gcr.io/coredns/coredns:v1.8.4 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - configMap: - items: - - key: Corefile - path: Corefile - name: coredns - name: config-volume - ---- - -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: kube-dns - namespace: kube-system - resourceVersion: "0" -spec: - clusterIP: 100.64.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - - name: metrics - port: 9153 - protocol: TCP - selector: - k8s-app: kube-dns - ---- - -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: kube-dns - namespace: kube-system -spec: - minAvailable: 1 - selector: - matchLabels: - k8s-app: kube-dns - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers/scale - verbs: - - get - - update -- apiGroups: - - extensions - - apps - resources: - - deployments/scale - - replicasets/scale - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coredns-autoscaler -subjects: -- kind: ServiceAccount - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: coredns-autoscaler - kubernetes.io/cluster-service: "true" - name: coredns-autoscaler - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: coredns-autoscaler - template: - metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - labels: - k8s-app: coredns-autoscaler - spec: - containers: - - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=coredns-autoscaler - - --target=Deployment/coredns - - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}} - - --logtostderr=true - - --v=2 - image: k8s.gcr.io/cpa/cluster-proportional-autoscaler:1.8.4 - name: autoscaler - resources: - requests: - cpu: 20m - memory: 10Mi - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns-autoscaler - tolerations: - - key: CriticalAddonsOnly - operator: Exists diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 18fa0df114..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.23.0-alpha.1 - name: dns-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: dns-controller - strategy: - type: Recreate - template: - metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - labels: - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.23.0-alpha.1 - spec: - containers: - - command: - - /dns-controller - - --watch-ingress=false - - --dns=aws-route53 - - --zone=*/Z1AFAKE1ZON3YO - - --zone=*/* - - -v=2 - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - image: k8s.gcr.io/kops/dns-controller:1.23.0-alpha.1 - name: dns-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - dnsPolicy: Default - hostNetwork: true - nodeSelector: - node-role.kubernetes.io/master: "" - priorityClassName: system-cluster-critical - serviceAccount: dns-controller - tolerations: - - operator: Exists - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: dns-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - ingress - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - networking - resources: - - ingresses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops:dns-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:dns-controller diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content deleted file mode 100644 index 7a71071112..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ /dev/null @@ -1,208 +0,0 @@ -apiVersion: v1 -data: - config.yaml: | - {"cloud":"aws","configBase":"memfs://clusters.example.com/minimal-json.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal-json.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}} -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - version: v1.23.0-alpha.1 - name: kops-controller - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kops-controller - template: - metadata: - annotations: - dns.alpha.kubernetes.io/internal: kops-controller.internal.minimal-json.example.com - labels: - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - version: v1.23.0-alpha.1 - spec: - containers: - - command: - - /kops-controller - - --v=2 - - --conf=/etc/kubernetes/kops-controller/config/config.yaml - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - image: k8s.gcr.io/kops/kops-controller:1.23.0-alpha.1 - name: kops-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /etc/kubernetes/kops-controller/config/ - name: kops-controller-config - - mountPath: /etc/kubernetes/kops-controller/pki/ - name: kops-controller-pki - dnsPolicy: Default - hostNetwork: true - nodeSelector: - kops.k8s.io/kops-controller-pki: "" - node-role.kubernetes.io/master: "" - priorityClassName: system-node-critical - serviceAccount: kops-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - configMap: - name: kops-controller - name: kops-controller-config - - hostPath: - path: /etc/kubernetes/kops-controller/ - type: Directory - name: kops-controller-pki - updateStrategy: - type: OnDelete - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "" - - coordination.k8s.io - resourceNames: - - kops-controller-leader - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - patch - - update - - delete -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content deleted file mode 100644 index 36761e1c56..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kubelet-api.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kubelet-api.rbac.addons.k8s.io - name: kops:system:kubelet-api-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kubelet-api-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: kubelet-api diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-limit-range.addons.k8s.io_content deleted file mode 100644 index 4dcdce48b9..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-limit-range.addons.k8s.io_content +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: limit-range.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: limit-range.addons.k8s.io - name: limits - namespace: default -spec: - limits: - - defaultRequest: - cpu: 100m - type: Container diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content deleted file mode 100644 index 21efd54326..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_minimal-json.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: default -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: gp2 -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-ssd-1-17 -parameters: - encrypted: "true" - type: gp2 -provisioner: kubernetes.io/aws-ebs -volumeBindingMode: WaitForFirstConsumer - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:aws-cloud-provider -subjects: -- kind: ServiceAccount - name: aws-cloud-provider - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content deleted file mode 100644 index 14b829f0d6..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content +++ /dev/null @@ -1,267 +0,0 @@ -APIServerConfig: - KubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: aws - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - PersistentVolumeLabel - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - image: k8s.gcr.io/kube-apiserver:v1.21.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://api.internal.minimal-json.example.com - serviceAccountJWKSURI: https://api.internal.minimal-json.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - ServiceAccountPublicKeys: | - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm - XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ== - -----END RSA PUBLIC KEY----- - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF - Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ== - -----END RSA PUBLIC KEY----- -Assets: - amd64: - - 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet - - 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl - - 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz - - 9911479f86012d6eab7e0f532da8f807a8b0f555ee09ef89367d8c31243073bb@https://github.com/containerd/containerd/releases/download/v1.4.9/cri-containerd-cni-1.4.9-linux-amd64.tar.gz - - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 - arm64: - - 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet - - a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl - - ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz - - 4eb9d5e2adf718cd7ee59f6951715f3113c9c4ee49c75c9efb9747f2c3457b2b@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.8.tgz - - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 -CAs: - apiserver-aggregator-ca: | - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gINaZLHjisEcbMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTExMloX - DTMxMDYzMDA0NTExMlowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQAHAomFKsF4jvYX - WM/UzQXDj9nSAFTf8dBPCXyZZNotsOH7+P6W4mMiuVs8bAuGiXGUdbsQ2lpiT/Rk - CzMeMdr4 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gM0nxQpiX/agfMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTIzMVoX - DTMxMDYzMDA0NTIzMVowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQCXsoezoxXu2CEN - QdlXZOfmBT6cqxIX/RMHXhpHwRiqPsTO8IO2bVA8CSzxNwMuSv/ZtrMHoh8+PcVW - HLtkTXH8 - -----END CERTIFICATE----- - etcd-clients-ca: | - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1ogHnr26DL9YkqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjE5MDFaFw0zMTA2Mjgx - NjE5MDFaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAAZAdf8ROEVkr3Rf7I+s+CQOil2toadlKWOY - qCeJ2XaEROfp9aUTEIU1MGM3g57MPyAPPU7mURskuOQz6B1UFaY= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1olfBnC/CsT+dqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjIwMzNaFw0zMTA2Mjgx - NjIwMzNaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAF1xUz77PlUVUnd9duF8F7plou0TONC9R6/E - YQ8C6vM1b+9NSDGjCW8YmwEU2fBgskb/BBX2lwVZ32/RUEju4Co= - -----END CERTIFICATE----- - etcd-manager-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bKjm04vB4rNtaMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAwOTU2WhcN - MzEwNzA1MjAwOTU2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/H - g7RxWo15+1kgH3suO0lxp9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBg6 - CEZkQNnRkARBwFce03AEWa+sMA0GCSqGSIb3DQEBCwUAA0EAJMnBThok/uUe8q8O - sS5q19KUuE8YCTUzMDj36EBKf6NX4NoakCa1h6kfQVtlMtEIMWQZCjbm8xGK5ffs - GS/VUw== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bQ+EgIiBmGghjMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAxMTQ2WhcN - MzEwNzA1MjAxMTQ2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjL - DMxsmTsINiQkTQaFlb+XPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNuW - LLH5c8kDubDbr6BHgedW0iJ9MA0GCSqGSIb3DQEBCwUAA0EAiKUoBoaGu7XzboFE - hjfKlX0TujqWuW3qMxDEJwj4dVzlSLrAoB/G01MJ+xxYKh456n48aG6N827UPXhV - cPfVNg== - -----END CERTIFICATE----- - etcd-manager-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjm1c3jfv6hIMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAxbkDbGYmCSShpRG3r+lzTOFujyuruRfjOhYm - ZRX4w1Utd5y63dUc98sjc9GGUYMHd+0k1ql/a48tGhnK6N6jJwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWZLkbBFx - GAgPU4i62c52unSo7RswDQYJKoZIhvcNAQELBQADQQAj6Pgd0va/8FtkyMlnohLu - Gf4v8RJO6zk3Y6jJ4+cwWziipFM1ielMzSOZfFcCZgH3m5Io40is4hPSqyq2TOA6 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eg8Si30gr4MA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAw33jzcd/iosN04b0WXbDt7B0c3sJ3aafcGLP - vG3xRB9N5bYr9+qZAq3mzAFkxscn4j1ce5b1/GKTDEAClmZgdQIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUE/h+3gDP - DvKwHRyiYlXM8voZ1wowDQYJKoZIhvcNAQELBQADQQBXuimeEoAOu5HN4hG7NqL9 - t40K3ZRhRZv3JQWnRVJCBDjg1rD0GQJR/n+DoWvbeijI5C9pNjr2pWSIYR1eYCvd - -----END CERTIFICATE----- - etcd-peers-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjmxTPh3/lYJMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAv5g4HF2xmrYyouJfY9jXx1M3gPLD/pupvxPY - xyjJw5pNCy5M5XGS3iTqRD5RDE0fWudVHFZKLIe8WPc06NApXwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUf6xiDI+O - Yph1ziCGr2hZaQYt+fUwDQYJKoZIhvcNAQELBQADQQBBxj5hqEQstonTb8lnqeGB - DEYtUeAk4eR/HzvUMjF52LVGuvN3XVt+JTrFeKNvb6/RDUbBNRj3azalcUkpPh6V - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eq69jgzpKwMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAo5Nj2CjX1qp3mEPw1H5nHAFWLoGNSLSlRFJW - 03NxaNPMFzL5PrCoyOXrX8/MWczuZYw0Crf8EPOOQWi2+W0XLwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxauhhKQh - cvdZND78rHe0RQVTTiswDQYJKoZIhvcNAQELBQADQQB+cq4jIS9q0zXslaRa+ViI - J+dviA3sMygbmSJO0s4DxYmoazKJblux5q0ASSvS9iL1l9ShuZ1dWyp2tpZawHyb - -----END CERTIFICATE----- - etcd-peers-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bKjmuLDDLcDHsMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDA5NTZaFw0zMTA3 - MDUyMDA5NTZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCyRaXWpwgN6INQqws9p/BvPElJv2Rno9dVTFhlQqDA - aUJXe7MBmiO4NJcW76EozeBh5ztR3/4NE1FM2x8TisS3AgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtE1d49uSvpURf - OQ25Vlu6liY20DANBgkqhkiG9w0BAQsFAANBAAgLVaetJZcfOA3OIMMvQbz2Ydrt - uWF9BKkIad8jrcIrm3IkOtR8bKGmDIIaRKuG/ZUOL6NMe2fky3AAfKwleL4= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bQ+EuVthBfuZvMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDExNDZaFw0zMTA3 - MDUyMDExNDZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCxNbycDZNx5V1ZOiXxZSvaFpHRwKeHDfcuMUitdoPt - naVMlMTGDWAMuCVmFHFAWohIYynemEegmZkZ15S7AErfAgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAjQ8T4HclPIsC - qipEfUIcLP6jqTANBgkqhkiG9w0BAQsFAANBAJdZ17TN3HlWrH7HQgfR12UBwz8K - G9DurDznVaBVUYaHY8Sg5AvAXeb+yIF2JMmRR+bK+/G1QYY2D3/P31Ic2Oo= - -----END CERTIFICATE----- - kubernetes-ca: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- -ClusterName: minimal-json.example.com -Hooks: -- null -- null -KeypairIDs: - apiserver-aggregator-ca: "6980187172486667078076483355" - etcd-clients-ca: "6979622252718071085282986282" - etcd-manager-ca-events: "6982279354000777253151890266" - etcd-manager-ca-main: "6982279354000936168671127624" - etcd-peers-ca-events: "6982279353999767935825892873" - etcd-peers-ca-main: "6982279353998887468930183660" - kubernetes-ca: "6982820025135291416230495506" - service-account: "2" -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nodeLabels: - kops.k8s.io/kops-controller-pki: "" - kubernetes.io/role: master - node-role.kubernetes.io/control-plane: "" - node-role.kubernetes.io/master: "" - node.kubernetes.io/exclude-from-external-load-balancers: "" - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests - registerSchedulable: false -UpdatePolicy: automatic -channels: -- memfs://clusters.example.com/minimal-json.example.com/addons/bootstrap-channel.yaml -containerdConfig: - logLevel: info - version: 1.4.9 -etcdManifests: -- memfs://clusters.example.com/minimal-json.example.com/manifests/etcd/main.yaml -- memfs://clusters.example.com/minimal-json.example.com/manifests/etcd/events.yaml -staticManifests: -- key: kube-apiserver-healthcheck - path: manifests/static/kube-apiserver-healthcheck.yaml diff --git a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_nodeupconfig-nodes_content deleted file mode 100644 index 7357c22505..0000000000 --- a/tests/integration/update_cluster/minimal-json/data/aws_s3_bucket_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,63 +0,0 @@ -Assets: - amd64: - - 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet - - 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl - - 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz - - 9911479f86012d6eab7e0f532da8f807a8b0f555ee09ef89367d8c31243073bb@https://github.com/containerd/containerd/releases/download/v1.4.9/cri-containerd-cni-1.4.9-linux-amd64.tar.gz - arm64: - - 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet - - a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl - - ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz - - 4eb9d5e2adf718cd7ee59f6951715f3113c9c4ee49c75c9efb9747f2c3457b2b@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.8.tgz -CAs: - kubernetes-ca: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- -ClusterName: minimal-json.example.com -Hooks: -- null -- null -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: aws - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - hostnameOverride: '@aws' - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - networkPluginName: cni - nodeLabels: - kubernetes.io/role: node - node-role.kubernetes.io/node: "" - nonMasqueradeCIDR: 100.64.0.0/10 - podManifestPath: /etc/kubernetes/manifests -UpdatePolicy: automatic -channels: -- memfs://clusters.example.com/minimal-json.example.com/addons/bootstrap-channel.yaml -containerdConfig: - logLevel: info - version: 1.4.9 diff --git a/tests/integration/update_cluster/minimal-json/id_rsa.pub b/tests/integration/update_cluster/minimal-json/id_rsa.pub deleted file mode 100755 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-json/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-json/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-json/in-v1alpha2.yaml deleted file mode 100644 index 55eb99aaa1..0000000000 --- a/tests/integration/update_cluster/minimal-json/in-v1alpha2.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal-json.example.com -spec: - kubernetesApiAccess: - - 0.0.0.0/0 - channel: stable - cloudProvider: aws - configBase: memfs://clusters.example.com/minimal-json.example.com - etcdClusters: - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - iam: {} - kubelet: - anonymousAuth: false - kubernetesVersion: v1.21.0 - masterInternalName: api.internal.minimal-json.example.com - masterPublicName: api.minimal-json.example.com - networkCIDR: 172.20.0.0/16 - networking: - cni: {} - nonMasqueradeCIDR: 100.64.0.0/10 - sshAccess: - - 0.0.0.0/0 - topology: - masters: public - nodes: public - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes - labels: - kops.k8s.io/cluster: minimal-json.example.com -spec: - associatePublicIp: true - image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal-json.example.com -spec: - associatePublicIp: true - image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: m3.medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test-1a diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json deleted file mode 100644 index faf362ba6d..0000000000 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ /dev/null @@ -1,864 +0,0 @@ -{ - "locals": { - "cluster_name": "minimal-json.example.com", - "master_autoscaling_group_ids": [ - "${aws_autoscaling_group.master-us-test-1a-masters-minimal-json-example-com.id}" - ], - "master_security_group_ids": [ - "${aws_security_group.masters-minimal-json-example-com.id}" - ], - "masters_role_arn": "${aws_iam_role.masters-minimal-json-example-com.arn}", - "masters_role_name": "${aws_iam_role.masters-minimal-json-example-com.name}", - "node_autoscaling_group_ids": [ - "${aws_autoscaling_group.nodes-minimal-json-example-com.id}" - ], - "node_security_group_ids": [ - "${aws_security_group.nodes-minimal-json-example-com.id}" - ], - "node_subnet_ids": [ - "${aws_subnet.us-test-1a-minimal-json-example-com.id}" - ], - "nodes_role_arn": "${aws_iam_role.nodes-minimal-json-example-com.arn}", - "nodes_role_name": "${aws_iam_role.nodes-minimal-json-example-com.name}", - "region": "us-test-1", - "route_table_public_id": "${aws_route_table.minimal-json-example-com.id}", - "subnet_us-test-1a_id": "${aws_subnet.us-test-1a-minimal-json-example-com.id}", - "vpc_cidr_block": "${aws_vpc.minimal-json-example-com.cidr_block}", - "vpc_id": "${aws_vpc.minimal-json-example-com.id}" - }, - "output": { - "cluster_name": { - "value": "minimal-json.example.com" - }, - "master_autoscaling_group_ids": { - "value": [ - "${aws_autoscaling_group.master-us-test-1a-masters-minimal-json-example-com.id}" - ] - }, - "master_security_group_ids": { - "value": [ - "${aws_security_group.masters-minimal-json-example-com.id}" - ] - }, - "masters_role_arn": { - "value": "${aws_iam_role.masters-minimal-json-example-com.arn}" - }, - "masters_role_name": { - "value": "${aws_iam_role.masters-minimal-json-example-com.name}" - }, - "node_autoscaling_group_ids": { - "value": [ - "${aws_autoscaling_group.nodes-minimal-json-example-com.id}" - ] - }, - "node_security_group_ids": { - "value": [ - "${aws_security_group.nodes-minimal-json-example-com.id}" - ] - }, - "node_subnet_ids": { - "value": [ - "${aws_subnet.us-test-1a-minimal-json-example-com.id}" - ] - }, - "nodes_role_arn": { - "value": "${aws_iam_role.nodes-minimal-json-example-com.arn}" - }, - "nodes_role_name": { - "value": "${aws_iam_role.nodes-minimal-json-example-com.name}" - }, - "region": { - "value": "us-test-1" - }, - "route_table_public_id": { - "value": "${aws_route_table.minimal-json-example-com.id}" - }, - "subnet_us-test-1a_id": { - "value": "${aws_subnet.us-test-1a-minimal-json-example-com.id}" - }, - "vpc_cidr_block": { - "value": "${aws_vpc.minimal-json-example-com.cidr_block}" - }, - "vpc_id": { - "value": "${aws_vpc.minimal-json-example-com.id}" - } - }, - "provider": { - "aws": { - "region": "us-test-1" - } - }, - "resource": { - "aws_autoscaling_group": { - "master-us-test-1a-masters-minimal-json-example-com": { - "name": "master-us-test-1a.masters.minimal-json.example.com", - "launch_template": { - "id": "${aws_launch_template.master-us-test-1a-masters-minimal-json-example-com.id}", - "version": "${aws_launch_template.master-us-test-1a-masters-minimal-json-example-com.latest_version}" - }, - "max_size": 1, - "min_size": 1, - "vpc_zone_identifier": [ - "${aws_subnet.us-test-1a-minimal-json-example-com.id}" - ], - "tag": [ - { - "key": "KubernetesCluster", - "value": "minimal-json.example.com", - "propagate_at_launch": true - }, - { - "key": "Name", - "value": "master-us-test-1a.masters.minimal-json.example.com", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", - "value": "", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "value": "master", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", - "value": "", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "value": "", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", - "value": "", - "propagate_at_launch": true - }, - { - "key": "k8s.io/role/master", - "value": "1", - "propagate_at_launch": true - }, - { - "key": "kops.k8s.io/instancegroup", - "value": "master-us-test-1a", - "propagate_at_launch": true - }, - { - "key": "kubernetes.io/cluster/minimal-json.example.com", - "value": "owned", - "propagate_at_launch": true - } - ], - "metrics_granularity": "1Minute", - "enabled_metrics": [ - "GroupDesiredCapacity", - "GroupInServiceInstances", - "GroupMaxSize", - "GroupMinSize", - "GroupPendingInstances", - "GroupStandbyInstances", - "GroupTerminatingInstances", - "GroupTotalInstances" - ], - "protect_from_scale_in": false - }, - "nodes-minimal-json-example-com": { - "name": "nodes.minimal-json.example.com", - "launch_template": { - "id": "${aws_launch_template.nodes-minimal-json-example-com.id}", - "version": "${aws_launch_template.nodes-minimal-json-example-com.latest_version}" - }, - "max_size": 2, - "min_size": 2, - "vpc_zone_identifier": [ - "${aws_subnet.us-test-1a-minimal-json-example-com.id}" - ], - "tag": [ - { - "key": "KubernetesCluster", - "value": "minimal-json.example.com", - "propagate_at_launch": true - }, - { - "key": "Name", - "value": "nodes.minimal-json.example.com", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "value": "node", - "propagate_at_launch": true - }, - { - "key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", - "value": "", - "propagate_at_launch": true - }, - { - "key": "k8s.io/role/node", - "value": "1", - "propagate_at_launch": true - }, - { - "key": "kops.k8s.io/instancegroup", - "value": "nodes", - "propagate_at_launch": true - }, - { - "key": "kubernetes.io/cluster/minimal-json.example.com", - "value": "owned", - "propagate_at_launch": true - } - ], - "metrics_granularity": "1Minute", - "enabled_metrics": [ - "GroupDesiredCapacity", - "GroupInServiceInstances", - "GroupMaxSize", - "GroupMinSize", - "GroupPendingInstances", - "GroupStandbyInstances", - "GroupTerminatingInstances", - "GroupTotalInstances" - ], - "protect_from_scale_in": false - } - }, - "aws_ebs_volume": { - "us-test-1a-etcd-events-minimal-json-example-com": { - "availability_zone": "us-test-1a", - "size": 20, - "type": "gp3", - "iops": 3000, - "throughput": 125, - "encrypted": false, - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "us-test-1a.etcd-events.minimal-json.example.com", - "k8s.io/etcd/events": "us-test-1a/us-test-1a", - "k8s.io/role/master": "1", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - }, - "us-test-1a-etcd-main-minimal-json-example-com": { - "availability_zone": "us-test-1a", - "size": 20, - "type": "gp3", - "iops": 3000, - "throughput": 125, - "encrypted": false, - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "us-test-1a.etcd-main.minimal-json.example.com", - "k8s.io/etcd/main": "us-test-1a/us-test-1a", - "k8s.io/role/master": "1", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_iam_instance_profile": { - "masters-minimal-json-example-com": { - "name": "masters.minimal-json.example.com", - "role": "${aws_iam_role.masters-minimal-json-example-com.name}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "masters.minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - }, - "nodes-minimal-json-example-com": { - "name": "nodes.minimal-json.example.com", - "role": "${aws_iam_role.nodes-minimal-json-example-com.name}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "nodes.minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_iam_role": { - "masters-minimal-json-example-com": { - "name": "masters.minimal-json.example.com", - "assume_role_policy": "${file(\"${path.module}/data/aws_iam_role_masters.minimal-json.example.com_policy\")}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "masters.minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - }, - "nodes-minimal-json-example-com": { - "name": "nodes.minimal-json.example.com", - "assume_role_policy": "${file(\"${path.module}/data/aws_iam_role_nodes.minimal-json.example.com_policy\")}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "nodes.minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_iam_role_policy": { - "masters-minimal-json-example-com": { - "name": "masters.minimal-json.example.com", - "role": "${aws_iam_role.masters-minimal-json-example-com.name}", - "policy": "${file(\"${path.module}/data/aws_iam_role_policy_masters.minimal-json.example.com_policy\")}" - }, - "nodes-minimal-json-example-com": { - "name": "nodes.minimal-json.example.com", - "role": "${aws_iam_role.nodes-minimal-json-example-com.name}", - "policy": "${file(\"${path.module}/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy\")}" - } - }, - "aws_internet_gateway": { - "minimal-json-example-com": { - "vpc_id": "${aws_vpc.minimal-json-example-com.id}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_key_pair": { - "kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157": { - "key_name": "kubernetes.minimal-json.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", - "public_key": "${file(\"${path.module}/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key\")}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_launch_template": { - "master-us-test-1a-masters-minimal-json-example-com": { - "name": "master-us-test-1a.masters.minimal-json.example.com", - "lifecycle": { - "create_before_destroy": true - }, - "block_device_mappings": [ - { - "device_name": "/dev/xvda", - "ebs": [ - { - "volume_type": "gp3", - "volume_size": 64, - "iops": 3000, - "throughput": 125, - "delete_on_termination": true, - "encrypted": true - } - ] - }, - { - "device_name": "/dev/sdc", - "virtual_name": "ephemeral0" - } - ], - "iam_instance_profile": [ - { - "name": "${aws_iam_instance_profile.masters-minimal-json-example-com.id}" - } - ], - "image_id": "ami-12345678", - "instance_type": "m3.medium", - "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", - "metadata_options": { - "http_endpoint": "enabled", - "http_put_response_hop_limit": 1, - "http_tokens": "optional", - "http_protocol_ipv6": "disabled" - }, - "monitoring": [ - { - "enabled": false - } - ], - "network_interfaces": [ - { - "associate_public_ip_address": true, - "delete_on_termination": true, - "ipv6_address_count": 0, - "security_groups": [ - "${aws_security_group.masters-minimal-json-example-com.id}" - ] - } - ], - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "master-us-test-1a.masters.minimal-json.example.com", - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki": "", - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role": "master", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane": "", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master": "", - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers": "", - "k8s.io/role/master": "1", - "kops.k8s.io/instancegroup": "master-us-test-1a", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - }, - "tag_specifications": [ - { - "resource_type": "instance", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "master-us-test-1a.masters.minimal-json.example.com", - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki": "", - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role": "master", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane": "", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master": "", - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers": "", - "k8s.io/role/master": "1", - "kops.k8s.io/instancegroup": "master-us-test-1a", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - }, - { - "resource_type": "volume", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "master-us-test-1a.masters.minimal-json.example.com", - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki": "", - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role": "master", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane": "", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master": "", - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers": "", - "k8s.io/role/master": "1", - "kops.k8s.io/instancegroup": "master-us-test-1a", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - ], - "user_data": "${filebase64(\"${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data\")}" - }, - "nodes-minimal-json-example-com": { - "name": "nodes.minimal-json.example.com", - "lifecycle": { - "create_before_destroy": true - }, - "block_device_mappings": [ - { - "device_name": "/dev/xvda", - "ebs": [ - { - "volume_type": "gp3", - "volume_size": 128, - "iops": 3000, - "throughput": 125, - "delete_on_termination": true, - "encrypted": true - } - ] - } - ], - "iam_instance_profile": [ - { - "name": "${aws_iam_instance_profile.nodes-minimal-json-example-com.id}" - } - ], - "image_id": "ami-12345678", - "instance_type": "t2.medium", - "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", - "metadata_options": { - "http_endpoint": "enabled", - "http_put_response_hop_limit": 1, - "http_tokens": "optional", - "http_protocol_ipv6": "disabled" - }, - "monitoring": [ - { - "enabled": false - } - ], - "network_interfaces": [ - { - "associate_public_ip_address": true, - "delete_on_termination": true, - "ipv6_address_count": 0, - "security_groups": [ - "${aws_security_group.nodes-minimal-json-example-com.id}" - ] - } - ], - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "nodes.minimal-json.example.com", - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role": "node", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node": "", - "k8s.io/role/node": "1", - "kops.k8s.io/instancegroup": "nodes", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - }, - "tag_specifications": [ - { - "resource_type": "instance", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "nodes.minimal-json.example.com", - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role": "node", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node": "", - "k8s.io/role/node": "1", - "kops.k8s.io/instancegroup": "nodes", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - }, - { - "resource_type": "volume", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "nodes.minimal-json.example.com", - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role": "node", - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node": "", - "k8s.io/role/node": "1", - "kops.k8s.io/instancegroup": "nodes", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - ], - "user_data": "${filebase64(\"${path.module}/data/aws_launch_template_nodes.minimal-json.example.com_user_data\")}" - } - }, - "aws_route": { - "route-0-0-0-0--0": { - "route_table_id": "${aws_route_table.minimal-json-example-com.id}", - "destination_cidr_block": "0.0.0.0/0", - "gateway_id": "${aws_internet_gateway.minimal-json-example-com.id}" - }, - "route-__--0": { - "route_table_id": "${aws_route_table.minimal-json-example-com.id}", - "destination_ipv6_cidr_block": "::/0", - "gateway_id": "${aws_internet_gateway.minimal-json-example-com.id}" - } - }, - "aws_route_table": { - "minimal-json-example-com": { - "vpc_id": "${aws_vpc.minimal-json-example-com.id}", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned", - "kubernetes.io/kops/role": "public" - } - } - }, - "aws_route_table_association": { - "us-test-1a-minimal-json-example-com": { - "subnet_id": "${aws_subnet.us-test-1a-minimal-json-example-com.id}", - "route_table_id": "${aws_route_table.minimal-json-example-com.id}" - } - }, - "aws_s3_bucket_object": { - "cluster-completed-spec": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/cluster-completed.spec", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_cluster-completed.spec_content\")}", - "server_side_encryption": "AES256" - }, - "etcd-cluster-spec-events": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/backups/etcd/events/control/etcd-cluster-spec", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_etcd-cluster-spec-events_content\")}", - "server_side_encryption": "AES256" - }, - "etcd-cluster-spec-main": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/backups/etcd/main/control/etcd-cluster-spec", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_etcd-cluster-spec-main_content\")}", - "server_side_encryption": "AES256" - }, - "kops-version-txt": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/kops-version.txt", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_kops-version.txt_content\")}", - "server_side_encryption": "AES256" - }, - "manifests-etcdmanager-events": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/manifests/etcd/events.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_manifests-etcdmanager-events_content\")}", - "server_side_encryption": "AES256" - }, - "manifests-etcdmanager-main": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/manifests/etcd/main.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_manifests-etcdmanager-main_content\")}", - "server_side_encryption": "AES256" - }, - "manifests-static-kube-apiserver-healthcheck": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/manifests/static/kube-apiserver-healthcheck.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_manifests-static-kube-apiserver-healthcheck_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-bootstrap": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/bootstrap-channel.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-bootstrap_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-core-addons-k8s-io": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/core.addons.k8s.io/v1.4.0.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-core.addons.k8s.io_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-coredns-addons-k8s-io-k8s-1-12": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/coredns.addons.k8s.io/k8s-1.12.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-kubelet-api-rbac-addons-k8s-io-k8s-1-9": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-limit-range-addons-k8s-io": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/limit-range.addons.k8s.io/v1.5.0.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-limit-range.addons.k8s.io_content\")}", - "server_side_encryption": "AES256" - }, - "minimal-json-example-com-addons-storage-aws-addons-k8s-io-v1-15-0": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/addons/storage-aws.addons.k8s.io/v1.15.0.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_minimal-json.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content\")}", - "server_side_encryption": "AES256" - }, - "nodeupconfig-master-us-test-1a": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/igconfig/master/master-us-test-1a/nodeupconfig.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content\")}", - "server_side_encryption": "AES256" - }, - "nodeupconfig-nodes": { - "bucket": "testingBucket", - "key": "clusters.example.com/minimal-json.example.com/igconfig/node/nodes/nodeupconfig.yaml", - "content": "${file(\"${path.module}/data/aws_s3_bucket_object_nodeupconfig-nodes_content\")}", - "server_side_encryption": "AES256" - } - }, - "aws_security_group": { - "masters-minimal-json-example-com": { - "name": "masters.minimal-json.example.com", - "vpc_id": "${aws_vpc.minimal-json-example-com.id}", - "description": "Security group for masters", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "masters.minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - }, - "nodes-minimal-json-example-com": { - "name": "nodes.minimal-json.example.com", - "vpc_id": "${aws_vpc.minimal-json-example-com.id}", - "description": "Security group for nodes", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "nodes.minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_security_group_rule": { - "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "from_port": 22, - "to_port": 22, - "protocol": "tcp", - "cidr_blocks": [ - "0.0.0.0/0" - ] - }, - "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 22, - "to_port": 22, - "protocol": "tcp", - "cidr_blocks": [ - "0.0.0.0/0" - ] - }, - "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "from_port": 443, - "to_port": 443, - "protocol": "tcp", - "cidr_blocks": [ - "0.0.0.0/0" - ] - }, - "from-masters-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": { - "type": "egress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1", - "cidr_blocks": [ - "0.0.0.0/0" - ] - }, - "from-masters-minimal-json-example-com-egress-all-0to0-__--0": { - "type": "egress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1", - "ipv6_cidr_blocks": [ - "::/0" - ] - }, - "from-masters-minimal-json-example-com-ingress-all-0to0-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1" - }, - "from-masters-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1" - }, - "from-nodes-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": { - "type": "egress", - "security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1", - "cidr_blocks": [ - "0.0.0.0/0" - ] - }, - "from-nodes-minimal-json-example-com-egress-all-0to0-__--0": { - "type": "egress", - "security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1", - "ipv6_cidr_blocks": [ - "::/0" - ] - }, - "from-nodes-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 0, - "to_port": 0, - "protocol": "-1" - }, - "from-nodes-minimal-json-example-com-ingress-tcp-1to2379-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 1, - "to_port": 2379, - "protocol": "tcp" - }, - "from-nodes-minimal-json-example-com-ingress-tcp-2382to4000-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 2382, - "to_port": 4000, - "protocol": "tcp" - }, - "from-nodes-minimal-json-example-com-ingress-tcp-4003to65535-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 4003, - "to_port": 65535, - "protocol": "tcp" - }, - "from-nodes-minimal-json-example-com-ingress-udp-1to65535-masters-minimal-json-example-com": { - "type": "ingress", - "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", - "source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 1, - "to_port": 65535, - "protocol": "udp" - } - }, - "aws_subnet": { - "us-test-1a-minimal-json-example-com": { - "vpc_id": "${aws_vpc.minimal-json-example-com.id}", - "cidr_block": "172.20.32.0/19", - "ipv6_cidr_block": null, - "availability_zone": "us-test-1a", - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "us-test-1a.minimal-json.example.com", - "SubnetType": "Public", - "kubernetes.io/cluster/minimal-json.example.com": "owned", - "kubernetes.io/role/elb": "1", - "kubernetes.io/role/internal-elb": "1" - } - } - }, - "aws_vpc": { - "minimal-json-example-com": { - "cidr_block": "172.20.0.0/16", - "enable_dns_hostnames": true, - "enable_dns_support": true, - "assign_generated_ipv6_cidr_block": true, - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_vpc_dhcp_options": { - "minimal-json-example-com": { - "domain_name": "us-test-1.compute.internal", - "domain_name_servers": [ - "AmazonProvidedDNS" - ], - "tags": { - "KubernetesCluster": "minimal-json.example.com", - "Name": "minimal-json.example.com", - "kubernetes.io/cluster/minimal-json.example.com": "owned" - } - } - }, - "aws_vpc_dhcp_options_association": { - "minimal-json-example-com": { - "vpc_id": "${aws_vpc.minimal-json-example-com.id}", - "dhcp_options_id": "${aws_vpc_dhcp_options.minimal-json-example-com.id}" - } - } - }, - "terraform": { - "required_providers": { - "aws": { - "source": "hashicorp/aws", - "version": "\u003e= 3.59.0" - } - }, - "required_version": "\u003e= 0.12.26" - } -} diff --git a/upup/pkg/fi/cloudup/terraform/target.go b/upup/pkg/fi/cloudup/terraform/target.go index 68dc8d9f39..052a69c782 100644 --- a/upup/pkg/fi/cloudup/terraform/target.go +++ b/upup/pkg/fi/cloudup/terraform/target.go @@ -17,6 +17,7 @@ limitations under the License. package terraform import ( + "errors" "fmt" "io/ioutil" "os" @@ -83,6 +84,10 @@ func tfGetProviderExtraConfig(c *kops.TargetSpec) map[string]string { func (t *TerraformTarget) Finish(taskMap map[string]fi.Task) error { var err error if featureflag.TerraformJSON.Enabled() { + if featureflag.TerraformManagedFiles.Enabled() { + // Terraform's JSON representation doesn't support provider aliases which are required for managed files + return errors.New("TerraformJSON cannot be used with TerraformManagedFiles") + } err = t.finishJSON() } else { err = t.finishHCL2()