Merge pull request #5352 from gambol99/nodeup_clean

Nodeup clean
2018-06-21 09:23:47 -07:00 · 2018-06-21 09:23:47 -07:00 · 8fad9da430
parent f346efd290 2256a2c588
commit 8fad9da430
15 changed files with 81 additions and 236 deletions
--- a/nodeup/pkg/model/directories.go
+++ b/nodeup/pkg/model/directories.go
@ -29,21 +29,21 @@ type DirectoryBuilder struct {

 var _ fi.ModelBuilder = &DirectoryBuilder{}

+// Build is responsible for specific directories are created - os dependent
 func (b *DirectoryBuilder) Build(c *fi.ModelBuilderContext) error {
 	if b.Distribution == distros.DistributionContainerOS {
-		dir := "/home/kubernetes/bin"
+		dirname := "/home/kubernetes/bin"

-		t := &nodetasks.File{
-			Path: dir,
+		c.AddTask(&nodetasks.File{
+			Path: dirname,
 			Type: nodetasks.FileType_Directory,
 			Mode: s("0755"),

 			OnChangeExecute: [][]string{
-				{"/bin/mount", "--bind", "/home/kubernetes/bin", "/home/kubernetes/bin"},
-				{"/bin/mount", "-o", "remount,exec", "/home/kubernetes/bin"},
+				{"/bin/mount", "--bind", dirname, dirname},
+				{"/bin/mount", "-o", "remount,exec", dirname},
 			},
-		}
-		c.AddTask(t)
+		})
 	}

 	return nil
--- a/nodeup/pkg/model/file_assets.go
+++ b/nodeup/pkg/model/file_assets.go
@ -35,16 +35,23 @@ type FileAssetsBuilder struct {

 var _ fi.ModelBuilder = &FileAssetsBuilder{}

+var templateFuncs = template.FuncMap{
+	"split": strings.Split,
+	"join":  strings.Join,
+}
+
 // Build is responsible for writing out the file assets from cluster and instanceGroup
 func (f *FileAssetsBuilder) Build(c *fi.ModelBuilderContext) error {
 	// used to keep track of previous file, so a instanceGroup can override a cluster wide one
 	tracker := make(map[string]bool, 0)
+
 	// ensure the default path exists
 	c.EnsureTask(&nodetasks.File{
 		Path: f.FileAssetsDefaultPath(),
 		Type: nodetasks.FileType_Directory,
 		Mode: s("0755"),
 	})
+
 	// do we have any instanceGroup file assets
 	if f.InstanceGroup.Spec.FileAssets != nil {
 		if err := f.buildFileAssets(c, f.InstanceGroup.Spec.FileAssets, tracker); err != nil {
@ -105,9 +112,3 @@ func (f *FileAssetsBuilder) buildFileAssets(c *fi.ModelBuilderContext, assets []

 	return nil
 }
-
-// @perhaps a path finder?
-var templateFuncs = template.FuncMap{
-	"split": strings.Split,
-	"join":  strings.Join,
-}
--- a/nodeup/pkg/model/firewall.go
+++ b/nodeup/pkg/model/firewall.go
@ -86,11 +86,10 @@ iptables -A FORWARD -w -p UDP -j ACCEPT
 iptables -A FORWARD -w -p ICMP -j ACCEPT
 fi
 `
-	t := &nodetasks.File{
+	return &nodetasks.File{
 		Path:     "/home/kubernetes/bin/iptables-setup",
 		Contents: fi.NewStringResource(script),
 		Type:     nodetasks.FileType_File,
 		Mode:     s("0755"),
 	}
-	return t
 }
--- a/nodeup/pkg/model/kube_apiserver.go
+++ b/nodeup/pkg/model/kube_apiserver.go
@ -23,7 +23,9 @@ import (

 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/flagbuilder"
+	"k8s.io/kops/pkg/k8scodecs"
 	"k8s.io/kops/pkg/kubeconfig"
+	"k8s.io/kops/pkg/kubemanifest"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
 	"k8s.io/kops/util/pkg/exec"
@ -32,8 +34,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"k8s.io/kops/pkg/k8scodecs"
-	"k8s.io/kops/pkg/kubemanifest"
 )

 // PathAuthnConfig is the path to the custom webhook authentication config
--- a/nodeup/pkg/model/kube_controller_manager.go
+++ b/nodeup/pkg/model/kube_controller_manager.go
@ -22,6 +22,8 @@ import (
 	"strings"

 	"k8s.io/kops/pkg/flagbuilder"
+	"k8s.io/kops/pkg/k8scodecs"
+	"k8s.io/kops/pkg/kubemanifest"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
 	"k8s.io/kops/util/pkg/exec"
@ -30,8 +32,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"k8s.io/kops/pkg/k8scodecs"
-	"k8s.io/kops/pkg/kubemanifest"
 )

 // KubeControllerManagerBuilder install kube-controller-manager (just the manifest at the moment)
@ -50,26 +50,9 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
 	// If we're using the CertificateSigner, include the CA Key
 	// @TODO: use a per-machine key?  use KMS?
 	if b.useCertificateSigner() {
-		ca, err := b.KeyStore.FindPrivateKey(fi.CertificateId_CA)
-		if err != nil {
+		if err := b.BuildPrivateKeyTask(c, fi.CertificateId_CA, "ca.key"); err != nil {
 			return err
 		}
-
-		if ca == nil {
-			return fmt.Errorf("CA private key %q not found", fi.CertificateId_CA)
-		}
-
-		serialized, err := ca.AsString()
-		if err != nil {
-			return err
-		}
-
-		c.AddTask(&nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), "ca.key"),
-			Contents: fi.NewStringResource(serialized),
-			Mode:     fi.String("600"),
-			Type:     nodetasks.FileType_File,
-		})
 	}

 	{
@ -83,12 +66,11 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
 			return fmt.Errorf("error marshalling pod to yaml: %v", err)
 		}

-		t := &nodetasks.File{
+		c.AddTask(&nodetasks.File{
 			Path:     "/etc/kubernetes/manifests/kube-controller-manager.manifest",
 			Contents: fi.NewBytesResource(manifest),
 			Type:     nodetasks.FileType_File,
-		}
-		c.AddTask(t)
+		})
 	}

 	{
@ -119,12 +101,15 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
 	return nil
 }

+// useCertificateSigner checks to see if we need to use the certificate signer for the controller manager
 func (b *KubeControllerManagerBuilder) useCertificateSigner() bool {
 	// For now, we enable this on 1.6 and later
 	return b.IsKubernetesGTE("1.6")
 }

+// buildPod is responsible for building the kubernetes manifest for the controller-manager
 func (b *KubeControllerManagerBuilder) buildPod() (*v1.Pod, error) {
+
 	kcm := b.Cluster.Spec.KubeControllerManager
 	kcm.RootCAFile = filepath.Join(b.PathSrvKubernetes(), "ca.crt")
 	kcm.ServiceAccountPrivateKeyFile = filepath.Join(b.PathSrvKubernetes(), "server.key")
--- a/nodeup/pkg/model/kube_proxy.go
+++ b/nodeup/pkg/model/kube_proxy.go
@ -21,6 +21,8 @@ import (

 	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/flagbuilder"
+	"k8s.io/kops/pkg/k8scodecs"
+	"k8s.io/kops/pkg/kubemanifest"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
 	"k8s.io/kops/util/pkg/exec"
@ -29,8 +31,6 @@ import (
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/kops/pkg/k8scodecs"
-	"k8s.io/kops/pkg/kubemanifest"
 )

 // KubeProxyBuilder installs kube-proxy
--- a/nodeup/pkg/model/kube_router.go
+++ b/nodeup/pkg/model/kube_router.go
@ -21,28 +21,27 @@ import (
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
 )

-// KubeProxyBuilder installs kube-proxy
+// KubeRouterBuilder installs kube-router
 type KubeRouterBuilder struct {
 	*NodeupModelContext
 }

 var _ fi.ModelBuilder = &KubeRouterBuilder{}

+// Build is responsible for configuring the kube-router
 func (b *KubeRouterBuilder) Build(c *fi.ModelBuilderContext) error {
-
-	// Add kubeconfig
 	{
 		kubeconfig, err := b.BuildPKIKubeconfig("kube-router")
 		if err != nil {
 			return err
 		}
-		t := &nodetasks.File{
+
+		c.AddTask(&nodetasks.File{
 			Path:     "/var/lib/kube-router/kubeconfig",
 			Contents: fi.NewStringResource(kubeconfig),
 			Type:     nodetasks.FileType_File,
 			Mode:     s("0400"),
-		}
-		c.AddTask(t)
+		})
 	}

 	return nil
--- a/nodeup/pkg/model/kube_scheduler.go
+++ b/nodeup/pkg/model/kube_scheduler.go
@ -20,6 +20,8 @@ import (
 	"fmt"

 	"k8s.io/kops/pkg/flagbuilder"
+	"k8s.io/kops/pkg/k8scodecs"
+	"k8s.io/kops/pkg/kubemanifest"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
 	"k8s.io/kops/util/pkg/exec"
@ -28,8 +30,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"k8s.io/kops/pkg/k8scodecs"
-	"k8s.io/kops/pkg/kubemanifest"
 )

 // KubeSchedulerBuilder install kube-scheduler
--- a/nodeup/pkg/model/kubectl.go
+++ b/nodeup/pkg/model/kubectl.go
@ -51,13 +51,12 @@ func (b *KubectlBuilder) Build(c *fi.ModelBuilderContext) error {
 			return fmt.Errorf("unable to locate asset %q", assetName)
 		}

-		t := &nodetasks.File{
+		c.AddTask(&nodetasks.File{
 			Path:     b.KubectlPath() + "/" + assetName,
 			Contents: asset,
 			Type:     nodetasks.FileType_File,
 			Mode:     s("0755"),
-		}
-		c.AddTask(t)
+		})
 	}

 	{
@ -66,13 +65,12 @@ func (b *KubectlBuilder) Build(c *fi.ModelBuilderContext) error {
 			return err
 		}

-		t := &nodetasks.File{
+		c.AddTask(&nodetasks.File{
 			Path:     "/var/lib/kubectl/kubeconfig",
 			Contents: fi.NewStringResource(kubeconfig),
 			Type:     nodetasks.FileType_File,
 			Mode:     s("0400"),
-		}
-		c.AddTask(t)
+		})

 		adminUser, adminGroup, err := b.findKubeconfigUser()
 		if err != nil {
--- a/nodeup/pkg/model/logrotate.go
+++ b/nodeup/pkg/model/logrotate.go
@ -20,12 +20,13 @@ import (
 	"fmt"
 	"strings"

-	"github.com/golang/glog"
 	"k8s.io/kops/nodeup/pkg/distros"
 	"k8s.io/kops/pkg/apis/kops/util"
 	"k8s.io/kops/pkg/systemd"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
+
+	"github.com/golang/glog"
 )

 // LogrotateBuilder installs logrotate.d and configures log rotation for kubernetes logs
@ -35,13 +36,16 @@ type LogrotateBuilder struct {

 var _ fi.ModelBuilder = &LogrotateBuilder{}

+// Build is responsible for configuring logrotate
 func (b *LogrotateBuilder) Build(c *fi.ModelBuilderContext) error {
-	if b.Distribution == distros.DistributionContainerOS {
+
+	switch b.Distribution {
+	case distros.DistributionContainerOS:
 		glog.Infof("Detected ContainerOS; won't install logrotate")
 		return nil
-	} else if b.Distribution == distros.DistributionCoreOS {
+	case distros.DistributionCoreOS:
 		glog.Infof("Detected CoreOS; won't install logrotate")
-	} else {
+	default:
 		c.AddTask(&nodetasks.Package{Name: "logrotate"})
 	}

@ -132,11 +136,10 @@ func (b *LogrotateBuilder) addLogRotate(c *fi.ModelBuilderContext, name, path st

 	contents := strings.Join(lines, "\n")

-	t := &nodetasks.File{
+	c.AddTask(&nodetasks.File{
 		Path:     "/etc/logrotate.d/" + name,
 		Contents: fi.NewStringResource(contents),
 		Type:     nodetasks.FileType_File,
 		Mode:     s("0644"),
-	}
-	c.AddTask(t)
+	})
 }
--- a/nodeup/pkg/model/network.go
+++ b/nodeup/pkg/model/network.go
@ -31,9 +31,11 @@ type NetworkBuilder struct {

 var _ fi.ModelBuilder = &NetworkBuilder{}

+// Build is responsible for configuring the network cni
 func (b *NetworkBuilder) Build(c *fi.ModelBuilderContext) error {
 	var assetNames []string

+	// @TODO need to clean up this code, it isn't the easiest to read
 	networking := b.Cluster.Spec.Networking
 	if networking == nil || networking.Classic != nil {
 	} else if networking.Kubenet != nil {
@ -74,13 +76,12 @@ func (b *NetworkBuilder) addCNIBinAsset(c *fi.ModelBuilderContext, assetName str
 		return fmt.Errorf("unable to locate asset %q", assetName)
 	}

-	t := &nodetasks.File{
+	c.AddTask(&nodetasks.File{
 		Path:     filepath.Join(b.CNIBinDir(), assetName),
 		Contents: asset,
 		Type:     nodetasks.FileType_File,
 		Mode:     s("0755"),
-	}
-	c.AddTask(t)
+	})

 	return nil
 }
--- a/nodeup/pkg/model/packages.go
+++ b/nodeup/pkg/model/packages.go
@ -17,9 +17,10 @@ limitations under the License.
 package model

 import (
-	"github.com/golang/glog"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
+
+	"github.com/golang/glog"
 )

 // PackagesBuilder adds miscellaneous OS packages that we need
@ -29,6 +30,7 @@ type PackagesBuilder struct {

 var _ fi.ModelBuilder = &DockerBuilder{}

+// Build is responsible for installing packages
 func (b *PackagesBuilder) Build(c *fi.ModelBuilderContext) error {
 	// kubelet needs:
 	//   ebtables - kops #1711
--- a/nodeup/pkg/model/protokube.go
+++ b/nodeup/pkg/model/protokube.go
@ -26,6 +26,7 @@ import (
 	kopsbase "k8s.io/kops"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/apis/kops/util"
+	"k8s.io/kops/pkg/assets"
 	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/flagbuilder"
 	"k8s.io/kops/pkg/systemd"
@ -34,7 +35,6 @@ import (

 	"github.com/blang/semver"
 	"github.com/golang/glog"
-	"k8s.io/kops/pkg/assets"
 )

 // ProtokubeBuilder configures protokube
--- a/nodeup/pkg/model/secrets.go
+++ b/nodeup/pkg/model/secrets.go
@ -21,7 +21,6 @@ import (
 	"path/filepath"
 	"strings"

-	"github.com/golang/glog"
 	"k8s.io/kops/pkg/tokens"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
@ -45,27 +44,9 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
 		return fmt.Errorf("KeyStore not set")
 	}

-	// retrieve the platform ca
-	{
-		ca, err := b.KeyStore.FindCertificatePool(fi.CertificateId_CA)
-		if err != nil {
-			return err
-		}
-		if ca == nil {
-			return fmt.Errorf("certificate %q not found", fi.CertificateId_CA)
-		}
-
-		serialized, err := ca.Primary.AsString()
-		if err != nil {
-			return err
-		}
-
-		t := &nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), "ca.crt"),
-			Contents: fi.NewStringResource(serialized),
-			Type:     nodetasks.FileType_File,
-		}
-		c.AddTask(t)
+	// @step: retrieve the platform ca
+	if err := b.BuildCertificateTask(c, fi.CertificateId_CA, "ca.crt"); err != nil {
+		return err
 	}

 	if b.SecretStore != nil {
@ -73,13 +54,12 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
 		dockercfg, _ := b.SecretStore.Secret(key)
 		if dockercfg != nil {
 			contents := string(dockercfg.Data)
-			t := &nodetasks.File{
+			c.AddTask(&nodetasks.File{
 				Path:     filepath.Join("root", ".docker", "config.json"),
 				Contents: fi.NewStringResource(contents),
 				Type:     nodetasks.FileType_File,
 				Mode:     s("0600"),
-			}
-			c.AddTask(t)
+			})
 		}
 	}

@ -89,105 +69,36 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
 	}

 	{
-		cert, err := b.KeyStore.FindCert("master")
-		if err != nil {
+		name := "master"
+		if err := b.BuildCertificateTask(c, name, "server.cert"); err != nil {
 			return err
 		}
-		if cert == nil {
-			return fmt.Errorf("certificate %q not found", "master")
-		}
-
-		serialized, err := cert.AsString()
-		if err != nil {
+		if err := b.BuildPrivateKeyTask(c, name, "server.key"); err != nil {
 			return err
 		}
-
-		t := &nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), "server.cert"),
-			Contents: fi.NewStringResource(serialized),
-			Type:     nodetasks.FileType_File,
-		}
-		c.AddTask(t)
-	}
-
-	{
-		k, err := b.KeyStore.FindPrivateKey("master")
-		if err != nil {
-			return err
-		}
-		if k == nil {
-			return fmt.Errorf("private key %q not found", "master")
-		}
-		serialized, err := k.AsString()
-		if err != nil {
-			return err
-		}
-
-		t := &nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), "server.key"),
-			Contents: fi.NewStringResource(serialized),
-			Type:     nodetasks.FileType_File,
-			Mode:     s("0600"),
-		}
-		c.AddTask(t)
 	}

 	if b.IsKubernetesGTE("1.7") {
 		// TODO: Remove - we use the apiserver-aggregator keypair instead (which is signed by a different CA)
-		cert, err := b.KeyStore.FindCert("apiserver-proxy-client")
-		if err != nil {
-			return fmt.Errorf("apiserver proxy client cert lookup failed: %v", err.Error())
-		}
-		if cert == nil {
-			return fmt.Errorf("certificate %q not found", "apiserver-proxy-client")
-		}
-
-		serialized, err := cert.AsString()
-		if err != nil {
+		if err := b.BuildCertificateTask(c, "apiserver-proxy-client", "proxy-client.cert"); err != nil {
 			return err
 		}
-
-		t := &nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), "proxy-client.cert"),
-			Contents: fi.NewStringResource(serialized),
-			Type:     nodetasks.FileType_File,
-		}
-		c.AddTask(t)
-
-		key, err := b.KeyStore.FindPrivateKey("apiserver-proxy-client")
-		if err != nil {
-			return fmt.Errorf("apiserver proxy client private key lookup failed: %v", err.Error())
-		}
-		if key == nil {
-			return fmt.Errorf("private key %q not found", "apiserver-proxy-client")
-		}
-
-		serialized, err = key.AsString()
-		if err != nil {
-			return err
-		}
-
-		t = &nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), "proxy-client.key"),
-			Contents: fi.NewStringResource(serialized),
-			Type:     nodetasks.FileType_File,
-			Mode:     s("0600"),
-		}
-		c.AddTask(t)
-	}
-
-	if b.IsKubernetesGTE("1.7") {
-		if err := b.writeCertificate(c, "apiserver-aggregator"); err != nil {
-			return err
-		}
-
-		if err := b.writePrivateKey(c, "apiserver-aggregator"); err != nil {
+		if err := b.BuildPrivateKeyTask(c, "apiserver-proxy-client", "proxy-client.key"); err != nil {
 			return err
 		}
 	}

 	if b.IsKubernetesGTE("1.7") {
-		if err := b.writeCertificate(c, "apiserver-aggregator-ca"); err != nil {
+		if err := b.BuildCertificateTask(c, "apiserver-aggregator", "apiserver-aggregator.cert"); err != nil {
+			return err
+		}
+		if err := b.BuildPrivateKeyTask(c, "apiserver-aggregator", "apiserver-aggregator.key"); err != nil {
+			return err
+		}
+	}
+
+	if b.IsKubernetesGTE("1.7") {
+		if err := b.BuildCertificateTask(c, "apiserver-aggregator-ca", "apiserver-aggregator-ca.cert"); err != nil {
 			return err
 		}
 	}
@ -228,71 +139,17 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
 		}
 		csv := strings.Join(lines, "\n")

-		t := &nodetasks.File{
+		c.AddTask(&nodetasks.File{
 			Path:     filepath.Join(b.PathSrvKubernetes(), "known_tokens.csv"),
 			Contents: fi.NewStringResource(csv),
 			Type:     nodetasks.FileType_File,
 			Mode:     s("0600"),
-		}
-		c.AddTask(t)
+		})
 	}

 	return nil
 }

-// writeCertificate writes the specified certificate to the local filesystem, under PathSrvKubernetes()
-func (b *SecretBuilder) writeCertificate(c *fi.ModelBuilderContext, id string) error {
-	cert, err := b.KeyStore.FindCert(id)
-	if err != nil {
-		return fmt.Errorf("cert lookup failed for %q: %v", id, err)
-	}
-
-	if cert != nil {
-		serialized, err := cert.AsString()
-		if err != nil {
-			return err
-		}
-
-		t := &nodetasks.File{
-			Path:     filepath.Join(b.PathSrvKubernetes(), id+".cert"),
-			Contents: fi.NewStringResource(serialized),
-			Type:     nodetasks.FileType_File,
-		}
-		c.AddTask(t)
-	} else {
-		// TODO: Make this an error?
-		glog.Warningf("certificate %q not found", id)
-	}
-
-	return nil
-}
-
-// writePrivateKey writes the specified private key to the local filesystem, under PathSrvKubernetes()
-func (b *SecretBuilder) writePrivateKey(c *fi.ModelBuilderContext, id string) error {
-	key, err := b.KeyStore.FindPrivateKey(id)
-	if err != nil {
-		return fmt.Errorf("private key lookup failed for %q: %v", id, err)
-	}
-	if key == nil {
-		return fmt.Errorf("private key %q not found", id)
-	}
-
-	serialized, err := key.AsString()
-	if err != nil {
-		return err
-	}
-
-	t := &nodetasks.File{
-		Path:     filepath.Join(b.PathSrvKubernetes(), id+".key"),
-		Contents: fi.NewStringResource(serialized),
-		Type:     nodetasks.FileType_File,
-		Mode:     s("0600"),
-	}
-	c.AddTask(t)
-
-	return nil
-}
-
 // allTokens returns a map of all auth tokens that are present
 func (b *SecretBuilder) allAuthTokens() (map[string]string, error) {
 	possibleTokens := tokens.GetKubernetesAuthTokens_Deprecated()
--- a/nodeup/pkg/model/sysctls.go
+++ b/nodeup/pkg/model/sysctls.go
@ -31,6 +31,7 @@ type SysctlBuilder struct {

 var _ fi.ModelBuilder = &SysctlBuilder{}

+// Build is responsible for configuring sysctl settings
 func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error {
 	var sysctls []string

@ -120,13 +121,12 @@ func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error {
 		"net.ipv4.ip_forward=1",
 		"")

-	t := &nodetasks.File{
+	c.AddTask(&nodetasks.File{
 		Path:            "/etc/sysctl.d/99-k8s-general.conf",
 		Contents:        fi.NewStringResource(strings.Join(sysctls, "\n")),
 		Type:            nodetasks.FileType_File,
 		OnChangeExecute: [][]string{{"sysctl", "--system"}},
-	}
-	c.AddTask(t)
+	})

 	return nil
 }