diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index fe52971f12..8d04449ebc 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -392,6 +392,8 @@ type KubeAPIServerConfig struct { // for KubeAPIServer, concatenated with commas. ex: `--runtime-config=key1=value1,key2=value2`. // Use this to enable alpha resources on kube-apiserver RuntimeConfig map[string]string `json:"runtimeConfig,omitempty" flag:"runtime-config"` + + AnonymousAuth *bool `json:"anonymousAuth,omitempty" flag:"anonymous-auth"` } type KubeControllerManagerConfig struct { diff --git a/pkg/apis/kops/v1alpha1/componentconfig.go b/pkg/apis/kops/v1alpha1/componentconfig.go index 9ec58c7597..63ab6025aa 100644 --- a/pkg/apis/kops/v1alpha1/componentconfig.go +++ b/pkg/apis/kops/v1alpha1/componentconfig.go @@ -389,6 +389,8 @@ type KubeAPIServerConfig struct { AllowPrivileged *bool `json:"allowPrivileged,omitempty" flag:"allow-privileged"` APIServerCount *int `json:"apiServerCount,omitempty" flag:"apiserver-count"` RuntimeConfig map[string]string `json:"runtimeConfig,omitempty" flag:"runtime-config"` + + AnonymousAuth *bool `json:"anonymousAuth,omitempty" flag:"anonymous-auth"` } type KubeControllerManagerConfig struct { diff --git a/upup/models/config/components/kube-apiserver/_k8s_1_5/kube-apiserver.options b/upup/models/config/components/kube-apiserver/_k8s_1_5/kube-apiserver.options index cc40fb6d7a..c9f19e815c 100644 --- a/upup/models/config/components/kube-apiserver/_k8s_1_5/kube-apiserver.options +++ b/upup/models/config/components/kube-apiserver/_k8s_1_5/kube-apiserver.options @@ -6,4 +6,6 @@ KubeAPIServer: - ServiceAccount - PersistentVolumeLabel - DefaultStorageClass - - ResourceQuota \ No newline at end of file + - ResourceQuota + # Stick with the pre-1.5 anonymous authentication modes + AnonymousAuth: false diff --git a/upup/pkg/fi/cloudup/populatecluster_test.go b/upup/pkg/fi/cloudup/populatecluster_test.go index ba7bc49ae0..69c015105d 100644 --- a/upup/pkg/fi/cloudup/populatecluster_test.go +++ b/upup/pkg/fi/cloudup/populatecluster_test.go @@ -379,3 +379,49 @@ func TestPopulateCluster_APIServerCount(t *testing.T) { t.Fatalf("Unexpected APIServerCount: %v", fi.IntValue(full.Spec.KubeAPIServer.APIServerCount)) } } + +func TestPopulateCluster_AnonymousAuth(t *testing.T) { + c := buildMinimalCluster() + c.Spec.KubernetesVersion = "1.5.0" + + err := c.PerformAssignments() + if err != nil { + t.Fatalf("error from PerformAssignments: %v", err) + } + + addEtcdClusters(c) + + full, err := PopulateClusterSpec(c) + if err != nil { + t.Fatalf("Unexpected error from PopulateCluster: %v", err) + } + + if full.Spec.KubeAPIServer.AnonymousAuth == nil { + t.Fatalf("AnonymousAuth not specified") + } + + if fi.BoolValue(full.Spec.KubeAPIServer.AnonymousAuth) != false { + t.Fatalf("Unexpected AnonymousAuth: %v", fi.BoolValue(full.Spec.KubeAPIServer.AnonymousAuth)) + } +} + +func TestPopulateCluster_AnonymousAuth_14(t *testing.T) { + c := buildMinimalCluster() + c.Spec.KubernetesVersion = "1.4.0" + + err := c.PerformAssignments() + if err != nil { + t.Fatalf("error from PerformAssignments: %v", err) + } + + addEtcdClusters(c) + + full, err := PopulateClusterSpec(c) + if err != nil { + t.Fatalf("Unexpected error from PopulateCluster: %v", err) + } + + if full.Spec.KubeAPIServer.AnonymousAuth != nil { + t.Fatalf("AnonymousAuth is not supported in 1.4") + } +}