From 2e514a3931a1f6191cc42843575b10ce0ab3ee81 Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Tue, 2 Oct 2018 18:20:58 +0100
Subject: [PATCH 1/2] - changing the controller option to a slice as empty
 slices are ignored anyhow.

---
 pkg/apis/kops/componentconfig.go                |  2 +-
 pkg/apis/kops/v1alpha1/componentconfig.go       |  2 +-
 pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go | 12 ++----------
 pkg/apis/kops/v1alpha2/componentconfig.go       |  2 +-
 pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go | 12 ++----------
 pkg/apis/kops/zz_generated.deepcopy.go          | 12 ++----------
 6 files changed, 9 insertions(+), 33 deletions(-)

diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go
index 542371cb19..5b469925c3 100644
--- a/pkg/apis/kops/componentconfig.go
+++ b/pkg/apis/kops/componentconfig.go
@@ -377,7 +377,7 @@ type KubeControllerManagerConfig struct {
 	// ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider.
 	ConfigureCloudRoutes *bool `json:"configureCloudRoutes,omitempty" flag:"configure-cloud-routes"`
 	// Controllers is a list of controllers to enable on the controller-manager
-	Controllers *[]string `json:"controllers,omitempty" flag:"controllers"`
+	Controllers []string `json:"controllers,omitempty" flag:"controllers"`
 	// CIDRAllocatorType specifies the type of CIDR allocator to use.
 	CIDRAllocatorType *string `json:"cidrAllocatorType,omitempty" flag:"cidr-allocator-type"`
 	// rootCAFile is the root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle.
diff --git a/pkg/apis/kops/v1alpha1/componentconfig.go b/pkg/apis/kops/v1alpha1/componentconfig.go
index d13e846b1b..e83bfc2d44 100644
--- a/pkg/apis/kops/v1alpha1/componentconfig.go
+++ b/pkg/apis/kops/v1alpha1/componentconfig.go
@@ -377,7 +377,7 @@ type KubeControllerManagerConfig struct {
 	// ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider.
 	ConfigureCloudRoutes *bool `json:"configureCloudRoutes,omitempty" flag:"configure-cloud-routes"`
 	// Controllers is a list of controllers to enable on the controller-manager
-	Controllers *[]string `json:"controllers,omitempty" flag:"controllers"`
+	Controllers []string `json:"controllers,omitempty" flag:"controllers"`
 	// CIDRAllocatorType specifies the type of CIDR allocator to use.
 	CIDRAllocatorType *string `json:"cidrAllocatorType,omitempty" flag:"cidr-allocator-type"`
 	// rootCAFile is the root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle.
diff --git a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
index 11b45dc0c4..a1a7527634 100644
--- a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
@@ -2199,16 +2199,8 @@ func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerCo
 	}
 	if in.Controllers != nil {
 		in, out := &in.Controllers, &out.Controllers
-		if *in == nil {
-			*out = nil
-		} else {
-			*out = new([]string)
-			if **in != nil {
-				in, out := *in, *out
-				*out = make([]string, len(*in))
-				copy(*out, *in)
-			}
-		}
+		*out = make([]string, len(*in))
+		copy(*out, *in)
 	}
 	if in.CIDRAllocatorType != nil {
 		in, out := &in.CIDRAllocatorType, &out.CIDRAllocatorType
diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go
index 2d3d71ec3e..ad8a5e8251 100644
--- a/pkg/apis/kops/v1alpha2/componentconfig.go
+++ b/pkg/apis/kops/v1alpha2/componentconfig.go
@@ -377,7 +377,7 @@ type KubeControllerManagerConfig struct {
 	// ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider.
 	ConfigureCloudRoutes *bool `json:"configureCloudRoutes,omitempty" flag:"configure-cloud-routes"`
 	// Controllers is a list of controllers to enable on the controller-manager
-	Controllers *[]string `json:"controllers,omitempty" flag:"controllers"`
+	Controllers []string `json:"controllers,omitempty" flag:"controllers"`
 	// CIDRAllocatorType specifies the type of CIDR allocator to use.
 	CIDRAllocatorType *string `json:"cidrAllocatorType,omitempty" flag:"cidr-allocator-type"`
 	// rootCAFile is the root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle.
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
index f5caf4cb48..fce2ee0be5 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
@@ -2280,16 +2280,8 @@ func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerCo
 	}
 	if in.Controllers != nil {
 		in, out := &in.Controllers, &out.Controllers
-		if *in == nil {
-			*out = nil
-		} else {
-			*out = new([]string)
-			if **in != nil {
-				in, out := *in, *out
-				*out = make([]string, len(*in))
-				copy(*out, *in)
-			}
-		}
+		*out = make([]string, len(*in))
+		copy(*out, *in)
 	}
 	if in.CIDRAllocatorType != nil {
 		in, out := &in.CIDRAllocatorType, &out.CIDRAllocatorType
diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go
index 9bdc8101ec..6d4cbb4361 100644
--- a/pkg/apis/kops/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/zz_generated.deepcopy.go
@@ -2468,16 +2468,8 @@ func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerCo
 	}
 	if in.Controllers != nil {
 		in, out := &in.Controllers, &out.Controllers
-		if *in == nil {
-			*out = nil
-		} else {
-			*out = new([]string)
-			if **in != nil {
-				in, out := *in, *out
-				*out = make([]string, len(*in))
-				copy(*out, *in)
-			}
-		}
+		*out = make([]string, len(*in))
+		copy(*out, *in)
 	}
 	if in.CIDRAllocatorType != nil {
 		in, out := &in.CIDRAllocatorType, &out.CIDRAllocatorType

From cf67cfd0309cb509917a309d9f4092cbc50154db Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Tue, 2 Oct 2018 18:22:03 +0100
Subject: [PATCH 2/2] - enabling the tokencleaner controller when bootstrap
 tokens are enabled

---
 pkg/model/components/kubecontrollermanager.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/model/components/kubecontrollermanager.go b/pkg/model/components/kubecontrollermanager.go
index f78efb620a..d5116f58a4 100644
--- a/pkg/model/components/kubecontrollermanager.go
+++ b/pkg/model/components/kubecontrollermanager.go
@@ -167,5 +167,13 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error
 		}
 	}
 
+	// @check if the node authorization is enabled and if so enable the tokencleaner controller (disabled by default)
+	// This is responsible for cleaning up bootstrap tokens which have expired
+	if b.Context.IsKubernetesGTE("1.10") {
+		if fi.BoolValue(clusterSpec.KubeAPIServer.EnableBootstrapAuthToken) && len(kcm.Controllers) <= 0 {
+			kcm.Controllers = []string{"*", "tokencleaner"}
+		}
+	}
+
 	return nil
 }