diff --git a/pkg/model/components/discovery.go b/pkg/model/components/discovery.go index d2df80e912..b270b2269f 100644 --- a/pkg/model/components/discovery.go +++ b/pkg/model/components/discovery.go @@ -17,8 +17,6 @@ limitations under the License. package components import ( - "strings" - "k8s.io/kops/pkg/apis/kops" "k8s.io/kops/pkg/featureflag" "k8s.io/kops/pkg/model/iam" @@ -64,14 +62,9 @@ func (b *DiscoveryOptionsBuilder) BuildOptions(o interface{}) error { kubeAPIServer.FeatureGates = make(map[string]string) } kubeAPIServer.FeatureGates["ServiceAccountIssuerDiscovery"] = "true" + } - if kubeAPIServer.ServiceAccountJWKSURI == nil { - jwksURL := *kubeAPIServer.ServiceAccountIssuer - jwksURL = strings.TrimSuffix(jwksURL, "/") + "/keys.json" - - kubeAPIServer.ServiceAccountJWKSURI = &jwksURL - } - } else if kubeAPIServer.ServiceAccountJWKSURI == nil { + if kubeAPIServer.ServiceAccountJWKSURI == nil { jwksURI, err := iam.ServiceAccountIssuer(clusterSpec) if err != nil { return err diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 700b279760..98266f9b84 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -208,7 +208,7 @@ kubeAPIServer: - X-Remote-User securePort: 443 serviceAccountIssuer: https://discovery.example.com/minimal.example.com/oidc - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/oidc/keys.json + serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/oidc/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: