kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11872 from johngmyers/refactor-serviceaccount 

Refactor nodeup APIServer builder, part one
This commit is contained in:
Kubernetes Prow Robot 2021-06-28 10:42:01 -07:00 committed by GitHub
parent c73a977139 7dfe9d82ab
commit ee048e89e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
136 changed files with 598 additions and 546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/kops/integration_test.go
View File

@ -616,6 +616,12 @@ func (i *integrationTest) setupCluster(t *testing.T, inputYAML string, ctx conte
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZFFtxc+8xir1XC3mI/RhCC\nrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQJAejInjmEzqmzQr0NxcIN4\nPukwK3FBKl+RAOZfqNIKcww14mfOn7Gc6lF2zEC4GnLiB3tthbSXoBGi54nkW4ki\nyQIhANZNne9UhQlwyjsd3WxDWWrl6OOZ3J8ppMOIQni9WRLlAiEAw1XEdxPOSOSO\nB6rucpTT1QivVvyEFIb/ukvPm769Mh8CIQDNQwKnHdlfNX0+KljPPaMD1LrAZbr/\naC+8aWLhqtsKUQIgF7gUcTkwdV17eabh6Xv09Qtm7zMefred2etWvFy+8JUCIECv\nFYOKQVWHX+Q7CHX2K1oTECVnZuW1UItdDYVlFYxQ\n-----END RSA PRIVATE KEY-----\n",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBaDCCARKgAwIBAgIMFoq6PeyECsgUTfc2MA0GCSqGSIb3DQEBCwUAMBUxEzAR\nBgNVBAMTCmt1YmVybmV0ZXMwHhcNMjEwNjE5MjI0MzEwWhcNMzEwNjE5MjI0MzEw\nWjAVMRMwEQYDVQQDEwprdWJlcm5ldGVzMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB\nAKOE64nZbH+GM91AIrqf7HEk4hvzqsZFFtxc+8xir1XC3mI/RhCCrs6AdVRZNZ26\nA6uHArhi33c2kHQkCjyLA7sCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud\nEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIT28RJlG8FTgmvn2YMa3hYX+u1BMA0GCSqG\nSIb3DQEBCwUAA0EAKuaE5wKMP26AyfxkWu83iHoTPFtdjabXF0JcyPy0ijQZxfJq\n9xc2CkttvgaDtT4H+E/ryQ3iq6kSfEYYPi8c0w==\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "service-account", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBZzCCARGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDEw9zZXJ2\naWNlLWFjY291bnQwHhcNMjEwNTAyMjAzMDA2WhcNMzEwNTAyMjAzMDA2WjAaMRgw\nFgYDVQQDEw9zZXJ2aWNlLWFjY291bnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\n2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy/C8Mx\nouxva/om9d7Sq8Ka55T7+wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T\nAQH/BAUwAwEB/zAdBgNVHQ4EFgQUI5beFHueAGyT1pQ6UTOdbMfj3gQwDQYJKoZI\nhvcNAQELBQADQQBwPLO+Np8o6k3aNBGKE4JTCOs06X72OXNivkWWWP/9XGz6x4DI\nHPU65kbUn/pWXBUVVlpsKsdmWA2Bu8pd/vD+\n-----END CERTIFICATE-----\n",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZFFtxc+8xir1XC3mI/RhCC\nrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQJAejInjmEzqmzQr0NxcIN4\nPukwK3FBKl+RAOZfqNIKcww14mfOn7Gc6lF2zEC4GnLiB3tthbSXoBGi54nkW4ki\nyQIhANZNne9UhQlwyjsd3WxDWWrl6OOZ3J8ppMOIQni9WRLlAiEAw1XEdxPOSOSO\nB6rucpTT1QivVvyEFIb/ukvPm769Mh8CIQDNQwKnHdlfNX0+KljPPaMD1LrAZbr/\naC+8aWLhqtsKUQIgF7gUcTkwdV17eabh6Xv09Qtm7zMefred2etWvFy+8JUCIECv\nFYOKQVWHX+Q7CHX2K1oTECVnZuW1UItdDYVlFYxQ\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBZzCCARGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDEw9zZXJ2\naWNlLWFjY291bnQwHhcNMjEwNTAyMjAzMjE3WhcNMzEwNTAyMjAzMjE3WjAaMRgw\nFgYDVQQDEw9zZXJ2aWNlLWFjY291bnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\no4Tridlsf4Yz3UAiup/scSTiG/OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboD\nq4cCuGLfdzaQdCQKPIsDuwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T\nAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhPbxEmUbwVOCa+fZgxreFhf67UEwDQYJKoZI\nhvcNAQELBQADQQALMsyK2Q7C/bk27eCvXyZKUfrLvor10hEjwGhv14zsKWDeTj/J\nA1LPYp7U9VtFfgFOkVbkLE9Rstc0ltNrPqxA\n-----END CERTIFICATE-----\n",
})
if i.ciliumEtcd {
storeKeyset(t, keyStore, "etcd-clients-ca-cilium", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",

82
cmd/kops/lifecycle_integration_test.go
View File

@ -195,34 +195,11 @@ func runLifecycleTest(h *testutils.IntegrationTestHarness, o *LifecycleTestOptio
inputYAML := "in-" + o.Version + ".yaml"
factoryOptions := &util.FactoryOptions{}
factoryOptions.RegistryPath = "memfs://tests"
factory := util.NewFactory(factoryOptions)
beforeResources := AllAWSResources(cloud)
{
options := &CreateOptions{}
options.Filenames = []string{path.Join(o.SrcDir, inputYAML)}
factory := newIntegrationTest(o.ClusterName, o.SrcDir).
setupCluster(t, inputYAML, ctx, stdout)
err := RunCreate(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create: %v", inputYAML, err)
}
}
{
options := &CreateSecretPublickeyOptions{}
options.ClusterName = o.ClusterName
options.Name = "admin"
options.PublicKeyPath = path.Join(o.SrcDir, "id_rsa.pub")
err := RunCreateSecretPublicKey(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create: %v", inputYAML, err)
}
}
updateEnsureNoChanges(ctx, t, factory, o.ClusterName, stdout)
// Overrides
@ -437,32 +414,8 @@ func runLifecycleTestOpenstack(o *LifecycleTestOptions) {
inputYAML := "in-" + o.Version + ".yaml"
factoryOptions := &util.FactoryOptions{}
factoryOptions.RegistryPath = "memfs://tests"
factory := util.NewFactory(factoryOptions)
{
options := &CreateOptions{}
options.Filenames = []string{path.Join(o.SrcDir, inputYAML)}
err := RunCreate(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create: %v", inputYAML, err)
}
}
{
options := &CreateSecretPublickeyOptions{}
options.ClusterName = o.ClusterName
options.Name = "admin"
options.PublicKeyPath = path.Join(o.SrcDir, "id_rsa.pub")
err := RunCreateSecretPublicKey(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create: %v", inputYAML, err)
}
}
factory := newIntegrationTest(o.ClusterName, o.SrcDir).
setupCluster(t, inputYAML, ctx, stdout)
updateEnsureNoChanges(ctx, t, factory, o.ClusterName, stdout)
@ -515,31 +468,8 @@ func runLifecycleTestGCE(o *LifecycleTestOptions) {
var stdout bytes.Buffer
inputYAML := "in-" + o.Version + ".yaml"
factory := util.NewFactory(&util.FactoryOptions{
RegistryPath: "memfs://tests",
})
{
options := &CreateOptions{}
options.Filenames = []string{path.Join(o.SrcDir, inputYAML)}
err := RunCreate(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create: %v", inputYAML, err)
}
}
{
options := &CreateSecretPublickeyOptions{}
options.ClusterName = o.ClusterName
options.Name = "admin"
options.PublicKeyPath = path.Join(o.SrcDir, "id_rsa.pub")
err := RunCreateSecretPublicKey(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create: %v", inputYAML, err)
}
}
factory := newIntegrationTest(o.ClusterName, o.SrcDir).
setupCluster(t, inputYAML, ctx, stdout)
updateEnsureNoChanges(ctx, t, factory, o.ClusterName, stdout)

17
nodeup/pkg/model/containerd_test.go
View File

@ -128,9 +128,20 @@ func TestContainerdBuilder_BuildFlags(t *testing.T) {
}
func runContainerdBuilderTest(t *testing.T, key string, distro distributions.Distribution) {
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
h.MockKopsVersion("1.18.0")
h.SetupMockAWS()
basedir := path.Join("tests/containerdbuilder/", key)
nodeUpModelContext, err := BuildNodeupModelContext(basedir)
model, err := testutils.LoadModel(basedir)
if err != nil {
t.Fatal(err)
}
nodeUpModelContext, err := BuildNodeupModelContext(model)
if err != nil {
t.Fatalf("error parsing cluster yaml %q: %v", basedir, err)
return
@ -148,6 +159,10 @@ func runContainerdBuilderTest(t *testing.T, key string, distro distributions.Dis
nodeUpModelContext.Assets.AddForTest("ctr", "usr/local/bin/ctr", "testing containerd content")
nodeUpModelContext.Assets.AddForTest("runc", "usr/local/sbin/runc", "testing containerd content")
if err := nodeUpModelContext.Init(); err != nil {
t.Fatalf("error from nodeupModelContext.Init(): %v", err)
return
}
context := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}

2
nodeup/pkg/model/context.go
View File

@ -388,7 +388,7 @@ func (c *NodeupModelContext) UsesSecondaryIP() bool {
// UseBootstrapTokens checks if we are using bootstrap tokens
func (c *NodeupModelContext) UseBootstrapTokens() bool {
if c.HasAPIServer {
return fi.BoolValue(c.Cluster.Spec.KubeAPIServer.EnableBootstrapAuthToken)
return fi.BoolValue(c.NodeupConfig.APIServerConfig.KubeAPIServer.EnableBootstrapAuthToken)
}
return c.Cluster.Spec.Kubelet != nil && c.Cluster.Spec.Kubelet.BootstrapKubeconfig != ""

16
nodeup/pkg/model/docker_test.go
View File

@ -120,9 +120,20 @@ func TestDockerBuilder_BuildFlags(t *testing.T) {
}
func runDockerBuilderTest(t *testing.T, key string) {
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
h.MockKopsVersion("1.18.0")
h.SetupMockAWS()
basedir := path.Join("tests/dockerbuilder/", key)
nodeUpModelContext, err := BuildNodeupModelContext(basedir)
model, err := testutils.LoadModel(basedir)
if err != nil {
t.Fatal(err)
}
nodeUpModelContext, err := BuildNodeupModelContext(model)
if err != nil {
t.Fatalf("error parsing cluster yaml %q: %v", basedir, err)
return
@ -163,6 +174,9 @@ func runDockerBuilderTest(t *testing.T, key string) {
}
}
if err := nodeUpModelContext.Init(); err != nil {
t.Fatalf("error from nodeUpModelContext.Init(): %v", err)
}
context := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}

99
nodeup/pkg/model/kube_apiserver.go
View File

@ -55,56 +55,48 @@ func (b *KubeAPIServerBuilder) Build(c *fi.ModelBuilderContext) error {
return nil
}
if err := b.writeAuthenticationConfig(c); err != nil {
pathSrvKAPI := filepath.Join(b.PathSrvKubernetes(), "kube-apiserver")
var kubeAPIServer kops.KubeAPIServerConfig
if b.NodeupConfig.APIServerConfig.KubeAPIServer != nil {
kubeAPIServer = *b.NodeupConfig.APIServerConfig.KubeAPIServer
}
if err := b.writeAuthenticationConfig(c, &kubeAPIServer); err != nil {
return err
}
if b.Cluster.Spec.EncryptionConfig != nil {
if *b.Cluster.Spec.EncryptionConfig {
encryptionConfigPath := fi.String(filepath.Join(b.PathSrvKubernetes(), "encryptionconfig.yaml"))
if b.NodeupConfig.APIServerConfig.EncryptionConfigSecretHash != "" {
encryptionConfigPath := fi.String(filepath.Join(pathSrvKAPI, "encryptionconfig.yaml"))
b.Cluster.Spec.KubeAPIServer.EncryptionProviderConfig = encryptionConfigPath
kubeAPIServer.EncryptionProviderConfig = encryptionConfigPath
key := "encryptionconfig"
encryptioncfg, err := b.SecretStore.Secret(key)
if err == nil {
contents := string(encryptioncfg.Data)
t := &nodetasks.File{
Path: *encryptionConfigPath,
Contents: fi.NewStringResource(contents),
Mode: fi.String("600"),
Type: nodetasks.FileType_File,
}
c.AddTask(t)
} else {
return fmt.Errorf("encryptionConfig enabled, but could not load encryptionconfig secret: %v", err)
key := "encryptionconfig"
encryptioncfg, err := b.SecretStore.Secret(key)
if err == nil {
contents := string(encryptioncfg.Data)
t := &nodetasks.File{
Path: *encryptionConfigPath,
Contents: fi.NewStringResource(contents),
Mode: fi.String("600"),
Type: nodetasks.FileType_File,
}
c.AddTask(t)
} else {
return fmt.Errorf("encryptionConfig enabled, but could not load encryptionconfig secret: %v", err)
}
}
kubeAPIServer.ServiceAccountKeyFile = append(kubeAPIServer.ServiceAccountKeyFile, filepath.Join(pathSrvKAPI, "service-account.pub"))
c.AddTask(&nodetasks.File{
Path: filepath.Join(pathSrvKAPI, "service-account.pub"),
Contents: fi.NewStringResource(b.NodeupConfig.APIServerConfig.ServiceAccountPublicKeys),
Type: nodetasks.FileType_File,
Mode: s("0600"),
})
{
keyset, err := b.KeyStore.FindKeyset("service-account")
if err != nil {
return err
}
if keyset == nil {
return fmt.Errorf("service-account keyset not found")
}
buf, err := keyset.ToPublicKeyBytes()
if err != nil {
return err
}
c.AddTask(&nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "service-account.pub"),
Contents: fi.NewBytesResource(buf),
Type: nodetasks.FileType_File,
Mode: s("0600"),
})
}
{
pod, err := b.buildPod()
pod, err := b.buildPod(&kubeAPIServer)
if err != nil {
return fmt.Errorf("error building kube-apiserver manifest: %v", err)
}
@ -151,7 +143,7 @@ func (b *KubeAPIServerBuilder) Build(c *fi.ModelBuilderContext) error {
return nil
}
func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderContext) error {
func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderContext, kubeAPIServer *kops.KubeAPIServerConfig) error {
if b.Cluster.Spec.Authentication == nil || b.Cluster.Spec.Authentication.IsEmpty() {
return nil
}
@ -198,7 +190,7 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
if b.Cluster.Spec.Authentication.Aws != nil {
id := "aws-iam-authenticator"
b.Cluster.Spec.KubeAPIServer.AuthenticationTokenWebhookConfigFile = fi.String(PathAuthnConfig)
kubeAPIServer.AuthenticationTokenWebhookConfigFile = fi.String(PathAuthnConfig)
{
caCertificate, _, err := b.NodeupModelContext.KeyStore.FindPrimaryKeypair(fi.CertificateIDCA)
@ -302,11 +294,7 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
}
// buildPod is responsible for generating the kube-apiserver pod and thus manifest file
func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) {
kubeAPIServer := b.Cluster.Spec.KubeAPIServer
kubeAPIServer.ServiceAccountKeyFile = append(kubeAPIServer.ServiceAccountKeyFile, filepath.Join(b.PathSrvKubernetes(), "service-account.pub"))
func (b *KubeAPIServerBuilder) buildPod(kubeAPIServer *kops.KubeAPIServerConfig) (*v1.Pod, error) {
// Set the signing key if we're using Service Account Token VolumeProjection
if kubeAPIServer.ServiceAccountSigningKeyFile == nil {
if fi.StringValue(kubeAPIServer.ServiceAccountIssuer) != "" {
@ -393,15 +381,14 @@ func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) {
// @note: note sure if this is the best place to put it, I could place into the validation.go which has the benefit of
// fixing up the manifests itself, but that feels VERY hacky
// @note: it's fine to use AdmissionControl here and it's not populated by the model, thus the only data could have come from the cluster spec
c := b.Cluster.Spec.KubeAPIServer
if len(c.AdmissionControl) > 0 {
c.EnableAdmissionPlugins = append([]string(nil), c.AdmissionControl...)
c.AdmissionControl = []string{}
if len(kubeAPIServer.AdmissionControl) > 0 {
kubeAPIServer.EnableAdmissionPlugins = append([]string(nil), kubeAPIServer.AdmissionControl...)
kubeAPIServer.AdmissionControl = []string{}
}
}
// build the kube-apiserver flags for the service
flags, err := flagbuilder.BuildFlagsList(b.Cluster.Spec.KubeAPIServer)
flags, err := flagbuilder.BuildFlagsList(kubeAPIServer)
if err != nil {
return nil, fmt.Errorf("error building kube-apiserver flags: %v", err)
}
@ -501,8 +488,8 @@ func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) {
Ports: []v1.ContainerPort{
{
Name: "https",
ContainerPort: b.Cluster.Spec.KubeAPIServer.SecurePort,
HostPort: b.Cluster.Spec.KubeAPIServer.SecurePort,
ContainerPort: kubeAPIServer.SecurePort,
HostPort: kubeAPIServer.SecurePort,
},
},
Resources: v1.ResourceRequirements{
@ -563,7 +550,7 @@ func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) {
addHostPathMapping(pod, container, "srvsshproxy", pathSrvSshproxy)
}
auditLogPath := b.Cluster.Spec.KubeAPIServer.AuditLogPath
auditLogPath := kubeAPIServer.AuditLogPath
// Don't mount a volume if the mount path is set to '-' for stdout logging
// See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-backends
if auditLogPath != nil && *auditLogPath != "-" {

140
nodeup/pkg/model/kubelet_test.go
View File

@ -149,12 +149,24 @@ func stringSlicesEqual(exp, other []string) bool {
}
func Test_RunKubeletBuilder(t *testing.T) {
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
h.MockKopsVersion("1.18.0")
h.SetupMockAWS()
basedir := "tests/kubelet/featuregates"
context := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}
nodeUpModelContext, err := BuildNodeupModelContext(basedir)
model, err := testutils.LoadModel(basedir)
if err != nil {
t.Fatal(err)
}
nodeUpModelContext, err := BuildNodeupModelContext(model)
if err != nil {
t.Fatalf("error loading model %q: %v", basedir, err)
return
@ -166,12 +178,24 @@ func Test_RunKubeletBuilder(t *testing.T) {
}
func Test_RunKubeletBuilderWarmPool(t *testing.T) {
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
h.MockKopsVersion("1.18.0")
h.SetupMockAWS()
basedir := "tests/kubelet/warmpool"
context := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}
nodeUpModelContext, err := BuildNodeupModelContext(basedir)
model, err := testutils.LoadModel(basedir)
if err != nil {
t.Fatal(err)
}
nodeUpModelContext, err := BuildNodeupModelContext(model)
if err != nil {
t.Fatalf("error loading model %q: %v", basedir, err)
return
@ -186,6 +210,10 @@ func Test_RunKubeletBuilderWarmPool(t *testing.T) {
}
func runKubeletBuilder(t *testing.T, context *fi.ModelBuilderContext, nodeupModelContext *NodeupModelContext) {
if err := nodeupModelContext.Init(); err != nil {
t.Fatalf("error from nodeupModelContext.Init(): %v", err)
}
builder := KubeletBuilder{NodeupModelContext: nodeupModelContext}
kubeletConfig, err := builder.buildKubeletConfig()
@ -221,18 +249,12 @@ func runKubeletBuilder(t *testing.T, context *fi.ModelBuilderContext, nodeupMode
}
func BuildNodeupModelContext(basedir string) (*NodeupModelContext, error) {
model, err := testutils.LoadModel(basedir)
if err != nil {
return nil, err
}
func BuildNodeupModelContext(model *testutils.Model) (*NodeupModelContext, error) {
if model.Cluster == nil {
return nil, fmt.Errorf("no cluster found in %s", basedir)
return nil, fmt.Errorf("no cluster found in model")
}
nodeUpModelContext := &NodeupModelContext{
Cluster: model.Cluster,
nodeupModelContext := &NodeupModelContext{
Architecture: "amd64",
BootConfig: &nodeup.BootConfig{},
NodeupConfig: &nodeup.Config{
@ -241,22 +263,40 @@ func BuildNodeupModelContext(basedir string) (*NodeupModelContext, error) {
},
}
// Populate the cluster
cloud, err := cloudup.BuildCloud(model.Cluster)
if err != nil {
return nil, fmt.Errorf("error from BuildCloud: %v", err)
}
err = cloudup.PerformAssignments(model.Cluster, cloud)
if err != nil {
return nil, fmt.Errorf("error from PerformAssignments: %v", err)
}
nodeupModelContext.Cluster, err = mockedPopulateClusterSpec(model.Cluster, cloud)
if err != nil {
return nil, fmt.Errorf("unexpected error from mockedPopulateClusterSpec: %v", err)
}
if len(model.InstanceGroups) == 0 {
// We tolerate this - not all tests need an instance group
} else if len(model.InstanceGroups) == 1 {
nodeUpModelContext.NodeupConfig, nodeUpModelContext.BootConfig = nodeup.NewConfig(model.Cluster, model.InstanceGroups[0])
nodeupModelContext.NodeupConfig, nodeupModelContext.BootConfig = nodeup.NewConfig(nodeupModelContext.Cluster, model.InstanceGroups[0])
} else {
return nil, fmt.Errorf("unexpected number of instance groups in %s, found %d", basedir, len(model.InstanceGroups))
return nil, fmt.Errorf("unexpected number of instance groups: found %d", len(model.InstanceGroups))
}
nodeUpModelContext.NodeupConfig.CAs["ca"] = dummyCertificate + nextCertificate
nodeUpModelContext.NodeupConfig.KeypairIDs["ca"] = "3"
// Are we mocking out too much of the apply_cluster logic?
nodeupModelContext.NodeupConfig.CAs["ca"] = dummyCertificate + nextCertificate
nodeupModelContext.NodeupConfig.KeypairIDs["ca"] = "3"
if err := nodeUpModelContext.Init(); err != nil {
return nil, err
if nodeupModelContext.NodeupConfig.APIServerConfig != nil {
saPublicKeys, _ := rotatingPrivateKeyset().ToPublicKeys()
nodeupModelContext.NodeupConfig.APIServerConfig.ServiceAccountPublicKeys = saPublicKeys
}
return nodeUpModelContext, nil
return nodeupModelContext, nil
}
func mockedPopulateClusterSpec(c *kops.Cluster, cloud fi.Cloud) (*kops.Cluster, error) {
@ -296,29 +336,11 @@ func simplePrivateKeyset(cert, key string) *kops.Keyset {
}
}
func rotatingPrivateKeyset() *kops.Keyset {
return &kops.Keyset{
Spec: kops.KeysetSpec{
PrimaryId: "3",
Keys: []kops.KeysetItem{
{
Id: "2",
PrivateMaterial: []byte(previousKey),
PublicMaterial: []byte(previousCertificate),
},
{
Id: "3",
PrivateMaterial: []byte(dummyKey),
PublicMaterial: []byte(dummyCertificate),
},
{
Id: "4",
PrivateMaterial: []byte(nextKey),
PublicMaterial: []byte(nextCertificate),
},
},
},
}
func rotatingPrivateKeyset() *fi.Keyset {
keyset, _ := fi.NewKeyset(mustParseCertificate(previousCertificate), mustParseKey(previousKey))
_ = keyset.AddItem(mustParseCertificate(nextCertificate), mustParseKey(nextKey), false)
return keyset
}
func mustParseCertificate(s string) *pki.Certificate {
@ -329,6 +351,14 @@ func mustParseCertificate(s string) *pki.Certificate {
return k
}
func mustParseKey(s string) *pki.PrivateKey {
k, err := pki.ParsePEMPrivateKey([]byte(s))
if err != nil {
klog.Fatalf("error parsing private key %v", err)
}
return k
}
func RunGoldenTest(t *testing.T, basedir string, key string, builder func(*NodeupModelContext, *fi.ModelBuilderContext) error) {
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
@ -339,20 +369,22 @@ func RunGoldenTest(t *testing.T, basedir string, key string, builder func(*Nodeu
context := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}
nodeupModelContext, err := BuildNodeupModelContext(basedir)
model, err := testutils.LoadModel(basedir)
if err != nil {
t.Fatalf("error loading model %q: %v", basedir, err)
t.Fatal(err)
}
keystore := &fakeCAStore{}
keystore.T = t
saKeyset, _ := rotatingPrivateKeyset().ToAPIObject("service-account", true)
keystore.privateKeysets = map[string]*kops.Keyset{
"ca": simplePrivateKeyset(dummyCertificate, dummyKey),
"apiserver-aggregator-ca": simplePrivateKeyset(dummyCertificate, dummyKey),
"kube-controller-manager": simplePrivateKeyset(dummyCertificate, dummyKey),
"kube-proxy": simplePrivateKeyset(dummyCertificate, dummyKey),
"kube-scheduler": simplePrivateKeyset(dummyCertificate, dummyKey),
"service-account": rotatingPrivateKeyset(),
"service-account": saKeyset,
}
keystore.certs = map[string]*pki.Certificate{
"ca": mustParseCertificate(dummyCertificate),
@ -362,25 +394,15 @@ func RunGoldenTest(t *testing.T, basedir string, key string, builder func(*Nodeu
"kube-scheduler": mustParseCertificate(dummyCertificate),
}
nodeupModelContext.KeyStore = keystore
// Populate the cluster
cloud, err := cloudup.BuildCloud(nodeupModelContext.Cluster)
nodeupModelContext, err := BuildNodeupModelContext(model)
if err != nil {
t.Fatalf("error from BuildCloud: %v", err)
t.Fatalf("error loading model %q: %v", basedir, err)
}
{
err := cloudup.PerformAssignments(nodeupModelContext.Cluster, cloud)
if err != nil {
t.Fatalf("error from PerformAssignments: %v", err)
}
nodeupModelContext.KeyStore = keystore
full, err := mockedPopulateClusterSpec(nodeupModelContext.Cluster, cloud)
if err != nil {
t.Fatalf("unexpected error from mockedPopulateClusterSpec: %v", err)
}
nodeupModelContext.Cluster = full
if err := nodeupModelContext.Init(); err != nil {
t.Fatalf("error from nodeupModelContext.Init(): %v", err)
}
if err := builder(nodeupModelContext, context); err != nil {

2
nodeup/pkg/model/tests/containerdbuilder/flatcar/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.19.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/containerdbuilder/from_docker_19.03.11/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.19.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/containerdbuilder/from_docker_19.03.11/tasks.yaml
View File

@ -2,7 +2,7 @@ contents: ""
path: /etc/containerd/config-kops.toml
type: file
---
contents: CONTAINERD_OPTS=
contents: CONTAINERD_OPTS=--log-level=info
path: /etc/sysconfig/containerd
type: file
---

2
nodeup/pkg/model/tests/containerdbuilder/from_docker_19.03.14/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.19.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/containerdbuilder/from_docker_19.03.14/tasks.yaml
View File

@ -2,7 +2,7 @@ contents: ""
path: /etc/containerd/config-kops.toml
type: file
---
contents: CONTAINERD_OPTS=
contents: CONTAINERD_OPTS=--log-level=info
path: /etc/sysconfig/containerd
type: file
---

2
nodeup/pkg/model/tests/containerdbuilder/simple/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.19.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/containerdbuilder/simple/tasks.yaml
View File

@ -30,7 +30,7 @@ contents: |2
path: /etc/crictl.yaml
type: file
---
contents: CONTAINERD_OPTS=
contents: CONTAINERD_OPTS=--log-level=info
path: /etc/sysconfig/containerd
type: file
---

2
nodeup/pkg/model/tests/containerdbuilder/skipinstall/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.16.3
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/dockerbuilder/docker_18.06.3/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.13.6
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/dockerbuilder/docker_18.06.3/tasks.yaml
View File

@ -2,7 +2,7 @@ file: /usr/bin/docker-runc
mode: +i
---
contents: |-
DOCKER_OPTS=
DOCKER_OPTS=--ip-masq=false --iptables=false --log-driver=json-file --log-level=info --log-opt=max-file=5 --log-opt=max-size=10m --storage-driver=overlay2,overlay,aufs
DOCKER_NOFILE=1000000
path: /etc/sysconfig/docker
type: file

2
nodeup/pkg/model/tests/dockerbuilder/docker_19.03.11/cluster.yaml
View File

@ -21,6 +21,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.19.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/dockerbuilder/docker_19.03.11/tasks.yaml
View File

@ -1,5 +1,5 @@
contents: |-
DOCKER_OPTS=
DOCKER_OPTS=--ip-masq=false --iptables=false --log-driver=json-file --log-level=info --log-opt=max-file=5 --log-opt=max-size=10m --storage-driver=overlay2,overlay,aufs
DOCKER_NOFILE=1000000
path: /etc/sysconfig/docker
type: file

2
nodeup/pkg/model/tests/dockerbuilder/healthcheck/cluster.yaml
View File

@ -21,6 +21,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.4.6
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/dockerbuilder/healthcheck/tasks.yaml
View File

@ -2,7 +2,7 @@ file: /usr/bin/docker-runc
mode: +i
---
contents: |-
DOCKER_OPTS=
DOCKER_OPTS=--ip-masq=false --iptables=false --log-driver=json-file --log-level=info --log-opt=max-file=5 --log-opt=max-size=10m --storage-driver=overlay2,overlay,aufs
DOCKER_NOFILE=1000000
path: /etc/sysconfig/docker
type: file

2
nodeup/pkg/model/tests/dockerbuilder/logflags/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.17.0
masterInternalName: api.internal.logflags.example.com
masterPublicName: api.logflags.example.com

2
nodeup/pkg/model/tests/dockerbuilder/logflags/tasks.yaml
View File

@ -2,7 +2,7 @@ file: /usr/bin/docker-runc
mode: +i
---
contents: |-
DOCKER_OPTS=
DOCKER_OPTS=--ip-masq=false --iptables=false --log-driver=json-file --log-level=info --log-opt=max-file=5 --log-opt=max-size=10m --storage-driver=overlay2,overlay,aufs
DOCKER_NOFILE=1000000
path: /etc/sysconfig/docker
type: file

2
nodeup/pkg/model/tests/dockerbuilder/simple/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.14.6
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

2
nodeup/pkg/model/tests/dockerbuilder/simple/tasks.yaml
View File

@ -2,7 +2,7 @@ file: /usr/bin/docker-runc
mode: +i
---
contents: |-
DOCKER_OPTS=
DOCKER_OPTS=--ip-masq=false --iptables=false --log-driver=json-file --log-level=info --log-opt=max-file=5 --log-opt=max-size=10m --storage-driver=overlay2,overlay,aufs
DOCKER_NOFILE=1000000
path: /etc/sysconfig/docker
type: file

2
nodeup/pkg/model/tests/dockerbuilder/skipinstall/cluster.yaml
View File

@ -20,6 +20,8 @@ spec:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
name: events
iam:
legacy: false
kubernetesVersion: v1.14.6
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com

37
nodeup/pkg/model/tests/golden/awsiam/tasks-kube-apiserver.yaml
View File

@ -62,7 +62,7 @@ contents: |
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=443
- --service-account-key-file=/srv/kubernetes/service-account.pub
- --service-account-key-file=/srv/kubernetes/kube-apiserver/service-account.pub
- --service-cluster-ip-range=100.64.0.0/13
- --storage-backend=etcd3
- --tls-cert-file=/srv/kubernetes/server.crt
@ -226,6 +226,19 @@ owner: aws-iam-authenticator
path: /srv/kubernetes/aws-iam-authenticator/key.pem
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/kube-apiserver/service-account.pub
type: file
---
contents:
task:
Name: kubelet-api
@ -248,28 +261,6 @@ mode: "0600"
path: /srv/kubernetes/kubelet-api.key
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l
Ah+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD
ZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp
OxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m
74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG
kwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF
6QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.pub
type: file
---
contents: ""
ifNotExists: true
mode: "0400"

37
nodeup/pkg/model/tests/golden/dedicated-apiserver/tasks-kube-apiserver.yaml
View File

@ -40,7 +40,7 @@ contents: |
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=443
- --service-account-key-file=/srv/kubernetes/service-account.pub
- --service-account-key-file=/srv/kubernetes/kube-apiserver/service-account.pub
- --service-cluster-ip-range=100.64.0.0/13
- --storage-backend=etcd3
- --tls-cert-file=/srv/kubernetes/server.crt
@ -166,6 +166,19 @@ mode: "0755"
path: /srv/kubernetes
type: directory
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/kube-apiserver/service-account.pub
type: file
---
contents:
task:
Name: kubelet-api
@ -188,28 +201,6 @@ mode: "0600"
path: /srv/kubernetes/kubelet-api.key
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l
Ah+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD
ZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp
OxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m
74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG
kwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF
6QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.pub
type: file
---
contents: ""
ifNotExists: true
mode: "0400"

37
nodeup/pkg/model/tests/golden/minimal/tasks-kube-apiserver.yaml
View File

@ -40,7 +40,7 @@ contents: |
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=443
- --service-account-key-file=/srv/kubernetes/service-account.pub
- --service-account-key-file=/srv/kubernetes/kube-apiserver/service-account.pub
- --service-cluster-ip-range=100.64.0.0/13
- --storage-backend=etcd3
- --tls-cert-file=/srv/kubernetes/server.crt
@ -166,6 +166,19 @@ mode: "0755"
path: /srv/kubernetes
type: directory
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/kube-apiserver/service-account.pub
type: file
---
contents:
task:
Name: kubelet-api
@ -188,28 +201,6 @@ mode: "0600"
path: /srv/kubernetes/kubelet-api.key
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l
Ah+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD
ZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp
OxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m
74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG
kwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF
6QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.pub
type: file
---
contents: ""
ifNotExists: true
mode: "0400"

32
nodeup/pkg/model/tests/golden/minimal/tasks-kube-controller-manager.yaml
View File

@ -202,31 +202,13 @@ type: file
---
contents: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4
9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R
2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo
xTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+
ZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr
Kl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh
AOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY
-----END RSA PRIVATE KEY-----
mode: "0600"
path: /srv/kubernetes/kube-controller-manager/service-account.key

32
nodeup/pkg/model/tests/golden/minimal/tasks-secret.yaml
View File

@ -112,31 +112,13 @@ type: file
---
contents: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4
9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R
2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo
xTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+
ZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr
Kl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh
AOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY
-----END RSA PRIVATE KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.key

37
nodeup/pkg/model/tests/golden/side-loading/tasks-kube-apiserver-amd64.yaml
View File

@ -40,7 +40,7 @@ contents: |
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=443
- --service-account-key-file=/srv/kubernetes/service-account.pub
- --service-account-key-file=/srv/kubernetes/kube-apiserver/service-account.pub
- --service-cluster-ip-range=100.64.0.0/13
- --storage-backend=etcd3
- --tls-cert-file=/srv/kubernetes/server.crt
@ -166,6 +166,19 @@ mode: "0755"
path: /srv/kubernetes
type: directory
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/kube-apiserver/service-account.pub
type: file
---
contents:
task:
Name: kubelet-api
@ -188,28 +201,6 @@ mode: "0600"
path: /srv/kubernetes/kubelet-api.key
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l
Ah+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD
ZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp
OxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m
74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG
kwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF
6QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.pub
type: file
---
contents: ""
ifNotExists: true
mode: "0400"

37
nodeup/pkg/model/tests/golden/side-loading/tasks-kube-apiserver-arm64.yaml
View File

@ -40,7 +40,7 @@ contents: |
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=443
- --service-account-key-file=/srv/kubernetes/service-account.pub
- --service-account-key-file=/srv/kubernetes/kube-apiserver/service-account.pub
- --service-cluster-ip-range=100.64.0.0/13
- --storage-backend=etcd3
- --tls-cert-file=/srv/kubernetes/server.crt
@ -166,6 +166,19 @@ mode: "0755"
path: /srv/kubernetes
type: directory
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/kube-apiserver/service-account.pub
type: file
---
contents:
task:
Name: kubelet-api
@ -188,28 +201,6 @@ mode: "0600"
path: /srv/kubernetes/kubelet-api.key
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l
Ah+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD
ZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp
OxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m
74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG
kwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF
6QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.pub
type: file
---
contents: ""
ifNotExists: true
mode: "0400"

32
nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-amd64.yaml
View File

@ -202,31 +202,13 @@ type: file
---
contents: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4
9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R
2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo
xTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+
ZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr
Kl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh
AOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY
-----END RSA PRIVATE KEY-----
mode: "0600"
path: /srv/kubernetes/kube-controller-manager/service-account.key

32
nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-arm64.yaml
View File

@ -202,31 +202,13 @@ type: file
---
contents: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4
9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R
2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo
xTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+
ZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr
Kl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh
AOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY
-----END RSA PRIVATE KEY-----
mode: "0600"
path: /srv/kubernetes/kube-controller-manager/service-account.key

37
nodeup/pkg/model/tests/golden/without-etcd-events/tasks-kube-apiserver.yaml
View File

@ -39,7 +39,7 @@ contents: |
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=443
- --service-account-key-file=/srv/kubernetes/service-account.pub
- --service-account-key-file=/srv/kubernetes/kube-apiserver/service-account.pub
- --service-cluster-ip-range=100.64.0.0/13
- --storage-backend=etcd3
- --tls-cert-file=/srv/kubernetes/server.crt
@ -165,6 +165,19 @@ mode: "0755"
path: /srv/kubernetes
type: directory
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/kube-apiserver/service-account.pub
type: file
---
contents:
task:
Name: kubelet-api
@ -187,28 +200,6 @@ mode: "0600"
path: /srv/kubernetes/kubelet-api.key
type: file
---
contents: |
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm
XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ==
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l
Ah+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD
ZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp
OxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m
74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG
kwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF
6QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF
Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ==
-----END RSA PUBLIC KEY-----
mode: "0600"
path: /srv/kubernetes/service-account.pub
type: file
---
contents: ""
ifNotExists: true
mode: "0400"

2
nodeup/pkg/model/tests/kubelet/featuregates/tasks.yaml
View File

@ -3,7 +3,7 @@ path: /etc/kubernetes/manifests
type: directory
---
contents: |
DAEMON_ARGS="--client-ca-file=/srv/kubernetes/ca.crt --feature-gates=AllowExtTrafficLocalEndpoints=false,ExperimentalCriticalPodAnnotation=true --pod-manifest-path=/etc/kubernetes/manifests --register-schedulable=true --volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/ --cni-bin-dir=/opt/cni/bin/ --cni-conf-dir=/etc/cni/net.d/"
DAEMON_ARGS="--cgroup-root=/ --client-ca-file=/srv/kubernetes/ca.crt --cloud-provider=aws --cluster-dns=100.64.0.10 --cluster-domain=cluster.local --enable-debugging-handlers=true --eviction-hard=memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% --feature-gates=AllowExtTrafficLocalEndpoints=false,ExperimentalCriticalPodAnnotation=true --hostname-override=@aws --kubeconfig=/var/lib/kubelet/kubeconfig --network-plugin-mtu=9001 --network-plugin=kubenet --non-masquerade-cidr=100.64.0.0/10 --pod-infra-container-image=k8s.gcr.io/pause:3.2 --pod-manifest-path=/etc/kubernetes/manifests --register-schedulable=true --v=2 --volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/ --cloud-config=/etc/kubernetes/cloud.config --cni-bin-dir=/opt/cni/bin/ --cni-conf-dir=/etc/cni/net.d/"
HOME="/root"
path: /etc/sysconfig/kubelet
type: file

2
nodeup/pkg/model/tests/kubelet/warmpool/tasks.yaml
View File

@ -3,7 +3,7 @@ path: /etc/kubernetes/manifests
type: directory
---
contents: |
DAEMON_ARGS="--authentication-token-webhook=true --authorization-mode=Webhook --client-ca-file=/srv/kubernetes/ca.crt --pod-manifest-path=/etc/kubernetes/manifests --register-schedulable=true --volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/ --cni-bin-dir=/opt/cni/bin/ --cni-conf-dir=/etc/cni/net.d/ --tls-cert-file=/srv/kubernetes/kubelet-server.crt --tls-private-key-file=/srv/kubernetes/kubelet-server.key"
DAEMON_ARGS="--authentication-token-webhook=true --authorization-mode=Webhook --cgroup-driver=systemd --cgroup-root=/ --client-ca-file=/srv/kubernetes/ca.crt --cloud-provider=aws --cluster-dns=100.64.0.10 --cluster-domain=cluster.local --enable-debugging-handlers=true --eviction-hard=memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% --hostname-override=@aws --kubeconfig=/var/lib/kubelet/kubeconfig --network-plugin-mtu=9001 --network-plugin=kubenet --non-masquerade-cidr=100.64.0.0/10 --pod-infra-container-image=k8s.gcr.io/pause:3.2 --pod-manifest-path=/etc/kubernetes/manifests --register-schedulable=true --v=2 --volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/ --cloud-config=/etc/kubernetes/cloud.config --cni-bin-dir=/opt/cni/bin/ --cni-conf-dir=/etc/cni/net.d/ --tls-cert-file=/srv/kubernetes/kubelet-server.crt --tls-private-key-file=/srv/kubernetes/kubelet-server.key"
HOME="/root"
path: /etc/sysconfig/kubelet
type: file

21
pkg/apis/nodeup/config.go
View File

@ -73,6 +73,9 @@ type Config struct {
Hooks [][]kops.HookSpec
// ContainerdConfig config holds the configuration for containerd
ContainerdConfig string `json:"containerdConfig,omitempty"`
// APIServerConfig is additional configuration for nodes running an APIServer.
APIServerConfig *APIServerConfig `json:",omitempty"`
}
// BootConfig is the configuration for the nodeup binary that might be too big to fit in userdata.
@ -116,6 +119,18 @@ type StaticManifest struct {
Path string `json:"path,omitempty"`
}
// APIServerConfig is additional configuration for nodes running an APIServer.
type APIServerConfig struct {
// KubeAPIServer is a copy of the KubeAPIServerConfig from the cluster spec.
KubeAPIServer *kops.KubeAPIServerConfig
// EncryptionConfigSecretHash is a hash of the encryptionconfig secret.
// It is empty if EncryptionConfig is not enabled.
// TODO: give secrets IDs and look them up like we do keypairs.
EncryptionConfigSecretHash string `json:",omitempty"`
// ServiceAccountPublicKeys are the service-account public keys to trust.
ServiceAccountPublicKeys string
}
func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Config, *BootConfig) {
role := instanceGroup.Spec.Role
isMaster := role == kops.InstanceGroupRoleMaster
@ -155,6 +170,12 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
reflectutils.JSONMergeStruct(&config.KubeletConfig, cluster.Spec.Kubelet)
}
if isMaster || role == kops.InstanceGroupRoleAPIServer {
config.APIServerConfig = &APIServerConfig{
KubeAPIServer: cluster.Spec.KubeAPIServer,
}
}
if instanceGroup.Spec.Kubelet != nil {
useSecureKubelet := config.KubeletConfig.AnonymousAuth != nil && !*config.KubeletConfig.AnonymousAuth

6
pkg/model/awsmodel/autoscalinggroup_test.go
View File

@ -180,6 +180,12 @@ func TestAPIServerAdditionalSecurityGroupsWithNLB(t *testing.T) {
Type: "ca",
}
c.AddTask(caTask)
saTask := &fitasks.Keypair{
Name: fi.String("service-account"),
Subject: "cn=service-account",
Type: "ca",
}
c.AddTask(saTask)
b.Build(c)

3
pkg/model/bootstrapscript.go
View File

@ -218,6 +218,9 @@ func (b *BootstrapScriptBuilder) ResourceNodeUp(c *fi.ModelBuilderContext, ig *k
keypairs = append(keypairs, "etcd-client-cilium")
}
}
if ig.HasAPIServer() {
keypairs = append(keypairs, "service-account")
}
caTasks := map[string]*fitasks.Keypair{}
for _, keypair := range keypairs {

6
pkg/model/bootstrapscript_test.go
View File

@ -139,6 +139,12 @@ func TestBootstrapUserData(t *testing.T) {
Type: "ca",
}
c.AddTask(caTask)
saTask := &fitasks.Keypair{
Name: fi.String("service-account"),
Subject: "cn=service-account",
Type: "ca",
}
c.AddTask(saTask)
bs := &BootstrapScriptBuilder{
NodeUpConfigBuilder: &nodeupConfigBuilder{cluster: cluster},

8
pkg/model/openstackmodel/servergroup_test.go
View File

@ -1056,13 +1056,19 @@ func RunGoldenTest(t *testing.T, basedir string, testCase serverGroupModelBuilde
LifecycleOverrides: map[string]fi.Lifecycle{},
}
// We need the CA for the bootstrap script
// We need the CA and service-account for the bootstrap script
caTask := &fitasks.Keypair{
Name: fi.String(fi.CertificateIDCA),
Subject: "cn=kubernetes",
Type: "ca",
}
context.AddTask(caTask)
saTask := &fitasks.Keypair{
Name: fi.String("service-account"),
Subject: "cn=service-account",
Type: "ca",
}
context.AddTask(saTask)
if err := builder.Build(context); err != nil {
t.Fatalf("error from Build: %v", err)

8
pkg/model/openstackmodel/tests/servergroup/adds-additional-security-groups.yaml
View File

@ -78,6 +78,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/adds-cloud-labels-from-ClusterSpec.yaml
View File

@ -77,6 +77,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/adds-cloud-labels-from-InstanceGroupSpec.yaml
View File

@ -77,6 +77,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/configures-server-group-affinity-with-annotations.yaml
View File

@ -76,6 +76,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-auto-zone-distribution.yaml
View File

@ -519,6 +519,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-with-API-loadbalancer.yaml
View File

@ -494,6 +494,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
ID: null
Lifecycle: Sync
Name: master-public-name

8
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion.yaml
View File

@ -531,6 +531,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-external-router.yaml
View File

@ -453,6 +453,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/one-master-one-node-one-bastion-2.yaml
View File

@ -224,6 +224,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/one-master-one-node-one-bastion.yaml
View File

@ -250,6 +250,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/one-master-one-node-without-bastion-no-public-ip-association.yaml
View File

@ -155,6 +155,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/one-master-one-node.yaml
View File

@ -181,6 +181,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/uses-instance-group-subnet-as-availability-zones-fallback.yaml
View File

@ -78,6 +78,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

8
pkg/model/openstackmodel/tests/servergroup/uses-instance-group-zones-as-availability-zones.yaml
View File

@ -78,6 +78,14 @@ oldFormat: false
subject: cn=kubernetes
type: ca
---
Lifecycle: ""
Name: service-account
Signer: null
alternateNames: null
oldFormat: false
subject: cn=service-account
type: ca
---
Base: null
Contents:
task:

2
pkg/model/tests/data/bootstrapscript_0.txt
View File

@ -177,7 +177,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
CloudProvider: aws
InstanceGroupName: testIG
InstanceGroupRole: Master
NodeupConfigHash: ej6j8tOPld2m+scdzaBE9+pJ0mBBa+NqYP/JXQH/1wU=
NodeupConfigHash: L9npiRTZoJ1W2sV9djQigAKS/Bg1SHddDfAZQ6CQAA4=
__EOF_KUBE_ENV

2
pkg/model/tests/data/bootstrapscript_1.txt
View File

@ -177,7 +177,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
CloudProvider: aws
InstanceGroupName: testIG
InstanceGroupRole: Master
NodeupConfigHash: U5k9mxZt5TF/KEuWMRmlZHuH5VODQ+JSonA69DTz+Nk=
NodeupConfigHash: vB51JBmy+BhFYBTDlPnoR0TB5D8VUdMQrHeNa5Lj1bU=
__EOF_KUBE_ENV

2
pkg/model/tests/data/bootstrapscript_2.txt
View File

@ -177,7 +177,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
CloudProvider: aws
InstanceGroupName: testIG
InstanceGroupRole: Master
NodeupConfigHash: U5k9mxZt5TF/KEuWMRmlZHuH5VODQ+JSonA69DTz+Nk=
NodeupConfigHash: vB51JBmy+BhFYBTDlPnoR0TB5D8VUdMQrHeNa5Lj1bU=
__EOF_KUBE_ENV

4
pkg/model/tests/data/nodeupconfig_0.txt
View File

@ -1,3 +1,7 @@
APIServerConfig:
KubeAPIServer:
image: CoreOS
ServiceAccountPublicKeys: ""
CAs: {}
FileAssets:
- content: user,token

4
pkg/model/tests/data/nodeupconfig_1.txt
View File

@ -1,3 +1,7 @@
APIServerConfig:
KubeAPIServer:
image: CoreOS
ServiceAccountPublicKeys: ""
CAs: {}
FileAssets:
- content: blah blah

4
pkg/model/tests/data/nodeupconfig_2.txt
View File

@ -1,3 +1,7 @@
APIServerConfig:
KubeAPIServer:
image: CoreOS
ServiceAccountPublicKeys: ""
CAs: {}
FileAssets:
- content: blah blah

4
tests/integration/update_cluster/apiservernodes/cloudformation.json.extracted.yaml
View File

@ -163,7 +163,7 @@ Resources.AWSEC2LaunchTemplateapiserverapiserversminimalexamplecom.Properties.La
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: apiserver
InstanceGroupRole: APIServer
NodeupConfigHash: p8eLHyXBOZnr+jP1TWpeLlU0+66qXOzHvdBwrKrbH2s=
NodeupConfigHash: FKeaqZnI/dOLrVy8lPWdvS2WvXhUhczI7Iu6lDciQYw=
__EOF_KUBE_ENV
@ -416,7 +416,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: 5UuOxKrId64yamuQR5oP3OCdEq0zTVaMY+FSTAxCuvg=
NodeupConfigHash: tTxzxFjI2kWmTVzywjnJCk1BKOWd28VXY3XooPHnF1k=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: qqkorWeVyTOu3dNGAUmxef9HeHo0fxXNQzRRivqz9ps=
NodeupConfigHash: GUtetdFfK2ik1zoZhCYKpdtrKcOSnzVSscEuiY9+t0E=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/bastionuserdata.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: SzjP73pafM/nsOQLhdSt3fLoP0BJymVTJ32sTv6PCR0=
NodeupConfigHash: 4SeJkVlFhQMg6cdt7qEb+eyViqJqhpK9V/TLPh8G95U=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml
View File

@ -260,7 +260,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties.
ConfigBase: memfs://clusters.example.com/complex.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: d2LINNVhOVDofPTxWK3/5qLttKDWBpczzBm+T//CAOY=
NodeupConfigHash: fvdBgmEKdJZzmDzC5GVq2f0w589jGIZScvvfokIl5HI=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data
View File

@ -259,7 +259,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/complex.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: d2LINNVhOVDofPTxWK3/5qLttKDWBpczzBm+T//CAOY=
NodeupConfigHash: fvdBgmEKdJZzmDzC5GVq2f0w589jGIZScvvfokIl5HI=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data
View File

@ -133,7 +133,7 @@ ensure-install-dir
echo "H4sIAAAAAAAA/+xWTXPbNhC961dgppPJJSbFxE1bTg5V5LRWY6WslI9eIWBFoQIBZgFQVn99ZwFSH47VTKfHdjxjW7uLxe7btw8S2gY5tWat6nLEGN+5N6+X0+XsBlUHSCbGwPCVBlmyNdcORow13PAalt4ir2GquXPgSuYxwEhY47kygItgvGqgZAeLPDolJda2voMOdMmUWdsRYx2gU9aUrMius5cjacU2leC2qp0Z57nW/TVgBO5br6zpa2cmaD0CL+RUB+cBHR2EDox3qYtD9hfZdVa8iG0o87hvG1YwqWZLwB4ErrXdVag6paEmKGIVjHFjzb6xwU2C3xwB4q2aBKnACIi3XzHKiAY8uMx1IpOw5kH7FJqumdpgfMkKsgW/saj+5NTg3Eoo2UTv+N5NqIwRYytl5ERKBOdKNs7iz4ixOMwKbackYEnDHA3Tm8hGOeqx0qFWpq/qHW/AtVzAnVqD2AsN0XynGuUX3NSA8TMVqARMhKAao6kixJwH4z9aHRq44yvQ0XOTWjtlx6n9vdWAsbElCGtkcs6D516Z+lDmJ1htrN1G50eulbzsfmclLMB5VILSRtsCnA0o4LdgPScQvJAJ5r7zjfetK/O8eP5dhK8or8fj4jzy1w4QlRxGmCc2ffPo0ecjxlTDayjZ9nuX1QIzZXOa+hVvlUtE6orseREnRQ4NvkJYAyIMw3y/b4fbZsYDGq5nVfx4a503vEnzeXN/4juuEdWA8DmA8xvgEjDSBWSccsrK6xqh5t7iw9g39x75bfyXqlL3w5HfrxbQWA9XMeLq4bmf0YY2nXt4ILoexn9wVHoDjx8hLy08iIBQWfQlu75+ES2nFJw5F4jhwyh4qzLVA5YJ27QEZgb3vGk1kOGLDL98erv8sJj9gxS5bcEomXdF/sdu644Ze8GZVXFjSlaMx9nLa6JGHmXGpU14zcUWjCwjw5LETK3xaLUGnEdFPUiN4B6I1tPZzcIdxcZ7LjY3QL8XtDxCaVjujagAlZUlK5qxuyQDIlVJGVOJP7xMJRZHJxGFBPtR/EQU2oAwpfQLGzyJ/qB4F7gvDh1eNX2LxyXQiXga4t4mJT6xHfo+Z3hwcK5HUwQJxiuuB6jo6grt/b78auNtWCR2Rh/1uek3bdj+kj39ke/c08tNtvGqk75O6qWApdiADDqN90IOd4j5d/j0wlJefptETWvZv+/M7Z2HRh7sC2t9yfKvsOjm3fKE58X4xGPjqzp8zIjL+vAK3cAq1LUy9S03UtP6Dz1Al9T7lqMsWQONxX3GO640nXtVjMdz9cxYCWt3Zn4yGBX9dT8hwKtvnzyLKH8ROljPYv9+5IRnYn7FCcW845hrtcp7oPNjwBdMNeB3Frfpxe13yyhyWDPn7nMA5GnHz0WD4GytnHOj1uB8fzF4kR+/ReRN73WjhhPSb/8f/H9t8PSy1vQlDHuFoX6Hef8FAAD//wEAAP//MYvDU9kLAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml
echo "H4sIAAAAAAAA/1TOzU7DMBAE4Lufwi+QRhW/ssSFhkJBbREnritnS5zYXuO1neTtUegp19E3o9lZyu1npGJajErCyGJH/mJ+noFRSYfuwqqutc2cMPIGJ3DB4kaTqzW5EJFXoTh4TuA1vkbK4QRuGYGlW2WuEnKqtrBGX2RRyeM/EidqMYfrhTfgTsnj73zbfHfD+4Eey0u5H6ab7TnqO/1Qmv1H0+/DeTbO9KMfnsQfAAAA//8BAAD//7AVi2bPAAAA" | base64 -d | gzip -d > conf/kube_env.yaml
echo "H4sIAAAAAAAA/1TOwU6GMBAE4Hufoi/AX7mQ2MSLGJEoiFw8b8oWMS1bui34+AY9cZ18M5naUZ6GSPsyYdQSDhY1rXaZH4FRS4/eslbKuMwJI9/wB3xweDPklSEfIvIlFO3KCVaDTaQcevDnCJzdInORkFNRwhWN5FDL7g+JnibM4f/CC/CXlmXz/e78XYw127bdbPWqCHJlt3k0H3tjP5/etuq574b740H8AgAA//8BAAD//3cHslLPAAAA" | base64 -d | gzip -d > conf/kube_env.yaml
download-release
echo "== nodeup node config done =="

2
tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml
View File

@ -253,7 +253,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
ConfigBase: memfs://clusters.example.com/containerd.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: vx1g2bnCro3sZcb2sHyjSmq3K4EgSVhtTs+yYjbi1QI=
NodeupConfigHash: Sq0I5pz2L+2D73CjmoeIB/9z1oUeLwslx87/2iK4eJo=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml
View File

@ -245,7 +245,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
ConfigBase: memfs://clusters.example.com/containerd.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: 4BHy4sQg+b+IEBOKmD5oxNIGengpyDckLf4nFZ6KGNs=
NodeupConfigHash: uuHLQ7LEBXbqgo/6XZAPlzKeDK9RdXNals0+fxnVQRk=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml
View File

@ -263,7 +263,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L
ConfigBase: memfs://clusters.example.com/docker.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: XN2xcwEitXKXi4QqWQ5xn9OppwaH9B4XFJiv3s8pEak=
NodeupConfigHash: IZcM9ZumsH5eSiiW8bXlbD1u+j7lZSDcjoB8A8HLvPk=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://tests/existing-iam.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: i3U4CSU3FuqzBJ8Iy+6FytYAjSXhrsYqtQzI1zafsVw=
NodeupConfigHash: ijOrtG5JsHgxXWvIz08I7kb04wa/op1xEDuM6oF4AWk=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://tests/existing-iam.example.com
InstanceGroupName: master-us-test-1b
InstanceGroupRole: Master
NodeupConfigHash: i3U4CSU3FuqzBJ8Iy+6FytYAjSXhrsYqtQzI1zafsVw=
NodeupConfigHash: ijOrtG5JsHgxXWvIz08I7kb04wa/op1xEDuM6oF4AWk=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://tests/existing-iam.example.com
InstanceGroupName: master-us-test-1c
InstanceGroupRole: Master
NodeupConfigHash: i3U4CSU3FuqzBJ8Iy+6FytYAjSXhrsYqtQzI1zafsVw=
NodeupConfigHash: ijOrtG5JsHgxXWvIz08I7kb04wa/op1xEDuM6oF4AWk=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml
View File

@ -245,7 +245,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: qqkorWeVyTOu3dNGAUmxef9HeHo0fxXNQzRRivqz9ps=
NodeupConfigHash: 0z4orA8perAj0Tmz6tIi8Qxg5Xvx4WXpwlTUhbrAyQo=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/existingsg.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: ecln7oNpfW/IJWQs4SqU+sHOJUjB+8seCb8S+NoJ0QU=
NodeupConfigHash: bBHYG3NWErmR1E2THGXxUYh+736/VPsJZbOAzkUaKDA=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/existingsg.example.com
InstanceGroupName: master-us-test-1b
InstanceGroupRole: Master
NodeupConfigHash: ecln7oNpfW/IJWQs4SqU+sHOJUjB+8seCb8S+NoJ0QU=
NodeupConfigHash: bBHYG3NWErmR1E2THGXxUYh+736/VPsJZbOAzkUaKDA=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/existingsg.example.com
InstanceGroupName: master-us-test-1c
InstanceGroupRole: Master
NodeupConfigHash: ecln7oNpfW/IJWQs4SqU+sHOJUjB+8seCb8S+NoJ0QU=
NodeupConfigHash: bBHYG3NWErmR1E2THGXxUYh+736/VPsJZbOAzkUaKDA=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml
View File

@ -245,7 +245,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti
ConfigBase: memfs://clusters.example.com/externallb.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: k/dxP29cl6k3EM5wJXQPtqEEToVO5J3OyPjb9cXhKRo=
NodeupConfigHash: XjxRgkih3TUUmgjQjNJJ/8b2mCbIf8kXQ1qle6ZxIAc=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/externallb.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: k/dxP29cl6k3EM5wJXQPtqEEToVO5J3OyPjb9cXhKRo=
NodeupConfigHash: XjxRgkih3TUUmgjQjNJJ/8b2mCbIf8kXQ1qle6ZxIAc=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data
View File

@ -246,7 +246,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/externalpolicies.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: LfyrKgzpixEpTWAiVk2VfQ9ta/INbSk67k9bv50ybeU=
NodeupConfigHash: DHNc4ru6B1/N/vyTrkKAdephpBwUM8dm7/cy5xk4D+w=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://tests/ha.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: 3X+531QYc0K5Mucy4dCdoIlZnq0bY2IxjWBg6XCqCxk=
NodeupConfigHash: P1aR3ZEi0agPY9otd70azdS2HHfkowgL1rlaYVacN4o=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://tests/ha.example.com
InstanceGroupName: master-us-test-1b
InstanceGroupRole: Master
NodeupConfigHash: 3X+531QYc0K5Mucy4dCdoIlZnq0bY2IxjWBg6XCqCxk=
NodeupConfigHash: P1aR3ZEi0agPY9otd70azdS2HHfkowgL1rlaYVacN4o=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://tests/ha.example.com
InstanceGroupName: master-us-test-1c
InstanceGroupRole: Master
NodeupConfigHash: 3X+531QYc0K5Mucy4dCdoIlZnq0bY2IxjWBg6XCqCxk=
NodeupConfigHash: P1aR3ZEi0agPY9otd70azdS2HHfkowgL1rlaYVacN4o=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script
View File

@ -245,7 +245,7 @@ CloudProvider: gce
ConfigBase: memfs://tests/ha-gce.example.com
InstanceGroupName: master-us-test1-a
InstanceGroupRole: Master
NodeupConfigHash: /PiYerlnADgL+mIWkpZ0RTPcyOoQk4kwvLOKVAcQdpA=
NodeupConfigHash: MzIcPf5bm65emH0rC70EKM77eI6uG3GJhfrHgafhkT8=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script
View File

@ -245,7 +245,7 @@ CloudProvider: gce
ConfigBase: memfs://tests/ha-gce.example.com
InstanceGroupName: master-us-test1-b
InstanceGroupRole: Master
NodeupConfigHash: /PiYerlnADgL+mIWkpZ0RTPcyOoQk4kwvLOKVAcQdpA=
NodeupConfigHash: MzIcPf5bm65emH0rC70EKM77eI6uG3GJhfrHgafhkT8=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script
View File

@ -245,7 +245,7 @@ CloudProvider: gce
ConfigBase: memfs://tests/ha-gce.example.com
InstanceGroupName: master-us-test1-c
InstanceGroupRole: Master
NodeupConfigHash: /PiYerlnADgL+mIWkpZ0RTPcyOoQk4kwvLOKVAcQdpA=
NodeupConfigHash: MzIcPf5bm65emH0rC70EKM77eI6uG3GJhfrHgafhkT8=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: fOpCb4QTuHyO2Wo7MOFc3qAlO5hfL9HKVyi5Jk5TKTs=
NodeupConfigHash: hg3B2NPa/EF93K1qBzwPizWyXldYa+5ubf39Q5Uk6t4=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View File

@ -252,7 +252,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: AnhG4S2vmSqlFp6NF4pMR9ohvNnofkglN7LqKAdTlOo=
NodeupConfigHash: ln7bIlLHHQFmg6Zb3FO2RKQma/CI1qtw17XgGc3o/qU=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-etcd/cloudformation.json.extracted.yaml
View File

@ -261,7 +261,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimaletcdexamplecom.Propert
ConfigBase: memfs://clusters.example.com/minimal-etcd.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: nFj4StYotytc8HjM+2SFARL30uAbj5DCiMarLWo4+/Q=
NodeupConfigHash: GaR1NvHcan/TYk50u3CSMboThzKascwLmIiUYnHYl7o=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml
View File

@ -251,7 +251,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: qqkorWeVyTOu3dNGAUmxef9HeHo0fxXNQzRRivqz9ps=
NodeupConfigHash: 0z4orA8perAj0Tmz6tIi8Qxg5Xvx4WXpwlTUhbrAyQo=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View File

@ -250,7 +250,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: qqkorWeVyTOu3dNGAUmxef9HeHo0fxXNQzRRivqz9ps=
NodeupConfigHash: 0z4orA8perAj0Tmz6tIi8Qxg5Xvx4WXpwlTUhbrAyQo=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-ipv6/cloudformation.json.extracted.yaml
View File

@ -245,7 +245,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: iDp7DUag7QChvfo5ntgbL23Vx2fQJjm/dEC9+zkqPAs=
NodeupConfigHash: P/NyVuDBHbEjsjc2b4aB86Lvn7+F6HYawQcf+vu2H2I=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: iDp7DUag7QChvfo5ntgbL23Vx2fQJjm/dEC9+zkqPAs=
NodeupConfigHash: P/NyVuDBHbEjsjc2b4aB86Lvn7+F6HYawQcf+vu2H2I=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal-json.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: LmusQHbPviFiPM3JAi3EpYF8G1I7dJudRZF1oiAQ2ac=
NodeupConfigHash: D1GfC6ZTtM+f7JEWvxvwmHduPUBCOniEksTcBYQ/Fy8=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data
View File

@ -253,7 +253,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal-warmpool.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: Ao8uVAOR6P40iWBoICjT6phr+HWNDICXSkZAJAG9a8g=
NodeupConfigHash: MYFIg34AcC89M1I2DI0sadoxyUy/sZYhV9CVZsJEv1o=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal/cloudformation.json.extracted.yaml
View File

@ -245,7 +245,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: qqkorWeVyTOu3dNGAUmxef9HeHo0fxXNQzRRivqz9ps=
NodeupConfigHash: 0z4orA8perAj0Tmz6tIi8Qxg5Xvx4WXpwlTUhbrAyQo=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View File

@ -244,7 +244,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: qqkorWeVyTOu3dNGAUmxef9HeHo0fxXNQzRRivqz9ps=
NodeupConfigHash: 0z4orA8perAj0Tmz6tIi8Qxg5Xvx4WXpwlTUhbrAyQo=
__EOF_KUBE_ENV

2
tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script
View File

@ -245,7 +245,7 @@ CloudProvider: gce
ConfigBase: memfs://tests/minimal-gce.example.com
InstanceGroupName: master-us-test1-a
InstanceGroupRole: Master
NodeupConfigHash: QVr+bhltJSYAUMZr9ikiLkK3UuP18t3+D78FJLGY+/A=
NodeupConfigHash: RrcEnJWcbxqxB1TbUqhS49YsSaP3ea6hHPxr+tbHM3A=
__EOF_KUBE_ENV

Some files were not shown because too many files have changed in this diff Show More