Skip to content

Commit

Permalink
Merge pull request #10891 from olemarkus/automated-cherry-pick-of-#10…
Browse files Browse the repository at this point in the history 
…888-origin-release-1.20

Automated cherry pick of #10888: Use internal api url for jwks when required
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Mar 5, 2021
2 parents eb8378c + 846273c commit c932779
Show file tree
Hide file tree
Showing 60 changed files with 145 additions and 129 deletions.
18 changes: 17 additions & 1 deletion pkg/model/iam/subject.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"k8s.io/apimachinery/pkg/types"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/wellknownusers"
"k8s.io/kops/upup/pkg/fi"
)

// Subject represents an IAM identity, to which permissions are granted.
Expand Down Expand Up @@ -85,7 +86,22 @@ func ServiceAccountIssuer(clusterName string, clusterSpec *kops.ClusterSpec) str
if clusterSpec.KubeAPIServer != nil && clusterSpec.KubeAPIServer.ServiceAccountIssuer != nil {
return *clusterSpec.KubeAPIServer.ServiceAccountIssuer
}
return "https://api." + clusterName
if supportsPublicJWKS(clusterSpec) {
return "https://api." + clusterName
}
return "https://api.internal." + clusterName
}

func supportsPublicJWKS(clusterSpec *kops.ClusterSpec) bool {
if !fi.BoolValue(clusterSpec.KubeAPIServer.AnonymousAuth) {
return false
}
for _, cidr := range clusterSpec.KubernetesAPIAccess {
if cidr == "0.0.0.0/0" {
return true
}
}
return false
}

// AddServiceAccountRole adds the appropriate mounts / env vars to enable a pod to use a service-account role
Expand Down
4 changes: 2 additions & 2 deletions .../data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.bastionuserdata.example.com
serviceAccountJWKSURI: https://api.bastionuserdata.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.bastionuserdata.example.com
serviceAccountJWKSURI: https://api.internal.bastionuserdata.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,8 +220,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.complex.example.com
serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.complex.example.com
serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
serviceNodePortRange: 28000-32767
storageBackend: etcd3
Expand Down
4 changes: 2 additions & 2 deletions .../complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,8 +219,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.complex.example.com
serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.complex.example.com
serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
serviceNodePortRange: 28000-32767
storageBackend: etcd3
Expand Down
2 changes: 1 addition & 1 deletion ...ompress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ function download-release() {
echo "== nodeup node config starting =="
ensure-install-dir

echo "H4sIAAAAAAAA/+xWbW/bthN/709B9I+ibxrJSvLvNqEF5jnd4jXpPLsPA4ZioMmzzJki1SOpxMM+/HCkbMtOsm7ry80GbPGeeA+/u5PQNsixNUtVlQPGam54BXNvkVcw1tw5cCXzGGAgrPFcGcBZMF7VULIdRe6ZkqyIaO+HFhCVhJL9PmCMsRbQKWvYC3Y6iISfGx0qZdyHdNwTskfKZnuTWYWNyNoiE6ge7YT/mniP3tP827oZpqDdgZF/boYexIcDU4x1zF/8pgH2gh2ZJI2sPX00ONL6LBcy23hlqQTs6DPfOA+1HFdoQ8NeJAwwpm11BS3okimztINdVUtWZOfZ2UBasQYkELi1aibGea51hyAwAjfxvg5wzAStB+CFHOvgPKAjRWjB+PjUs36WnWfFWUSoMvfz1mEBo+lkDtgmD7jW9maKqlUaKpDlNgZurNnUNrhR8KuSLbl2kdyoUZAKjIB4+wkji2jAg8tcKzIJSx60T6LpmrENxpesIFrwK4vqN04BXlvC/Ujf8I0bkRsDxhbKyJGUCM6VbJjFLzULdeAUbaskYMn4jaMcGL7QMJK1chTjNJU4efWa1+AaLuBKLUFshIZIvlK18jNuKsB4JgeVgJEQ5GMkTSljzoPx76wONVzxBejIuUih9Ru/T39jNWAMbA7CGpmY18Fzr0y1c/M9LFbWriPzHddKPsx+bSXMwHlUgsxG2gycDSjgx2A9pyR4IVOau8hX3jdlnhenX8TsFeX5cFgcCm6HTqeRJzD97z7N0wFjquYVlGz9pcsqgZmyOdX8hDfKJRi1RXaa6kQMDX6KsARE2JbyzabZXjYxHtBwPZnG46V13vA6VeflbY+3byLyAeFjAOdXwCVgBAvIWONklVcVQsW9xWPZl7ce+WV8JK/U7Vblp5MZ1NbDSZQ4Odb7jlo66R0rRNax/FtHrtdwvwpxqd1BBISpRV+y8/OzSOkDcOJcIHxTJVyZ57xRmbB1QznM4JbXjQYi3FH8/v2r+dvZ5NOauW3AKJm3Rf7rzdrtDXXDZTKN3VGyYjjMnp0TEPI4UlxC/TdcrMHIMsIpjZOxNR6t1oDXcTHuxorgHgjC48nFzO0Hi/dcrC6AfmfUKEJpmG+MmAIqK0tW1EP3UMuL5CVZTC5+9Sy5WOyZBAvau/emLW3dgDAm8zMbPO3u7XR7AOliF+FJ3YW4h7xOMNMQezRN3R6tvLsUCM/BweHsGSNIMF5xvU0VXT1Fe7spPxl4E2YJi5FHca66vtq/Xzz5mt+4Jw8H2cSrenH1/CWBuViBDDqV9wEbbifzefnpxkj58B4SceVeoKL5w1zawzv6zFpfsvwTKLp4Pe/hvBj2ODZu0O0xIyzr3ca5gEWoKmWqS26kpmbfxgBtmtSXHGXJaqgtbjLecqVJ73kxHF6rp8ZKWLoD8uMtUdG/+xYBnv//8dOY5TuiW+qB7J+XnPKZkD/llMW85Zhrtci7ROd7gTtINeBvLK7Tdu16yyhiWHPN3ccAyFOPHw4NSmdj5TU3agnOdxeDF/n+jSGvO64b1Jwy/eq/wv/bCk97tKIXLuwmDMW7rfcfAAAA//8BAAD//5CIzc16DQAA" | base64 -d | gzip -d > conf/cluster_spec.yaml
echo "H4sIAAAAAAAA/+xW648bNRD/nr/CKqr6pbebvTsKrFqJkCtc6N0Rkj6QUIUce7Ix8drbsb13QfzxaOzN8y6U0o+QSMl6Xp7Hb2ZWaBvk0Jq5qsoeYzU3vIKpt8grGGruHLiSeQzQE9Z4rgzgJBivaijZhiK3TElWRLT3UwuISkLJ/uwxxlgL6JQ17AU77UXCr40OlTLufTpuCdkjZbOtyazCRmRtkQlUjzbC/0x8h76j+cm6Gaag3Z6Rf2+GHsT7PVOMdczf/KoB9oIdmCSNrD191DvQ+iwXMtt4ZakE7OAzXTkPtRxWaEPDXiQMMKZtdQUt6JIpM7e9TVVLVmTn2VlPWrEEJBC4pWpGxnmudYcgMAJX8b4OcMwErXvghRzq4DygI0Vowfj4tGP9LDvPirOIUGUe5i3DDAbj0RSwTR5wre3tGFWrNFQgy3UM3Fizqm1wg+AXJZtz7SK5UYMgFRgB8fYTRhbRgAeXuVZkEuY8aJ9E0zVDG4wvWUG04BcW1R+cAry2hPuBvuUrNyA3eozNlJEDKRGcK1k/i19qFurAMdpWScCS8VtHOTB8pmEga+UoxnEqcfLqhtfgGi7gSs1BrISGSL5StfITbirAeCYHlYCBEORjJI0pY86D8W+tDjVc8RnoyLlIoe02/i79tdWAMbApCGtkYl4Hz70y1cbNdzBbWLuMzLdcK3mcfWMlTMB5VILMRtoEnA0o4OdgPackeCFTmrvIF943ZZ4Xp1/F7BXleb9f7Auuh06nkScwffGQ5mmPMVXzCkq2/NpllcBM2ZxqfsIb5RKM2iI7TXUihgY/RpgDIqxL+XrVrC8bGQ9ouB6N4/HSOm94narz8m6Ht20i8gHhQwDnF8AlYAQLyFjjZJVXFULFvcVD2Zd3HvllfCSv1N1a5ZeTCdTWw0mUODnU+4FaOukdKkTWofwbR67X8LAKcandQQSEsUVfsvPzs0jZBeDIuUD4pkq4Ms95ozLVJSwTtm4omRnc8brRQIR7Fn5892r6ZjL6BBO5bcAombdF/vvt0m0tduNmNI79UrKi38+enRM08jhkXOqD77hYgpFlBFgaMENrPFqtAa/jqtwMGsE9EKiHo4uJ244a77lYXAD9Tqh1hNIwXRkxBlRWlqyo++7YEBDJS7KYXPzmWXKx2DIJKLSJH8xf2sMBYUjmJzZ42ubreXcE+2IT4UndhbhtAp2ApyF2bZrDO7Ty/poghAcH+9NoiCDBeMX1OlV09Rjt3ar8aOBNmCR0Rh7Fueg6bfvG8eRbfuueHA+yiVftxLXjLwlMxQJk0Km8R2y4jczn5acbLOXxzSTiEr5ARROJubSZN/SJtb5k+UdQdHEz3cF50d/h2LhT18eMsKw3O+gCZqGqlKkuuZGa2n8dA7Rpdl9ylCWroba4ynjLlSa950W/f62eGith7vbIj9dERf/uewR4/uXjpzHL90TX1D3Zvy855TMhf8wpi3nLMddqlneJzrcC95BqwN9aXKZ92/WWUcSw5pq7DwGQpx7fHxqUzsbKa27UHJzvLgYv8u07RF53XNerOWX61f+F/68VnjZrRa9g2E0Yindd778AAAD//wEAAP//mzuXKIwNAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml

echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml

Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.containerd.example.com
serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.containerd.example.com
serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.containerd.example.com
serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.containerd.example.com
serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.docker.example.com
serviceAccountJWKSURI: https://api.docker.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.docker.example.com
serviceAccountJWKSURI: https://api.internal.docker.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existing-iam.example.com
serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existing-iam.example.com
serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existing-iam.example.com
serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existing-iam.example.com
serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existing-iam.example.com
serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existing-iam.example.com
serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...ng_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existingsg.example.com
serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existingsg.example.com
serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...ng_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existingsg.example.com
serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existingsg.example.com
serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...ng_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existingsg.example.com
serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existingsg.example.com
serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.externallb.example.com
serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.externallb.example.com
serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...nallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.externallb.example.com
serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.externallb.example.com
serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.externalpolicies.example.com
serviceAccountJWKSURI: https://api.externalpolicies.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.externalpolicies.example.com
serviceAccountJWKSURI: https://api.internal.externalpolicies.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
serviceNodePortRange: 28000-32767
storageBackend: etcd3
Expand Down
4 changes: 2 additions & 2 deletions ...te_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha.example.com
serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha.example.com
serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...te_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha.example.com
serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha.example.com
serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...te_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha.example.com
serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha.example.com
serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...le_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha-gce.example.com
serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha-gce.example.com
serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...le_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha-gce.example.com
serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha-gce.example.com
serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...le_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha-gce.example.com
serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha-gce.example.com
serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
12 changes: 6 additions & 6 deletions tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amasterslaunchtemplatese
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down Expand Up @@ -544,8 +544,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmasterslaunchtemplatese
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down Expand Up @@ -882,8 +882,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1cmasterslaunchtemplatese
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions .../aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions .../aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions .../aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
Loading

0 comments on commit c932779

Please sign in to comment.