From 0a821a473dadc08b8f82f623a5179b904f9474d4 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Tue, 29 Mar 2016 14:27:28 -0700 Subject: [PATCH] stop create secrets for dns, it uses the kube-system service account now --- cluster/gce/configure-vm.sh | 2 +- cluster/gce/coreos/configure-node.sh | 2 +- cluster/gce/trusty/configure-helper.sh | 1 - .../saltbase/salt/kube-addons/kube-addons.sh | 90 ------------------- 4 files changed, 2 insertions(+), 93 deletions(-) diff --git a/cluster/gce/configure-vm.sh b/cluster/gce/configure-vm.sh index 9c83109543e..cd88eb16e35 100755 --- a/cluster/gce/configure-vm.sh +++ b/cluster/gce/configure-vm.sh @@ -585,7 +585,7 @@ function create-salt-master-auth() { # NB: If this list ever changes, this script actually has to # change to detect the existence of this file, kill any deleted # old tokens and add any new tokens (to handle the upgrade case). - local -r service_accounts=("system:scheduler" "system:controller_manager" "system:logging" "system:monitoring" "system:dns") + local -r service_accounts=("system:scheduler" "system:controller_manager" "system:logging" "system:monitoring") for account in "${service_accounts[@]}"; do token=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null) echo "${token},${account},${account}" >> "${KNOWN_TOKENS_FILE}" diff --git a/cluster/gce/coreos/configure-node.sh b/cluster/gce/coreos/configure-node.sh index b9cff960f35..d279b8e9d83 100644 --- a/cluster/gce/coreos/configure-node.sh +++ b/cluster/gce/coreos/configure-node.sh @@ -256,7 +256,7 @@ function create-salt-master-auth() { # NB: If this list ever changes, this script actually has to # change to detect the existence of this file, kill any deleted # old tokens and add any new tokens (to handle the upgrade case). - local -r service_accounts=("system:scheduler" "system:controller_manager" "system:logging" "system:monitoring" "system:dns") + local -r service_accounts=("system:scheduler" "system:controller_manager" "system:logging" "system:monitoring") for account in "${service_accounts[@]}"; do token=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null) echo "${token},${account},${account}" >> "${KNOWN_TOKENS_FILE}" diff --git a/cluster/gce/trusty/configure-helper.sh b/cluster/gce/trusty/configure-helper.sh index 88095962854..a5ee96a80b1 100644 --- a/cluster/gce/trusty/configure-helper.sh +++ b/cluster/gce/trusty/configure-helper.sh @@ -309,7 +309,6 @@ create_master_auth() { add_token_entry "system:controller_manager" "${known_tokens_csv}" add_token_entry "system:logging" "${known_tokens_csv}" add_token_entry "system:monitoring" "${known_tokens_csv}" - add_token_entry "system:dns" "${known_tokens_csv}" fi if [ -n "${PROJECT_ID:-}" ] && [ -n "${TOKEN_URL:-}" ] && [ -n "${TOKEN_BODY:-}" ] && [ -n "${NODE_NETWORK:-}" ]; then diff --git a/cluster/saltbase/salt/kube-addons/kube-addons.sh b/cluster/saltbase/salt/kube-addons/kube-addons.sh index 19fafb6d2c6..ab1633dd73b 100644 --- a/cluster/saltbase/salt/kube-addons/kube-addons.sh +++ b/cluster/saltbase/salt/kube-addons/kube-addons.sh @@ -22,7 +22,6 @@ KUBECTL=${KUBECTL_BIN:-/usr/local/bin/kubectl} ADDON_CHECK_INTERVAL_SEC=${TEST_ADDON_CHECK_INTERVAL_SEC:-600} SYSTEM_NAMESPACE=kube-system -token_dir=${TOKEN_DIR:-/srv/kubernetes} trusty_master=${TRUSTY_MASTER:-false} function ensure_python() { @@ -35,72 +34,6 @@ function ensure_python() { fi } -function create-kubeconfig-secret() { - local -r token=$1 - local -r username=$2 - local -r server=$3 - local -r safe_username=$(tr -s ':_' '--' <<< "${username}") - - # Make a kubeconfig file with the token. - if [[ ! -z "${CA_CERT:-}" ]]; then - # If the CA cert is available, put it into the secret rather than using - # insecure-skip-tls-verify. - read -r -d '' kubeconfig <