From 5039d93c60afeca5be85a6d6e0a34043cbbdb3f7 Mon Sep 17 00:00:00 2001 From: Colin Hom Date: Fri, 7 Oct 2016 14:07:17 -0700 Subject: [PATCH] fixup: iam roles are now uniquely identified by CLUSTER_ID + VPC_ID this is the same criteria that is currently applied for ascertaining ownership other resources ( eg: security groups, which are also deleted in a similar fashion) We are now respecting existing cluster namespace isolation rules. --- cluster/aws/config-default.sh | 2 -- cluster/aws/config-test.sh | 2 -- cluster/aws/util.sh | 3 +++ 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/cluster/aws/config-default.sh b/cluster/aws/config-default.sh index 320185a2de3..6aa1a23b97f 100644 --- a/cluster/aws/config-default.sh +++ b/cluster/aws/config-default.sh @@ -68,8 +68,6 @@ CLUSTER_ID=${INSTANCE_PREFIX} VPC_NAME=${VPC_NAME:-kubernetes-vpc} AWS_SSH_KEY=${AWS_SSH_KEY:-$HOME/.ssh/kube_aws_rsa} CONFIG_CONTEXT="${KUBE_CONFIG_CONTEXT:-aws_${INSTANCE_PREFIX}}" -IAM_PROFILE_MASTER="kubernetes-master" -IAM_PROFILE_NODE="kubernetes-minion" LOG="/dev/null" diff --git a/cluster/aws/config-test.sh b/cluster/aws/config-test.sh index 6cc07cef11c..4ac6492d540 100755 --- a/cluster/aws/config-test.sh +++ b/cluster/aws/config-test.sh @@ -56,8 +56,6 @@ CONFIG_CONTEXT="${KUBE_CONFIG_CONTEXT:-aws_${INSTANCE_PREFIX}}" CLUSTER_ID=${INSTANCE_PREFIX} VPC_NAME=${VPC_NAME:-kubernetes-vpc} AWS_SSH_KEY=${AWS_SSH_KEY:-$HOME/.ssh/kube_aws_rsa} -IAM_PROFILE_MASTER="kubernetes-master-${INSTANCE_PREFIX}" -IAM_PROFILE_NODE="kubernetes-minion-${INSTANCE_PREFIX}" LOG="/dev/null" diff --git a/cluster/aws/util.sh b/cluster/aws/util.sh index 80cc1a54653..3dcfab73637 100755 --- a/cluster/aws/util.sh +++ b/cluster/aws/util.sh @@ -120,6 +120,9 @@ fi MASTER_SG_NAME="kubernetes-master-${CLUSTER_ID}" NODE_SG_NAME="kubernetes-minion-${CLUSTER_ID}" +IAM_PROFILE_MASTER="kubernetes-master-${CLUSTER_ID}-${VPC_NAME}" +IAM_PROFILE_NODE="kubernetes-minion-${CLUSTER_ID}-${VPC_NAME}" + # Be sure to map all the ephemeral drives. We can specify more than we actually have. # TODO: Actually mount the correct number (especially if we have more), though this is non-trivial, and # only affects the big storage instance types, which aren't a typical use case right now.