From 9853e8e7c39d6ac4093eaca76749c608b6878948 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= Date: Mon, 20 Feb 2017 21:26:59 +0200 Subject: [PATCH] kubeadm: Add the --use-service-account-credentials to controller-manager --- cmd/kubeadm/app/master/manifests.go | 3 +-- cmd/kubeadm/app/master/manifests_test.go | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/cmd/kubeadm/app/master/manifests.go b/cmd/kubeadm/app/master/manifests.go index 7b8e7fc7698..a3d9d04f447 100644 --- a/cmd/kubeadm/app/master/manifests.go +++ b/cmd/kubeadm/app/master/manifests.go @@ -37,7 +37,6 @@ import ( // Static pod definitions in golang form are included below so that `kubeadm init` can get going. const ( - DefaultClusterName = "kubernetes" DefaultCloudConfigPath = "/etc/kubernetes/cloud-config" etcd = "etcd" @@ -387,12 +386,12 @@ func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted "--address=127.0.0.1", "--leader-elect", "--master=127.0.0.1:8080", - "--cluster-name="+DefaultClusterName, "--root-ca-file="+getCertFilePath(kubeadmconstants.CACertName), "--service-account-private-key-file="+getCertFilePath(kubeadmconstants.ServiceAccountPrivateKeyName), "--cluster-signing-cert-file="+getCertFilePath(kubeadmconstants.CACertName), "--cluster-signing-key-file="+getCertFilePath(kubeadmconstants.CAKeyName), "--insecure-experimental-approve-all-kubelet-csrs-for-group="+kubeadmconstants.CSVTokenBootstrapGroup, + "--use-service-account-credentials", ) if cfg.CloudProvider != "" { diff --git a/cmd/kubeadm/app/master/manifests_test.go b/cmd/kubeadm/app/master/manifests_test.go index 179c0202063..353ff5459b5 100644 --- a/cmd/kubeadm/app/master/manifests_test.go +++ b/cmd/kubeadm/app/master/manifests_test.go @@ -481,12 +481,12 @@ func TestGetControllerManagerCommand(t *testing.T) { "--address=127.0.0.1", "--leader-elect", "--master=127.0.0.1:8080", - "--cluster-name=" + DefaultClusterName, "--root-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", "--service-account-private-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.key", "--cluster-signing-cert-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", "--cluster-signing-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.key", "--insecure-experimental-approve-all-kubelet-csrs-for-group=kubeadm:kubelet-bootstrap", + "--use-service-account-credentials", }, }, { @@ -496,12 +496,12 @@ func TestGetControllerManagerCommand(t *testing.T) { "--address=127.0.0.1", "--leader-elect", "--master=127.0.0.1:8080", - "--cluster-name=" + DefaultClusterName, "--root-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", "--service-account-private-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.key", "--cluster-signing-cert-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", "--cluster-signing-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.key", "--insecure-experimental-approve-all-kubelet-csrs-for-group=kubeadm:kubelet-bootstrap", + "--use-service-account-credentials", "--cloud-provider=foo", }, }, @@ -512,12 +512,12 @@ func TestGetControllerManagerCommand(t *testing.T) { "--address=127.0.0.1", "--leader-elect", "--master=127.0.0.1:8080", - "--cluster-name=" + DefaultClusterName, "--root-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", "--service-account-private-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.key", "--cluster-signing-cert-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", "--cluster-signing-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.key", "--insecure-experimental-approve-all-kubelet-csrs-for-group=kubeadm:kubelet-bootstrap", + "--use-service-account-credentials", "--allocate-node-cidrs=true", "--cluster-cidr=bar", },