From d94bb2677686165232e3c5039c6e59b650fbaf05 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 13 Jan 2017 11:00:01 -0500 Subject: [PATCH] Conditionally write token file entries --- cluster/gce/container-linux/configure-helper.sh | 16 ++++++++++++---- cluster/gce/gci/configure-helper.sh | 16 ++++++++++++---- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh index 50cb86825c0..f0c3925e891 100755 --- a/cluster/gce/container-linux/configure-helper.sh +++ b/cluster/gce/container-linux/configure-helper.sh @@ -157,10 +157,18 @@ function create-master-auth { replace_prefixed_line "${basic_auth_csv}" "${KUBE_PASSWORD},${KUBE_USER}," "admin,system:masters" fi local -r known_tokens_csv="${auth_dir}/known_tokens.csv" - replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}" "admin,admin,system:masters" - replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}" "system:kube-controller-manager,uid:system:kube-controller-manager" - replace_prefixed_line "${known_tokens_csv}" "${KUBELET_TOKEN}" "system:node:node-name,uid:kubelet,system:nodes" - replace_prefixed_line "${known_tokens_csv}" "${KUBE_PROXY_TOKEN}" "system:kube-proxy,uid:kube_proxy" + if [[ -n "${KUBE_BEARER_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters" + fi + if [[ -n "${KUBE_CONTROLLER_MANAGER_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager" + fi + if [[ -n "${KUBELET_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBELET_TOKEN}," "system:node:node-name,uid:kubelet,system:nodes" + fi + if [[ -n "${KUBE_PROXY_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBE_PROXY_TOKEN}," "system:kube-proxy,uid:kube_proxy" + fi local use_cloud_config="false" cat </etc/gce.conf [global] diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index e98e26259c1..2cc370372e7 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -224,10 +224,18 @@ function create-master-auth { replace_prefixed_line "${basic_auth_csv}" "${KUBE_PASSWORD},${KUBE_USER}," "admin,system:masters" fi local -r known_tokens_csv="${auth_dir}/known_tokens.csv" - replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters" - replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager" - replace_prefixed_line "${known_tokens_csv}" "${KUBELET_TOKEN}," "system:node:node-name,uid:kubelet,system:nodes" - replace_prefixed_line "${known_tokens_csv}" "${KUBE_PROXY_TOKEN}," "system:kube-proxy,uid:kube_proxy" + if [[ -n "${KUBE_BEARER_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters" + fi + if [[ -n "${KUBE_CONTROLLER_MANAGER_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager" + fi + if [[ -n "${KUBELET_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBELET_TOKEN}," "system:node:node-name,uid:kubelet,system:nodes" + fi + if [[ -n "${KUBE_PROXY_TOKEN:-}" ]]; then + replace_prefixed_line "${known_tokens_csv}" "${KUBE_PROXY_TOKEN}," "system:kube-proxy,uid:kube_proxy" + fi local use_cloud_config="false" cat </etc/gce.conf [global]