Skip to content

Commit

Permalink
Use internal api url for jwks
Browse files Browse the repository at this point in the history 
The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one.
This should finally pass the OIDC e2e test
  • Loading branch information
Ole Markus With committed Feb 19, 2021
1 parent 829f246 commit a071c27
Show file tree
Hide file tree
Showing 63 changed files with 134 additions and 134 deletions.
2 changes: 1 addition & 1 deletion pkg/model/iam/subject.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func ServiceAccountIssuer(clusterName string, clusterSpec *kops.ClusterSpec) str
if clusterSpec.KubeAPIServer != nil && clusterSpec.KubeAPIServer.ServiceAccountIssuer != nil {
return *clusterSpec.KubeAPIServer.ServiceAccountIssuer
}
return "https://api." + clusterName
return "https://api.internal." + clusterName
}

// AddServiceAccountRole adds the appropriate mounts / env vars to enable a pod to use a service-account role
Expand Down
4 changes: 2 additions & 2 deletions .../data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.bastionuserdata.example.com
serviceAccountJWKSURI: https://api.bastionuserdata.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.bastionuserdata.example.com
serviceAccountJWKSURI: https://api.internal.bastionuserdata.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,8 +220,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.complex.example.com
serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.complex.example.com
serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
serviceNodePortRange: 28000-32767
storageBackend: etcd3
Expand Down
4 changes: 2 additions & 2 deletions .../complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,8 +219,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.complex.example.com
serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.complex.example.com
serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
serviceNodePortRange: 28000-32767
storageBackend: etcd3
Expand Down
2 changes: 1 addition & 1 deletion ...ompress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ function download-release() {
echo "== nodeup node config starting =="
ensure-install-dir

echo "H4sIAAAAAAAA/+xWbW/bthN/709B9I+ibxrJSvLvNqEF5jnd4jXpPLsPA4ZioMmzzJki1SOpxMM+/HCkbMtOsm7ry80GbPGeeA+/u5PQNsixNUtVlQPGam54BXNvkVcw1tw5cCXzGGAgrPFcGcBZMF7VULIdRe6ZkqyIaO+HFhCVhJL9PmCMsRbQKWvYC3Y6iISfGx0qZdyHdNwTskfKZnuTWYWNyNoiE6ge7YT/mniP3tP827oZpqDdgZF/boYexIcDU4x1zF/8pgH2gh2ZJI2sPX00ONL6LBcy23hlqQTs6DPfOA+1HFdoQ8NeJAwwpm11BS3okimztINdVUtWZOfZ2UBasQYkELi1aibGea51hyAwAjfxvg5wzAStB+CFHOvgPKAjRWjB+PjUs36WnWfFWUSoMvfz1mEBo+lkDtgmD7jW9maKqlUaKpDlNgZurNnUNrhR8KuSLbl2kdyoUZAKjIB4+wkji2jAg8tcKzIJSx60T6LpmrENxpesIFrwK4vqN04BXlvC/Ujf8I0bkRsDxhbKyJGUCM6VbJjFLzULdeAUbaskYMn4jaMcGL7QMJK1chTjNJU4efWa1+AaLuBKLUFshIZIvlK18jNuKsB4JgeVgJEQ5GMkTSljzoPx76wONVzxBejIuUih9Ru/T39jNWAMbA7CGpmY18Fzr0y1c/M9LFbWriPzHddKPsx+bSXMwHlUgsxG2gycDSjgx2A9pyR4IVOau8hX3jdlnhenX8TsFeX5cFgcCm6HTqeRJzD97z7N0wFjquYVlGz9pcsqgZmyOdX8hDfKJRi1RXaa6kQMDX6KsARE2JbyzabZXjYxHtBwPZnG46V13vA6VeflbY+3byLyAeFjAOdXwCVgBAvIWONklVcVQsW9xWPZl7ce+WV8JK/U7Vblp5MZ1NbDSZQ4Odb7jlo66R0rRNax/FtHrtdwvwpxqd1BBISpRV+y8/OzSOkDcOJcIHxTJVyZ57xRmbB1QznM4JbXjQYi3FH8/v2r+dvZ5NOauW3AKJm3Rf7rzdrtDXXDZTKN3VGyYjjMnp0TEPI4UlxC/TdcrMHIMsIpjZOxNR6t1oDXcTHuxorgHgjC48nFzO0Hi/dcrC6AfmfUKEJpmG+MmAIqK0tW1EP3UMuL5CVZTC5+9Sy5WOyZBAvau/emLW3dgDAm8zMbPO3u7XR7AOliF+FJ3YW4h7xOMNMQezRN3R6tvLsUCM/BweHsGSNIMF5xvU0VXT1Fe7spPxl4E2YJi5FHca66vtq/Xzz5mt+4Jw8H2cSrenH1/CWBuViBDDqV9wEbbifzefnpxkj58B4SceVeoKL5w1zawzv6zFpfsvwTKLp4Pe/hvBj2ODZu0O0xIyzr3ca5gEWoKmWqS26kpmbfxgBtmtSXHGXJaqgtbjLecqVJ73kxHF6rp8ZKWLoD8uMtUdG/+xYBnv//8dOY5TuiW+qB7J+XnPKZkD/llMW85Zhrtci7ROd7gTtINeBvLK7Tdu16yyhiWHPN3ccAyFOPHw4NSmdj5TU3agnOdxeDF/n+jSGvO64b1Jwy/eq/wv/bCk97tKIXLuwmDMW7rfcfAAAA//8BAAD//5CIzc16DQAA" | base64 -d | gzip -d > conf/cluster_spec.yaml
echo "H4sIAAAAAAAA/+xW648bNRD/nr/CKqr6pbebvTsKrFqJkCtc6N0Rkj6QUIUce7Ix8drbsb13QfzxaOzN8y6U0o+QSMl6Xp7Hb2ZWaBvk0Jq5qsoeYzU3vIKpt8grGGruHLiSeQzQE9Z4rgzgJBivaijZhiK3TElWRLT3UwuISkLJ/uwxxlgL6JQ17AU77UXCr40OlTLufTpuCdkjZbOtyazCRmRtkQlUjzbC/0x8h76j+cm6Gaag3Z6Rf2+GHsT7PVOMdczf/KoB9oIdmCSNrD191DvQ+iwXMtt4ZakE7OAzXTkPtRxWaEPDXiQMMKZtdQUt6JIpM7e9TVVLVmTn2VlPWrEEJBC4pWpGxnmudYcgMAJX8b4OcMwErXvghRzq4DygI0Vowfj4tGP9LDvPirOIUGUe5i3DDAbj0RSwTR5wre3tGFWrNFQgy3UM3Fizqm1wg+AXJZtz7SK5UYMgFRgB8fYTRhbRgAeXuVZkEuY8aJ9E0zVDG4wvWUG04BcW1R+cAry2hPuBvuUrNyA3eozNlJEDKRGcK1k/i19qFurAMdpWScCS8VtHOTB8pmEga+UoxnEqcfLqhtfgGi7gSs1BrISGSL5StfITbirAeCYHlYCBEORjJI0pY86D8W+tDjVc8RnoyLlIoe02/i79tdWAMbApCGtkYl4Hz70y1cbNdzBbWLuMzLdcK3mcfWMlTMB5VILMRtoEnA0o4OdgPackeCFTmrvIF943ZZ4Xp1/F7BXleb9f7Auuh06nkScwffGQ5mmPMVXzCkq2/NpllcBM2ZxqfsIb5RKM2iI7TXUihgY/RpgDIqxL+XrVrC8bGQ9ouB6N4/HSOm94narz8m6Ht20i8gHhQwDnF8AlYAQLyFjjZJVXFULFvcVD2Zd3HvllfCSv1N1a5ZeTCdTWw0mUODnU+4FaOukdKkTWofwbR67X8LAKcandQQSEsUVfsvPzs0jZBeDIuUD4pkq4Ms95ozLVJSwTtm4omRnc8brRQIR7Fn5892r6ZjL6BBO5bcAombdF/vvt0m0tduNmNI79UrKi38+enRM08jhkXOqD77hYgpFlBFgaMENrPFqtAa/jqtwMGsE9EKiHo4uJ244a77lYXAD9Tqh1hNIwXRkxBlRWlqyo++7YEBDJS7KYXPzmWXKx2DIJKLSJH8xf2sMBYUjmJzZ42ubreXcE+2IT4UndhbhtAp2ApyF2bZrDO7Ty/poghAcH+9NoiCDBeMX1OlV09Rjt3ar8aOBNmCR0Rh7Fueg6bfvG8eRbfuueHA+yiVftxLXjLwlMxQJk0Km8R2y4jczn5acbLOXxzSTiEr5ARROJubSZN/SJtb5k+UdQdHEz3cF50d/h2LhT18eMsKw3O+gCZqGqlKkuuZGa2n8dA7Rpdl9ylCWroba4ynjLlSa950W/f62eGith7vbIj9dERf/uewR4/uXjpzHL90TX1D3Zvy855TMhf8wpi3nLMddqlneJzrcC95BqwN9aXKZ92/WWUcSw5pq7DwGQpx7fHxqUzsbKa27UHJzvLgYv8u07RF53XNerOWX61f+F/68VnjZrRa9g2E0Yindd778AAAD//wEAAP//mzuXKIwNAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml

echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml

Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.containerd.example.com
serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.containerd.example.com
serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.containerd.example.com
serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.containerd.example.com
serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.docker.example.com
serviceAccountJWKSURI: https://api.docker.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.docker.example.com
serviceAccountJWKSURI: https://api.internal.docker.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existing-iam.example.com
serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existing-iam.example.com
serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existing-iam.example.com
serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existing-iam.example.com
serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existing-iam.example.com
serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existing-iam.example.com
serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...ng_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existingsg.example.com
serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existingsg.example.com
serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...ng_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existingsg.example.com
serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existingsg.example.com
serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...ng_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.existingsg.example.com
serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.existingsg.example.com
serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.externallb.example.com
serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.externallb.example.com
serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...nallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.externallb.example.com
serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.externallb.example.com
serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.externalpolicies.example.com
serviceAccountJWKSURI: https://api.externalpolicies.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.externalpolicies.example.com
serviceAccountJWKSURI: https://api.internal.externalpolicies.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
serviceNodePortRange: 28000-32767
storageBackend: etcd3
Expand Down
4 changes: 2 additions & 2 deletions ...te_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha.example.com
serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha.example.com
serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...te_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha.example.com
serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha.example.com
serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...te_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha.example.com
serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha.example.com
serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...le_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha-gce.example.com
serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha-gce.example.com
serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...le_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha-gce.example.com
serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha-gce.example.com
serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...le_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.ha-gce.example.com
serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.ha-gce.example.com
serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
12 changes: 6 additions & 6 deletions tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amasterslaunchtemplatese
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down Expand Up @@ -545,8 +545,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmasterslaunchtemplatese
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down Expand Up @@ -884,8 +884,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1cmasterslaunchtemplatese
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions .../aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions .../aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions .../aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.launchtemplates.example.com
serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.launchtemplates.example.com
serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
4 changes: 2 additions & 2 deletions ...imal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://api.minimal.example.com
serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 100.64.0.0/13
storageBackend: etcd3
kubeControllerManager:
Expand Down
Loading

0 comments on commit a071c27

Please sign in to comment.