From a071c272fc3977a2f06c398d5a6bd5910d9a608b Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Fri, 19 Feb 2021 21:33:07 +0100 Subject: [PATCH] Use internal api url for jwks The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one. This should finally pass the OIDC e2e test --- pkg/model/iam/subject.go | 2 +- ...-1a.masters.bastionuserdata.example.com_user_data | 4 ++-- .../complex/cloudformation.json.extracted.yaml | 4 ++-- ...-us-test-1a.masters.complex.example.com_user_data | 4 ++-- ...us-test-1a.masters.compress.example.com_user_data | 2 +- .../cloudformation.json.extracted.yaml | 4 ++-- .../containerd/cloudformation.json.extracted.yaml | 4 ++-- .../docker-custom/cloudformation.json.extracted.yaml | 4 ++-- ...est-1a.masters.existing-iam.example.com_user_data | 4 ++-- ...est-1b.masters.existing-iam.example.com_user_data | 4 ++-- ...est-1c.masters.existing-iam.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- ...-test-1a.masters.existingsg.example.com_user_data | 4 ++-- ...-test-1b.masters.existingsg.example.com_user_data | 4 ++-- ...-test-1c.masters.existingsg.example.com_user_data | 4 ++-- .../externallb/cloudformation.json.extracted.yaml | 4 ++-- ...-test-1a.masters.externallb.example.com_user_data | 4 ++-- ...1a.masters.externalpolicies.example.com_user_data | 4 ++-- ...aster-us-test-1a.masters.ha.example.com_user_data | 4 ++-- ...aster-us-test-1b.masters.ha.example.com_user_data | 4 ++-- ...aster-us-test-1c.masters.ha.example.com_user_data | 4 ++-- ...est1-a-ha-gce-example-com_metadata_startup-script | 4 ++-- ...est1-b-ha-gce-example-com_metadata_startup-script | 4 ++-- ...est1-c-ha-gce-example-com_metadata_startup-script | 4 ++-- .../cloudformation.json.extracted.yaml | 12 ++++++------ ...-1a.masters.launchtemplates.example.com_user_data | 4 ++-- ...-1b.masters.launchtemplates.example.com_user_data | 4 ++-- ...-1c.masters.launchtemplates.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- .../minimal-gp3/cloudformation.json.extracted.yaml | 4 ++-- ...-us-test-1a.masters.minimal.example.com_user_data | 4 ++-- ...est-1a.masters.minimal-json.example.com_user_data | 2 +- ...-us-test-1a.masters.minimal.example.com_user_data | 4 ++-- ...a-minimal-gce-example-com_metadata_startup-script | 4 ++-- .../cloudformation.json.extracted.yaml | 12 ++++++------ ...t-1a.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1b.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1c.masters.mixedinstances.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 12 ++++++------ ...t-1a.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1b.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1c.masters.mixedinstances.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- ...a.masters.private-shared-ip.example.com_user_data | 4 ++-- ...sters.private-shared-subnet.example.com_user_data | 4 ++-- .../privatecalico/cloudformation.json.extracted.yaml | 4 ++-- ...st-1a.masters.privatecalico.example.com_user_data | 4 ++-- ...est-1a.masters.privatecanal.example.com_user_data | 4 ++-- .../privatecilium/cloudformation.json.extracted.yaml | 4 ++-- ...st-1a.masters.privatecilium.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- ...sters.privateciliumadvanced.example.com_user_data | 4 ++-- ...test-1a.masters.privatedns1.example.com_user_data | 4 ++-- ...test-1a.masters.privatedns2.example.com_user_data | 4 ++-- ...t-1a.masters.privateflannel.example.com_user_data | 4 ++-- ...st-1a.masters.privatekopeio.example.com_user_data | 4 ++-- ...est-1a.masters.privateweave.example.com_user_data | 4 ++-- ...troller.kube-system.sa.minimal.example.com_policy | 4 ++-- ...-us-test-1a.masters.minimal.example.com_user_data | 4 ++-- .../update_cluster/public-jwks/kubernetes.tf | 2 +- ...est-1a.masters.sharedsubnet.example.com_user_data | 4 ++-- ...s-test-1a.masters.sharedvpc.example.com_user_data | 4 ++-- ...s-test-1a.masters.unmanaged.example.com_user_data | 4 ++-- 63 files changed, 134 insertions(+), 134 deletions(-) diff --git a/pkg/model/iam/subject.go b/pkg/model/iam/subject.go index d8e8d51a1a95a..ee3a43c1827be 100644 --- a/pkg/model/iam/subject.go +++ b/pkg/model/iam/subject.go @@ -85,7 +85,7 @@ func ServiceAccountIssuer(clusterName string, clusterSpec *kops.ClusterSpec) str if clusterSpec.KubeAPIServer != nil && clusterSpec.KubeAPIServer.ServiceAccountIssuer != nil { return *clusterSpec.KubeAPIServer.ServiceAccountIssuer } - return "https://api." + clusterName + return "https://api.internal." + clusterName } // AddServiceAccountRole adds the appropriate mounts / env vars to enable a pod to use a service-account role diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data index 14a98056b889d..8402880d385bc 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.bastionuserdata.example.com - serviceAccountJWKSURI: https://api.bastionuserdata.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.bastionuserdata.example.com + serviceAccountJWKSURI: https://api.internal.bastionuserdata.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml index 02842189304e4..f576b0f6a6756 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml @@ -220,8 +220,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.complex.example.com - serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.complex.example.com + serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data b/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data index d90760e8e7d7f..1129e939ff190 100644 --- a/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data +++ b/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data @@ -219,8 +219,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.complex.example.com - serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.complex.example.com + serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data index e7403b7160c23..129d12f43b288 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data @@ -144,7 +144,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/+xWbW/bthN/709B9I+ibxrJSvLvNqEF5jnd4jXpPLsPA4ZioMmzzJki1SOpxMM+/HCkbMtOsm7ry80GbPGeeA+/u5PQNsixNUtVlQPGam54BXNvkVcw1tw5cCXzGGAgrPFcGcBZMF7VULIdRe6ZkqyIaO+HFhCVhJL9PmCMsRbQKWvYC3Y6iISfGx0qZdyHdNwTskfKZnuTWYWNyNoiE6ge7YT/mniP3tP827oZpqDdgZF/boYexIcDU4x1zF/8pgH2gh2ZJI2sPX00ONL6LBcy23hlqQTs6DPfOA+1HFdoQ8NeJAwwpm11BS3okimztINdVUtWZOfZ2UBasQYkELi1aibGea51hyAwAjfxvg5wzAStB+CFHOvgPKAjRWjB+PjUs36WnWfFWUSoMvfz1mEBo+lkDtgmD7jW9maKqlUaKpDlNgZurNnUNrhR8KuSLbl2kdyoUZAKjIB4+wkji2jAg8tcKzIJSx60T6LpmrENxpesIFrwK4vqN04BXlvC/Ujf8I0bkRsDxhbKyJGUCM6VbJjFLzULdeAUbaskYMn4jaMcGL7QMJK1chTjNJU4efWa1+AaLuBKLUFshIZIvlK18jNuKsB4JgeVgJEQ5GMkTSljzoPx76wONVzxBejIuUih9Ru/T39jNWAMbA7CGpmY18Fzr0y1c/M9LFbWriPzHddKPsx+bSXMwHlUgsxG2gycDSjgx2A9pyR4IVOau8hX3jdlnhenX8TsFeX5cFgcCm6HTqeRJzD97z7N0wFjquYVlGz9pcsqgZmyOdX8hDfKJRi1RXaa6kQMDX6KsARE2JbyzabZXjYxHtBwPZnG46V13vA6VeflbY+3byLyAeFjAOdXwCVgBAvIWONklVcVQsW9xWPZl7ce+WV8JK/U7Vblp5MZ1NbDSZQ4Odb7jlo66R0rRNax/FtHrtdwvwpxqd1BBISpRV+y8/OzSOkDcOJcIHxTJVyZ57xRmbB1QznM4JbXjQYi3FH8/v2r+dvZ5NOauW3AKJm3Rf7rzdrtDXXDZTKN3VGyYjjMnp0TEPI4UlxC/TdcrMHIMsIpjZOxNR6t1oDXcTHuxorgHgjC48nFzO0Hi/dcrC6AfmfUKEJpmG+MmAIqK0tW1EP3UMuL5CVZTC5+9Sy5WOyZBAvau/emLW3dgDAm8zMbPO3u7XR7AOliF+FJ3YW4h7xOMNMQezRN3R6tvLsUCM/BweHsGSNIMF5xvU0VXT1Fe7spPxl4E2YJi5FHca66vtq/Xzz5mt+4Jw8H2cSrenH1/CWBuViBDDqV9wEbbifzefnpxkj58B4SceVeoKL5w1zawzv6zFpfsvwTKLp4Pe/hvBj2ODZu0O0xIyzr3ca5gEWoKmWqS26kpmbfxgBtmtSXHGXJaqgtbjLecqVJ73kxHF6rp8ZKWLoD8uMtUdG/+xYBnv//8dOY5TuiW+qB7J+XnPKZkD/llMW85Zhrtci7ROd7gTtINeBvLK7Tdu16yyhiWHPN3ccAyFOPHw4NSmdj5TU3agnOdxeDF/n+jSGvO64b1Jwy/eq/wv/bCk97tKIXLuwmDMW7rfcfAAAA//8BAAD//5CIzc16DQAA" | base64 -d | gzip -d > conf/cluster_spec.yaml +echo "H4sIAAAAAAAA/+xW648bNRD/nr/CKqr6pbebvTsKrFqJkCtc6N0Rkj6QUIUce7Ix8drbsb13QfzxaOzN8y6U0o+QSMl6Xp7Hb2ZWaBvk0Jq5qsoeYzU3vIKpt8grGGruHLiSeQzQE9Z4rgzgJBivaijZhiK3TElWRLT3UwuISkLJ/uwxxlgL6JQ17AU77UXCr40OlTLufTpuCdkjZbOtyazCRmRtkQlUjzbC/0x8h76j+cm6Gaag3Z6Rf2+GHsT7PVOMdczf/KoB9oIdmCSNrD191DvQ+iwXMtt4ZakE7OAzXTkPtRxWaEPDXiQMMKZtdQUt6JIpM7e9TVVLVmTn2VlPWrEEJBC4pWpGxnmudYcgMAJX8b4OcMwErXvghRzq4DygI0Vowfj4tGP9LDvPirOIUGUe5i3DDAbj0RSwTR5wre3tGFWrNFQgy3UM3Fizqm1wg+AXJZtz7SK5UYMgFRgB8fYTRhbRgAeXuVZkEuY8aJ9E0zVDG4wvWUG04BcW1R+cAry2hPuBvuUrNyA3eozNlJEDKRGcK1k/i19qFurAMdpWScCS8VtHOTB8pmEga+UoxnEqcfLqhtfgGi7gSs1BrISGSL5StfITbirAeCYHlYCBEORjJI0pY86D8W+tDjVc8RnoyLlIoe02/i79tdWAMbApCGtkYl4Hz70y1cbNdzBbWLuMzLdcK3mcfWMlTMB5VILMRtoEnA0o4OdgPackeCFTmrvIF943ZZ4Xp1/F7BXleb9f7Auuh06nkScwffGQ5mmPMVXzCkq2/NpllcBM2ZxqfsIb5RKM2iI7TXUihgY/RpgDIqxL+XrVrC8bGQ9ouB6N4/HSOm94narz8m6Ht20i8gHhQwDnF8AlYAQLyFjjZJVXFULFvcVD2Zd3HvllfCSv1N1a5ZeTCdTWw0mUODnU+4FaOukdKkTWofwbR67X8LAKcandQQSEsUVfsvPzs0jZBeDIuUD4pkq4Ms95ozLVJSwTtm4omRnc8brRQIR7Fn5892r6ZjL6BBO5bcAombdF/vvt0m0tduNmNI79UrKi38+enRM08jhkXOqD77hYgpFlBFgaMENrPFqtAa/jqtwMGsE9EKiHo4uJ244a77lYXAD9Tqh1hNIwXRkxBlRWlqyo++7YEBDJS7KYXPzmWXKx2DIJKLSJH8xf2sMBYUjmJzZ42ubreXcE+2IT4UndhbhtAp2ApyF2bZrDO7Ty/poghAcH+9NoiCDBeMX1OlV09Rjt3ar8aOBNmCR0Rh7Fueg6bfvG8eRbfuueHA+yiVftxLXjLwlMxQJk0Km8R2y4jczn5acbLOXxzSTiEr5ARROJubSZN/SJtb5k+UdQdHEz3cF50d/h2LhT18eMsKw3O+gCZqGqlKkuuZGa2n8dA7Rpdl9ylCWroba4ynjLlSa950W/f62eGith7vbIj9dERf/uewR4/uXjpzHL90TX1D3Zvy855TMhf8wpi3nLMddqlneJzrcC95BqwN9aXKZ92/WWUcSw5pq7DwGQpx7fHxqUzsbKa27UHJzvLgYv8u07RF53XNerOWX61f+F/68VnjZrRa9g2E0Yindd778AAAD//wEAAP//mzuXKIwNAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml index 3c6f689a4d690..b59f26434692c 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml @@ -224,8 +224,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.containerd.example.com - serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.containerd.example.com + serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml index fcb0ea96f4c0c..ea4ca7996d7ac 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.containerd.example.com - serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.containerd.example.com + serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml index 73f009326154a..b255516839f9c 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.docker.example.com - serviceAccountJWKSURI: https://api.docker.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.docker.example.com + serviceAccountJWKSURI: https://api.internal.docker.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data index 9e1caaa6ffb24..633d867199727 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data index a2147b4139431..eb3b257f99e8d 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data index b6380f199fc7b..4d77b18b4245f 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml index f92f52b96663e..7daf5b6753ee7 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data index c7edb3711a6db..2f986cbf7f44e 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data index d5e102f1edac8..a900218461cb8 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data index 73236ae88b79c..6ee2672f47f27 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml index 07c732337b2d1..3b3ca2db3473a 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externallb.example.com - serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externallb.example.com + serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data index b3a9c07e37b05..df045c8ba828a 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externallb.example.com - serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externallb.example.com + serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data index be6d214201fb6..a4811dba9b93f 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data @@ -206,8 +206,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externalpolicies.example.com - serviceAccountJWKSURI: https://api.externalpolicies.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externalpolicies.example.com + serviceAccountJWKSURI: https://api.internal.externalpolicies.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data index c88549fdadada..8900647a80eed 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data index 7bc900d23abb8..7081bab40e843 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data index 80e4495a061b1..2a357fbe7eaff 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script index 2915ce032f449..a00d8823dc0c3 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script index 4a9abd9a38c93..babc655be3908 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script index 4bb05a4f77289..dc6dc510a041a 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml index 10217960dbdd2..3652d0c862733 100644 --- a/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -545,8 +545,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -884,8 +884,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1cmasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data index 4e14cdb6d2abd..99071c44f05e6 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data index 4ac635bc4a6d0..e35c90746596a 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data index 76836d5aec151..a4ef1d744d2fc 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml index f92f52b96663e..7daf5b6753ee7 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml index f92f52b96663e..7daf5b6753ee7 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 06e48637deed1..af830753d7710 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data index dcf643ae33e86..0694542ed2084 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data +++ b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data @@ -1 +1 @@   diff --git a/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 06e48637deed1..af830753d7710 100644 --- a/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script index 506930501d80a..6624a50cefb6c 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal-gce.example.com - serviceAccountJWKSURI: https://api.minimal-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal-gce.example.com + serviceAccountJWKSURI: https://api.internal.minimal-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml index 04b35721bd1e6..1e5b12e74da81 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -545,8 +545,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -884,8 +884,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index cc50ab1f91670..5e9e8f275976c 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index fcc5b409d6882..e57e8bc2a9d33 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 1b4161709a36b..b9f32f6b3fc7e 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml index 04b35721bd1e6..1e5b12e74da81 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -545,8 +545,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -884,8 +884,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index cc50ab1f91670..5e9e8f275976c 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index fcc5b409d6882..e57e8bc2a9d33 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 1b4161709a36b..b9f32f6b3fc7e 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml index 031d30dbbb3c9..500706217a459 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatesharedipexamplecom.Pro requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-ip.example.com - serviceAccountJWKSURI: https://api.private-shared-ip.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-ip.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-ip.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data index f1dd55f13ab7c..b97aa468e7dbe 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-ip.example.com - serviceAccountJWKSURI: https://api.private-shared-ip.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-ip.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-ip.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data index 78663f9c5d41f..788f4a2cb83c0 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-subnet.example.com - serviceAccountJWKSURI: https://api.private-shared-subnet.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-subnet.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-subnet.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml index 65f34b66c0151..3c10b2d0899d8 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecalico.example.com - serviceAccountJWKSURI: https://api.privatecalico.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecalico.example.com + serviceAccountJWKSURI: https://api.internal.privatecalico.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data index 3acca0fd518fa..f7e3c7ac49e0c 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecalico.example.com - serviceAccountJWKSURI: https://api.privatecalico.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecalico.example.com + serviceAccountJWKSURI: https://api.internal.privatecalico.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data index fb36ae4bd56ed..1ce7fbfae3255 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecanal.example.com - serviceAccountJWKSURI: https://api.privatecanal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecanal.example.com + serviceAccountJWKSURI: https://api.internal.privatecanal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml index bf7603479c2f8..242e39cab7677 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivateciliumexamplecom.Prope requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecilium.example.com - serviceAccountJWKSURI: https://api.privatecilium.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecilium.example.com + serviceAccountJWKSURI: https://api.internal.privatecilium.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index 7efc650c52233..697987935902f 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecilium.example.com - serviceAccountJWKSURI: https://api.privatecilium.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecilium.example.com + serviceAccountJWKSURI: https://api.internal.privatecilium.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml index 40ce7caaebb8c..b924a9398c664 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml @@ -209,8 +209,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivateciliumadvancedexamplec requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateciliumadvanced.example.com - serviceAccountJWKSURI: https://api.privateciliumadvanced.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateciliumadvanced.example.com + serviceAccountJWKSURI: https://api.internal.privateciliumadvanced.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data index 78c41f69a4c26..5ce24697c7b3e 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateciliumadvanced.example.com - serviceAccountJWKSURI: https://api.privateciliumadvanced.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateciliumadvanced.example.com + serviceAccountJWKSURI: https://api.internal.privateciliumadvanced.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data b/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data index 30a2de1356cba..5a109f5daaed0 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data +++ b/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatedns1.example.com - serviceAccountJWKSURI: https://api.privatedns1.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatedns1.example.com + serviceAccountJWKSURI: https://api.internal.privatedns1.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data index 77a8422886d1e..c94c57873060a 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatedns2.example.com - serviceAccountJWKSURI: https://api.privatedns2.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatedns2.example.com + serviceAccountJWKSURI: https://api.internal.privatedns2.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data index 5c1c8e5c475f7..77f3d3bccfe45 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateflannel.example.com - serviceAccountJWKSURI: https://api.privateflannel.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateflannel.example.com + serviceAccountJWKSURI: https://api.internal.privateflannel.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data index 9bb0d09778325..4f32d0aa19a2b 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatekopeio.example.com - serviceAccountJWKSURI: https://api.privatekopeio.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatekopeio.example.com + serviceAccountJWKSURI: https://api.internal.privatekopeio.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data b/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data index f57c9cc222e62..9540233cdb333 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data +++ b/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateweave.example.com - serviceAccountJWKSURI: https://api.privateweave.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateweave.example.com + serviceAccountJWKSURI: https://api.internal.privateweave.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy index 5d7e379e46266..67b82f7100e47 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy @@ -4,12 +4,12 @@ "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { - "api.minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" + "api.internal.minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" } }, "Effect": "Allow", "Principal": { - "Federated": "arn:aws:iam::123456789012:oidc-provider/api.minimal.example.com" + "Federated": "arn:aws:iam::123456789012:oidc-provider/api.internal.minimal.example.com" } } ], diff --git a/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 1724a3cf2aa97..ccf2caacd5890 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index bbe3365c4c5c0..f804811cba2e6 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -241,7 +241,7 @@ resource "aws_iam_instance_profile" "nodes-minimal-example-com" { resource "aws_iam_openid_connect_provider" "minimal-example-com" { client_id_list = ["amazonaws.com"] thumbprint_list = ["a8de31f85544b9e73aeb26ded19330e0e996fb79"] - url = "https://api.minimal.example.com" + url = "https://api.internal.minimal.example.com" } resource "aws_iam_role_policy" "dns-controller-kube-system-sa-minimal-example-com" { diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data index a33a094bda78d..a4cf425283121 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.sharedsubnet.example.com - serviceAccountJWKSURI: https://api.sharedsubnet.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.sharedsubnet.example.com + serviceAccountJWKSURI: https://api.internal.sharedsubnet.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data index b83763e8b7a7d..5ee3af7af5109 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.sharedvpc.example.com - serviceAccountJWKSURI: https://api.sharedvpc.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.sharedvpc.example.com + serviceAccountJWKSURI: https://api.internal.sharedvpc.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data index 244638d1a420f..d9c77e21372a1 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.unmanaged.example.com - serviceAccountJWKSURI: https://api.unmanaged.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.unmanaged.example.com + serviceAccountJWKSURI: https://api.internal.unmanaged.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: