From a071c272fc3977a2f06c398d5a6bd5910d9a608b Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Fri, 19 Feb 2021 21:33:07 +0100 Subject: [PATCH] Use internal api url for jwks The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one. This should finally pass the OIDC e2e test --- pkg/model/iam/subject.go | 2 +- ...-1a.masters.bastionuserdata.example.com_user_data | 4 ++-- .../complex/cloudformation.json.extracted.yaml | 4 ++-- ...-us-test-1a.masters.complex.example.com_user_data | 4 ++-- ...us-test-1a.masters.compress.example.com_user_data | 2 +- .../cloudformation.json.extracted.yaml | 4 ++-- .../containerd/cloudformation.json.extracted.yaml | 4 ++-- .../docker-custom/cloudformation.json.extracted.yaml | 4 ++-- ...est-1a.masters.existing-iam.example.com_user_data | 4 ++-- ...est-1b.masters.existing-iam.example.com_user_data | 4 ++-- ...est-1c.masters.existing-iam.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- ...-test-1a.masters.existingsg.example.com_user_data | 4 ++-- ...-test-1b.masters.existingsg.example.com_user_data | 4 ++-- ...-test-1c.masters.existingsg.example.com_user_data | 4 ++-- .../externallb/cloudformation.json.extracted.yaml | 4 ++-- ...-test-1a.masters.externallb.example.com_user_data | 4 ++-- ...1a.masters.externalpolicies.example.com_user_data | 4 ++-- ...aster-us-test-1a.masters.ha.example.com_user_data | 4 ++-- ...aster-us-test-1b.masters.ha.example.com_user_data | 4 ++-- ...aster-us-test-1c.masters.ha.example.com_user_data | 4 ++-- ...est1-a-ha-gce-example-com_metadata_startup-script | 4 ++-- ...est1-b-ha-gce-example-com_metadata_startup-script | 4 ++-- ...est1-c-ha-gce-example-com_metadata_startup-script | 4 ++-- .../cloudformation.json.extracted.yaml | 12 ++++++------ ...-1a.masters.launchtemplates.example.com_user_data | 4 ++-- ...-1b.masters.launchtemplates.example.com_user_data | 4 ++-- ...-1c.masters.launchtemplates.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- .../minimal-gp3/cloudformation.json.extracted.yaml | 4 ++-- ...-us-test-1a.masters.minimal.example.com_user_data | 4 ++-- ...est-1a.masters.minimal-json.example.com_user_data | 2 +- ...-us-test-1a.masters.minimal.example.com_user_data | 4 ++-- ...a-minimal-gce-example-com_metadata_startup-script | 4 ++-- .../cloudformation.json.extracted.yaml | 12 ++++++------ ...t-1a.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1b.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1c.masters.mixedinstances.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 12 ++++++------ ...t-1a.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1b.masters.mixedinstances.example.com_user_data | 4 ++-- ...t-1c.masters.mixedinstances.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- ...a.masters.private-shared-ip.example.com_user_data | 4 ++-- ...sters.private-shared-subnet.example.com_user_data | 4 ++-- .../privatecalico/cloudformation.json.extracted.yaml | 4 ++-- ...st-1a.masters.privatecalico.example.com_user_data | 4 ++-- ...est-1a.masters.privatecanal.example.com_user_data | 4 ++-- .../privatecilium/cloudformation.json.extracted.yaml | 4 ++-- ...st-1a.masters.privatecilium.example.com_user_data | 4 ++-- .../cloudformation.json.extracted.yaml | 4 ++-- ...sters.privateciliumadvanced.example.com_user_data | 4 ++-- ...test-1a.masters.privatedns1.example.com_user_data | 4 ++-- ...test-1a.masters.privatedns2.example.com_user_data | 4 ++-- ...t-1a.masters.privateflannel.example.com_user_data | 4 ++-- ...st-1a.masters.privatekopeio.example.com_user_data | 4 ++-- ...est-1a.masters.privateweave.example.com_user_data | 4 ++-- ...troller.kube-system.sa.minimal.example.com_policy | 4 ++-- ...-us-test-1a.masters.minimal.example.com_user_data | 4 ++-- .../update_cluster/public-jwks/kubernetes.tf | 2 +- ...est-1a.masters.sharedsubnet.example.com_user_data | 4 ++-- ...s-test-1a.masters.sharedvpc.example.com_user_data | 4 ++-- ...s-test-1a.masters.unmanaged.example.com_user_data | 4 ++-- 63 files changed, 134 insertions(+), 134 deletions(-) diff --git a/pkg/model/iam/subject.go b/pkg/model/iam/subject.go index d8e8d51a1a95a..ee3a43c1827be 100644 --- a/pkg/model/iam/subject.go +++ b/pkg/model/iam/subject.go @@ -85,7 +85,7 @@ func ServiceAccountIssuer(clusterName string, clusterSpec *kops.ClusterSpec) str if clusterSpec.KubeAPIServer != nil && clusterSpec.KubeAPIServer.ServiceAccountIssuer != nil { return *clusterSpec.KubeAPIServer.ServiceAccountIssuer } - return "https://api." + clusterName + return "https://api.internal." + clusterName } // AddServiceAccountRole adds the appropriate mounts / env vars to enable a pod to use a service-account role diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data index 14a98056b889d..8402880d385bc 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.bastionuserdata.example.com - serviceAccountJWKSURI: https://api.bastionuserdata.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.bastionuserdata.example.com + serviceAccountJWKSURI: https://api.internal.bastionuserdata.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml index 02842189304e4..f576b0f6a6756 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml @@ -220,8 +220,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.complex.example.com - serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.complex.example.com + serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data b/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data index d90760e8e7d7f..1129e939ff190 100644 --- a/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data +++ b/tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data @@ -219,8 +219,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.complex.example.com - serviceAccountJWKSURI: https://api.complex.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.complex.example.com + serviceAccountJWKSURI: https://api.internal.complex.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data index e7403b7160c23..129d12f43b288 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data @@ -144,7 +144,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/+xWbW/bthN/709B9I+ibxrJSvLvNqEF5jnd4jXpPLsPA4ZioMmzzJki1SOpxMM+/HCkbMtOsm7ry80GbPGeeA+/u5PQNsixNUtVlQPGam54BXNvkVcw1tw5cCXzGGAgrPFcGcBZMF7VULIdRe6ZkqyIaO+HFhCVhJL9PmCMsRbQKWvYC3Y6iISfGx0qZdyHdNwTskfKZnuTWYWNyNoiE6ge7YT/mniP3tP827oZpqDdgZF/boYexIcDU4x1zF/8pgH2gh2ZJI2sPX00ONL6LBcy23hlqQTs6DPfOA+1HFdoQ8NeJAwwpm11BS3okimztINdVUtWZOfZ2UBasQYkELi1aibGea51hyAwAjfxvg5wzAStB+CFHOvgPKAjRWjB+PjUs36WnWfFWUSoMvfz1mEBo+lkDtgmD7jW9maKqlUaKpDlNgZurNnUNrhR8KuSLbl2kdyoUZAKjIB4+wkji2jAg8tcKzIJSx60T6LpmrENxpesIFrwK4vqN04BXlvC/Ujf8I0bkRsDxhbKyJGUCM6VbJjFLzULdeAUbaskYMn4jaMcGL7QMJK1chTjNJU4efWa1+AaLuBKLUFshIZIvlK18jNuKsB4JgeVgJEQ5GMkTSljzoPx76wONVzxBejIuUih9Ru/T39jNWAMbA7CGpmY18Fzr0y1c/M9LFbWriPzHddKPsx+bSXMwHlUgsxG2gycDSjgx2A9pyR4IVOau8hX3jdlnhenX8TsFeX5cFgcCm6HTqeRJzD97z7N0wFjquYVlGz9pcsqgZmyOdX8hDfKJRi1RXaa6kQMDX6KsARE2JbyzabZXjYxHtBwPZnG46V13vA6VeflbY+3byLyAeFjAOdXwCVgBAvIWONklVcVQsW9xWPZl7ce+WV8JK/U7Vblp5MZ1NbDSZQ4Odb7jlo66R0rRNax/FtHrtdwvwpxqd1BBISpRV+y8/OzSOkDcOJcIHxTJVyZ57xRmbB1QznM4JbXjQYi3FH8/v2r+dvZ5NOauW3AKJm3Rf7rzdrtDXXDZTKN3VGyYjjMnp0TEPI4UlxC/TdcrMHIMsIpjZOxNR6t1oDXcTHuxorgHgjC48nFzO0Hi/dcrC6AfmfUKEJpmG+MmAIqK0tW1EP3UMuL5CVZTC5+9Sy5WOyZBAvau/emLW3dgDAm8zMbPO3u7XR7AOliF+FJ3YW4h7xOMNMQezRN3R6tvLsUCM/BweHsGSNIMF5xvU0VXT1Fe7spPxl4E2YJi5FHca66vtq/Xzz5mt+4Jw8H2cSrenH1/CWBuViBDDqV9wEbbifzefnpxkj58B4SceVeoKL5w1zawzv6zFpfsvwTKLp4Pe/hvBj2ODZu0O0xIyzr3ca5gEWoKmWqS26kpmbfxgBtmtSXHGXJaqgtbjLecqVJ73kxHF6rp8ZKWLoD8uMtUdG/+xYBnv//8dOY5TuiW+qB7J+XnPKZkD/llMW85Zhrtci7ROd7gTtINeBvLK7Tdu16yyhiWHPN3ccAyFOPHw4NSmdj5TU3agnOdxeDF/n+jSGvO64b1Jwy/eq/wv/bCk97tKIXLuwmDMW7rfcfAAAA//8BAAD//5CIzc16DQAA" | base64 -d | gzip -d > conf/cluster_spec.yaml +echo "H4sIAAAAAAAA/+xW648bNRD/nr/CKqr6pbebvTsKrFqJkCtc6N0Rkj6QUIUce7Ix8drbsb13QfzxaOzN8y6U0o+QSMl6Xp7Hb2ZWaBvk0Jq5qsoeYzU3vIKpt8grGGruHLiSeQzQE9Z4rgzgJBivaijZhiK3TElWRLT3UwuISkLJ/uwxxlgL6JQ17AU77UXCr40OlTLufTpuCdkjZbOtyazCRmRtkQlUjzbC/0x8h76j+cm6Gaag3Z6Rf2+GHsT7PVOMdczf/KoB9oIdmCSNrD191DvQ+iwXMtt4ZakE7OAzXTkPtRxWaEPDXiQMMKZtdQUt6JIpM7e9TVVLVmTn2VlPWrEEJBC4pWpGxnmudYcgMAJX8b4OcMwErXvghRzq4DygI0Vowfj4tGP9LDvPirOIUGUe5i3DDAbj0RSwTR5wre3tGFWrNFQgy3UM3Fizqm1wg+AXJZtz7SK5UYMgFRgB8fYTRhbRgAeXuVZkEuY8aJ9E0zVDG4wvWUG04BcW1R+cAry2hPuBvuUrNyA3eozNlJEDKRGcK1k/i19qFurAMdpWScCS8VtHOTB8pmEga+UoxnEqcfLqhtfgGi7gSs1BrISGSL5StfITbirAeCYHlYCBEORjJI0pY86D8W+tDjVc8RnoyLlIoe02/i79tdWAMbApCGtkYl4Hz70y1cbNdzBbWLuMzLdcK3mcfWMlTMB5VILMRtoEnA0o4OdgPackeCFTmrvIF943ZZ4Xp1/F7BXleb9f7Auuh06nkScwffGQ5mmPMVXzCkq2/NpllcBM2ZxqfsIb5RKM2iI7TXUihgY/RpgDIqxL+XrVrC8bGQ9ouB6N4/HSOm94narz8m6Ht20i8gHhQwDnF8AlYAQLyFjjZJVXFULFvcVD2Zd3HvllfCSv1N1a5ZeTCdTWw0mUODnU+4FaOukdKkTWofwbR67X8LAKcandQQSEsUVfsvPzs0jZBeDIuUD4pkq4Ms95ozLVJSwTtm4omRnc8brRQIR7Fn5892r6ZjL6BBO5bcAombdF/vvt0m0tduNmNI79UrKi38+enRM08jhkXOqD77hYgpFlBFgaMENrPFqtAa/jqtwMGsE9EKiHo4uJ244a77lYXAD9Tqh1hNIwXRkxBlRWlqyo++7YEBDJS7KYXPzmWXKx2DIJKLSJH8xf2sMBYUjmJzZ42ubreXcE+2IT4UndhbhtAp2ApyF2bZrDO7Ty/poghAcH+9NoiCDBeMX1OlV09Rjt3ar8aOBNmCR0Rh7Fueg6bfvG8eRbfuueHA+yiVftxLXjLwlMxQJk0Km8R2y4jczn5acbLOXxzSTiEr5ARROJubSZN/SJtb5k+UdQdHEz3cF50d/h2LhT18eMsKw3O+gCZqGqlKkuuZGa2n8dA7Rpdl9ylCWroba4ynjLlSa950W/f62eGith7vbIj9dERf/uewR4/uXjpzHL90TX1D3Zvy855TMhf8wpi3nLMddqlneJzrcC95BqwN9aXKZ92/WWUcSw5pq7DwGQpx7fHxqUzsbKa27UHJzvLgYv8u07RF53XNerOWX61f+F/68VnjZrRa9g2E0Yindd778AAAD//wEAAP//mzuXKIwNAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml index 3c6f689a4d690..b59f26434692c 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml @@ -224,8 +224,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.containerd.example.com - serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.containerd.example.com + serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml index fcb0ea96f4c0c..ea4ca7996d7ac 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.containerd.example.com - serviceAccountJWKSURI: https://api.containerd.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.containerd.example.com + serviceAccountJWKSURI: https://api.internal.containerd.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml index 73f009326154a..b255516839f9c 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.docker.example.com - serviceAccountJWKSURI: https://api.docker.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.docker.example.com + serviceAccountJWKSURI: https://api.internal.docker.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data index 9e1caaa6ffb24..633d867199727 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data index a2147b4139431..eb3b257f99e8d 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data index b6380f199fc7b..4d77b18b4245f 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existing-iam.example.com - serviceAccountJWKSURI: https://api.existing-iam.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existing-iam.example.com + serviceAccountJWKSURI: https://api.internal.existing-iam.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml index f92f52b96663e..7daf5b6753ee7 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data index c7edb3711a6db..2f986cbf7f44e 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data index d5e102f1edac8..a900218461cb8 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data index 73236ae88b79c..6ee2672f47f27 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.existingsg.example.com - serviceAccountJWKSURI: https://api.existingsg.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.existingsg.example.com + serviceAccountJWKSURI: https://api.internal.existingsg.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml index 07c732337b2d1..3b3ca2db3473a 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externallb.example.com - serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externallb.example.com + serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data index b3a9c07e37b05..df045c8ba828a 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externallb.example.com - serviceAccountJWKSURI: https://api.externallb.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externallb.example.com + serviceAccountJWKSURI: https://api.internal.externallb.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data index be6d214201fb6..a4811dba9b93f 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data @@ -206,8 +206,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.externalpolicies.example.com - serviceAccountJWKSURI: https://api.externalpolicies.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.externalpolicies.example.com + serviceAccountJWKSURI: https://api.internal.externalpolicies.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 serviceNodePortRange: 28000-32767 storageBackend: etcd3 diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data index c88549fdadada..8900647a80eed 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data index 7bc900d23abb8..7081bab40e843 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data index 80e4495a061b1..2a357fbe7eaff 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha.example.com - serviceAccountJWKSURI: https://api.ha.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha.example.com + serviceAccountJWKSURI: https://api.internal.ha.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script index 2915ce032f449..a00d8823dc0c3 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script index 4a9abd9a38c93..babc655be3908 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script index 4bb05a4f77289..dc6dc510a041a 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.ha-gce.example.com - serviceAccountJWKSURI: https://api.ha-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.ha-gce.example.com + serviceAccountJWKSURI: https://api.internal.ha-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml index 10217960dbdd2..3652d0c862733 100644 --- a/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/launch_templates/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -545,8 +545,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -884,8 +884,8 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1cmasterslaunchtemplatese requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data index 4e14cdb6d2abd..99071c44f05e6 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1a.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data index 4ac635bc4a6d0..e35c90746596a 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1b.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data index 76836d5aec151..a4ef1d744d2fc 100644 --- a/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data +++ b/tests/integration/update_cluster/launch_templates/data/aws_launch_configuration_master-us-test-1c.masters.launchtemplates.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.launchtemplates.example.com - serviceAccountJWKSURI: https://api.launchtemplates.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.launchtemplates.example.com + serviceAccountJWKSURI: https://api.internal.launchtemplates.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml index f92f52b96663e..7daf5b6753ee7 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml index f92f52b96663e..7daf5b6753ee7 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties. requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 06e48637deed1..af830753d7710 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data index dcf643ae33e86..0694542ed2084 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data +++ b/tests/integration/update_cluster/minimal-json/data/aws_launch_template_master-us-test-1a.masters.minimal-json.example.com_user_data @@ -1 +1 @@ -IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQKc2V0IC1vIG5vdW5zZXQKc2V0IC1vIHBpcGVmYWlsCgpOT0RFVVBfVVJMX0FNRDY0PWh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FtZDY0L25vZGV1cCxodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjIxLjAtYWxwaGEuMS9ub2RldXAtbGludXgtYW1kNjQsaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIX0FNRDY0PTU4NWZiZGEwZjBhNDMxODQ2NTZiNGJmYzBjYzVmMGMwYjg1NjEyZmFmNDNiODgxNmFjY2ExZjk5ZDQyMmM5MjQKTk9ERVVQX1VSTF9BUk02ND1odHRwczovL2FydGlmYWN0cy5rOHMuaW8vYmluYXJpZXMva29wcy8xLjIxLjAtYWxwaGEuMS9saW51eC9hcm02NC9ub2RldXAsaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvbm9kZXVwLWxpbnV4LWFybTY0LGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FybTY0L25vZGV1cApOT0RFVVBfSEFTSF9BUk02ND03NjAzNjc1Mzc5Njk5MTA1YTliOTkxNWZmOTc3MThlYTk5YjFiYmIwMWE0YzE4NGUyZjgyN2M4YTk2ZThlODY1CgpleHBvcnQgQVdTX1JFR0lPTj11cy10ZXN0LTEKCgoKCnN5c2N0bCAtdyBuZXQuaXB2NC50Y3Bfcm1lbT0nNDA5NiAxMjU4MjkxMiAxNjc3NzIxNicgfHwgdHJ1ZQoKCmZ1bmN0aW9uIGVuc3VyZS1pbnN0YWxsLWRpcigpIHsKICBJTlNUQUxMX0RJUj0iL29wdC9rb3BzIgogICMgT24gQ29udGFpbmVyT1MsIHdlIGluc3RhbGwgdW5kZXIgL3Zhci9saWIvdG9vbGJveDsgL29wdCBpcyBybyBhbmQgbm9leGVjCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva29wcyIKICBmaQogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2JpbgogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2NvbmYKICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBhcmdzOiBuYW1lLCBzaGEsIHVybDEsIHVybDIuLi4KZG93bmxvYWQtb3ItYnVzdCgpIHsKICBsb2NhbCAtciBmaWxlPSIkMSIKICBsb2NhbCAtciBoYXNoPSIkMiIKICBzaGlmdCAyCgogIHVybHM9KCAkKiApCiAgd2hpbGUgdHJ1ZTsgZG8KICAgIGZvciB1cmwgaW4gIiR7dXJsc1tAXX0iOyBkbwogICAgICBjb21tYW5kcz0oCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC0tY29tcHJlc3NlZCAtTG8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0IDIwIC0tcmV0cnkgNiAtLXJldHJ5LWRlbGF5IDEwIgogICAgICAgICJ3Z2V0IC0taW5ldDQtb25seSAtLWNvbXByZXNzaW9uPWF1dG8gLU8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0PTIwIC0tdHJpZXM9NiAtLXdhaXQ9MTAiCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC1MbyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQgMjAgLS1yZXRyeSA2IC0tcmV0cnktZGVsYXkgMTAiCiAgICAgICAgIndnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwIgogICAgICApCiAgICAgIGZvciBjbWQgaW4gIiR7Y29tbWFuZHNbQF19IjsgZG8KICAgICAgICBlY2hvICJBdHRlbXB0aW5nIGRvd25sb2FkIHdpdGg6ICR7Y21kfSB7dXJsfSIKICAgICAgICBpZiAhICgke2NtZH0gIiR7dXJsfSIpOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZCBmYWlsZWQgd2l0aCAke2NtZH0gPT0iCiAgICAgICAgICBjb250aW51ZQogICAgICAgIGZpCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dICYmICEgdmFsaWRhdGUtaGFzaCAiJHtmaWxlfSIgIiR7aGFzaH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICAgICAgcm0gLWYgIiR7ZmlsZX0iCiAgICAgICAgZWxzZQogICAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9IChTSEExID0gJHtoYXNofSkgPT0iCiAgICAgICAgICBlbHNlCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgICAgZmkKICAgICAgICAgIHJldHVybgogICAgICAgIGZpCiAgICAgIGRvbmUKICAgIGRvbmUKCiAgICBlY2hvICJBbGwgZG93bmxvYWRzIGZhaWxlZDsgc2xlZXBpbmcgYmVmb3JlIHJldHJ5aW5nIgogICAgc2xlZXAgNjAKICBkb25lCn0KCnZhbGlkYXRlLWhhc2goKSB7CiAgbG9jYWwgLXIgZmlsZT0iJDEiCiAgbG9jYWwgLXIgZXhwZWN0ZWQ9IiQyIgogIGxvY2FsIGFjdHVhbAoKICBhY3R1YWw9JChzaGEyNTZzdW0gJHtmaWxlfSB8IGF3ayAneyBwcmludCAkMSB9JykgfHwgdHJ1ZQogIGlmIFtbICIke2FjdHVhbH0iICE9ICIke2V4cGVjdGVkfSIgXV07IHRoZW4KICAgIGVjaG8gIj09ICR7ZmlsZX0gY29ycnVwdGVkLCBoYXNoICR7YWN0dWFsfSBkb2Vzbid0IG1hdGNoIGV4cGVjdGVkICR7ZXhwZWN0ZWR9ID09IgogICAgcmV0dXJuIDEKICBmaQp9CgpmdW5jdGlvbiBzcGxpdC1jb21tYXMoKSB7CiAgZWNobyAkMSB8IHRyICIsIiAiXG4iCn0KCmZ1bmN0aW9uIHRyeS1kb3dubG9hZC1yZWxlYXNlKCkgewogIGxvY2FsIC1yIG5vZGV1cF91cmxzPSggJChzcGxpdC1jb21tYXMgIiR7Tk9ERVVQX1VSTH0iKSApCiAgaWYgW1sgLW4gIiR7Tk9ERVVQX0hBU0g6LX0iIF1dOyB0aGVuCiAgICBsb2NhbCAtciBub2RldXBfaGFzaD0iJHtOT0RFVVBfSEFTSH0iCiAgZWxzZQogICMgVE9ETzogUmVtb3ZlPwogICAgZWNobyAiRG93bmxvYWRpbmcgc2hhMjU2IChub3QgZm91bmQgaW4gZW52KSIKICAgIGRvd25sb2FkLW9yLWJ1c3Qgbm9kZXVwLnNoYTI1NiAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGEyNTZ9IgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9JChjYXQgbm9kZXVwLnNoYTI1NikKICBmaQoKICBlY2hvICJEb3dubG9hZGluZyBub2RldXAgKCR7bm9kZXVwX3VybHNbQF19KSIKICBkb3dubG9hZC1vci1idXN0IG5vZGV1cCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgY2FzZSAiJCh1bmFtZSAtbSkiIGluCiAgeDg2XzY0KnxpPzg2XzY0KnxhbWQ2NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQU1ENjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQU1ENjR9IgogICAgOzsKICBhYXJjaDY0Knxhcm02NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQVJNNjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQVJNNjR9IgogICAgOzsKICAqKQogICAgZWNobyAiVW5zdXBwb3J0ZWQgaG9zdCBhcmNoOiAkKHVuYW1lIC1tKSIgPiYyCiAgICBleGl0IDEKICAgIDs7CiAgZXNhYwoKICAjIEluIGNhc2Ugb2YgZmFpbHVyZSBjaGVja2luZyBpbnRlZ3JpdHkgb2YgcmVsZWFzZSwgcmV0cnkuCiAgY2QgJHtJTlNUQUxMX0RJUn0vYmluCiAgdW50aWwgdHJ5LWRvd25sb2FkLXJlbGVhc2U7IGRvCiAgICBzbGVlcCAxNQogICAgZWNobyAiQ291bGRuJ3QgZG93bmxvYWQgcmVsZWFzZS4gUmV0cnlpbmcuLi4iCiAgZG9uZQoKICBlY2hvICJSdW5uaW5nIG5vZGV1cCIKICAjIFdlIGNhbid0IHJ1biBpbiB0aGUgZm9yZWdyb3VuZCBiZWNhdXNlIG9mIGh0dHBzOi8vZ2l0aHViLmNvbS9kb2NrZXIvZG9ja2VyL2lzc3Vlcy8yMzc5MwogICggY2QgJHtJTlNUQUxMX0RJUn0vYmluOyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9jb25mL2t1YmVfZW52LnlhbWwgLS12PTggICkKfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgovYmluL3N5c3RlbWQtbWFjaGluZS1pZC1zZXR1cCB8fCBlY2hvICJmYWlsZWQgdG8gc2V0IHVwIGVuc3VyZSBtYWNoaW5lLWlkIGNvbmZpZ3VyZWQiCgplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgc3RhcnRpbmcgPT0iCmVuc3VyZS1pbnN0YWxsLWRpcgoKY2F0ID4gY29uZi9jbHVzdGVyX3NwZWMueWFtbCA8PCAnX19FT0ZfQ0xVU1RFUl9TUEVDJwpjbG91ZENvbmZpZzoKICBtYW5hZ2VTdG9yYWdlQ2xhc3NlczogdHJ1ZQpjb250YWluZXJSdW50aW1lOiBjb250YWluZXJkCmNvbnRhaW5lcmQ6CiAgY29uZmlnT3ZlcnJpZGU6IHwKICAgIHZlcnNpb24gPSAyCgogICAgW3BsdWdpbnNdCgogICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSJdCgogICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkXQoKICAgICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzXQoKICAgICAgICAgICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMucnVuY10KICAgICAgICAgICAgICBydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgoKICAgICAgICAgICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdCiAgICAgICAgICAgICAgICBTeXN0ZW1kQ2dyb3VwID0gdHJ1ZQogIGxvZ0xldmVsOiBpbmZvCiAgdmVyc2lvbjogMS40LjMKZG9ja2VyOgogIHNraXBJbnN0YWxsOiB0cnVlCmVuY3J5cHRpb25Db25maWc6IG51bGwKZXRjZENsdXN0ZXJzOgogIGV2ZW50czoKICAgIHZlcnNpb246IDMuNC4xMwogIG1haW46CiAgICB2ZXJzaW9uOiAzLjQuMTMKa3ViZUFQSVNlcnZlcjoKICBhbGxvd1ByaXZpbGVnZWQ6IHRydWUKICBhbm9ueW1vdXNBdXRoOiBmYWxzZQogIGFwaUF1ZGllbmNlczoKICAtIGt1YmVybmV0ZXMuc3ZjLmRlZmF1bHQKICBhcGlTZXJ2ZXJDb3VudDogMQogIGF1dGhvcml6YXRpb25Nb2RlOiBBbHdheXNBbGxvdwogIGJpbmRBZGRyZXNzOiAwLjAuMC4wCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgZW5hYmxlQWRtaXNzaW9uUGx1Z2luczoKICAtIE5hbWVzcGFjZUxpZmVjeWNsZQogIC0gTGltaXRSYW5nZXIKICAtIFNlcnZpY2VBY2NvdW50CiAgLSBQZXJzaXN0ZW50Vm9sdW1lTGFiZWwKICAtIERlZmF1bHRTdG9yYWdlQ2xhc3MKICAtIERlZmF1bHRUb2xlcmF0aW9uU2Vjb25kcwogIC0gTXV0YXRpbmdBZG1pc3Npb25XZWJob29rCiAgLSBWYWxpZGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gTm9kZVJlc3RyaWN0aW9uCiAgLSBSZXNvdXJjZVF1b3RhCiAgZXRjZFNlcnZlcnM6CiAgLSBodHRwOi8vMTI3LjAuMC4xOjQwMDEKICBldGNkU2VydmVyc092ZXJyaWRlczoKICAtIC9ldmVudHMjaHR0cDovLzEyNy4wLjAuMTo0MDAyCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1hcGlzZXJ2ZXI6djEuMjAuMAogIGt1YmVsZXRQcmVmZXJyZWRBZGRyZXNzVHlwZXM6CiAgLSBJbnRlcm5hbElQCiAgLSBIb3N0bmFtZQogIC0gRXh0ZXJuYWxJUAogIGxvZ0xldmVsOiAyCiAgcmVxdWVzdGhlYWRlckFsbG93ZWROYW1lczoKICAtIGFnZ3JlZ2F0b3IKICByZXF1ZXN0aGVhZGVyRXh0cmFIZWFkZXJQcmVmaXhlczoKICAtIFgtUmVtb3RlLUV4dHJhLQogIHJlcXVlc3RoZWFkZXJHcm91cEhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Hcm91cAogIHJlcXVlc3RoZWFkZXJVc2VybmFtZUhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Vc2VyCiAgc2VjdXJlUG9ydDogNDQzCiAgc2VydmljZUFjY291bnRJc3N1ZXI6IGh0dHBzOi8vYXBpLm1pbmltYWwtanNvbi5leGFtcGxlLmNvbQogIHNlcnZpY2VBY2NvdW50SldLU1VSSTogaHR0cHM6Ly9hcGkubWluaW1hbC1qc29uLmV4YW1wbGUuY29tL29wZW5pZC92MS9qd2tzCiAgc2VydmljZUNsdXN0ZXJJUFJhbmdlOiAxMDAuNjQuMC4wLzEzCiAgc3RvcmFnZUJhY2tlbmQ6IGV0Y2QzCmt1YmVDb250cm9sbGVyTWFuYWdlcjoKICBhbGxvY2F0ZU5vZGVDSURSczogdHJ1ZQogIGF0dGFjaERldGFjaFJlY29uY2lsZVN5bmNQZXJpb2Q6IDFtMHMKICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyQ0lEUjogMTAwLjk2LjAuMC8xMQogIGNsdXN0ZXJOYW1lOiBtaW5pbWFsLWpzb24uZXhhbXBsZS5jb20KICBjb25maWd1cmVDbG91ZFJvdXRlczogZmFsc2UKICBpbWFnZTogazhzLmdjci5pby9rdWJlLWNvbnRyb2xsZXItbWFuYWdlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCiAgdXNlU2VydmljZUFjY291bnRDcmVkZW50aWFsczogdHJ1ZQprdWJlUHJveHk6CiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjcHVSZXF1ZXN0OiAxMDBtCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1wcm94eTp2MS4yMC4wCiAgbG9nTGV2ZWw6IDIKa3ViZVNjaGVkdWxlcjoKICBpbWFnZTogazhzLmdjci5pby9rdWJlLXNjaGVkdWxlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFub255bW91c0F1dGg6IGZhbHNlCiAgY2dyb3VwRHJpdmVyOiBzeXN0ZW1kCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTmFtZTogY25pCiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBjb25mL2lnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKe30KCl9fRU9GX0lHX1NQRUMKCmNhdCA+IGNvbmYva3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKICBhbWQ2NDoKICAtIGZmMjQyMjU3MWM0YzFlOTY5NmUzNjdmNWYyNTQ2NmI5NmZiNmU1MDFmMjhhZWQyOWY0MTRiMTUyNGE1MmRlYTBAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKICAtIGE1ODk1MDA3ZjMzMWYwOGQyZTA4MmViMTI0NTg3NjQ5NDk1NTlmMzBiY2M1YmVhZTI2YzM4ZjNlMjcyNDI2MmNAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKICAtIDk3NzgyNDkzMmQ1NjY3YzdhMzdhYTZhM2NiYmE0MDEwMGE2ODczZTdiZDk3ZTgzZThiZTgzN2UzZTdhZmQwYThAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2s4cy1hcnRpZmFjdHMtY25pL3JlbGVhc2UvdjAuOC43L2NuaS1wbHVnaW5zLWxpbnV4LWFtZDY0LXYwLjguNy50Z3oKICAtIDI2OTdhMzQyZTM0NzdjMjExYWI0ODMxM2UyNTlmZDdlMzJhZDFmNWRlZDE5MzIwZTZhNTU5ZjUwYTgyYmZmM2RAaHR0cHM6Ly9naXRodWIuY29tL2NvbnRhaW5lcmQvY29udGFpbmVyZC9yZWxlYXNlcy9kb3dubG9hZC92MS40LjMvY3JpLWNvbnRhaW5lcmQtY25pLTEuNC4zLWxpbnV4LWFtZDY0LnRhci5negogIGFybTY0OgogIC0gNDdhYjZjNDI3M2ZjM2JiMGNiOGVjOTUxNzI3MWQ5MTU4OTBjNWE2YjBlNTRiMjk5MWU3YThmYmJlNzdiMDZlNEBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWxldAogIC0gMjVlNDQ2NTg3MGM5OTE2N2U2YzQ2NjYyM2VkOGYwNWExZDIwZmJjYjQ4Y2FiNjY4ODEwOTM4OWI1MmQ4NzYyM0BodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWN0bAogIC0gYWUxM2Q3YjVjMDViZDE4MGVhOWI1YjY4ZjQ0YmRhYTdiZmI0MTAzNGEyZWYxZDY4ZmQ4ZTEyNTk3OTdkNjQyZkBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20vazhzLWFydGlmYWN0cy1jbmkvcmVsZWFzZS92MC44LjcvY25pLXBsdWdpbnMtbGludXgtYXJtNjQtdjAuOC43LnRnegogIC0gNmUzZjgwZTg0NTFlY2JlN2IzNTU5MjQ3NzIxYzNlMjI2YmU2YjIyOGFjYWFkZWU3ZTEzNjgzZjgwYzIwZTgxY0BodHRwczovL2Rvd25sb2FkLmRvY2tlci5jb20vbGludXgvc3RhdGljL3N0YWJsZS9hYXJjaDY0L2RvY2tlci0yMC4xMC4wLnRnegpDbHVzdGVyTmFtZTogbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkNvbmZpZ0Jhc2U6IG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkluc3RhbmNlR3JvdXBOYW1lOiBtYXN0ZXItdXMtdGVzdC0xYQpJbnN0YW5jZUdyb3VwUm9sZTogTWFzdGVyCkt1YmVsZXRDb25maWc6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub2RlTGFiZWxzOgogICAga29wcy5rOHMuaW8va29wcy1jb250cm9sbGVyLXBraTogIiIKICAgIGt1YmVybmV0ZXMuaW8vcm9sZTogbWFzdGVyCiAgICBub2RlLXJvbGUua3ViZXJuZXRlcy5pby9jb250cm9sLXBsYW5lOiAiIgogICAgbm9kZS1yb2xlLmt1YmVybmV0ZXMuaW8vbWFzdGVyOiAiIgogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kTWFuaWZlc3RQYXRoOiAvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzCiAgcmVnaXN0ZXJTY2hlZHVsYWJsZTogZmFsc2UKY2hhbm5lbHM6Ci0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLWpzb24uZXhhbXBsZS5jb20vYWRkb25zL2Jvb3RzdHJhcC1jaGFubmVsLnlhbWwKZXRjZE1hbmlmZXN0czoKLSBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtanNvbi5leGFtcGxlLmNvbS9tYW5pZmVzdHMvZXRjZC9tYWluLnlhbWwKLSBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtanNvbi5leGFtcGxlLmNvbS9tYW5pZmVzdHMvZXRjZC9ldmVudHMueWFtbApwcm90b2t1YmVJbWFnZToKICBhbWQ2NDoKICAgIGhhc2g6IDhlNjJkNGQxYmNhMjM3YjgyMTQwMjBjNzE1ZGE0MTViZjNmY2NmYWJiYjVlMDFiM2QzNzEyZDhlZGIxOTU1ZjMKICAgIG5hbWU6IHByb3Rva3ViZToxLjIxLjAtYWxwaGEuMQogICAgc291cmNlczoKICAgIC0gaHR0cHM6Ly9hcnRpZmFjdHMuazhzLmlvL2JpbmFyaWVzL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hbWQ2NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvaW1hZ2VzLXByb3Rva3ViZS1hbWQ2NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hbWQ2NC50YXIuZ3oKICBhcm02NDoKICAgIGhhc2g6IDAxZTllZjhiNTI1NGNlMzJmOGRkZDIzYWE4NjNkNmRhNWIxNDdiYjg0YTI2NzNjZWY1OWNhMGZjNzNmMmI5Y2YKICAgIG5hbWU6IHByb3Rva3ViZToxLjIxLjAtYWxwaGEuMQogICAgc291cmNlczoKICAgIC0gaHR0cHM6Ly9hcnRpZmFjdHMuazhzLmlvL2JpbmFyaWVzL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hcm02NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvaW1hZ2VzLXByb3Rva3ViZS1hcm02NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hcm02NC50YXIuZ3oKc3RhdGljTWFuaWZlc3RzOgotIGtleToga3ViZS1hcGlzZXJ2ZXItaGVhbHRoY2hlY2sKICBwYXRoOiBtYW5pZmVzdHMvc3RhdGljL2t1YmUtYXBpc2VydmVyLWhlYWx0aGNoZWNrLnlhbWwKCl9fRU9GX0tVQkVfRU5WCgpkb3dubG9hZC1yZWxlYXNlCmVjaG8gIj09IG5vZGV1cCBub2RlIGNvbmZpZyBkb25lID09Igo= +IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQKc2V0IC1vIG5vdW5zZXQKc2V0IC1vIHBpcGVmYWlsCgpOT0RFVVBfVVJMX0FNRDY0PWh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FtZDY0L25vZGV1cCxodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjIxLjAtYWxwaGEuMS9ub2RldXAtbGludXgtYW1kNjQsaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIX0FNRDY0PTU4NWZiZGEwZjBhNDMxODQ2NTZiNGJmYzBjYzVmMGMwYjg1NjEyZmFmNDNiODgxNmFjY2ExZjk5ZDQyMmM5MjQKTk9ERVVQX1VSTF9BUk02ND1odHRwczovL2FydGlmYWN0cy5rOHMuaW8vYmluYXJpZXMva29wcy8xLjIxLjAtYWxwaGEuMS9saW51eC9hcm02NC9ub2RldXAsaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvbm9kZXVwLWxpbnV4LWFybTY0LGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuMjEuMC1hbHBoYS4xL2xpbnV4L2FybTY0L25vZGV1cApOT0RFVVBfSEFTSF9BUk02ND03NjAzNjc1Mzc5Njk5MTA1YTliOTkxNWZmOTc3MThlYTk5YjFiYmIwMWE0YzE4NGUyZjgyN2M4YTk2ZThlODY1CgpleHBvcnQgQVdTX1JFR0lPTj11cy10ZXN0LTEKCgoKCnN5c2N0bCAtdyBuZXQuaXB2NC50Y3Bfcm1lbT0nNDA5NiAxMjU4MjkxMiAxNjc3NzIxNicgfHwgdHJ1ZQoKCmZ1bmN0aW9uIGVuc3VyZS1pbnN0YWxsLWRpcigpIHsKICBJTlNUQUxMX0RJUj0iL29wdC9rb3BzIgogICMgT24gQ29udGFpbmVyT1MsIHdlIGluc3RhbGwgdW5kZXIgL3Zhci9saWIvdG9vbGJveDsgL29wdCBpcyBybyBhbmQgbm9leGVjCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva29wcyIKICBmaQogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2JpbgogIG1rZGlyIC1wICR7SU5TVEFMTF9ESVJ9L2NvbmYKICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBhcmdzOiBuYW1lLCBzaGEsIHVybDEsIHVybDIuLi4KZG93bmxvYWQtb3ItYnVzdCgpIHsKICBsb2NhbCAtciBmaWxlPSIkMSIKICBsb2NhbCAtciBoYXNoPSIkMiIKICBzaGlmdCAyCgogIHVybHM9KCAkKiApCiAgd2hpbGUgdHJ1ZTsgZG8KICAgIGZvciB1cmwgaW4gIiR7dXJsc1tAXX0iOyBkbwogICAgICBjb21tYW5kcz0oCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC0tY29tcHJlc3NlZCAtTG8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0IDIwIC0tcmV0cnkgNiAtLXJldHJ5LWRlbGF5IDEwIgogICAgICAgICJ3Z2V0IC0taW5ldDQtb25seSAtLWNvbXByZXNzaW9uPWF1dG8gLU8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0PTIwIC0tdHJpZXM9NiAtLXdhaXQ9MTAiCiAgICAgICAgImN1cmwgLWYgLS1pcHY0IC1MbyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQgMjAgLS1yZXRyeSA2IC0tcmV0cnktZGVsYXkgMTAiCiAgICAgICAgIndnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwIgogICAgICApCiAgICAgIGZvciBjbWQgaW4gIiR7Y29tbWFuZHNbQF19IjsgZG8KICAgICAgICBlY2hvICJBdHRlbXB0aW5nIGRvd25sb2FkIHdpdGg6ICR7Y21kfSB7dXJsfSIKICAgICAgICBpZiAhICgke2NtZH0gIiR7dXJsfSIpOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZCBmYWlsZWQgd2l0aCAke2NtZH0gPT0iCiAgICAgICAgICBjb250aW51ZQogICAgICAgIGZpCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dICYmICEgdmFsaWRhdGUtaGFzaCAiJHtmaWxlfSIgIiR7aGFzaH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICAgICAgcm0gLWYgIiR7ZmlsZX0iCiAgICAgICAgZWxzZQogICAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9IChTSEExID0gJHtoYXNofSkgPT0iCiAgICAgICAgICBlbHNlCiAgICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgICAgZmkKICAgICAgICAgIHJldHVybgogICAgICAgIGZpCiAgICAgIGRvbmUKICAgIGRvbmUKCiAgICBlY2hvICJBbGwgZG93bmxvYWRzIGZhaWxlZDsgc2xlZXBpbmcgYmVmb3JlIHJldHJ5aW5nIgogICAgc2xlZXAgNjAKICBkb25lCn0KCnZhbGlkYXRlLWhhc2goKSB7CiAgbG9jYWwgLXIgZmlsZT0iJDEiCiAgbG9jYWwgLXIgZXhwZWN0ZWQ9IiQyIgogIGxvY2FsIGFjdHVhbAoKICBhY3R1YWw9JChzaGEyNTZzdW0gJHtmaWxlfSB8IGF3ayAneyBwcmludCAkMSB9JykgfHwgdHJ1ZQogIGlmIFtbICIke2FjdHVhbH0iICE9ICIke2V4cGVjdGVkfSIgXV07IHRoZW4KICAgIGVjaG8gIj09ICR7ZmlsZX0gY29ycnVwdGVkLCBoYXNoICR7YWN0dWFsfSBkb2Vzbid0IG1hdGNoIGV4cGVjdGVkICR7ZXhwZWN0ZWR9ID09IgogICAgcmV0dXJuIDEKICBmaQp9CgpmdW5jdGlvbiBzcGxpdC1jb21tYXMoKSB7CiAgZWNobyAkMSB8IHRyICIsIiAiXG4iCn0KCmZ1bmN0aW9uIHRyeS1kb3dubG9hZC1yZWxlYXNlKCkgewogIGxvY2FsIC1yIG5vZGV1cF91cmxzPSggJChzcGxpdC1jb21tYXMgIiR7Tk9ERVVQX1VSTH0iKSApCiAgaWYgW1sgLW4gIiR7Tk9ERVVQX0hBU0g6LX0iIF1dOyB0aGVuCiAgICBsb2NhbCAtciBub2RldXBfaGFzaD0iJHtOT0RFVVBfSEFTSH0iCiAgZWxzZQogICMgVE9ETzogUmVtb3ZlPwogICAgZWNobyAiRG93bmxvYWRpbmcgc2hhMjU2IChub3QgZm91bmQgaW4gZW52KSIKICAgIGRvd25sb2FkLW9yLWJ1c3Qgbm9kZXVwLnNoYTI1NiAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGEyNTZ9IgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9JChjYXQgbm9kZXVwLnNoYTI1NikKICBmaQoKICBlY2hvICJEb3dubG9hZGluZyBub2RldXAgKCR7bm9kZXVwX3VybHNbQF19KSIKICBkb3dubG9hZC1vci1idXN0IG5vZGV1cCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgY2FzZSAiJCh1bmFtZSAtbSkiIGluCiAgeDg2XzY0KnxpPzg2XzY0KnxhbWQ2NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQU1ENjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQU1ENjR9IgogICAgOzsKICBhYXJjaDY0Knxhcm02NCopCiAgICBOT0RFVVBfVVJMPSIke05PREVVUF9VUkxfQVJNNjR9IgogICAgTk9ERVVQX0hBU0g9IiR7Tk9ERVVQX0hBU0hfQVJNNjR9IgogICAgOzsKICAqKQogICAgZWNobyAiVW5zdXBwb3J0ZWQgaG9zdCBhcmNoOiAkKHVuYW1lIC1tKSIgPiYyCiAgICBleGl0IDEKICAgIDs7CiAgZXNhYwoKICAjIEluIGNhc2Ugb2YgZmFpbHVyZSBjaGVja2luZyBpbnRlZ3JpdHkgb2YgcmVsZWFzZSwgcmV0cnkuCiAgY2QgJHtJTlNUQUxMX0RJUn0vYmluCiAgdW50aWwgdHJ5LWRvd25sb2FkLXJlbGVhc2U7IGRvCiAgICBzbGVlcCAxNQogICAgZWNobyAiQ291bGRuJ3QgZG93bmxvYWQgcmVsZWFzZS4gUmV0cnlpbmcuLi4iCiAgZG9uZQoKICBlY2hvICJSdW5uaW5nIG5vZGV1cCIKICAjIFdlIGNhbid0IHJ1biBpbiB0aGUgZm9yZWdyb3VuZCBiZWNhdXNlIG9mIGh0dHBzOi8vZ2l0aHViLmNvbS9kb2NrZXIvZG9ja2VyL2lzc3Vlcy8yMzc5MwogICggY2QgJHtJTlNUQUxMX0RJUn0vYmluOyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9jb25mL2t1YmVfZW52LnlhbWwgLS12PTggICkKfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgovYmluL3N5c3RlbWQtbWFjaGluZS1pZC1zZXR1cCB8fCBlY2hvICJmYWlsZWQgdG8gc2V0IHVwIGVuc3VyZSBtYWNoaW5lLWlkIGNvbmZpZ3VyZWQiCgplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgc3RhcnRpbmcgPT0iCmVuc3VyZS1pbnN0YWxsLWRpcgoKY2F0ID4gY29uZi9jbHVzdGVyX3NwZWMueWFtbCA8PCAnX19FT0ZfQ0xVU1RFUl9TUEVDJwpjbG91ZENvbmZpZzoKICBtYW5hZ2VTdG9yYWdlQ2xhc3NlczogdHJ1ZQpjb250YWluZXJSdW50aW1lOiBjb250YWluZXJkCmNvbnRhaW5lcmQ6CiAgY29uZmlnT3ZlcnJpZGU6IHwKICAgIHZlcnNpb24gPSAyCgogICAgW3BsdWdpbnNdCgogICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSJdCgogICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkXQoKICAgICAgICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzXQoKICAgICAgICAgICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMucnVuY10KICAgICAgICAgICAgICBydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgoKICAgICAgICAgICAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdCiAgICAgICAgICAgICAgICBTeXN0ZW1kQ2dyb3VwID0gdHJ1ZQogIGxvZ0xldmVsOiBpbmZvCiAgdmVyc2lvbjogMS40LjMKZG9ja2VyOgogIHNraXBJbnN0YWxsOiB0cnVlCmVuY3J5cHRpb25Db25maWc6IG51bGwKZXRjZENsdXN0ZXJzOgogIGV2ZW50czoKICAgIHZlcnNpb246IDMuNC4xMwogIG1haW46CiAgICB2ZXJzaW9uOiAzLjQuMTMKa3ViZUFQSVNlcnZlcjoKICBhbGxvd1ByaXZpbGVnZWQ6IHRydWUKICBhbm9ueW1vdXNBdXRoOiBmYWxzZQogIGFwaUF1ZGllbmNlczoKICAtIGt1YmVybmV0ZXMuc3ZjLmRlZmF1bHQKICBhcGlTZXJ2ZXJDb3VudDogMQogIGF1dGhvcml6YXRpb25Nb2RlOiBBbHdheXNBbGxvdwogIGJpbmRBZGRyZXNzOiAwLjAuMC4wCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgZW5hYmxlQWRtaXNzaW9uUGx1Z2luczoKICAtIE5hbWVzcGFjZUxpZmVjeWNsZQogIC0gTGltaXRSYW5nZXIKICAtIFNlcnZpY2VBY2NvdW50CiAgLSBQZXJzaXN0ZW50Vm9sdW1lTGFiZWwKICAtIERlZmF1bHRTdG9yYWdlQ2xhc3MKICAtIERlZmF1bHRUb2xlcmF0aW9uU2Vjb25kcwogIC0gTXV0YXRpbmdBZG1pc3Npb25XZWJob29rCiAgLSBWYWxpZGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gTm9kZVJlc3RyaWN0aW9uCiAgLSBSZXNvdXJjZVF1b3RhCiAgZXRjZFNlcnZlcnM6CiAgLSBodHRwOi8vMTI3LjAuMC4xOjQwMDEKICBldGNkU2VydmVyc092ZXJyaWRlczoKICAtIC9ldmVudHMjaHR0cDovLzEyNy4wLjAuMTo0MDAyCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1hcGlzZXJ2ZXI6djEuMjAuMAogIGt1YmVsZXRQcmVmZXJyZWRBZGRyZXNzVHlwZXM6CiAgLSBJbnRlcm5hbElQCiAgLSBIb3N0bmFtZQogIC0gRXh0ZXJuYWxJUAogIGxvZ0xldmVsOiAyCiAgcmVxdWVzdGhlYWRlckFsbG93ZWROYW1lczoKICAtIGFnZ3JlZ2F0b3IKICByZXF1ZXN0aGVhZGVyRXh0cmFIZWFkZXJQcmVmaXhlczoKICAtIFgtUmVtb3RlLUV4dHJhLQogIHJlcXVlc3RoZWFkZXJHcm91cEhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Hcm91cAogIHJlcXVlc3RoZWFkZXJVc2VybmFtZUhlYWRlcnM6CiAgLSBYLVJlbW90ZS1Vc2VyCiAgc2VjdXJlUG9ydDogNDQzCiAgc2VydmljZUFjY291bnRJc3N1ZXI6IGh0dHBzOi8vYXBpLmludGVybmFsLm1pbmltYWwtanNvbi5leGFtcGxlLmNvbQogIHNlcnZpY2VBY2NvdW50SldLU1VSSTogaHR0cHM6Ly9hcGkuaW50ZXJuYWwubWluaW1hbC1qc29uLmV4YW1wbGUuY29tL29wZW5pZC92MS9qd2tzCiAgc2VydmljZUNsdXN0ZXJJUFJhbmdlOiAxMDAuNjQuMC4wLzEzCiAgc3RvcmFnZUJhY2tlbmQ6IGV0Y2QzCmt1YmVDb250cm9sbGVyTWFuYWdlcjoKICBhbGxvY2F0ZU5vZGVDSURSczogdHJ1ZQogIGF0dGFjaERldGFjaFJlY29uY2lsZVN5bmNQZXJpb2Q6IDFtMHMKICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyQ0lEUjogMTAwLjk2LjAuMC8xMQogIGNsdXN0ZXJOYW1lOiBtaW5pbWFsLWpzb24uZXhhbXBsZS5jb20KICBjb25maWd1cmVDbG91ZFJvdXRlczogZmFsc2UKICBpbWFnZTogazhzLmdjci5pby9rdWJlLWNvbnRyb2xsZXItbWFuYWdlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCiAgdXNlU2VydmljZUFjY291bnRDcmVkZW50aWFsczogdHJ1ZQprdWJlUHJveHk6CiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjcHVSZXF1ZXN0OiAxMDBtCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1wcm94eTp2MS4yMC4wCiAgbG9nTGV2ZWw6IDIKa3ViZVNjaGVkdWxlcjoKICBpbWFnZTogazhzLmdjci5pby9rdWJlLXNjaGVkdWxlcjp2MS4yMC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFub255bW91c0F1dGg6IGZhbHNlCiAgY2dyb3VwRHJpdmVyOiBzeXN0ZW1kCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTmFtZTogY25pCiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBjb25mL2lnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKe30KCl9fRU9GX0lHX1NQRUMKCmNhdCA+IGNvbmYva3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKICBhbWQ2NDoKICAtIGZmMjQyMjU3MWM0YzFlOTY5NmUzNjdmNWYyNTQ2NmI5NmZiNmU1MDFmMjhhZWQyOWY0MTRiMTUyNGE1MmRlYTBAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKICAtIGE1ODk1MDA3ZjMzMWYwOGQyZTA4MmViMTI0NTg3NjQ5NDk1NTlmMzBiY2M1YmVhZTI2YzM4ZjNlMjcyNDI2MmNAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjIwLjAvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKICAtIDk3NzgyNDkzMmQ1NjY3YzdhMzdhYTZhM2NiYmE0MDEwMGE2ODczZTdiZDk3ZTgzZThiZTgzN2UzZTdhZmQwYThAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2s4cy1hcnRpZmFjdHMtY25pL3JlbGVhc2UvdjAuOC43L2NuaS1wbHVnaW5zLWxpbnV4LWFtZDY0LXYwLjguNy50Z3oKICAtIDI2OTdhMzQyZTM0NzdjMjExYWI0ODMxM2UyNTlmZDdlMzJhZDFmNWRlZDE5MzIwZTZhNTU5ZjUwYTgyYmZmM2RAaHR0cHM6Ly9naXRodWIuY29tL2NvbnRhaW5lcmQvY29udGFpbmVyZC9yZWxlYXNlcy9kb3dubG9hZC92MS40LjMvY3JpLWNvbnRhaW5lcmQtY25pLTEuNC4zLWxpbnV4LWFtZDY0LnRhci5negogIGFybTY0OgogIC0gNDdhYjZjNDI3M2ZjM2JiMGNiOGVjOTUxNzI3MWQ5MTU4OTBjNWE2YjBlNTRiMjk5MWU3YThmYmJlNzdiMDZlNEBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWxldAogIC0gMjVlNDQ2NTg3MGM5OTE2N2U2YzQ2NjYyM2VkOGYwNWExZDIwZmJjYjQ4Y2FiNjY4ODEwOTM4OWI1MmQ4NzYyM0BodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMjAuMC9iaW4vbGludXgvYXJtNjQva3ViZWN0bAogIC0gYWUxM2Q3YjVjMDViZDE4MGVhOWI1YjY4ZjQ0YmRhYTdiZmI0MTAzNGEyZWYxZDY4ZmQ4ZTEyNTk3OTdkNjQyZkBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20vazhzLWFydGlmYWN0cy1jbmkvcmVsZWFzZS92MC44LjcvY25pLXBsdWdpbnMtbGludXgtYXJtNjQtdjAuOC43LnRnegogIC0gNmUzZjgwZTg0NTFlY2JlN2IzNTU5MjQ3NzIxYzNlMjI2YmU2YjIyOGFjYWFkZWU3ZTEzNjgzZjgwYzIwZTgxY0BodHRwczovL2Rvd25sb2FkLmRvY2tlci5jb20vbGludXgvc3RhdGljL3N0YWJsZS9hYXJjaDY0L2RvY2tlci0yMC4xMC4wLnRnegpDbHVzdGVyTmFtZTogbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkNvbmZpZ0Jhc2U6IG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC1qc29uLmV4YW1wbGUuY29tCkluc3RhbmNlR3JvdXBOYW1lOiBtYXN0ZXItdXMtdGVzdC0xYQpJbnN0YW5jZUdyb3VwUm9sZTogTWFzdGVyCkt1YmVsZXRDb25maWc6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBEcml2ZXI6IHN5c3RlbWQKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5OYW1lOiBjbmkKICBub2RlTGFiZWxzOgogICAga29wcy5rOHMuaW8va29wcy1jb250cm9sbGVyLXBraTogIiIKICAgIGt1YmVybmV0ZXMuaW8vcm9sZTogbWFzdGVyCiAgICBub2RlLXJvbGUua3ViZXJuZXRlcy5pby9jb250cm9sLXBsYW5lOiAiIgogICAgbm9kZS1yb2xlLmt1YmVybmV0ZXMuaW8vbWFzdGVyOiAiIgogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kTWFuaWZlc3RQYXRoOiAvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzCiAgcmVnaXN0ZXJTY2hlZHVsYWJsZTogZmFsc2UKY2hhbm5lbHM6Ci0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLWpzb24uZXhhbXBsZS5jb20vYWRkb25zL2Jvb3RzdHJhcC1jaGFubmVsLnlhbWwKZXRjZE1hbmlmZXN0czoKLSBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtanNvbi5leGFtcGxlLmNvbS9tYW5pZmVzdHMvZXRjZC9tYWluLnlhbWwKLSBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtanNvbi5leGFtcGxlLmNvbS9tYW5pZmVzdHMvZXRjZC9ldmVudHMueWFtbApwcm90b2t1YmVJbWFnZToKICBhbWQ2NDoKICAgIGhhc2g6IDhlNjJkNGQxYmNhMjM3YjgyMTQwMjBjNzE1ZGE0MTViZjNmY2NmYWJiYjVlMDFiM2QzNzEyZDhlZGIxOTU1ZjMKICAgIG5hbWU6IHByb3Rva3ViZToxLjIxLjAtYWxwaGEuMQogICAgc291cmNlczoKICAgIC0gaHR0cHM6Ly9hcnRpZmFjdHMuazhzLmlvL2JpbmFyaWVzL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hbWQ2NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvaW1hZ2VzLXByb3Rva3ViZS1hbWQ2NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hbWQ2NC50YXIuZ3oKICBhcm02NDoKICAgIGhhc2g6IDAxZTllZjhiNTI1NGNlMzJmOGRkZDIzYWE4NjNkNmRhNWIxNDdiYjg0YTI2NzNjZWY1OWNhMGZjNzNmMmI5Y2YKICAgIG5hbWU6IHByb3Rva3ViZToxLjIxLjAtYWxwaGEuMQogICAgc291cmNlczoKICAgIC0gaHR0cHM6Ly9hcnRpZmFjdHMuazhzLmlvL2JpbmFyaWVzL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hcm02NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9naXRodWIuY29tL2t1YmVybmV0ZXMva29wcy9yZWxlYXNlcy9kb3dubG9hZC92MS4yMS4wLWFscGhhLjEvaW1hZ2VzLXByb3Rva3ViZS1hcm02NC50YXIuZ3oKICAgIC0gaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4yMS4wLWFscGhhLjEvaW1hZ2VzL3Byb3Rva3ViZS1hcm02NC50YXIuZ3oKc3RhdGljTWFuaWZlc3RzOgotIGtleToga3ViZS1hcGlzZXJ2ZXItaGVhbHRoY2hlY2sKICBwYXRoOiBtYW5pZmVzdHMvc3RhdGljL2t1YmUtYXBpc2VydmVyLWhlYWx0aGNoZWNrLnlhbWwKCl9fRU9GX0tVQkVfRU5WCgpkb3dubG9hZC1yZWxlYXNlCmVjaG8gIj09IG5vZGV1cCBub2RlIGNvbmZpZyBkb25lID09Igo= diff --git a/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 06e48637deed1..af830753d7710 100644 --- a/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script index 506930501d80a..6624a50cefb6c 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal-gce.example.com - serviceAccountJWKSURI: https://api.minimal-gce.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal-gce.example.com + serviceAccountJWKSURI: https://api.internal.minimal-gce.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml index 04b35721bd1e6..1e5b12e74da81 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -545,8 +545,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -884,8 +884,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index cc50ab1f91670..5e9e8f275976c 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index fcc5b409d6882..e57e8bc2a9d33 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 1b4161709a36b..b9f32f6b3fc7e 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml index 04b35721bd1e6..1e5b12e74da81 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json.extracted.yaml @@ -206,8 +206,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -545,8 +545,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: @@ -884,8 +884,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom.Prop requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index cc50ab1f91670..5e9e8f275976c 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index fcc5b409d6882..e57e8bc2a9d33 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 1b4161709a36b..b9f32f6b3fc7e 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.mixedinstances.example.com - serviceAccountJWKSURI: https://api.mixedinstances.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.mixedinstances.example.com + serviceAccountJWKSURI: https://api.internal.mixedinstances.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml index 031d30dbbb3c9..500706217a459 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatesharedipexamplecom.Pro requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-ip.example.com - serviceAccountJWKSURI: https://api.private-shared-ip.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-ip.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-ip.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data index f1dd55f13ab7c..b97aa468e7dbe 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-ip.example.com - serviceAccountJWKSURI: https://api.private-shared-ip.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-ip.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-ip.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data index 78663f9c5d41f..788f4a2cb83c0 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.private-shared-subnet.example.com - serviceAccountJWKSURI: https://api.private-shared-subnet.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.private-shared-subnet.example.com + serviceAccountJWKSURI: https://api.internal.private-shared-subnet.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml index 65f34b66c0151..3c10b2d0899d8 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecalico.example.com - serviceAccountJWKSURI: https://api.privatecalico.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecalico.example.com + serviceAccountJWKSURI: https://api.internal.privatecalico.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data index 3acca0fd518fa..f7e3c7ac49e0c 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecalico.example.com - serviceAccountJWKSURI: https://api.privatecalico.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecalico.example.com + serviceAccountJWKSURI: https://api.internal.privatecalico.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data index fb36ae4bd56ed..1ce7fbfae3255 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecanal.example.com - serviceAccountJWKSURI: https://api.privatecanal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecanal.example.com + serviceAccountJWKSURI: https://api.internal.privatecanal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml index bf7603479c2f8..242e39cab7677 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json.extracted.yaml @@ -207,8 +207,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivateciliumexamplecom.Prope requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecilium.example.com - serviceAccountJWKSURI: https://api.privatecilium.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecilium.example.com + serviceAccountJWKSURI: https://api.internal.privatecilium.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index 7efc650c52233..697987935902f 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatecilium.example.com - serviceAccountJWKSURI: https://api.privatecilium.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatecilium.example.com + serviceAccountJWKSURI: https://api.internal.privatecilium.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml index 40ce7caaebb8c..b924a9398c664 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json.extracted.yaml @@ -209,8 +209,8 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivateciliumadvancedexamplec requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateciliumadvanced.example.com - serviceAccountJWKSURI: https://api.privateciliumadvanced.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateciliumadvanced.example.com + serviceAccountJWKSURI: https://api.internal.privateciliumadvanced.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data index 78c41f69a4c26..5ce24697c7b3e 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data @@ -207,8 +207,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateciliumadvanced.example.com - serviceAccountJWKSURI: https://api.privateciliumadvanced.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateciliumadvanced.example.com + serviceAccountJWKSURI: https://api.internal.privateciliumadvanced.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data b/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data index 30a2de1356cba..5a109f5daaed0 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data +++ b/tests/integration/update_cluster/privatedns1/data/aws_launch_template_master-us-test-1a.masters.privatedns1.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatedns1.example.com - serviceAccountJWKSURI: https://api.privatedns1.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatedns1.example.com + serviceAccountJWKSURI: https://api.internal.privatedns1.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data index 77a8422886d1e..c94c57873060a 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatedns2.example.com - serviceAccountJWKSURI: https://api.privatedns2.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatedns2.example.com + serviceAccountJWKSURI: https://api.internal.privatedns2.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data index 5c1c8e5c475f7..77f3d3bccfe45 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateflannel.example.com - serviceAccountJWKSURI: https://api.privateflannel.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateflannel.example.com + serviceAccountJWKSURI: https://api.internal.privateflannel.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data index 9bb0d09778325..4f32d0aa19a2b 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privatekopeio.example.com - serviceAccountJWKSURI: https://api.privatekopeio.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privatekopeio.example.com + serviceAccountJWKSURI: https://api.internal.privatekopeio.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data b/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data index f57c9cc222e62..9540233cdb333 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data +++ b/tests/integration/update_cluster/privateweave/data/aws_launch_template_master-us-test-1a.masters.privateweave.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.privateweave.example.com - serviceAccountJWKSURI: https://api.privateweave.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.privateweave.example.com + serviceAccountJWKSURI: https://api.internal.privateweave.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy index 5d7e379e46266..67b82f7100e47 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy @@ -4,12 +4,12 @@ "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { - "api.minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" + "api.internal.minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" } }, "Effect": "Allow", "Principal": { - "Federated": "arn:aws:iam::123456789012:oidc-provider/api.minimal.example.com" + "Federated": "arn:aws:iam::123456789012:oidc-provider/api.internal.minimal.example.com" } } ], diff --git a/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 1724a3cf2aa97..ccf2caacd5890 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/public-jwks/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.minimal.example.com - serviceAccountJWKSURI: https://api.minimal.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.minimal.example.com + serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index bbe3365c4c5c0..f804811cba2e6 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -241,7 +241,7 @@ resource "aws_iam_instance_profile" "nodes-minimal-example-com" { resource "aws_iam_openid_connect_provider" "minimal-example-com" { client_id_list = ["amazonaws.com"] thumbprint_list = ["a8de31f85544b9e73aeb26ded19330e0e996fb79"] - url = "https://api.minimal.example.com" + url = "https://api.internal.minimal.example.com" } resource "aws_iam_role_policy" "dns-controller-kube-system-sa-minimal-example-com" { diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data index a33a094bda78d..a4cf425283121 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.sharedsubnet.example.com - serviceAccountJWKSURI: https://api.sharedsubnet.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.sharedsubnet.example.com + serviceAccountJWKSURI: https://api.internal.sharedsubnet.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data index b83763e8b7a7d..5ee3af7af5109 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.sharedvpc.example.com - serviceAccountJWKSURI: https://api.sharedvpc.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.sharedvpc.example.com + serviceAccountJWKSURI: https://api.internal.sharedvpc.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data index 244638d1a420f..d9c77e21372a1 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data @@ -205,8 +205,8 @@ kubeAPIServer: requestheaderUsernameHeaders: - X-Remote-User securePort: 443 - serviceAccountIssuer: https://api.unmanaged.example.com - serviceAccountJWKSURI: https://api.unmanaged.example.com/openid/v1/jwks + serviceAccountIssuer: https://api.internal.unmanaged.example.com + serviceAccountJWKSURI: https://api.internal.unmanaged.example.com/openid/v1/jwks serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: