From 414b3a780b68325737abae3a32852d1bd74f0baf Mon Sep 17 00:00:00 2001 From: Rodrigo Menezes Date: Sun, 8 Jul 2018 10:10:19 -0700 Subject: [PATCH 1/2] Rename hept.io authenticator to aws authenticator --- docs/authentication.md | 16 ++--- nodeup/pkg/model/kube_apiserver.go | 16 ++--- pkg/apis/kops/cluster.go | 6 +- pkg/apis/kops/v1alpha1/cluster.go | 6 +- .../kops/v1alpha1/zz_generated.conversion.go | 60 +++++++++---------- .../kops/v1alpha1/zz_generated.deepcopy.go | 38 ++++++------ pkg/apis/kops/v1alpha2/cluster.go | 6 +- .../kops/v1alpha2/zz_generated.conversion.go | 60 +++++++++---------- .../kops/v1alpha2/zz_generated.deepcopy.go | 38 ++++++------ pkg/apis/kops/zz_generated.deepcopy.go | 38 ++++++------ pkg/model/pki.go | 6 +- .../k8s-1.10.yaml | 28 ++++----- .../pkg/fi/cloudup/bootstrapchannelbuilder.go | 4 +- 13 files changed, 161 insertions(+), 161 deletions(-) rename upup/models/cloudup/resources/addons/{authentication.hept.io => authentication.aws}/k8s-1.10.yaml (63%) diff --git a/docs/authentication.md b/docs/authentication.md index ec75760f98117..c114916559c7a 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -32,14 +32,14 @@ spec: rbac: {} ``` -## Heptio Authenticator for AWS +## AWS IAM Authenticator -If you want to turn on Heptio Authenticator for AWS, you can add this block +If you want to turn on AWS IAM Authenticator, you can add this block to your cluster: ``` authentication: - heptio: {} + aws: {} ``` For example: @@ -51,14 +51,14 @@ metadata: name: cluster.example.com spec: authentication: - heptio: {} + aws: {} authorization: rbac: {} ``` -Once the cluster is up you will need to create the heptio authenticator +Once the cluster is up you will need to create the AWS IAM authenticator config as a config map. (This can also be done when boostrapping a cluster using addons) -For more details on heptio authenticator please visit (heptio/authenticator)[https://github.com/heptio/authenticator] +For more details on AWS IAM authenticator please visit (kubernetes-sigs/aws-iam-authenticator)[https://github.com/kubernetes-sigs/aws-iam-authenticator] Example config: ``` @@ -67,9 +67,9 @@ apiVersion: v1 kind: ConfigMap metadata: namespace: kube-system - name: heptio-authenticator-aws + name: aws-iam-authenticator labels: - k8s-app: heptio-authenticator-aws + k8s-app: aws-iam-authenticator data: config.yaml: | # a unique-per-cluster identifier to prevent replay attacks diff --git a/nodeup/pkg/model/kube_apiserver.go b/nodeup/pkg/model/kube_apiserver.go index 5d9ae53150274..8f4755dcf7441 100644 --- a/nodeup/pkg/model/kube_apiserver.go +++ b/nodeup/pkg/model/kube_apiserver.go @@ -158,35 +158,35 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte return nil } - if b.Cluster.Spec.Authentication.Heptio != nil { - id := "heptio-authenticator-aws" + if b.Cluster.Spec.Authentication.Aws != nil { + id := "aws-iam-authenticator" b.Cluster.Spec.KubeAPIServer.AuthenticationTokenWebhookConfigFile = fi.String(PathAuthnConfig) { caCertificate, err := b.NodeupModelContext.KeyStore.FindCert(fi.CertificateId_CA) if err != nil { - return fmt.Errorf("error fetching Heptio Authentication CA certificate from keystore: %v", err) + return fmt.Errorf("error fetching AWS IAM Authentication CA certificate from keystore: %v", err) } if caCertificate == nil { - return fmt.Errorf("Heptio Authentication CA certificate %q not found", fi.CertificateId_CA) + return fmt.Errorf("AWS IAM Authentication CA certificate %q not found", fi.CertificateId_CA) } cluster := kubeconfig.KubectlCluster{ Server: "https://127.0.0.1:21362/authenticate", } context := kubeconfig.KubectlContext{ - Cluster: "heptio-authenticator-aws", + Cluster: "aws-iam-authenticator", User: "kube-apiserver", } cluster.CertificateAuthorityData, err = caCertificate.AsBytes() if err != nil { - return fmt.Errorf("error encoding Heptio Authentication CA certificate: %v", err) + return fmt.Errorf("error encoding AWS IAM Authentication CA certificate: %v", err) } config := kubeconfig.KubectlConfig{} config.Clusters = append(config.Clusters, &kubeconfig.KubectlClusterWithName{ - Name: "heptio-authenticator-aws", + Name: "aws-iam-authenticator", Cluster: cluster, }) config.Users = append(config.Users, &kubeconfig.KubectlUserWithName{ @@ -427,7 +427,7 @@ func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) { } if b.Cluster.Spec.Authentication != nil { - if b.Cluster.Spec.Authentication.Kopeio != nil || b.Cluster.Spec.Authentication.Heptio != nil { + if b.Cluster.Spec.Authentication.Kopeio != nil || b.Cluster.Spec.Authentication.Aws != nil { addHostPathMapping(pod, container, "authn-config", PathAuthnConfig) } } diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index 0e60555614151..59ec5aa42ad64 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -230,17 +230,17 @@ type ExecContainerAction struct { type AuthenticationSpec struct { Kopeio *KopeioAuthenticationSpec `json:"kopeio,omitempty"` - Heptio *HeptioAuthenticationSpec `json:"heptio,omitempty"` + Aws *AwsAuthenticationSpec `json:"aws,omitempty"` } func (s *AuthenticationSpec) IsEmpty() bool { - return s.Kopeio == nil && s.Heptio == nil + return s.Kopeio == nil && s.Aws == nil } type KopeioAuthenticationSpec struct { } -type HeptioAuthenticationSpec struct { +type AwsAuthenticationSpec struct { } type AuthorizationSpec struct { diff --git a/pkg/apis/kops/v1alpha1/cluster.go b/pkg/apis/kops/v1alpha1/cluster.go index e175fcea3a720..fde28cae441fc 100644 --- a/pkg/apis/kops/v1alpha1/cluster.go +++ b/pkg/apis/kops/v1alpha1/cluster.go @@ -229,17 +229,17 @@ type ExecContainerAction struct { type AuthenticationSpec struct { Kopeio *KopeioAuthenticationSpec `json:"kopeio,omitempty"` - Heptio *HeptioAuthenticationSpec `json:"heptio,omitempty"` + Aws *AwsAuthenticationSpec `json:"aws,omitempty"` } func (s *AuthenticationSpec) IsEmpty() bool { - return s.Kopeio == nil && s.Heptio == nil + return s.Kopeio == nil && s.Aws == nil } type KopeioAuthenticationSpec struct { } -type HeptioAuthenticationSpec struct { +type AwsAuthenticationSpec struct { } type AuthorizationSpec struct { diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go index 7b042addf8d3f..36c4382504655 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go @@ -49,6 +49,8 @@ func RegisterConversions(scheme *runtime.Scheme) error { Convert_kops_AuthenticationSpec_To_v1alpha1_AuthenticationSpec, Convert_v1alpha1_AuthorizationSpec_To_kops_AuthorizationSpec, Convert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec, + Convert_v1alpha1_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec, + Convert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec, Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec, Convert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec, Convert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec, @@ -97,8 +99,6 @@ func RegisterConversions(scheme *runtime.Scheme) error { Convert_kops_FlannelNetworkingSpec_To_v1alpha1_FlannelNetworkingSpec, Convert_v1alpha1_HTTPProxy_To_kops_HTTPProxy, Convert_kops_HTTPProxy_To_v1alpha1_HTTPProxy, - Convert_v1alpha1_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec, - Convert_kops_HeptioAuthenticationSpec_To_v1alpha1_HeptioAuthenticationSpec, Convert_v1alpha1_HookSpec_To_kops_HookSpec, Convert_kops_HookSpec_To_v1alpha1_HookSpec, Convert_v1alpha1_IAMProfileSpec_To_kops_IAMProfileSpec, @@ -302,14 +302,14 @@ func autoConvert_v1alpha1_AuthenticationSpec_To_kops_AuthenticationSpec(in *Auth } else { out.Kopeio = nil } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio - *out = new(kops.HeptioAuthenticationSpec) - if err := Convert_v1alpha1_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(*in, *out, s); err != nil { + if in.Aws != nil { + in, out := &in.Aws, &out.Aws + *out = new(kops.AwsAuthenticationSpec) + if err := Convert_v1alpha1_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(*in, *out, s); err != nil { return err } } else { - out.Heptio = nil + out.Aws = nil } return nil } @@ -329,14 +329,14 @@ func autoConvert_kops_AuthenticationSpec_To_v1alpha1_AuthenticationSpec(in *kops } else { out.Kopeio = nil } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio - *out = new(HeptioAuthenticationSpec) - if err := Convert_kops_HeptioAuthenticationSpec_To_v1alpha1_HeptioAuthenticationSpec(*in, *out, s); err != nil { + if in.Aws != nil { + in, out := &in.Aws, &out.Aws + *out = new(AwsAuthenticationSpec) + if err := Convert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec(*in, *out, s); err != nil { return err } } else { - out.Heptio = nil + out.Aws = nil } return nil } @@ -400,6 +400,24 @@ func Convert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec(in *kops.Autho return autoConvert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec(in, out, s) } +func autoConvert_v1alpha1_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(in *AwsAuthenticationSpec, out *kops.AwsAuthenticationSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha1_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec is an autogenerated conversion function. +func Convert_v1alpha1_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(in *AwsAuthenticationSpec, out *kops.AwsAuthenticationSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(in, out, s) +} + +func autoConvert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec(in *kops.AwsAuthenticationSpec, out *AwsAuthenticationSpec, s conversion.Scope) error { + return nil +} + +// Convert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec is an autogenerated conversion function. +func Convert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec(in *kops.AwsAuthenticationSpec, out *AwsAuthenticationSpec, s conversion.Scope) error { + return autoConvert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec(in, out, s) +} + func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error { return nil } @@ -1723,24 +1741,6 @@ func Convert_kops_HTTPProxy_To_v1alpha1_HTTPProxy(in *kops.HTTPProxy, out *HTTPP return autoConvert_kops_HTTPProxy_To_v1alpha1_HTTPProxy(in, out, s) } -func autoConvert_v1alpha1_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(in *HeptioAuthenticationSpec, out *kops.HeptioAuthenticationSpec, s conversion.Scope) error { - return nil -} - -// Convert_v1alpha1_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec is an autogenerated conversion function. -func Convert_v1alpha1_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(in *HeptioAuthenticationSpec, out *kops.HeptioAuthenticationSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(in, out, s) -} - -func autoConvert_kops_HeptioAuthenticationSpec_To_v1alpha1_HeptioAuthenticationSpec(in *kops.HeptioAuthenticationSpec, out *HeptioAuthenticationSpec, s conversion.Scope) error { - return nil -} - -// Convert_kops_HeptioAuthenticationSpec_To_v1alpha1_HeptioAuthenticationSpec is an autogenerated conversion function. -func Convert_kops_HeptioAuthenticationSpec_To_v1alpha1_HeptioAuthenticationSpec(in *kops.HeptioAuthenticationSpec, out *HeptioAuthenticationSpec, s conversion.Scope) error { - return autoConvert_kops_HeptioAuthenticationSpec_To_v1alpha1_HeptioAuthenticationSpec(in, out, s) -} - func autoConvert_v1alpha1_HookSpec_To_kops_HookSpec(in *HookSpec, out *kops.HookSpec, s conversion.Scope) error { out.Name = in.Name out.Disabled = in.Disabled diff --git a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go index 7cf32fdbe9605..2dee5c6ff2168 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go @@ -153,12 +153,12 @@ func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { **out = **in } } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio + if in.Aws != nil { + in, out := &in.Aws, &out.Aws if *in == nil { *out = nil } else { - *out = new(HeptioAuthenticationSpec) + *out = new(AwsAuthenticationSpec) **out = **in } } @@ -209,6 +209,22 @@ func (in *AuthorizationSpec) DeepCopy() *AuthorizationSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsAuthenticationSpec) DeepCopyInto(out *AwsAuthenticationSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsAuthenticationSpec. +func (in *AwsAuthenticationSpec) DeepCopy() *AwsAuthenticationSpec { + if in == nil { + return nil + } + out := new(AwsAuthenticationSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BastionSpec) DeepCopyInto(out *BastionSpec) { *out = *in @@ -1435,22 +1451,6 @@ func (in *HTTPProxy) DeepCopy() *HTTPProxy { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HeptioAuthenticationSpec) DeepCopyInto(out *HeptioAuthenticationSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeptioAuthenticationSpec. -func (in *HeptioAuthenticationSpec) DeepCopy() *HeptioAuthenticationSpec { - if in == nil { - return nil - } - out := new(HeptioAuthenticationSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HookSpec) DeepCopyInto(out *HookSpec) { *out = *in diff --git a/pkg/apis/kops/v1alpha2/cluster.go b/pkg/apis/kops/v1alpha2/cluster.go index 2bbc775c367d6..a3b0b4140c6e6 100644 --- a/pkg/apis/kops/v1alpha2/cluster.go +++ b/pkg/apis/kops/v1alpha2/cluster.go @@ -230,17 +230,17 @@ type ExecContainerAction struct { type AuthenticationSpec struct { Kopeio *KopeioAuthenticationSpec `json:"kopeio,omitempty"` - Heptio *HeptioAuthenticationSpec `json:"heptio,omitempty"` + Aws *AwsAuthenticationSpec `json:"aws,omitempty"` } func (s *AuthenticationSpec) IsEmpty() bool { - return s.Kopeio == nil && s.Heptio == nil + return s.Kopeio == nil && s.Aws == nil } type KopeioAuthenticationSpec struct { } -type HeptioAuthenticationSpec struct { +type AwsAuthenticationSpec struct { } type AuthorizationSpec struct { diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 31f469c6f8c09..b78472a9f0fa3 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -49,6 +49,8 @@ func RegisterConversions(scheme *runtime.Scheme) error { Convert_kops_AuthenticationSpec_To_v1alpha2_AuthenticationSpec, Convert_v1alpha2_AuthorizationSpec_To_kops_AuthorizationSpec, Convert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec, + Convert_v1alpha2_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec, + Convert_kops_AwsAuthenticationSpec_To_v1alpha2_AwsAuthenticationSpec, Convert_v1alpha2_BastionSpec_To_kops_BastionSpec, Convert_kops_BastionSpec_To_v1alpha2_BastionSpec, Convert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec, @@ -101,8 +103,6 @@ func RegisterConversions(scheme *runtime.Scheme) error { Convert_kops_FlannelNetworkingSpec_To_v1alpha2_FlannelNetworkingSpec, Convert_v1alpha2_HTTPProxy_To_kops_HTTPProxy, Convert_kops_HTTPProxy_To_v1alpha2_HTTPProxy, - Convert_v1alpha2_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec, - Convert_kops_HeptioAuthenticationSpec_To_v1alpha2_HeptioAuthenticationSpec, Convert_v1alpha2_HookSpec_To_kops_HookSpec, Convert_kops_HookSpec_To_v1alpha2_HookSpec, Convert_v1alpha2_IAMProfileSpec_To_kops_IAMProfileSpec, @@ -316,14 +316,14 @@ func autoConvert_v1alpha2_AuthenticationSpec_To_kops_AuthenticationSpec(in *Auth } else { out.Kopeio = nil } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio - *out = new(kops.HeptioAuthenticationSpec) - if err := Convert_v1alpha2_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(*in, *out, s); err != nil { + if in.Aws != nil { + in, out := &in.Aws, &out.Aws + *out = new(kops.AwsAuthenticationSpec) + if err := Convert_v1alpha2_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(*in, *out, s); err != nil { return err } } else { - out.Heptio = nil + out.Aws = nil } return nil } @@ -343,14 +343,14 @@ func autoConvert_kops_AuthenticationSpec_To_v1alpha2_AuthenticationSpec(in *kops } else { out.Kopeio = nil } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio - *out = new(HeptioAuthenticationSpec) - if err := Convert_kops_HeptioAuthenticationSpec_To_v1alpha2_HeptioAuthenticationSpec(*in, *out, s); err != nil { + if in.Aws != nil { + in, out := &in.Aws, &out.Aws + *out = new(AwsAuthenticationSpec) + if err := Convert_kops_AwsAuthenticationSpec_To_v1alpha2_AwsAuthenticationSpec(*in, *out, s); err != nil { return err } } else { - out.Heptio = nil + out.Aws = nil } return nil } @@ -414,6 +414,24 @@ func Convert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec(in *kops.Autho return autoConvert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec(in, out, s) } +func autoConvert_v1alpha2_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(in *AwsAuthenticationSpec, out *kops.AwsAuthenticationSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha2_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec is an autogenerated conversion function. +func Convert_v1alpha2_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(in *AwsAuthenticationSpec, out *kops.AwsAuthenticationSpec, s conversion.Scope) error { + return autoConvert_v1alpha2_AwsAuthenticationSpec_To_kops_AwsAuthenticationSpec(in, out, s) +} + +func autoConvert_kops_AwsAuthenticationSpec_To_v1alpha2_AwsAuthenticationSpec(in *kops.AwsAuthenticationSpec, out *AwsAuthenticationSpec, s conversion.Scope) error { + return nil +} + +// Convert_kops_AwsAuthenticationSpec_To_v1alpha2_AwsAuthenticationSpec is an autogenerated conversion function. +func Convert_kops_AwsAuthenticationSpec_To_v1alpha2_AwsAuthenticationSpec(in *kops.AwsAuthenticationSpec, out *AwsAuthenticationSpec, s conversion.Scope) error { + return autoConvert_kops_AwsAuthenticationSpec_To_v1alpha2_AwsAuthenticationSpec(in, out, s) +} + func autoConvert_v1alpha2_BastionSpec_To_kops_BastionSpec(in *BastionSpec, out *kops.BastionSpec, s conversion.Scope) error { out.BastionPublicName = in.BastionPublicName out.IdleTimeoutSeconds = in.IdleTimeoutSeconds @@ -1834,24 +1852,6 @@ func Convert_kops_HTTPProxy_To_v1alpha2_HTTPProxy(in *kops.HTTPProxy, out *HTTPP return autoConvert_kops_HTTPProxy_To_v1alpha2_HTTPProxy(in, out, s) } -func autoConvert_v1alpha2_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(in *HeptioAuthenticationSpec, out *kops.HeptioAuthenticationSpec, s conversion.Scope) error { - return nil -} - -// Convert_v1alpha2_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec is an autogenerated conversion function. -func Convert_v1alpha2_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(in *HeptioAuthenticationSpec, out *kops.HeptioAuthenticationSpec, s conversion.Scope) error { - return autoConvert_v1alpha2_HeptioAuthenticationSpec_To_kops_HeptioAuthenticationSpec(in, out, s) -} - -func autoConvert_kops_HeptioAuthenticationSpec_To_v1alpha2_HeptioAuthenticationSpec(in *kops.HeptioAuthenticationSpec, out *HeptioAuthenticationSpec, s conversion.Scope) error { - return nil -} - -// Convert_kops_HeptioAuthenticationSpec_To_v1alpha2_HeptioAuthenticationSpec is an autogenerated conversion function. -func Convert_kops_HeptioAuthenticationSpec_To_v1alpha2_HeptioAuthenticationSpec(in *kops.HeptioAuthenticationSpec, out *HeptioAuthenticationSpec, s conversion.Scope) error { - return autoConvert_kops_HeptioAuthenticationSpec_To_v1alpha2_HeptioAuthenticationSpec(in, out, s) -} - func autoConvert_v1alpha2_HookSpec_To_kops_HookSpec(in *HookSpec, out *kops.HookSpec, s conversion.Scope) error { out.Name = in.Name out.Disabled = in.Disabled diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index c2d1a14868a1c..f6b0cf17a2b0e 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -153,12 +153,12 @@ func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { **out = **in } } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio + if in.Aws != nil { + in, out := &in.Aws, &out.Aws if *in == nil { *out = nil } else { - *out = new(HeptioAuthenticationSpec) + *out = new(AwsAuthenticationSpec) **out = **in } } @@ -209,6 +209,22 @@ func (in *AuthorizationSpec) DeepCopy() *AuthorizationSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsAuthenticationSpec) DeepCopyInto(out *AwsAuthenticationSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsAuthenticationSpec. +func (in *AwsAuthenticationSpec) DeepCopy() *AwsAuthenticationSpec { + if in == nil { + return nil + } + out := new(AwsAuthenticationSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BastionSpec) DeepCopyInto(out *BastionSpec) { *out = *in @@ -1402,22 +1418,6 @@ func (in *HTTPProxy) DeepCopy() *HTTPProxy { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HeptioAuthenticationSpec) DeepCopyInto(out *HeptioAuthenticationSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeptioAuthenticationSpec. -func (in *HeptioAuthenticationSpec) DeepCopy() *HeptioAuthenticationSpec { - if in == nil { - return nil - } - out := new(HeptioAuthenticationSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HookSpec) DeepCopyInto(out *HookSpec) { *out = *in diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index 61e176a2b7b27..2bd38f7e74029 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -169,12 +169,12 @@ func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { **out = **in } } - if in.Heptio != nil { - in, out := &in.Heptio, &out.Heptio + if in.Aws != nil { + in, out := &in.Aws, &out.Aws if *in == nil { *out = nil } else { - *out = new(HeptioAuthenticationSpec) + *out = new(AwsAuthenticationSpec) **out = **in } } @@ -225,6 +225,22 @@ func (in *AuthorizationSpec) DeepCopy() *AuthorizationSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsAuthenticationSpec) DeepCopyInto(out *AwsAuthenticationSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsAuthenticationSpec. +func (in *AwsAuthenticationSpec) DeepCopy() *AwsAuthenticationSpec { + if in == nil { + return nil + } + out := new(AwsAuthenticationSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BastionSpec) DeepCopyInto(out *BastionSpec) { *out = *in @@ -1565,22 +1581,6 @@ func (in *HTTPProxy) DeepCopy() *HTTPProxy { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HeptioAuthenticationSpec) DeepCopyInto(out *HeptioAuthenticationSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeptioAuthenticationSpec. -func (in *HeptioAuthenticationSpec) DeepCopy() *HeptioAuthenticationSpec { - if in == nil { - return nil - } - out := new(HeptioAuthenticationSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HookSpec) DeepCopyInto(out *HookSpec) { *out = *in diff --git a/pkg/model/pki.go b/pkg/model/pki.go index def2d490de6db..4ce5ac06d77fa 100644 --- a/pkg/model/pki.go +++ b/pkg/model/pki.go @@ -264,15 +264,15 @@ func (b *PKIModelBuilder) Build(c *fi.ModelBuilderContext) error { } if b.Cluster.Spec.Authentication != nil { - if b.KopsModelContext.Cluster.Spec.Authentication.Heptio != nil { + if b.KopsModelContext.Cluster.Spec.Authentication.Aws != nil { alternateNames := []string{ "localhost", "127.0.0.1", } t := &fitasks.Keypair{ - Name: fi.String("heptio-authenticator-aws"), - Subject: "cn=heptio-authenticator-aws", + Name: fi.String("aws-iam-authenticator"), + Subject: "cn=aws-iam-authenticator", Type: "server", AlternateNames: alternateNames, Signer: defaultCA, diff --git a/upup/models/cloudup/resources/addons/authentication.hept.io/k8s-1.10.yaml b/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.10.yaml similarity index 63% rename from upup/models/cloudup/resources/addons/authentication.hept.io/k8s-1.10.yaml rename to upup/models/cloudup/resources/addons/authentication.aws/k8s-1.10.yaml index 08134da5282d4..f45419a3a7b7d 100644 --- a/upup/models/cloudup/resources/addons/authentication.hept.io/k8s-1.10.yaml +++ b/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.10.yaml @@ -3,9 +3,9 @@ apiVersion: extensions/v1beta1 kind: DaemonSet metadata: namespace: kube-system - name: heptio-authenticator-aws + name: aws-iam-authenticator labels: - k8s-app: heptio-authenticator-aws + k8s-app: aws-iam-authenticator spec: updateStrategy: type: RollingUpdate @@ -14,7 +14,7 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: - k8s-app: heptio-authenticator-aws + k8s-app: aws-iam-authenticator spec: # run on the host network (don't depend on CNI) hostNetwork: true @@ -28,17 +28,17 @@ spec: - key: CriticalAddonsOnly operator: Exists - # run `heptio-authenticator-aws server` with three volumes - # - config (mounted from the ConfigMap at /etc/heptio-authenticator-aws/config.yaml) + # run `aws-iam-authenticator server` with three volumes + # - config (mounted from the ConfigMap at /etc/aws-iam-authenticator/config.yaml) # - state (persisted TLS certificate and keys, mounted from the host) # - output (output kubeconfig to plug into your apiserver configuration, mounted from the host) containers: - - name: heptio-authenticator-aws + - name: aws-iam-authenticator image: gcr.io/heptio-images/authenticator:v0.3.0 args: - server - - --config=/etc/heptio-authenticator-aws/config.yaml - - --state-dir=/var/heptio-authenticator-aws + - --config=/etc/aws-iam-authenticator/config.yaml + - --state-dir=/var/aws-iam-authenticator - --kubeconfig-pregenerated=true resources: @@ -51,19 +51,19 @@ spec: volumeMounts: - name: config - mountPath: /etc/heptio-authenticator-aws/ + mountPath: /etc/aws-iam-authenticator/ - name: state - mountPath: /var/heptio-authenticator-aws/ + mountPath: /var/aws-iam-authenticator/ - name: output - mountPath: /etc/kubernetes/heptio-authenticator-aws/ + mountPath: /etc/kubernetes/aws-iam-authenticator/ volumes: - name: config configMap: - name: heptio-authenticator-aws + name: aws-iam-authenticator - name: output hostPath: - path: /srv/kubernetes/heptio-authenticator-aws/ + path: /srv/kubernetes/aws-iam-authenticator/ - name: state hostPath: - path: /srv/kubernetes/heptio-authenticator-aws/ + path: /srv/kubernetes/aws-iam-authenticator/ diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index e9b4d766009a7..ea0525c059e79 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -759,8 +759,8 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri manifests[key+"-"+id] = "addons/" + location } } - if b.cluster.Spec.Authentication.Heptio != nil { - key := "authentication.hept.io" + if b.cluster.Spec.Authentication.Aws != nil { + key := "authentication.aws" version := "0.3.0" { From f5e3d434fbfb7d9ac2dbc1601adc9d25e75bbdcc Mon Sep 17 00:00:00 2001 From: Rodrigo Menezes Date: Mon, 9 Jul 2018 15:04:13 -0700 Subject: [PATCH 2/2] fix cert location --- nodeup/pkg/model/kube_apiserver.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nodeup/pkg/model/kube_apiserver.go b/nodeup/pkg/model/kube_apiserver.go index 8f4755dcf7441..556d0e372b515 100644 --- a/nodeup/pkg/model/kube_apiserver.go +++ b/nodeup/pkg/model/kube_apiserver.go @@ -226,7 +226,7 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte } c.AddTask(&nodetasks.File{ - Path: "/srv/kubernetes/heptio-authenticator-aws/cert.pem", + Path: "/srv/kubernetes/aws-iam-authenticator/cert.pem", Contents: fi.NewBytesResource(certificateData), Type: nodetasks.FileType_File, Mode: fi.String("600"), @@ -248,7 +248,7 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte } c.AddTask(&nodetasks.File{ - Path: "/srv/kubernetes/heptio-authenticator-aws/key.pem", + Path: "/srv/kubernetes/aws-iam-authenticator/key.pem", Contents: fi.NewBytesResource(keyData), Type: nodetasks.FileType_File, Mode: fi.String("600"),