diff --git a/bindata/bootkube/manifests/daemonset-kube-apiserver.yaml b/bindata/bootkube/manifests/daemonset-kube-apiserver.yaml deleted file mode 100644 index 21cbdba895..0000000000 --- a/bindata/bootkube/manifests/daemonset-kube-apiserver.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-apiserver - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" - annotations: - openshift.io/run-level: "0" -spec: - selector: - matchLabels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" - template: - metadata: - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" - spec: - securityContext: - supplementalGroups: [65534] - initContainers: - - name: setup-lock-dir - image: {{ .Image }} - imagePullPolicy: {{ .ImagePullPolicy }} - command: ["/bin/bash", "-c"] - args: - - | - chgrp 65534 /var/lock - chmod 775 /var/lock - securityContext: - runAsNonRoot: false - privileged: true - volumeMounts: - - mountPath: /var/lock - name: var-lock - containers: - - name: kube-apiserver - image: {{ .Image }} - imagePullPolicy: {{ .ImagePullPolicy }} - command: ["/usr/bin/flock", "--exclusive", "--timeout=60", "/var/lock/api-server.lock", "-c"] - args: - - exec hypershift openshift-kube-apiserver --config=/var/run/configmaps/config/config.yaml - securityContext: - runAsNonRoot: true - runAsUser: 65534 - privileged: true - volumeMounts: - - mountPath: /var/lock - name: var-lock - readOnly: false - - mountPath: /etc/ssl/certs - name: ssl-certs-host - readOnly: true - - mountPath: /var/run/configmaps/config - name: config - - mountPath: /var/run/configmaps/aggregator-client-ca - name: aggregator-client-ca - - mountPath: /var/run/configmaps/client-ca - name: client-ca - - mountPath: /var/run/configmaps/etcd-serving-ca - name: etcd-serving-ca - - mountPath: /var/run/configmaps/kubelet-serving-ca - name: kubelet-serving-ca - - mountPath: /var/run/configmaps/sa-token-signing-certs - name: sa-token-signing-certs - - mountPath: /var/run/secrets/aggregator-client - name: aggregator-client - - mountPath: /var/run/secrets/etcd-client - name: etcd-client - - mountPath: /var/run/secrets/kubelet-client - name: kubelet-client - - mountPath: /var/run/secrets/serving-cert - name: serving-cert - hostNetwork: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - volumes: - - name: config - configMap: - name: kube-apiserver-config - - name: aggregator-client-ca - configMap: - name: aggregator-client-ca - - name: client-ca - configMap: - name: client-ca - - name: etcd-serving-ca - configMap: - name: etcd-serving-ca - - name: kubelet-serving-ca - configMap: - name: kubelet-serving-ca - - name: sa-token-signing-certs - configMap: - name: sa-token-signing-certs - - name: aggregator-client - secret: - secretName: aggregator-client - - name: etcd-client - secret: - secretName: etcd-client - - name: kubelet-client - secret: - secretName: kubelet-client - - name: serving-cert - secret: - secretName: serving-cert - - hostPath: - path: {{ .LockHostPath }} - name: var-lock - - hostPath: - path: /etc/ssl/certs - name: ssl-certs-host - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate \ No newline at end of file diff --git a/bindata/bootkube/manifests/kube-system-configmap-aggregator-client-ca.yaml b/bindata/bootkube/manifests/kube-system-configmap-aggregator-client-ca.yaml deleted file mode 100644 index c1e9e7c58d..0000000000 --- a/bindata/bootkube/manifests/kube-system-configmap-aggregator-client-ca.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: aggregator-client-ca - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -data: - ca-bundle.crt: | - {{ .Assets | load "aggregator-ca.crt" | indent 4 }} diff --git a/bindata/bootkube/manifests/kube-system-configmap-client-ca.yaml b/bindata/bootkube/manifests/kube-system-configmap-client-ca.yaml deleted file mode 100644 index 4c4f2e4fb6..0000000000 --- a/bindata/bootkube/manifests/kube-system-configmap-client-ca.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: client-ca - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -data: - ca-bundle.crt: | - {{ .Assets | load "kube-ca.crt" | indent 4 }} - diff --git a/bindata/bootkube/manifests/kube-system-configmap-etcd-serving-ca.yaml b/bindata/bootkube/manifests/kube-system-configmap-etcd-serving-ca.yaml deleted file mode 100644 index 2ef41fc801..0000000000 --- a/bindata/bootkube/manifests/kube-system-configmap-etcd-serving-ca.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: etcd-serving-ca - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -data: - ca-bundle.crt: | - {{ .Assets | load .EtcdServingCA | indent 4 }} diff --git a/bindata/bootkube/manifests/kube-system-configmap-kube-apiserver-config.yaml b/bindata/bootkube/manifests/kube-system-configmap-kube-apiserver-config.yaml deleted file mode 100644 index c0885a3103..0000000000 --- a/bindata/bootkube/manifests/kube-system-configmap-kube-apiserver-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kube-apiserver-config - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -data: - config.yaml: | - {{ .PostBootstrapConfig | indent 4 }} diff --git a/bindata/bootkube/manifests/kube-system-configmap-kubelet-serving-ca.yaml b/bindata/bootkube/manifests/kube-system-configmap-kubelet-serving-ca.yaml deleted file mode 100644 index 7c6fff3250..0000000000 --- a/bindata/bootkube/manifests/kube-system-configmap-kubelet-serving-ca.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubelet-serving-ca - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -data: - ca-bundle.crt: | - {{ .Assets | load "kube-ca.crt" | indent 4 }} - diff --git a/bindata/bootkube/manifests/kube-system-configmap-sa-token-signing-certs.yaml b/bindata/bootkube/manifests/kube-system-configmap-sa-token-signing-certs.yaml deleted file mode 100644 index 4755753032..0000000000 --- a/bindata/bootkube/manifests/kube-system-configmap-sa-token-signing-certs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: sa-token-signing-certs - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -data: - ca-bundle.crt: | - {{ .Assets | load "service-account.pub" | indent 4 }} diff --git a/bindata/bootkube/manifests/kube-system-secret-aggregator-client.yaml b/bindata/bootkube/manifests/kube-system-secret-aggregator-client.yaml deleted file mode 100644 index f79db104e7..0000000000 --- a/bindata/bootkube/manifests/kube-system-secret-aggregator-client.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aggregator-client - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -type: SecretTypeTLS -data: - tls.crt: {{ .Assets | load "apiserver-proxy.crt" | base64 }} - tls.key: {{ .Assets | load "apiserver-proxy.key" | base64 }} diff --git a/bindata/bootkube/manifests/kube-system-secret-etcd-client.yaml b/bindata/bootkube/manifests/kube-system-secret-etcd-client.yaml deleted file mode 100644 index 027302e06a..0000000000 --- a/bindata/bootkube/manifests/kube-system-secret-etcd-client.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: etcd-client - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -type: SecretTypeTLS -data: - tls.crt: {{ .Assets | load "etcd-client.crt" | base64 }} - tls.key: {{ .Assets | load "etcd-client.key" | base64 }} diff --git a/bindata/bootkube/manifests/kube-system-secret-kubelet-client.yaml b/bindata/bootkube/manifests/kube-system-secret-kubelet-client.yaml deleted file mode 100644 index 6d7ba30e91..0000000000 --- a/bindata/bootkube/manifests/kube-system-secret-kubelet-client.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: kubelet-client - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -type: SecretTypeTLS -data: - tls.crt: {{ .Assets | load "apiserver.crt" | base64 }} - tls.key: {{ .Assets | load "apiserver.key" | base64 }} diff --git a/bindata/bootkube/manifests/kube-system-secret-serving-cert.yaml b/bindata/bootkube/manifests/kube-system-secret-serving-cert.yaml deleted file mode 100644 index d942afb356..0000000000 --- a/bindata/bootkube/manifests/kube-system-secret-serving-cert.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: serving-cert - namespace: kube-system - labels: - tier: "control-plane" - k8s-app: "kube-apiserver" - openshift.io/control-plane: "true" - openshift.io/component: "api" -type: SecretTypeTLS -data: - tls.crt: {{ .Assets | load "apiserver.crt" | base64 }} - tls.key: {{ .Assets | load "apiserver.key" | base64 }} diff --git a/cmd/cluster-kube-apiserver-operator/render/render.go b/cmd/cluster-kube-apiserver-operator/render/render.go index c783099004..ba6fa66eac 100644 --- a/cmd/cluster-kube-apiserver-operator/render/render.go +++ b/cmd/cluster-kube-apiserver-operator/render/render.go @@ -4,12 +4,9 @@ import ( "errors" "fmt" "io/ioutil" - "os" "path/filepath" - "strings" "github.com/golang/glog" - "github.com/openshift/library-go/pkg/assets" "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -73,9 +70,10 @@ func (r *renderOpts) AddFlags(fs *pflag.FlagSet) { fs.StringArrayVar(&r.etcdServerURLs, "manifest-etcd-server-urls", r.etcdServerURLs, "The etcd server URL, comma separated.") fs.StringVar(&r.etcdServingCA, "manifest-etcd-serving-ca", r.etcdServingCA, "The etcd serving CA.") + // TODO: remove when the installer has stopped using it fs.BoolVar(&r.disablePhase2, "disable-phase-2", r.disablePhase2, "Disable rendering of the phase 2 daemonset and dependencies.") fs.MarkHidden("disable-phase-2") - fs.MarkDeprecated("disable-phase-2", "Only used temporarily to synchronize roll out of the phase 2 removal.") + fs.MarkDeprecated("disable-phase-2", "Only used temporarily to synchronize roll out of the phase 2 removal. Does nothing anymore.") } // Validate verifies the inputs. @@ -145,20 +143,7 @@ func (r *renderOpts) Run() error { return err } - var filters []assets.FileInfoPredicate - if r.disablePhase2 { - filters = append(filters, func(info os.FileInfo) bool { - if strings.HasPrefix(info.Name(), "kube-system-") { - return false - } - if info.Name() == "daemonset-kube-apiserver.yaml" { - return false - } - return true - }) - } - - return genericrender.WriteFiles(&r.generic, &renderConfig.FileConfig, renderConfig, filters...) + return genericrender.WriteFiles(&r.generic, &renderConfig.FileConfig, renderConfig) } func mustReadTemplateFile(fname string) genericrenderoptions.Template {