Skip to content

Commit

Permalink
Revert "Automated cherry pick of #29164"
Browse files Browse the repository at this point in the history
  • Loading branch information
@fabioy
fabioy authored Jul 27, 2016
1 parent d174ef4 commit 3ef3bbe
Show file tree
Hide file tree
Showing 5 changed files with 2 additions and 16 deletions.
1 change: 0 additions & 1 deletion cluster/gce/configure-vm.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -901,7 +901,6 @@ EOF
fi

env-to-grains "runtime_config"
env-to-grains "kube_user"
}

function salt-node-role() {
Expand Down
7 changes: 1 addition & 6 deletions cluster/gce/gci/configure-helper.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -637,12 +637,7 @@ function start-kube-apiserver {
webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\"}},"
fi
local -r src_dir="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty"

local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl"
remove-salt-config-comments "${abac_policy_json}"
sed -i -e "s@{{kube_user}}@${KUBE_USER}@g" "${abac_policy_json}"
cp "${abac_policy_json}" /etc/srv/kubernetes/

cp "${src_dir}/abac-authz-policy.jsonl" /etc/srv/kubernetes/
src_file="${src_dir}/kube-apiserver.manifest"
remove-salt-config-comments "${src_file}"
# Evaluate variables.
Expand Down
7 changes: 1 addition & 6 deletions cluster/gce/trusty/configure-helper.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,12 +542,7 @@ start_kube_apiserver() {
fi

src_dir="/home/kubernetes/kube-manifests/kubernetes/gci-trusty"

local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl"
remove_salt_config_comments "${abac_policy_json}"
sed -i -e "s@{{kube_user}}@${KUBE_USER}@g" "${abac_policy_json}"
cp "${abac_policy_json}" /etc/srv/kubernetes/

cp "${src_dir}/abac-authz-policy.jsonl" /etc/srv/kubernetes/
src_file="${src_dir}/kube-apiserver.manifest"
remove_salt_config_comments "${src_file}"
# Evaluate variables
Expand Down
2 changes: 0 additions & 2 deletions cluster/saltbase/salt/kube-apiserver/abac-authz-policy.jsonl
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
{% set kube_user = grains.kube_user -%}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"{{kube_user}}", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kube_proxy", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubecfg", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
Expand Down
1 change: 0 additions & 1 deletion cluster/saltbase/salt/kube-apiserver/init.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
/srv/kubernetes/abac-authz-policy.jsonl:
file.managed:
- source: salt://kube-apiserver/abac-authz-policy.jsonl
- template: jinja
- user: root
- group: root
- mode: 600
Expand Down

0 comments on commit 3ef3bbe

Please sign in to comment.