Anyone can review this since it is not cloud-provider specific.

FYI @justinsb for AWS change
FYI @derekwaynecarr for vagrant change

LGTM.

Any reason you didn't create a shared function in cluster/common.sh (like create-kubeconfig)?

Lgtm

I wanted to call this from configure-vm.sh which cannot include other files because it is inlined into the instance metadata.

@zmerlynn it is annoying to not be able to call a library function from configure-vm.sh. Were you implying in your review comments in a PR that it might be possible to move auth-setup stuff out of configure-vm to a later step?

@erictune: You should be able to move it after the download-release phase, which gets you access to kubectl, at least (which was a problem you had before, no binaries at all). That doesn't get you access to cluster/common.sh, though.

When configure-vm.sh was hatched, there actually were no common bash libraries. :/

@zmerlynn have you thought about how we will distribute known_tokens.csv to multiple masters once we have multi-master?

Okay, I suggest that we merge this and I'll talk with @zmerlynn offline how to make this more consistent across AWS and Vagrant.

@erictune: Eventually, I'd like to get around to implementing phase 2 of #3579, which makes the add-on crap-script more of a controller in a pod. I wonder if we could manage the secrets containers using that controller, or if there's a chicken/egg issue somewhere? (I haven't had time to think about any of that, though.)

Would like to merge, but both Shippable and travis-ci show build failures. Could you investigate? Thank you.

Go 1.4 passes travis. Go 1.3 failed integration test on travis, but must be a flake because this PR touches no go files, and could not interact with integration testing.

Checking Shippable requires giving permissions to Shippable that I won't give.

Shippable is an integration test flake, too. Merging.