From ada466dc6785a243ab4c757c4f1e179bd736f6ab Mon Sep 17 00:00:00 2001
From: fabriziopandini <fabrizio.pandini@gmail.com>
Date: Fri, 4 Jan 2019 14:08:04 +0100
Subject: [PATCH] cleanup-getControllerManagerCommand

---
 .../app/phases/controlplane/manifests.go      |  22 +--
 .../app/phases/controlplane/manifests_test.go | 180 ------------------
 2 files changed, 11 insertions(+), 191 deletions(-)

diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go
index d48a86d138..5627131469 100644
--- a/cmd/kubeadm/app/phases/controlplane/manifests.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go
@@ -245,26 +245,26 @@ func calcNodeCidrSize(podSubnet string) string {
 
 // getControllerManagerCommand builds the right controller manager command from the given config object and version
 func getControllerManagerCommand(cfg *kubeadmapi.InitConfiguration, k8sVersion *version.Version) []string {
+
+	kubeconfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName)
+	caFile := filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName)
+
 	defaultArguments := map[string]string{
 		"bind-address":                     "127.0.0.1",
 		"leader-elect":                     "true",
-		"kubeconfig":                       filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName),
-		"root-ca-file":                     filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName),
+		"kubeconfig":                       kubeconfigFile,
+		"authentication-kubeconfig":        kubeconfigFile,
+		"authorization-kubeconfig":         kubeconfigFile,
+		"client-ca-file":                   caFile,
+		"requestheader-client-ca-file":     filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertName),
+		"root-ca-file":                     caFile,
 		"service-account-private-key-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.ServiceAccountPrivateKeyName),
-		"cluster-signing-cert-file":        filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName),
+		"cluster-signing-cert-file":        caFile,
 		"cluster-signing-key-file":         filepath.Join(cfg.CertificatesDir, kubeadmconstants.CAKeyName),
 		"use-service-account-credentials":  "true",
 		"controllers":                      "*,bootstrapsigner,tokencleaner",
 	}
 
-	//add the extra arguments for v1.12+
-	if k8sVersion.Major() >= 1 && k8sVersion.Minor() >= 12 {
-		defaultArguments["authentication-kubeconfig"] = filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName)
-		defaultArguments["authorization-kubeconfig"] = filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName)
-		defaultArguments["client-ca-file"] = filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName)
-		defaultArguments["requestheader-client-ca-file"] = filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertName)
-	}
-
 	// If using external CA, pass empty string to controller manager instead of ca.key/ca.crt path,
 	// so that the csrsigning controller fails to start
 	if res, _ := certphase.UsingExternalCA(cfg); res {
diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
index 8d179cfca7..13be4fa671 100644
--- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
@@ -182,45 +182,6 @@ func TestGetAPIServerCommand(t *testing.T) {
 				"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
 			},
 		},
-		{
-			name: "ignores the audit policy if the feature gate is not enabled",
-			cfg: &kubeadmapi.InitConfiguration{
-				LocalAPIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "4.3.2.1"},
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-					CertificatesDir: testCertsDir,
-				},
-			},
-			expected: []string{
-				"kube-apiserver",
-				"--insecure-port=0",
-				"--enable-admission-plugins=NodeRestriction",
-				"--service-cluster-ip-range=bar",
-				"--service-account-key-file=" + testCertsDir + "/sa.pub",
-				"--client-ca-file=" + testCertsDir + "/ca.crt",
-				"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
-				"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
-				"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
-				"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
-				"--enable-bootstrap-token-auth=true",
-				fmt.Sprintf("--secure-port=%d", 123),
-				"--allow-privileged=true",
-				"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
-				"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
-				"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
-				"--requestheader-username-headers=X-Remote-User",
-				"--requestheader-group-headers=X-Remote-Group",
-				"--requestheader-extra-headers-prefix=X-Remote-Extra-",
-				"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
-				"--requestheader-allowed-names=front-proxy-client",
-				"--authorization-mode=Node,RBAC",
-				"--advertise-address=4.3.2.1",
-				fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
-				"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
-				"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
-				"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
-			},
-		},
 		{
 			name: "ipv6 advertise address",
 			cfg: &kubeadmapi.InitConfiguration{
@@ -682,97 +643,6 @@ func TestGetControllerManagerCommand(t *testing.T) {
 				"--node-cidr-mask-size=80",
 			},
 		},
-		{
-			name: "custom certs dir for v1.11.3",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				CertificatesDir:   testCertsDir,
-				KubernetesVersion: "v1.11.3",
-			},
-			expected: []string{
-				"kube-controller-manager",
-				"--bind-address=127.0.0.1",
-				"--leader-elect=true",
-				"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
-				"--root-ca-file=" + testCertsDir + "/ca.crt",
-				"--service-account-private-key-file=" + testCertsDir + "/sa.key",
-				"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
-				"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
-				"--use-service-account-credentials=true",
-				"--controllers=*,bootstrapsigner,tokencleaner",
-			},
-		},
-		{
-			name: "custom cluster-cidr for v1.11.3",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				Networking:        kubeadmapi.Networking{PodSubnet: "10.0.1.15/16"},
-				CertificatesDir:   testCertsDir,
-				KubernetesVersion: "v1.11.3",
-			},
-			expected: []string{
-				"kube-controller-manager",
-				"--bind-address=127.0.0.1",
-				"--leader-elect=true",
-				"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
-				"--root-ca-file=" + testCertsDir + "/ca.crt",
-				"--service-account-private-key-file=" + testCertsDir + "/sa.key",
-				"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
-				"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
-				"--use-service-account-credentials=true",
-				"--controllers=*,bootstrapsigner,tokencleaner",
-				"--allocate-node-cidrs=true",
-				"--cluster-cidr=10.0.1.15/16",
-				"--node-cidr-mask-size=24",
-			},
-		},
-		{
-			name: "custom extra-args for v1.11.3",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				Networking: kubeadmapi.Networking{PodSubnet: "10.0.1.15/16"},
-				ControllerManager: kubeadmapi.ControlPlaneComponent{
-					ExtraArgs: map[string]string{"node-cidr-mask-size": "20"},
-				},
-				CertificatesDir:   testCertsDir,
-				KubernetesVersion: "v1.11.3",
-			},
-			expected: []string{
-				"kube-controller-manager",
-				"--bind-address=127.0.0.1",
-				"--leader-elect=true",
-				"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
-				"--root-ca-file=" + testCertsDir + "/ca.crt",
-				"--service-account-private-key-file=" + testCertsDir + "/sa.key",
-				"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
-				"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
-				"--use-service-account-credentials=true",
-				"--controllers=*,bootstrapsigner,tokencleaner",
-				"--allocate-node-cidrs=true",
-				"--cluster-cidr=10.0.1.15/16",
-				"--node-cidr-mask-size=20",
-			},
-		},
-		{
-			name: "custom IPv6 networking for v1.11.3",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				Networking:        kubeadmapi.Networking{PodSubnet: "2001:db8::/64"},
-				CertificatesDir:   testCertsDir,
-				KubernetesVersion: "v1.11.3",
-			},
-			expected: []string{
-				"kube-controller-manager",
-				"--bind-address=127.0.0.1",
-				"--leader-elect=true",
-				"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
-				"--root-ca-file=" + testCertsDir + "/ca.crt",
-				"--service-account-private-key-file=" + testCertsDir + "/sa.key",
-				"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
-				"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
-				"--use-service-account-credentials=true",
-				"--controllers=*,bootstrapsigner,tokencleaner",
-				"--allocate-node-cidrs=true",
-				"--cluster-cidr=2001:db8::/64",
-				"--node-cidr-mask-size=80",
-			},
-		},
 	}
 
 	for _, rt := range tests {
@@ -931,56 +801,6 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
 				}
 			},
 		},
-		{
-			name: "caKeyPresent-false for v1.11.3",
-			cfg: &kubeadmapi.InitConfiguration{
-				LocalAPIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					KubernetesVersion: "v1.11.3",
-					Networking:        kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
-				},
-			},
-			caKeyPresent: false,
-			expectedArgFunc: func(tmpdir string) []string {
-				return []string{
-					"kube-controller-manager",
-					"--bind-address=127.0.0.1",
-					"--leader-elect=true",
-					"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
-					"--root-ca-file=" + tmpdir + "/ca.crt",
-					"--service-account-private-key-file=" + tmpdir + "/sa.key",
-					"--cluster-signing-cert-file=",
-					"--cluster-signing-key-file=",
-					"--use-service-account-credentials=true",
-					"--controllers=*,bootstrapsigner,tokencleaner",
-				}
-			},
-		},
-		{
-			name: "caKeyPresent true for v1.11.3",
-			cfg: &kubeadmapi.InitConfiguration{
-				LocalAPIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					KubernetesVersion: "v1.11.3",
-					Networking:        kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
-				},
-			},
-			caKeyPresent: true,
-			expectedArgFunc: func(tmpdir string) []string {
-				return []string{
-					"kube-controller-manager",
-					"--bind-address=127.0.0.1",
-					"--leader-elect=true",
-					"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
-					"--root-ca-file=" + tmpdir + "/ca.crt",
-					"--service-account-private-key-file=" + tmpdir + "/sa.key",
-					"--cluster-signing-cert-file=" + tmpdir + "/ca.crt",
-					"--cluster-signing-key-file=" + tmpdir + "/ca.key",
-					"--use-service-account-credentials=true",
-					"--controllers=*,bootstrapsigner,tokencleaner",
-				}
-			},
-		},
 	}
 
 	for _, test := range tests {