kube2sky using kubeconfig secret: take 2. Point system secrets at https://kubernetes. Override in clients that can't use DNS.

cluster/saltbase/salt/kube-addons/default

@@ -1,14 +0,0 @@
-#TODO(erictune): once we make DNS a hard requirement for clusters, then this can be removed,
-# and APISERVER_URL="https://kubernetes:443"
-{% if grains.api_servers is defined -%}
-  {% set api_server = "https://" + grains.api_servers + ":6443" -%}
-{% elif grains.apiservers is defined -%} # TODO(remove after 0.16.0): Deprecated form
-  {% set api_server = "https://" + grains.apiservers + ":6443" -%}
-{% elif grains['roles'][0] == 'kubernetes-master' -%}
-  {% set master_ipv4 = salt['grains.get']('fqdn_ip4')[0] -%}
-  {% set api_server = "https://" + master_ipv4 + ":6443" -%}
-{% else -%}
-  {% set ips = salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').values() -%}
-  {% set api_server = "https://" + ips[0][0] + ":6443" -%}
-{% endif -%}
-export APISERVER_URL={{ api_server }}

cluster/saltbase/salt/kube-addons/init.sls

@@ -48,20 +48,6 @@
     - makedirs: True
 {% endif %}
 
-{% if grains['os_family'] == 'RedHat' %}
-{% set environment_file = '/etc/sysconfig/kube-addons' %}
-{% else %}
-{% set environment_file = '/etc/default/kube-addons' %}
-{% endif %}
-
-{{ environment_file }}:
-  file.managed:
-    - source: salt://kube-addons/default
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 644
-
 /etc/kubernetes/kube-addons.sh:
   file.managed:
     - source: salt://kube-addons/kube-addons.sh

cluster/saltbase/salt/kube-addons/initd

@@ -21,9 +21,6 @@ PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 KUBE_ADDONS_SH=/etc/kubernetes/kube-addons.sh
 
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
 # Define LSB log_* functions.
 # Depend on lsb-base (>= 3.2-14) to ensure that this file is present
 # and status_of_proc is working.

cluster/saltbase/salt/kube-addons/kube-addons.service

@@ -3,7 +3,6 @@ Description=Kubernetes Addon Object Manager
 Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 
 [Service]
-EnvironmentFile=/etc/sysconfig/kube-addons
 ExecStart=/etc/kubernetes/kube-addons.sh
 
 [Install]

cluster/saltbase/salt/kube-addons/kube-addons.sh

@@ -19,11 +19,6 @@
 # managed result is of that. Start everything below that directory.
 KUBECTL=/usr/local/bin/kubectl
 
-if [ -z "$APISERVER_URL" ] ; then
-  echo "Must set APISERVER_URL"
-  exit 1
-fi
-
 function create-kubeconfig-secret() {
   local -r token=$1
   local -r username=$2
@@ -32,6 +27,8 @@ function create-kubeconfig-secret() {
   # Make a kubeconfig file with the token.
   # TODO(etune): put apiserver certs into secret too, and reference from authfile,
   # so that "Insecure" is not needed.
+  # Point the kubeconfig file at https://kubernetes:443. Pods/components that
+  # do not have DNS available will have to override the server.
   read -r -d '' kubeconfig <<EOF
 apiVersion: v1
 kind: Config
@@ -42,7 +39,7 @@ users:
 clusters:
 - name: local
   cluster:
-     server: ${APISERVER_URL}
+     server: "https://kubernetes:443"
      insecure-skip-tls-verify: true
 contexts:
 - context: