Merge pull request #8064 from deads2k/death-to-auth-path

eliminate auth-path
2015-05-11 15:41:41 -07:00
parent a52b2e725c 19784dbc4f
commit ac87ed6516
74 changed files with 46 additions and 422 deletions
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@@ -193,6 +193,7 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
 	fs.IntVar(&s.MaxPerPodContainerCount, "maximum-dead-containers-per-container", s.MaxPerPodContainerCount, "Maximum number of old instances of a container to retain per container.  Each container takes up some disk space.  Default: 5.")
 	fs.IntVar(&s.MaxContainerCount, "maximum-dead-containers", s.MaxContainerCount, "Maximum number of old instances of a containers to retain globally.  Each container takes up some disk space.  Default: 100.")
 	fs.StringVar(&s.AuthPath, "auth-path", s.AuthPath, "Path to .kubernetes_auth file, specifying how to authenticate to API server.")
 	fs.MarkDeprecated("auth-path", "will be removed in a future version")
 	fs.UintVar(&s.CadvisorPort, "cadvisor-port", s.CadvisorPort, "The port of the localhost cAdvisor endpoint")
 	fs.IntVar(&s.HealthzPort, "healthz-port", s.HealthzPort, "The port of the localhost healthz endpoint")
 	fs.Var(&s.HealthzBindAddress, "healthz-bind-address", "The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces)")
--- a/contrib/completions/bash/kubectl
+++ b/contrib/completions/bash/kubectl
@@ -716,7 +716,6 @@ _kubectl_config_set-credentials()
    flags_with_completion=()
    flags_completion=()
    flags+=("--auth-path=")
    flags+=("--client-certificate=")
    flags+=("--client-key=")
    flags+=("--embed-certs")
@@ -911,8 +910,6 @@ _kubectl()
    flags+=("--alsologtostderr")
    flags+=("--api-version=")
    flags+=("--auth-path=")
    two_word_flags+=("-a")
    flags+=("--certificate-authority=")
    flags+=("--client-certificate=")
    flags+=("--client-key=")
--- a/docs/kubeconfig-file.md
+++ b/docs/kubeconfig-file.md
@@ -49,36 +49,6 @@ users:
    client-key: path/to/my/client/key
 ```
 ## .kubernetes_auth files
 **WARNING**: merging auth from a mixture of kubernetes_auth file entries and kubeconfig user entries is hard to debug and should be avoided. kubernetes_auth file support exists mostly for tests and is being deprecated.
 The kubernetes_auth file is a legacy config file that can contain a mix of server and client auth info. It is supported in kubeconfig via `auth-path` for a user:
 ```
 users:
 - name: black-user
  user:
    auth-path: path/to/my/existing/.kubernetes_auth_file
 ```
 The entries in a file loaded via auth-path will be applied to both the user and cluster of the current context.
 ### Example .kubernetes_auth file
 ```
 {
  "User": "admin",
  "Password": "secret",
  "CertFile": "/path/to/my/client/cert",
  "KeyFile": "/path/to/my/client/key",
  "CAFile": "/path/to/my/server/cafile",
  "BearerToken": "secrettoken",
  "Insecure": false
 }
 ```
 All entries are optional. `User`, `Password`, `CertFile`, `KeyFile`, and `BearerToken` are applied to the kubectl user. `CAFile` and `Insecure` apply to the cluster. Note that it is invalid to set both `CAFile` and `Insecure`, or both `BearerToken` and `User,Password` (see loading and merging rules below).
 If the contents of the kubernetes_auth file conflict with entries in kubeconfig, they are ignored. E.g, if the kubeconfig cluster specifies a `certificate-authority`, and the user specifies an `auth-path` to a kubernetes_file that contains a `CAFile` entry, the former will be used and the latter ignored.
 ## Loading and merging rules
 The rules for loading and merging the kubeconfig files are straightforward, but there are a lot of them.  The final config is built in this order:
  1.  Get the kubeconfig  from disk.  This is done with the following hierarchy and merge rules:
@@ -108,8 +78,8 @@ The rules for loading and merging the kubeconfig files are straightforward, but
      1.  If cluster info is present and a value for the attribute is present, use it.
      1.  If you don't have a server location, error.
  1.  Determine the actual user info to use. User is built using the same rules as cluster info, EXCEPT that you can only have one authentication technique per user.
-      1. Load precedence is 1) command line flag, 2) user fields from kubeconfig, 3) kubernetes_auth file fields (if user has a `auth-path` or the `--auth-path` was provided)
+      1. Load precedence is 1) command line flag, 2) user fields from kubeconfig
-      1. The command line flags are: `auth-path`, `client-certificate`, `client-key`, `username`, `password`, and `token`.
+      1. The command line flags are: `client-certificate`, `client-key`, `username`, `password`, and `token`.
      1. If there are two conflicting techniques, fail.
  1.  For any information still missing, use default values and potentially prompt for authentication information
--- a/docs/kubectl.md
+++ b/docs/kubectl.md
@@ -18,7 +18,6 @@ kubectl
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -66,4 +65,4 @@ kubectl
 * [kubectl update](kubectl_update.md)	 - Update a resource by filename or stdin.
 * [kubectl version](kubectl_version.md)	 - Print the client and server version information.
-###### Auto generated by spf13/cobra at 2015-05-01 20:16:42.546735249 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494626806 +0000 UTC
--- a/docs/kubectl_api-versions.md
+++ b/docs/kubectl_api-versions.md
@@ -22,7 +22,6 @@ kubectl api-versions
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -50,4 +49,4 @@ kubectl api-versions
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036328233 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494346454 +0000 UTC
--- a/docs/kubectl_cluster-info.md
+++ b/docs/kubectl_cluster-info.md
@@ -22,7 +22,6 @@ kubectl cluster-info
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -50,4 +49,4 @@ kubectl cluster-info
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036176301 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494226337 +0000 UTC
--- a/docs/kubectl_config.md
+++ b/docs/kubectl_config.md
@@ -29,7 +29,6 @@ kubectl config SUBCOMMAND
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -63,4 +62,4 @@ kubectl config SUBCOMMAND
 * [kubectl config use-context](kubectl_config_use-context.md)	 - Sets the current-context in a kubeconfig file
 * [kubectl config view](kubectl_config_view.md)	 - displays Merged kubeconfig settings or a specified kubeconfig file.
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036002047 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494113712 +0000 UTC
--- a/docs/kubectl_config_set-cluster.md
+++ b/docs/kubectl_config_set-cluster.md
@@ -40,7 +40,6 @@ $ kubectl config set-cluster e2e --insecure-skip-tls-verify=true
 ```
      --alsologtostderr=false: log to standard error as well as files
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
      --cluster="": The name of the kubeconfig cluster to use
@@ -65,4 +64,4 @@ $ kubectl config set-cluster e2e --insecure-skip-tls-verify=true
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.034991096 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493372429 +0000 UTC
--- a/docs/kubectl_config_set-context.md
+++ b/docs/kubectl_config_set-context.md
@@ -33,7 +33,6 @@ $ kubectl config set-context gce --user=cluster-admin
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -58,4 +57,4 @@ $ kubectl config set-context gce --user=cluster-admin
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035371239 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493620985 +0000 UTC
--- a/docs/kubectl_config_set-credentials.md
+++ b/docs/kubectl_config_set-credentials.md
@@ -21,7 +21,7 @@ Specifying a name that already exists will merge new fields on top of existing v
 ```
-kubectl config set-credentials NAME [--auth-path=/path/to/authfile] [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password]
+kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password]
 ```
 ### Examples
@@ -41,7 +41,6 @@ $ kubectl set-credentials cluster-admin --client-certificate=~/.kube/admin.crt -
 ### Options
 ```
      --auth-path=: auth-path for the user entry in kubeconfig
      --client-certificate=: path to client-certificate for the user entry in kubeconfig
      --client-key=: path to client-key for the user entry in kubeconfig
      --embed-certs=false: embed client cert/key for the user entry in kubeconfig
@@ -78,4 +77,4 @@ $ kubectl set-credentials cluster-admin --client-certificate=~/.kube/admin.crt -
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035167812 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493498685 +0000 UTC
--- a/docs/kubectl_config_set.md
+++ b/docs/kubectl_config_set.md
@@ -24,7 +24,6 @@ kubectl config set PROPERTY_NAME PROPERTY_VALUE
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -52,4 +51,4 @@ kubectl config set PROPERTY_NAME PROPERTY_VALUE
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035532103 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.49374188 +0000 UTC
--- a/docs/kubectl_config_unset.md
+++ b/docs/kubectl_config_unset.md
@@ -23,7 +23,6 @@ kubectl config unset PROPERTY_NAME
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -51,4 +50,4 @@ kubectl config unset PROPERTY_NAME
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035684858 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493867298 +0000 UTC
--- a/docs/kubectl_config_use-context.md
+++ b/docs/kubectl_config_use-context.md
@@ -22,7 +22,6 @@ kubectl config use-context CONTEXT_NAME
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -50,4 +49,4 @@ kubectl config use-context CONTEXT_NAME
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035835782 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493987321 +0000 UTC
--- a/docs/kubectl_config_view.md
+++ b/docs/kubectl_config_view.md
@@ -45,7 +45,6 @@ $ kubectl config view -o template --template='{{range .users}}{{ if eq .name "e2
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -73,4 +72,4 @@ $ kubectl config view -o template --template='{{range .users}}{{ if eq .name "e2
 ### SEE ALSO
 * [kubectl config](kubectl_config.md)	 - config modifies kubeconfig files
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.034809963 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493241636 +0000 UTC
--- a/docs/kubectl_create.md
+++ b/docs/kubectl_create.md
@@ -35,7 +35,6 @@ $ cat pod.json | kubectl create -f -
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -63,4 +62,4 @@ $ cat pod.json | kubectl create -f -
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030664101 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491140012 +0000 UTC
--- a/docs/kubectl_delete.md
+++ b/docs/kubectl_delete.md
@@ -55,7 +55,6 @@ $ kubectl delete pods --all
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -83,4 +82,4 @@ $ kubectl delete pods --all
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-30 14:53:47.856200003 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491421364 +0000 UTC
--- a/docs/kubectl_describe.md
+++ b/docs/kubectl_describe.md
@@ -35,7 +35,6 @@ $ kubectl describe pods/nginx
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -63,4 +62,4 @@ $ kubectl describe pods/nginx
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030447061 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.490982332 +0000 UTC
--- a/docs/kubectl_exec.md
+++ b/docs/kubectl_exec.md
@@ -36,7 +36,6 @@ $ kubectl exec -p 123456-7890 -c ruby-container -i -t -- bash -il
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -64,4 +63,4 @@ $ kubectl exec -p 123456-7890 -c ruby-container -i -t -- bash -il
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032352238 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492105038 +0000 UTC
--- a/docs/kubectl_expose.md
+++ b/docs/kubectl_expose.md
@@ -54,7 +54,6 @@ $ kubectl expose rc streamer --port=4100 --protocol=udp --service-name=video-str
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -82,4 +81,4 @@ $ kubectl expose rc streamer --port=4100 --protocol=udp --service-name=video-str
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-30 06:01:21.51286228 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.49295951 +0000 UTC
--- a/docs/kubectl_get.md
+++ b/docs/kubectl_get.md
@@ -57,7 +57,6 @@ $ kubectl get rc/web service/frontend pods/web-pod-13je7
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -85,4 +84,4 @@ $ kubectl get rc/web service/frontend pods/web-pod-13je7
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030165061 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.490776443 +0000 UTC
--- a/docs/kubectl_label.md
+++ b/docs/kubectl_label.md
@@ -53,7 +53,6 @@ $ kubectl label pods foo bar-
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -81,4 +80,4 @@ $ kubectl label pods foo bar-
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.03459192 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493103008 +0000 UTC
--- a/docs/kubectl_log.md
+++ b/docs/kubectl_log.md
@@ -34,7 +34,6 @@ $ kubectl log -f 123456-7890 ruby-container
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -62,4 +61,4 @@ $ kubectl log -f 123456-7890 ruby-container
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.031591306 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491667484 +0000 UTC
--- a/docs/kubectl_namespace.md
+++ b/docs/kubectl_namespace.md
@@ -25,7 +25,6 @@ kubectl namespace [namespace]
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -53,4 +52,4 @@ kubectl namespace [namespace]
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.031378018 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491542407 +0000 UTC
--- a/docs/kubectl_port-forward.md
+++ b/docs/kubectl_port-forward.md
@@ -40,7 +40,6 @@ $ kubectl port-forward -p mypod 0:5000
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -68,4 +67,4 @@ $ kubectl port-forward -p mypod 0:5000
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032575511 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492233845 +0000 UTC
--- a/docs/kubectl_proxy.md
+++ b/docs/kubectl_proxy.md
@@ -37,7 +37,6 @@ $ kubectl proxy --api-prefix=k8s-api
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -65,4 +64,4 @@ $ kubectl proxy --api-prefix=k8s-api
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032792489 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492383202 +0000 UTC
--- a/docs/kubectl_resize.md
+++ b/docs/kubectl_resize.md
@@ -40,7 +40,6 @@ $ kubectl resize --current-replicas=2 --replicas=3 replicationcontrollers foo
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -68,4 +67,4 @@ $ kubectl resize --current-replicas=2 --replicas=3 replicationcontrollers foo
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032100141 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491965213 +0000 UTC
--- a/docs/kubectl_rolling-update.md
+++ b/docs/kubectl_rolling-update.md
@@ -56,7 +56,6 @@ $ kubectl rolling-update frontend --image=image:v2
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -84,4 +83,4 @@ $ kubectl rolling-update frontend --image=image:v2
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-05-02 00:22:29.503205238 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491832315 +0000 UTC
--- a/docs/kubectl_run-container.md
+++ b/docs/kubectl_run-container.md
@@ -51,7 +51,6 @@ $ kubectl run-container nginx --image=nginx --overrides='{ "apiVersion": "v1beta
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -79,4 +78,4 @@ $ kubectl run-container nginx --image=nginx --overrides='{ "apiVersion": "v1beta
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 23:46:39.503475144 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492617426 +0000 UTC
--- a/docs/kubectl_stop.md
+++ b/docs/kubectl_stop.md
@@ -45,7 +45,6 @@ $ kubectl stop -f path/to/resources
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -73,4 +72,4 @@ $ kubectl stop -f path/to/resources
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-30 14:53:47.85772498 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492767531 +0000 UTC
--- a/docs/kubectl_update.md
+++ b/docs/kubectl_update.md
@@ -39,7 +39,6 @@ $ kubectl update pods my-pod --patch='{ "apiVersion": "v1beta1", "desiredState":
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -67,4 +66,4 @@ $ kubectl update pods my-pod --patch='{ "apiVersion": "v1beta1", "desiredState":
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030922954 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491280734 +0000 UTC
--- a/docs/kubectl_version.md
+++ b/docs/kubectl_version.md
@@ -23,7 +23,6 @@ kubectl version
 ```
      --alsologtostderr=false: log to standard error as well as files
      --api-version="": The API version to use when talking to the server
  -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https.
      --certificate-authority="": Path to a cert. file for the certificate authority.
      --client-certificate="": Path to a client key file for TLS.
      --client-key="": Path to a client key file for TLS.
@@ -51,4 +50,4 @@ kubectl version
 ### SEE ALSO
 * [kubectl](kubectl.md)	 - kubectl controls the Kubernetes cluster manager
-###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036492866 +0000 UTC
+###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.49446172 +0000 UTC
--- a/docs/man/man1/kubectl-api-versions.1
+++ b/docs/man/man1/kubectl-api-versions.1
@@ -31,10 +31,6 @@ Print available API versions.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-cluster-info.1
+++ b/docs/man/man1/kubectl-cluster-info.1
@@ -31,10 +31,6 @@ Display addresses of the master and services with label kubernetes.io/cluster\-s
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-config-set-cluster.1
+++ b/docs/man/man1/kubectl-config-set-cluster.1
@@ -48,10 +48,6 @@ Specifying a name that already exists will merge new fields on top of existing v
 \fB\-\-alsologtostderr\fP=false
    log to standard error as well as files
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-client\-certificate\fP=""
    Path to a client key file for TLS.
--- a/docs/man/man1/kubectl-config-set-context.1
+++ b/docs/man/man1/kubectl-config-set-context.1
@@ -44,10 +44,6 @@ Specifying a name that already exists will merge new fields on top of existing v
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-config-set-credentials.1
+++ b/docs/man/man1/kubectl-config-set-credentials.1
@@ -33,10 +33,6 @@ Bearer token and basic auth are mutually exclusive.
 .SH OPTIONS
 .PP
 \fB\-\-auth\-path\fP=""
    auth\-path for the user entry in kubeconfig
 .PP
 \fB\-\-client\-certificate\fP=""
    path to client\-certificate for the user entry in kubeconfig
--- a/docs/man/man1/kubectl-config-set.1
+++ b/docs/man/man1/kubectl-config-set.1
@@ -33,10 +33,6 @@ PROPERTY\_VALUE is the new value you wish to set.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-config-unset.1
+++ b/docs/man/man1/kubectl-config-unset.1
@@ -32,10 +32,6 @@ PROPERTY\_NAME is a dot delimited name where each token represents either a attr
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-config-use-context.1
+++ b/docs/man/man1/kubectl-config-use-context.1
@@ -31,10 +31,6 @@ Sets the current\-context in a kubeconfig file
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-config-view.1
+++ b/docs/man/man1/kubectl-config-view.1
@@ -67,10 +67,6 @@ You can use \-\-output=template \-\-template=TEMPLATE to extract specific values
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-config.1
+++ b/docs/man/man1/kubectl-config.1
@@ -41,10 +41,6 @@ The loading order follows these rules:
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-create.1
+++ b/docs/man/man1/kubectl-create.1
@@ -38,10 +38,6 @@ JSON and YAML formats are accepted.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-delete.1
+++ b/docs/man/man1/kubectl-delete.1
@@ -63,10 +63,6 @@ will be lost along with the rest of the resource.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-describe.1
+++ b/docs/man/man1/kubectl-describe.1
@@ -35,10 +35,6 @@ given resource.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-exec.1
+++ b/docs/man/man1/kubectl-exec.1
@@ -47,10 +47,6 @@ Execute a command in a container.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-expose.1
+++ b/docs/man/man1/kubectl-expose.1
@@ -100,10 +100,6 @@ selector for a new Service on the specified port.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-get.1
+++ b/docs/man/man1/kubectl-get.1
@@ -68,10 +68,6 @@ of the \-\-template flag, you can filter the attributes of the fetched resource(
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-label.1
+++ b/docs/man/man1/kubectl-label.1
@@ -68,10 +68,6 @@ If \-\-resource\-version is specified, then updates will use this resource versi
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-log.1
+++ b/docs/man/man1/kubectl-log.1
@@ -39,10 +39,6 @@ Print the logs for a container in a pod. If the pod has only one container, the
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-namespace.1
+++ b/docs/man/man1/kubectl-namespace.1
@@ -34,10 +34,6 @@ namespace has been superceded by the context.namespace field of .kubeconfig file
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-port-forward.1
+++ b/docs/man/man1/kubectl-port-forward.1
@@ -35,10 +35,6 @@ Forward one or more local ports to a pod.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-proxy.1
+++ b/docs/man/man1/kubectl-proxy.1
@@ -47,10 +47,6 @@ Run a proxy to the Kubernetes API server.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-resize.1
+++ b/docs/man/man1/kubectl-resize.1
@@ -49,10 +49,6 @@ resize is sent to the server.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-rolling-update.1
+++ b/docs/man/man1/kubectl-rolling-update.1
@@ -85,10 +85,6 @@ existing controller and overwrite at least one (common) label in its replicaSele
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-run-container.1
+++ b/docs/man/man1/kubectl-run-container.1
@@ -81,10 +81,6 @@ Creates a replication controller to manage the created container(s).
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-stop.1
+++ b/docs/man/man1/kubectl-stop.1
@@ -51,10 +51,6 @@ If the resource is resizable it will be resized to 0 before deletion.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-update.1
+++ b/docs/man/man1/kubectl-update.1
@@ -42,10 +42,6 @@ JSON and YAML formats are accepted.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl-version.1
+++ b/docs/man/man1/kubectl-version.1
@@ -35,10 +35,6 @@ Print the client and server version information.
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/docs/man/man1/kubectl.1
+++ b/docs/man/man1/kubectl.1
@@ -29,10 +29,6 @@ Find more information at
 \fB\-\-api\-version\fP=""
    The API version to use when talking to the server
 .PP
 \fB\-a\fP, \fB\-\-auth\-path\fP=""
    Path to the auth info file. If missing, prompt the user. Only used if using https.
 .PP
 \fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority.
--- a/pkg/client/clientcmd/api/helpers.go
+++ b/pkg/client/clientcmd/api/helpers.go
@@ -96,16 +96,12 @@ func ShortenConfig(config *Config) {
 }
 // Flatten changes the config object into a self contained config (useful for making secrets)
 // AuthPath is not handled.
 func FlattenConfig(config *Config) error {
 	for key, authInfo := range config.AuthInfos {
 		baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "")
 		if err != nil {
 			return err
 		}
 		if len(authInfo.AuthPath) != 0 {
 			return fmt.Errorf("auth path of %v is not empty: %v", key, authInfo.AuthPath)
 		}
 		if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil {
 			return err
--- a/pkg/client/clientcmd/api/types.go
+++ b/pkg/client/clientcmd/api/types.go
@@ -69,8 +69,6 @@ type Cluster struct {
 type AuthInfo struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	LocationOfOrigin string
 	// AuthPath is the path to a kubernetes auth file (~/.kubernetes_auth).  If you provide an AuthPath, the other options specified are ignored
 	AuthPath string `json:"auth-path,omitempty"`
 	// ClientCertificate is the path to a client cert file for TLS.
 	ClientCertificate string `json:"client-certificate,omitempty"`
 	// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
--- a/pkg/client/clientcmd/api/types_test.go
+++ b/pkg/client/clientcmd/api/types_test.go
@@ -53,9 +53,6 @@ func ExampleOfOptionsConfig() {
 		APIVersion:            "v1beta1",
 		InsecureSkipTLSVerify: false,
 	}
 	defaultConfig.AuthInfos["black-mage-via-file"] = AuthInfo{
 		AuthPath: "path/to/my/.kubernetes_auth",
 	}
 	defaultConfig.AuthInfos["white-mage-via-cert"] = AuthInfo{
 		ClientCertificate: "path/to/my/client-cert-filename",
 		ClientKey:         "path/to/my/client-key-filename",
@@ -116,9 +113,6 @@ func ExampleOfOptionsConfig() {
 	// preferences:
 	//   colors: true
 	// users:
 	//   black-mage-via-file:
 	//     LocationOfOrigin: ""
 	//     auth-path: path/to/my/.kubernetes_auth
 	//   red-mage-via-token:
 	//     LocationOfOrigin: ""
 	//     token: my-secret-token
--- a/pkg/client/clientcmd/api/v1/types.go
+++ b/pkg/client/clientcmd/api/v1/types.go
@@ -65,8 +65,6 @@ type Cluster struct {
 // AuthInfo contains information that describes identity information.  This is use to tell the kubernetes cluster who you are.
 type AuthInfo struct {
 	// AuthPath is the path to a kubernetes auth file (~/.kubernetes_auth).  If you provide an AuthPath, the other options specified are ignored
 	AuthPath string `json:"auth-path,omitempty"`
 	// ClientCertificate is the path to a client cert file for TLS.
 	ClientCertificate string `json:"client-certificate,omitempty"`
 	// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
--- a/pkg/client/clientcmd/client_config.go
+++ b/pkg/client/clientcmd/client_config.go
@@ -117,25 +117,6 @@ func (config DirectClientConfig) ClientConfig() (*client.Config, error) {
 func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, configClusterInfo clientcmdapi.Cluster) (*client.Config, error) {
 	mergedConfig := &client.Config{}
 	defaultAuthPathInfo, err := NewDefaultAuthLoader().LoadAuth(os.Getenv("HOME") + "/.kubernetes_auth")
 	// if the error is anything besides a does not exist, then fail.  Not existing is ok
 	if err != nil && !os.IsNotExist(err) {
 		return nil, err
 	}
 	if defaultAuthPathInfo != nil {
 		defaultAuthPathConfig := makeServerIdentificationConfig(*defaultAuthPathInfo)
 		mergo.Merge(mergedConfig, defaultAuthPathConfig)
 	}
 	if len(configAuthInfo.AuthPath) > 0 {
 		authPathInfo, err := NewDefaultAuthLoader().LoadAuth(configAuthInfo.AuthPath)
 		if err != nil {
 			return nil, err
 		}
 		authPathConfig := makeServerIdentificationConfig(*authPathInfo)
 		mergo.Merge(mergedConfig, authPathConfig)
 	}
 	// configClusterInfo holds the information identify the server provided by .kubeconfig
 	configClientConfig := &client.Config{}
 	configClientConfig.CAFile = configClusterInfo.CertificateAuthority
@@ -156,15 +137,6 @@ func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo,
 func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fallbackReader io.Reader) (*client.Config, error) {
 	mergedConfig := &client.Config{}
 	if len(configAuthInfo.AuthPath) > 0 {
 		authPathInfo, err := NewDefaultAuthLoader().LoadAuth(configAuthInfo.AuthPath)
 		if err != nil {
 			return nil, err
 		}
 		authPathConfig := makeUserIdentificationConfig(*authPathInfo)
 		mergo.Merge(mergedConfig, authPathConfig)
 	}
 	// blindly overwrite existing values based on precedence
 	if len(configAuthInfo.Token) > 0 {
 		mergedConfig.BearerToken = configAuthInfo.Token
@@ -180,22 +152,6 @@ func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fa
 		mergedConfig.Password = configAuthInfo.Password
 	}
 	// if there isn't sufficient information to authenticate the user to the server, merge in ~/.kubernetes_auth.
 	if !canIdentifyUser(*mergedConfig) {
 		defaultAuthPathInfo, err := NewDefaultAuthLoader().LoadAuth(os.Getenv("HOME") + "/.kubernetes_auth")
 		// if the error is anything besides a does not exist, then fail.  Not existing is ok
 		if err != nil && !os.IsNotExist(err) {
 			return nil, err
 		}
 		if defaultAuthPathInfo != nil {
 			defaultAuthPathConfig := makeUserIdentificationConfig(*defaultAuthPathInfo)
 			previouslyMergedConfig := mergedConfig
 			mergedConfig = &client.Config{}
 			mergo.Merge(mergedConfig, defaultAuthPathConfig)
 			mergo.Merge(mergedConfig, previouslyMergedConfig)
 		}
 	}
 	// if there still isn't enough information to authenticate the user, try prompting
 	if !canIdentifyUser(*mergedConfig) && (fallbackReader != nil) {
 		prompter := NewPromptingAuthLoader(fallbackReader)
--- a/pkg/client/clientcmd/loader.go
+++ b/pkg/client/clientcmd/loader.go
@@ -235,7 +235,6 @@ func ResolveLocalPaths(filename string, config *clientcmdapi.Config) error {
 	resolvedAuthInfos := make(map[string]clientcmdapi.AuthInfo)
 	for key, authInfo := range config.AuthInfos {
 		authInfo.AuthPath = resolveLocalPath(configDir, authInfo.AuthPath)
 		authInfo.ClientCertificate = resolveLocalPath(configDir, authInfo.ClientCertificate)
 		authInfo.ClientKey = resolveLocalPath(configDir, authInfo.ClientKey)
 		resolvedAuthInfos[key] = authInfo
--- a/pkg/client/clientcmd/loader_test.go
+++ b/pkg/client/clientcmd/loader_test.go
@@ -177,8 +177,8 @@ func TestConflictingCurrentContext(t *testing.T) {
 func TestResolveRelativePaths(t *testing.T) {
 	pathResolutionConfig1 := clientcmdapi.Config{
 		AuthInfos: map[string]clientcmdapi.AuthInfo{
-			"relative-user-1": {ClientCertificate: "relative/client/cert", ClientKey: "../relative/client/key", AuthPath: "../../relative/auth/path"},
+			"relative-user-1": {ClientCertificate: "relative/client/cert", ClientKey: "../relative/client/key"},
-			"absolute-user-1": {ClientCertificate: "/absolute/client/cert", ClientKey: "/absolute/client/key", AuthPath: "/absolute/auth/path"},
+			"absolute-user-1": {ClientCertificate: "/absolute/client/cert", ClientKey: "/absolute/client/key"},
 		},
 		Clusters: map[string]clientcmdapi.Cluster{
 			"relative-server-1": {CertificateAuthority: "../relative/ca"},
@@ -187,8 +187,8 @@ func TestResolveRelativePaths(t *testing.T) {
 	}
 	pathResolutionConfig2 := clientcmdapi.Config{
 		AuthInfos: map[string]clientcmdapi.AuthInfo{
-			"relative-user-2": {ClientCertificate: "relative/client/cert2", ClientKey: "../relative/client/key2", AuthPath: "../../relative/auth/path2"},
+			"relative-user-2": {ClientCertificate: "relative/client/cert2", ClientKey: "../relative/client/key2"},
-			"absolute-user-2": {ClientCertificate: "/absolute/client/cert2", ClientKey: "/absolute/client/key2", AuthPath: "/absolute/auth/path2"},
+			"absolute-user-2": {ClientCertificate: "/absolute/client/cert2", ClientKey: "/absolute/client/key2"},
 		},
 		Clusters: map[string]clientcmdapi.Cluster{
 			"relative-server-2": {CertificateAuthority: "../relative/ca2"},
@@ -247,25 +247,21 @@ func TestResolveRelativePaths(t *testing.T) {
 			foundAuthInfoCount++
 			matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].ClientCertificate), authInfo.ClientCertificate, t)
 			matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].ClientKey), authInfo.ClientKey, t)
 			matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].AuthPath), authInfo.AuthPath, t)
 		}
 		if key == "relative-user-2" {
 			foundAuthInfoCount++
 			matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].ClientCertificate), authInfo.ClientCertificate, t)
 			matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].ClientKey), authInfo.ClientKey, t)
 			matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].AuthPath), authInfo.AuthPath, t)
 		}
 		if key == "absolute-user-1" {
 			foundAuthInfoCount++
 			matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].ClientCertificate, authInfo.ClientCertificate, t)
 			matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].ClientKey, authInfo.ClientKey, t)
 			matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].AuthPath, authInfo.AuthPath, t)
 		}
 		if key == "absolute-user-2" {
 			foundAuthInfoCount++
 			matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].ClientCertificate, authInfo.ClientCertificate, t)
 			matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].ClientKey, authInfo.ClientKey, t)
 			matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].AuthPath, authInfo.AuthPath, t)
 		}
 	}
 	if foundAuthInfoCount != 4 {
--- a/pkg/client/clientcmd/merged_client_builder_test.go
+++ b/pkg/client/clientcmd/merged_client_builder_test.go
@@ -1,89 +0,0 @@
 /*
 Copyright 2014 The Kubernetes Authors All rights reserved.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package clientcmd
 import (
 	"encoding/json"
 	"io/ioutil"
 	"os"
 	"testing"
 	"github.com/spf13/cobra"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/clientauth"
 )
 // Verifies that referencing an old .kubernetes_auth file respects all fields
 func TestAuthPathUpdatesBothClusterAndUser(t *testing.T) {
 	authFile, _ := ioutil.TempFile("", "")
 	defer os.Remove(authFile.Name())
 	insecure := true
 	auth := &clientauth.Info{
 		User:        "user",
 		Password:    "password",
 		CAFile:      "ca-file",
 		CertFile:    "cert-file",
 		KeyFile:     "key-file",
 		BearerToken: "bearer-token",
 		Insecure:    &insecure,
 	}
 	err := testWriteAuthInfoFile(*auth, authFile.Name())
 	if err != nil {
 		t.Errorf("Unexpected error %v", err)
 	}
 	cmd := &cobra.Command{
 		Run: func(cmd *cobra.Command, args []string) {
 		},
 	}
 	clientConfig := testBindClientConfig(cmd)
 	cmd.ParseFlags([]string{"--server=https://localhost", "--auth-path=" + authFile.Name()})
 	config, err := clientConfig.ClientConfig()
 	if err != nil {
 		t.Errorf("Unexpected error %v", err)
 	}
 	matchStringArg(auth.User, config.Username, t)
 	matchStringArg(auth.Password, config.Password, t)
 	matchStringArg(auth.CAFile, config.CAFile, t)
 	matchStringArg(auth.CertFile, config.CertFile, t)
 	matchStringArg(auth.KeyFile, config.KeyFile, t)
 	matchStringArg(auth.BearerToken, config.BearerToken, t)
 	matchBoolArg(*auth.Insecure, config.Insecure, t)
 }
 func testWriteAuthInfoFile(auth clientauth.Info, filename string) error {
 	data, err := json.Marshal(auth)
 	if err != nil {
 		return err
 	}
 	err = ioutil.WriteFile(filename, data, 0600)
 	return err
 }
 func testBindClientConfig(cmd *cobra.Command) ClientConfig {
 	loadingRules := &ClientConfigLoadingRules{}
 	cmd.PersistentFlags().StringVar(&loadingRules.ExplicitPath, "kubeconfig", "", "Path to the kubeconfig file to use for CLI requests.")
 	overrides := &ConfigOverrides{}
 	BindOverrideFlags(overrides, cmd.PersistentFlags(), RecommendedConfigOverrideFlags(""))
 	clientConfig := NewInteractiveDeferredLoadingClientConfig(loadingRules, overrides, os.Stdin)
 	return clientConfig
 }
--- a/pkg/client/clientcmd/overrides.go
+++ b/pkg/client/clientcmd/overrides.go
@@ -44,7 +44,6 @@ type ConfigOverrideFlags struct {
 // AuthOverrideFlags holds the flag names to be used for binding command line flags for AuthInfo objects
 type AuthOverrideFlags struct {
 	AuthPath          FlagInfo
 	ClientCertificate FlagInfo
 	ClientKey         FlagInfo
 	Token             FlagInfo
@@ -81,7 +80,6 @@ const (
 	FlagNamespace    = "namespace"
 	FlagAPIServer    = "server"
 	FlagAPIVersion   = "api-version"
 	FlagAuthPath     = "auth-path"
 	FlagInsecure     = "insecure-skip-tls-verify"
 	FlagCertFile     = "client-certificate"
 	FlagKeyFile      = "client-key"
@@ -95,7 +93,6 @@ const (
 // RecommendedAuthOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing
 func RecommendedAuthOverrideFlags(prefix string) AuthOverrideFlags {
 	return AuthOverrideFlags{
 		AuthPath:          FlagInfo{prefix + FlagAuthPath, "", "", "Path to the auth info file. If missing, prompt the user. Only used if using https."},
 		ClientCertificate: FlagInfo{prefix + FlagCertFile, "", "", "Path to a client key file for TLS."},
 		ClientKey:         FlagInfo{prefix + FlagKeyFile, "", "", "Path to a client key file for TLS."},
 		Token:             FlagInfo{prefix + FlagBearerToken, "", "", "Bearer token for authentication to the API server."},
@@ -135,7 +132,6 @@ func RecommendedContextOverrideFlags(prefix string) ContextOverrideFlags {
 // BindAuthInfoFlags is a convenience method to bind the specified flags to their associated variables
 func BindAuthInfoFlags(authInfo *clientcmdapi.AuthInfo, flags *pflag.FlagSet, flagNames AuthOverrideFlags) {
 	bindStringFlag(flags, &authInfo.AuthPath, flagNames.AuthPath)
 	bindStringFlag(flags, &authInfo.ClientCertificate, flagNames.ClientCertificate)
 	bindStringFlag(flags, &authInfo.ClientKey, flagNames.ClientKey)
 	bindStringFlag(flags, &authInfo.Token, flagNames.Token)
--- a/pkg/client/clientcmd/validation.go
+++ b/pkg/client/clientcmd/validation.go
@@ -177,17 +177,6 @@ func validateAuthInfo(authInfoName string, authInfo clientcmdapi.AuthInfo) []err
 	if len(authInfo.Username) != 0 || len(authInfo.Password) != 0 {
 		methods = append(methods, "basicAuth")
 	}
 	if len(authInfo.AuthPath) != 0 {
 		usingAuthPath = true
 		methods = append(methods, "authFile")
 		file, err := os.Open(authInfo.AuthPath)
 		os.IsNotExist(err)
 		defer file.Close()
 		if err != nil {
 			validationErrors = append(validationErrors, fmt.Errorf("unable to read auth-path %v for %v due to %v", authInfo.AuthPath, authInfoName, err))
 		}
 	}
 	if len(authInfo.ClientCertificate) != 0 || len(authInfo.ClientCertificateData) != 0 {
 		// Make sure cert data and file aren't both specified
--- a/pkg/client/clientcmd/validation_test.go
+++ b/pkg/client/clientcmd/validation_test.go
@@ -33,7 +33,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) {
 		CertificateAuthority: "missing",
 	}
 	config.AuthInfos["error"] = clientcmdapi.AuthInfo{
-		AuthPath: "anything",
+		Username: "anything",
 		Token:    "here",
 	}
 	config.Contexts["dirty"] = clientcmdapi.Context{
@@ -53,7 +53,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) {
 	badValidation := configValidationTest{
 		config:                 config,
-		expectedErrorSubstring: []string{"unable to read auth-path", "unable to read certificate-authority"},
+		expectedErrorSubstring: []string{"unable to read certificate-authority"},
 	}
 	okTest := configValidationTest{
 		config: config,
@@ -69,7 +69,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) {
 		CertificateAuthority: "missing",
 	}
 	config.AuthInfos["error"] = clientcmdapi.AuthInfo{
-		AuthPath: "anything",
+		Username: "anything",
 		Token:    "here",
 	}
 	config.Contexts["first"] = clientcmdapi.Context{
@@ -78,7 +78,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) {
 	}
 	test := configValidationTest{
 		config:                 config,
-		expectedErrorSubstring: []string{"unable to read auth-path", "unable to read certificate-authority"},
+		expectedErrorSubstring: []string{"unable to read certificate-authority"},
 	}
 	test.testConfirmUsable("first", t)
@@ -236,19 +236,6 @@ func TestValidateEmptyAuthInfo(t *testing.T) {
 	test.testAuthInfo("error", t)
 	test.testConfig(t)
 }
 func TestValidatePathNotFoundAuthInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.AuthInfos["error"] = clientcmdapi.AuthInfo{
 		AuthPath: "missing",
 	}
 	test := configValidationTest{
 		config:                 config,
 		expectedErrorSubstring: []string{"unable to read auth-path"},
 	}
 	test.testAuthInfo("error", t)
 	test.testConfig(t)
 }
 func TestValidateCertFilesNotFoundAuthInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.AuthInfos["error"] = clientcmdapi.AuthInfo{
@@ -298,21 +285,6 @@ func TestValidateCleanCertFilesAuthInfo(t *testing.T) {
 	test.testAuthInfo("clean", t)
 	test.testConfig(t)
 }
 func TestValidateCleanPathAuthInfo(t *testing.T) {
 	tempFile, _ := ioutil.TempFile("", "")
 	defer os.Remove(tempFile.Name())
 	config := clientcmdapi.NewConfig()
 	config.AuthInfos["clean"] = clientcmdapi.AuthInfo{
 		AuthPath: tempFile.Name(),
 	}
 	test := configValidationTest{
 		config: config,
 	}
 	test.testAuthInfo("clean", t)
 	test.testConfig(t)
 }
 func TestValidateCleanTokenAuthInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.AuthInfos["clean"] = clientcmdapi.AuthInfo{
--- a/pkg/kubectl/cmd/config/config_test.go
+++ b/pkg/kubectl/cmd/config/config_test.go
@@ -97,10 +97,10 @@ func TestSetIntoExistingStruct(t *testing.T) {
 	expectedConfig := newRedFederalCowHammerConfig()
 	a := expectedConfig.AuthInfos["red-user"]
 	authInfo := &a
-	authInfo.AuthPath = "new-path-value"
+	authInfo.Password = "new-path-value"
 	expectedConfig.AuthInfos["red-user"] = *authInfo
 	test := configCommandTest{
-		args:           []string{"set", "users.red-user.auth-path", "new-path-value"},
+		args:           []string{"set", "users.red-user.password", "new-path-value"},
 		startingConfig: newRedFederalCowHammerConfig(),
 		expectedConfig: expectedConfig,
 	}
@@ -189,11 +189,10 @@ func TestNewEmptyAuth(t *testing.T) {
 func TestAdditionalAuth(t *testing.T) {
 	expectedConfig := newRedFederalCowHammerConfig()
 	authInfo := clientcmdapi.NewAuthInfo()
 	authInfo.AuthPath = "auth-path"
 	authInfo.Token = "token"
 	expectedConfig.AuthInfos["another-user"] = *authInfo
 	test := configCommandTest{
-		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagAuthPath + "=auth-path", "--" + clientcmd.FlagBearerToken + "=token"},
+		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagBearerToken + "=token"},
 		startingConfig: newRedFederalCowHammerConfig(),
 		expectedConfig: expectedConfig,
 	}
@@ -512,10 +511,10 @@ func TestCAAndInsecureDisallowed(t *testing.T) {
 func TestMergeExistingAuth(t *testing.T) {
 	expectedConfig := newRedFederalCowHammerConfig()
 	authInfo := expectedConfig.AuthInfos["red-user"]
-	authInfo.AuthPath = "auth-path"
+	authInfo.ClientKey = "key"
 	expectedConfig.AuthInfos["red-user"] = authInfo
 	test := configCommandTest{
-		args:           []string{"set-credentials", "red-user", "--" + clientcmd.FlagAuthPath + "=auth-path"},
+		args:           []string{"set-credentials", "red-user", "--" + clientcmd.FlagKeyFile + "=key"},
 		startingConfig: newRedFederalCowHammerConfig(),
 		expectedConfig: expectedConfig,
 	}
--- a/pkg/kubectl/cmd/config/create_authinfo.go
+++ b/pkg/kubectl/cmd/config/create_authinfo.go
@@ -71,7 +71,7 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co
 	options := &createAuthInfoOptions{configAccess: configAccess}
 	cmd := &cobra.Command{
-		Use:     fmt.Sprintf("set-credentials NAME [--%v=/path/to/authfile] [--%v=path/to/certfile] [--%v=path/to/keyfile] [--%v=bearer_token] [--%v=basic_user] [--%v=basic_password]", clientcmd.FlagAuthPath, clientcmd.FlagCertFile, clientcmd.FlagKeyFile, clientcmd.FlagBearerToken, clientcmd.FlagUsername, clientcmd.FlagPassword),
+		Use:     fmt.Sprintf("set-credentials NAME [--%v=path/to/certfile] [--%v=path/to/keyfile] [--%v=bearer_token] [--%v=basic_user] [--%v=basic_password]", clientcmd.FlagCertFile, clientcmd.FlagKeyFile, clientcmd.FlagBearerToken, clientcmd.FlagUsername, clientcmd.FlagPassword),
 		Short:   "Sets a user entry in kubeconfig",
 		Long:    create_authinfo_long,
 		Example: create_authinfo_example,
@@ -87,7 +87,6 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co
 		},
 	}
 	cmd.Flags().Var(&options.authPath, clientcmd.FlagAuthPath, clientcmd.FlagAuthPath+" for the user entry in kubeconfig")
 	cmd.Flags().Var(&options.clientCertificate, clientcmd.FlagCertFile, "path to "+clientcmd.FlagCertFile+" for the user entry in kubeconfig")
 	cmd.Flags().Var(&options.clientKey, clientcmd.FlagKeyFile, "path to "+clientcmd.FlagKeyFile+" for the user entry in kubeconfig")
 	cmd.Flags().Var(&options.token, clientcmd.FlagBearerToken, clientcmd.FlagBearerToken+" for the user entry in kubeconfig")
@@ -125,10 +124,6 @@ func (o *createAuthInfoOptions) modifyAuthInfo(existingAuthInfo clientcmdapi.Aut
 	var setToken, setBasic bool
 	if o.authPath.Provided() {
 		modifiedAuthInfo.AuthPath = o.authPath.Value()
 	}
 	if o.clientCertificate.Provided() {
 		certPath := o.clientCertificate.Value()
 		if o.embedCertData.Value() {
--- a/pkg/kubectl/cmd/util/factory.go
+++ b/pkg/kubectl/cmd/util/factory.go
@@ -317,7 +317,6 @@ func DefaultClientConfig(flags *pflag.FlagSet) clientcmd.ClientConfig {
 	overrides := &clientcmd.ConfigOverrides{}
 	flagNames := clientcmd.RecommendedConfigOverrideFlags("")
 	// short flagnames are disabled by default.  These are here for compatibility with existing scripts
 	flagNames.AuthOverrideFlags.AuthPath.ShortName = "a"
 	flagNames.ClusterOverrideFlags.APIServer.ShortName = "s"
 	clientcmd.BindOverrideFlags(overrides, flags, flagNames)
--- a/test/e2e/util.go
+++ b/test/e2e/util.go
@@ -306,7 +306,6 @@ func validateController(c *client.Client, containerImage string, replicas int, c
 	Failf("Timed out after %v seconds waiting for %s pods to reach valid state", podStartTimeout.Seconds(), testname)
 }
 // kubectlCmd runs the kubectl executable.
 // kubectlCmd runs the kubectl executable.
 func kubectlCmd(args ...string) *exec.Cmd {
 	defaultArgs := []string{}
@@ -324,7 +323,6 @@ func kubectlCmd(args ...string) *exec.Cmd {
 		}
 	} else {
 		defaultArgs = append(defaultArgs, "--"+clientcmd.FlagAuthPath+"="+testContext.AuthConfig)
 		if testContext.CertDir != "" {
 			defaultArgs = append(defaultArgs,
 				fmt.Sprintf("--certificate-authority=%s", filepath.Join(testContext.CertDir, "ca.crt")),