Merge pull request #2772 from rlarocque2/apiserver_auth

Implement apiserver communication for Vagrant

cluster/vagrant/provision-master.sh

@@ -109,6 +109,19 @@ state_verbose: False
 state_output: mixed
 EOF
 
+# Generate and distribute a shared secret (bearer token) to
+# apiserver and kubelet so that kubelet can authenticate to
+# apiserver to send events.
+kubelet_token=$(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
+
+mkdir -p /srv/salt-overlay/salt/kube-apiserver
+known_tokens_file="/srv/salt-overlay/salt/kube-apiserver/known_tokens.csv"
+(umask u=rw,go= ; echo "$kubelet_token,kubelet,kubelet" > $known_tokens_file)
+
+mkdir -p /srv/salt-overlay/salt/kubelet
+kubelet_auth_file="/srv/salt-overlay/salt/kubelet/kubernetes_auth"
+(umask u=rw,go= ; echo "{\"BearerToken\": \"$kubelet_token\", \"Insecure\": true }" > $kubelet_auth_file)
+
 # Configure nginx authorization
 mkdir -p "$KUBE_TEMP"
 mkdir -p /srv/salt-overlay/salt/nginx