Skip to content

Instantly share code, notes, and snippets.

@riggtravis

riggtravis/create

Created February 19, 2019 20:54
Show Gist options
  • Save riggtravis/cefc7b11a9e3810090371f2e4163b3ed to your computer and use it in GitHub Desktop.
Save riggtravis/cefc7b11a9e3810090371f2e4163b3ed to your computer and use it in GitHub Desktop.
Download ZIP
kops issue files
Raw
create
I0219 15:05:22.561099 48632 factory.go:68] state store s3://{{CONFIG_BUCKET_REDACTED}}
I0219 15:05:22.731083 48632 s3context.go:194] found bucket in region "us-east-1"
I0219 15:05:22.731185 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/config"
I0219 15:05:22.770509 48632 channel.go:97] resolving "stable" against default channel location "https://raw.githubusercontent.com/kubernetes/kops/master/channels/"
I0219 15:05:22.770542 48632 channel.go:102] Loading channel from "https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable"
I0219 15:05:22.770560 48632 context.go:159] Performing HTTP request: GET https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable
I0219 15:05:22.820062 48632 channel.go:111] Channel contents: spec:
images:
# We put the "legacy" version first, for kops versions that don't support versions ( < 1.5.0 )
- name: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2017-07-28
providerID: aws
kubernetesVersion: ">=1.4.0 <1.5.0"
- name: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.5.0 <1.6.0"
- name: kope.io/k8s-1.6-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.6.0 <1.7.0"
- name: kope.io/k8s-1.7-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.7.0 <1.8.0"
- name: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.8.0 <1.9.0"
- name: kope.io/k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.9.0 <1.10.0"
- name: kope.io/k8s-1.10-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.10.0 <1.11.0"
# Stretch is the default for 1.11 (for nvme)
- name: kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.11.0"
- providerID: gce
name: "cos-cloud/cos-stable-65-10323-99-0"
cluster:
kubernetesVersion: v1.5.8
networking:
kubenet: {}
kubernetesVersions:
- range: ">=1.11.0"
recommendedVersion: 1.11.6
requiredVersion: 1.11.0
- range: ">=1.10.0"
recommendedVersion: 1.10.12
requiredVersion: 1.10.0
- range: ">=1.9.0"
recommendedVersion: 1.9.11
requiredVersion: 1.9.0
- range: ">=1.8.0"
recommendedVersion: 1.8.15
requiredVersion: 1.8.0
- range: ">=1.7.0"
recommendedVersion: 1.7.16
requiredVersion: 1.7.0
- range: ">=1.6.0"
recommendedVersion: 1.6.13
requiredVersion: 1.6.0
- range: ">=1.5.0"
recommendedVersion: 1.5.8
requiredVersion: 1.5.1
- range: "<1.5.0"
recommendedVersion: 1.4.12
requiredVersion: 1.4.2
kopsVersions:
- range: ">=1.11.0-alpha.1"
#recommendedVersion: "1.11.0"
#requiredVersion: 1.11.0
kubernetesVersion: 1.11.6
- range: ">=1.10.0-alpha.1"
recommendedVersion: "1.10.0"
#requiredVersion: 1.10.0
kubernetesVersion: 1.10.12
- range: ">=1.9.0-alpha.1"
recommendedVersion: 1.9.2
#requiredVersion: 1.9.0
kubernetesVersion: 1.9.11
- range: ">=1.8.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.8.15
- range: ">=1.7.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.7.16
- range: ">=1.6.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.6.13
- range: ">=1.5.0-alpha1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.5.8
- range: "<1.5.0"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.4.12
I0219 15:05:22.820422 48632 create_cluster.go:496] Inferred --cloud=aws from zone "us-east-1a"
I0219 15:05:22.820683 48632 create_cluster.go:952] networking mode=kubenet => {"kubenet":{}}
I0219 15:05:22.822104 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:22.822595 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:22.965888 48632 subnets.go:184] Assigned CIDR 172.20.32.0/19 to subnet us-east-1a
I0219 15:05:22.965924 48632 defaults.go:213] Not setting up Proxy Excludes
I0219 15:05:22.968039 48632 populate_cluster_spec.go:370] Defaulted KubeControllerManager.ClusterCIDR to 100.96.0.0/11
I0219 15:05:22.968058 48632 populate_cluster_spec.go:377] Defaulted ServiceClusterIPRange to 100.64.0.0/13
I0219 15:05:22.968089 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:22.968590 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.006602 48632 subnets.go:49] All subnets have CIDRs; skipping assignment logic
I0219 15:05:23.006636 48632 defaults.go:213] Not setting up Proxy Excludes
I0219 15:05:23.006697 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:23.006783 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.045521 48632 tagbuilder.go:91] tags: [_aws _k8s_1_6]
I0219 15:05:23.045758 48632 options_loader.go:130] executing builder *components.DefaultsOptionsBuilder
I0219 15:05:23.045774 48632 options_loader.go:130] executing builder *components.EtcdOptionsBuilder
I0219 15:05:23.045797 48632 options_loader.go:130] executing builder *etcdmanager.EtcdManagerOptionsBuilder
I0219 15:05:23.045805 48632 options_loader.go:130] executing builder *nodeauthorizer.OptionsBuilder
I0219 15:05:23.045813 48632 options_loader.go:130] executing builder *components.KubeAPIServerOptionsBuilder
I0219 15:05:23.045847 48632 options_loader.go:130] executing builder *components.DockerOptionsBuilder
I0219 15:05:23.045861 48632 options_loader.go:130] executing builder *components.NetworkingOptionsBuilder
I0219 15:05:23.045870 48632 options_loader.go:130] executing builder *components.KubeDnsOptionsBuilder
I0219 15:05:23.045883 48632 options_loader.go:130] executing builder *components.KubeletOptionsBuilder
I0219 15:05:23.046295 48632 kubelet.go:156] Cloud Provider: aws
I0219 15:05:23.046331 48632 options_loader.go:130] executing builder *components.KubeControllerManagerOptionsBuilder
I0219 15:05:23.046346 48632 kubecontrollermanager.go:74] Kubernetes version "1.11.6" supports AttachDetachReconcileSyncPeriod; will configure
I0219 15:05:23.046359 48632 kubecontrollermanager.go:79] AttachDetachReconcileSyncPeriod is not set; will set to default 1m0s
I0219 15:05:23.046377 48632 options_loader.go:130] executing builder *components.KubeSchedulerOptionsBuilder
I0219 15:05:23.046388 48632 options_loader.go:130] executing builder *components.KubeProxyOptionsBuilder
I0219 15:05:23.046776 48632 options_loader.go:130] executing builder *components.DefaultsOptionsBuilder
I0219 15:05:23.046790 48632 options_loader.go:130] executing builder *components.EtcdOptionsBuilder
I0219 15:05:23.046807 48632 options_loader.go:130] executing builder *etcdmanager.EtcdManagerOptionsBuilder
I0219 15:05:23.046816 48632 options_loader.go:130] executing builder *nodeauthorizer.OptionsBuilder
I0219 15:05:23.046823 48632 options_loader.go:130] executing builder *components.KubeAPIServerOptionsBuilder
I0219 15:05:23.046845 48632 options_loader.go:130] executing builder *components.DockerOptionsBuilder
I0219 15:05:23.046859 48632 options_loader.go:130] executing builder *components.NetworkingOptionsBuilder
I0219 15:05:23.046871 48632 options_loader.go:130] executing builder *components.KubeDnsOptionsBuilder
I0219 15:05:23.046879 48632 options_loader.go:130] executing builder *components.KubeletOptionsBuilder
I0219 15:05:23.046889 48632 kubelet.go:156] Cloud Provider: aws
I0219 15:05:23.046899 48632 options_loader.go:130] executing builder *components.KubeControllerManagerOptionsBuilder
I0219 15:05:23.046908 48632 kubecontrollermanager.go:74] Kubernetes version "1.11.6" supports AttachDetachReconcileSyncPeriod; will configure
I0219 15:05:23.046920 48632 options_loader.go:130] executing builder *components.KubeSchedulerOptionsBuilder
I0219 15:05:23.046945 48632 options_loader.go:130] executing builder *components.KubeProxyOptionsBuilder
I0219 15:05:23.047392 48632 spec_builder.go:49] options: {
"channel": "stable",
"configBase": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local",
"cloudProvider": "aws",
"kubernetesVersion": "1.11.6",
"subnets": [
{
"name": "us-east-1a",
"cidr": "172.20.32.0/19",
"zone": "us-east-1a",
"type": "Public"
}
],
"masterPublicName": "api.vault-cluster.k8s.local",
"masterInternalName": "api.internal.vault-cluster.k8s.local",
"networkCIDR": "172.20.0.0/16",
"topology": {
"masters": "public",
"nodes": "public",
"dns": {
"type": "Public"
}
},
"secretStore": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets",
"keyStore": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki",
"configStore": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local",
"clusterDNSDomain": "cluster.local",
"serviceClusterIPRange": "100.64.0.0/13",
"nonMasqueradeCIDR": "100.64.0.0/10",
"sshAccess": [
"0.0.0.0/0"
],
"kubernetesApiAccess": [
"0.0.0.0/0"
],
"etcdClusters": [
{
"name": "main",
"provider": "Legacy",
"etcdMembers": [
{
"name": "a",
"instanceGroup": "master-us-east-1a"
}
],
"version": "2.2.1",
"image": "k8s.gcr.io/etcd:2.2.1"
},
{
"name": "events",
"provider": "Legacy",
"etcdMembers": [
{
"name": "a",
"instanceGroup": "master-us-east-1a"
}
],
"version": "2.2.1",
"image": "k8s.gcr.io/etcd:2.2.1"
}
],
"docker": {
"ipMasq": false,
"ipTables": false,
"logDriver": "json-file",
"logLevel": "warn",
"logOpt": [
"max-size=10m",
"max-file=5"
],
"storage": "overlay2,overlay,aufs",
"version": "17.03.2"
},
"kubeDNS": {
"cacheMaxSize": 1000,
"cacheMaxConcurrent": 150,
"domain": "cluster.local",
"replicas": 2,
"serverIP": "100.64.0.10"
},
"kubeAPIServer": {
"image": "k8s.gcr.io/kube-apiserver:v1.11.6",
"logLevel": 2,
"cloudProvider": "aws",
"securePort": 443,
"insecurePort": 8080,
"bindAddress": "0.0.0.0",
"insecureBindAddress": "127.0.0.1",
"enableAdmissionPlugins": [
"Initializers",
"NamespaceLifecycle",
"LimitRanger",
"ServiceAccount",
"PersistentVolumeLabel",
"DefaultStorageClass",
"DefaultTolerationSeconds",
"MutatingAdmissionWebhook",
"ValidatingAdmissionWebhook",
"NodeRestriction",
"ResourceQuota"
],
"serviceClusterIPRange": "100.64.0.0/13",
"etcdServers": [
"http://127.0.0.1:4001"
],
"etcdServersOverrides": [
"/events#http://127.0.0.1:4002"
],
"allowPrivileged": true,
"apiServerCount": 1,
"anonymousAuth": false,
"kubeletPreferredAddressTypes": [
"InternalIP",
"Hostname",
"ExternalIP"
],
"storageBackend": "etcd2",
"authorizationMode": "RBAC",
"requestheaderUsernameHeaders": [
"X-Remote-User"
],
"requestheaderGroupHeaders": [
"X-Remote-Group"
],
"requestheaderExtraHeaderPrefixes": [
"X-Remote-Extra-"
],
"requestheaderAllowedNames": [
"aggregator"
],
"etcdQuorumRead": false
},
"kubeControllerManager": {
"logLevel": 2,
"image": "k8s.gcr.io/kube-controller-manager:v1.11.6",
"cloudProvider": "aws",
"clusterName": "vault-cluster.k8s.local",
"clusterCIDR": "100.96.0.0/11",
"allocateNodeCIDRs": true,
"configureCloudRoutes": true,
"leaderElection": {
"leaderElect": true
},
"attachDetachReconcileSyncPeriod": "1m0s",
"useServiceAccountCredentials": true
},
"kubeScheduler": {
"logLevel": 2,
"image": "k8s.gcr.io/kube-scheduler:v1.11.6",
"leaderElection": {
"leaderElect": true
}
},
"kubeProxy": {
"image": "k8s.gcr.io/kube-proxy:v1.11.6",
"cpuRequest": "100m",
"logLevel": 2,
"clusterCIDR": "100.96.0.0/11",
"hostnameOverride": "@aws"
},
"kubelet": {
"anonymousAuth": false,
"kubeconfigPath": "/var/lib/kubelet/kubeconfig",
"logLevel": 2,
"podManifestPath": "/etc/kubernetes/manifests",
"hostnameOverride": "@aws",
"podInfraContainerImage": "k8s.gcr.io/pause-amd64:3.0",
"allowPrivileged": true,
"enableDebuggingHandlers": true,
"clusterDomain": "cluster.local",
"clusterDNS": "100.64.0.10",
"networkPluginName": "kubenet",
"cloudProvider": "aws",
"cgroupRoot": "/",
"nonMasqueradeCIDR": "100.64.0.0/10",
"networkPluginMTU": 9001,
"evictionHard": "memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%",
"featureGates": {
"ExperimentalCriticalPodAnnotation": "true"
}
},
"masterKubelet": {
"anonymousAuth": false,
"kubeconfigPath": "/var/lib/kubelet/kubeconfig",
"logLevel": 2,
"podManifestPath": "/etc/kubernetes/manifests",
"hostnameOverride": "@aws",
"podInfraContainerImage": "k8s.gcr.io/pause-amd64:3.0",
"allowPrivileged": true,
"enableDebuggingHandlers": true,
"clusterDomain": "cluster.local",
"clusterDNS": "100.64.0.10",
"networkPluginName": "kubenet",
"cloudProvider": "aws",
"cgroupRoot": "/",
"registerSchedulable": false,
"nonMasqueradeCIDR": "100.64.0.0/10",
"networkPluginMTU": 9001,
"evictionHard": "memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%",
"featureGates": {
"ExperimentalCriticalPodAnnotation": "true"
}
},
"networking": {
"kubenet": {}
},
"api": {
"loadBalancer": {
"type": "Public"
}
},
"authorization": {
"rbac": {}
},
"iam": {
"legacy": false,
"allowContainerRegistry": true
}
}
I0219 15:05:23.047640 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:23.047721 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.086860 48632 aws_cloud.go:1272] checking if instance type "m3.medium" is supported in region "us-east-1"
I0219 15:05:23.087072 48632 request_logger.go:45] AWS request: ec2/DescribeReservedInstancesOfferings
I0219 15:05:23.219496 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.4.0 <1.5.0
I0219 15:05:23.219545 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.5.0 <1.6.0
I0219 15:05:23.219561 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.6.0 <1.7.0
I0219 15:05:23.219574 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.7.0 <1.8.0
I0219 15:05:23.219584 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.8.0 <1.9.0
I0219 15:05:23.219597 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.9.0 <1.10.0
I0219 15:05:23.219609 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.10.0 <1.11.0
I0219 15:05:23.219717 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:23.219834 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.283481 48632 aws_cloud.go:1272] checking if instance type "t2.medium" is supported in region "us-east-1"
I0219 15:05:23.283593 48632 request_logger.go:45] AWS request: ec2/DescribeReservedInstancesOfferings
I0219 15:05:23.341190 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.4.0 <1.5.0
I0219 15:05:23.341228 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.5.0 <1.6.0
I0219 15:05:23.341240 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.6.0 <1.7.0
I0219 15:05:23.341267 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.7.0 <1.8.0
I0219 15:05:23.341281 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.8.0 <1.9.0
I0219 15:05:23.341292 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.9.0 <1.10.0
I0219 15:05:23.341302 48632 channel.go:277] Kubernetes version "1.11.6" does not match range: >=1.10.0 <1.11.0
I0219 15:05:23.350182 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/config"
I0219 15:05:23.356768 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/config"
I0219 15:05:23.356803 48632 s3context.go:222] Checking default bucket encryption for "{{CONFIG_BUCKET_REDACTED}}"
I0219 15:05:23.356821 48632 s3context.go:227] Calling S3 GetBucketEncryption Bucket="{{CONFIG_BUCKET_REDACTED}}"
I0219 15:05:23.362989 48632 s3context.go:247] bucket "{{CONFIG_BUCKET_REDACTED}}" has default encryption set to true
I0219 15:05:23.363047 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/config" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:23.402348 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:05:23.414456 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:05:23.414511 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/instancegroup/master-us-east-1a" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:23.458005 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
I0219 15:05:23.468403 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
I0219 15:05:23.468485 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/instancegroup/nodes" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:23.498576 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/cluster.spec"
I0219 15:05:23.498613 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/cluster.spec" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:23.526688 48632 create_cluster.go:1407] Using SSH public key: {{HOME}}/.ssh/id_rsa.pub
I0219 15:05:23.527046 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/ssh/public/admin/3b70fbe4dd730e672c715904333e658a"
I0219 15:05:23.527070 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/ssh/public/admin/3b70fbe4dd730e672c715904333e658a" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:23.636987 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/config"
I0219 15:05:23.655506 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/instancegroup/"
I0219 15:05:23.678368 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup: [s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes]
I0219 15:05:23.678430 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:05:23.691589 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
I0219 15:05:23.709532 48632 channel.go:97] resolving "stable" against default channel location "https://raw.githubusercontent.com/kubernetes/kops/master/channels/"
I0219 15:05:23.709568 48632 channel.go:102] Loading channel from "https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable"
I0219 15:05:23.709581 48632 context.go:159] Performing HTTP request: GET https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable
I0219 15:05:23.713047 48632 channel.go:111] Channel contents: spec:
images:
# We put the "legacy" version first, for kops versions that don't support versions ( < 1.5.0 )
- name: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2017-07-28
providerID: aws
kubernetesVersion: ">=1.4.0 <1.5.0"
- name: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.5.0 <1.6.0"
- name: kope.io/k8s-1.6-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.6.0 <1.7.0"
- name: kope.io/k8s-1.7-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.7.0 <1.8.0"
- name: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.8.0 <1.9.0"
- name: kope.io/k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.9.0 <1.10.0"
- name: kope.io/k8s-1.10-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.10.0 <1.11.0"
# Stretch is the default for 1.11 (for nvme)
- name: kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.11.0"
- providerID: gce
name: "cos-cloud/cos-stable-65-10323-99-0"
cluster:
kubernetesVersion: v1.5.8
networking:
kubenet: {}
kubernetesVersions:
- range: ">=1.11.0"
recommendedVersion: 1.11.6
requiredVersion: 1.11.0
- range: ">=1.10.0"
recommendedVersion: 1.10.12
requiredVersion: 1.10.0
- range: ">=1.9.0"
recommendedVersion: 1.9.11
requiredVersion: 1.9.0
- range: ">=1.8.0"
recommendedVersion: 1.8.15
requiredVersion: 1.8.0
- range: ">=1.7.0"
recommendedVersion: 1.7.16
requiredVersion: 1.7.0
- range: ">=1.6.0"
recommendedVersion: 1.6.13
requiredVersion: 1.6.0
- range: ">=1.5.0"
recommendedVersion: 1.5.8
requiredVersion: 1.5.1
- range: "<1.5.0"
recommendedVersion: 1.4.12
requiredVersion: 1.4.2
kopsVersions:
- range: ">=1.11.0-alpha.1"
#recommendedVersion: "1.11.0"
#requiredVersion: 1.11.0
kubernetesVersion: 1.11.6
- range: ">=1.10.0-alpha.1"
recommendedVersion: "1.10.0"
#requiredVersion: 1.10.0
kubernetesVersion: 1.10.12
- range: ">=1.9.0-alpha.1"
recommendedVersion: 1.9.2
#requiredVersion: 1.9.0
kubernetesVersion: 1.9.11
- range: ">=1.8.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.8.15
- range: ">=1.7.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.7.16
- range: ">=1.6.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.6.13
- range: ">=1.5.0-alpha1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.5.8
- range: "<1.5.0"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.4.12
I0219 15:05:23.713184 48632 populate_cluster_spec.go:370] Defaulted KubeControllerManager.ClusterCIDR to 100.96.0.0/11
I0219 15:05:23.713215 48632 populate_cluster_spec.go:377] Defaulted ServiceClusterIPRange to 100.64.0.0/13
I0219 15:05:23.713237 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:23.713305 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.751882 48632 subnets.go:49] All subnets have CIDRs; skipping assignment logic
I0219 15:05:23.751954 48632 defaults.go:213] Not setting up Proxy Excludes
I0219 15:05:23.752025 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:23.752124 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.852883 48632 tagbuilder.go:91] tags: [_aws _k8s_1_6]
I0219 15:05:23.853234 48632 options_loader.go:130] executing builder *components.DefaultsOptionsBuilder
I0219 15:05:23.853273 48632 options_loader.go:130] executing builder *components.EtcdOptionsBuilder
I0219 15:05:23.853289 48632 options_loader.go:130] executing builder *etcdmanager.EtcdManagerOptionsBuilder
I0219 15:05:23.853297 48632 options_loader.go:130] executing builder *nodeauthorizer.OptionsBuilder
I0219 15:05:23.853305 48632 options_loader.go:130] executing builder *components.KubeAPIServerOptionsBuilder
I0219 15:05:23.853337 48632 options_loader.go:130] executing builder *components.DockerOptionsBuilder
I0219 15:05:23.853348 48632 options_loader.go:130] executing builder *components.NetworkingOptionsBuilder
I0219 15:05:23.853358 48632 options_loader.go:130] executing builder *components.KubeDnsOptionsBuilder
I0219 15:05:23.853368 48632 options_loader.go:130] executing builder *components.KubeletOptionsBuilder
I0219 15:05:23.853381 48632 kubelet.go:156] Cloud Provider: aws
I0219 15:05:23.853393 48632 options_loader.go:130] executing builder *components.KubeControllerManagerOptionsBuilder
I0219 15:05:23.853406 48632 kubecontrollermanager.go:74] Kubernetes version "1.11.6" supports AttachDetachReconcileSyncPeriod; will configure
I0219 15:05:23.853416 48632 kubecontrollermanager.go:79] AttachDetachReconcileSyncPeriod is not set; will set to default 1m0s
I0219 15:05:23.853430 48632 options_loader.go:130] executing builder *components.KubeSchedulerOptionsBuilder
I0219 15:05:23.853441 48632 options_loader.go:130] executing builder *components.KubeProxyOptionsBuilder
I0219 15:05:23.853722 48632 options_loader.go:130] executing builder *components.DefaultsOptionsBuilder
I0219 15:05:23.853734 48632 options_loader.go:130] executing builder *components.EtcdOptionsBuilder
I0219 15:05:23.853744 48632 options_loader.go:130] executing builder *etcdmanager.EtcdManagerOptionsBuilder
I0219 15:05:23.853752 48632 options_loader.go:130] executing builder *nodeauthorizer.OptionsBuilder
I0219 15:05:23.853759 48632 options_loader.go:130] executing builder *components.KubeAPIServerOptionsBuilder
I0219 15:05:23.853781 48632 options_loader.go:130] executing builder *components.DockerOptionsBuilder
I0219 15:05:23.853791 48632 options_loader.go:130] executing builder *components.NetworkingOptionsBuilder
I0219 15:05:23.853800 48632 options_loader.go:130] executing builder *components.KubeDnsOptionsBuilder
I0219 15:05:23.853807 48632 options_loader.go:130] executing builder *components.KubeletOptionsBuilder
I0219 15:05:23.853818 48632 kubelet.go:156] Cloud Provider: aws
I0219 15:05:23.853828 48632 options_loader.go:130] executing builder *components.KubeControllerManagerOptionsBuilder
I0219 15:05:23.853837 48632 kubecontrollermanager.go:74] Kubernetes version "1.11.6" supports AttachDetachReconcileSyncPeriod; will configure
I0219 15:05:23.853850 48632 options_loader.go:130] executing builder *components.KubeSchedulerOptionsBuilder
I0219 15:05:23.853859 48632 options_loader.go:130] executing builder *components.KubeProxyOptionsBuilder
I0219 15:05:23.854241 48632 spec_builder.go:49] options: {
"channel": "stable",
"configBase": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local",
"cloudProvider": "aws",
"kubernetesVersion": "1.11.6",
"subnets": [
{
"name": "us-east-1a",
"cidr": "172.20.32.0/19",
"zone": "us-east-1a",
"type": "Public"
}
],
"masterPublicName": "api.vault-cluster.k8s.local",
"masterInternalName": "api.internal.vault-cluster.k8s.local",
"networkCIDR": "172.20.0.0/16",
"topology": {
"masters": "public",
"nodes": "public",
"dns": {
"type": "Public"
}
},
"secretStore": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets",
"keyStore": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki",
"configStore": "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local",
"clusterDNSDomain": "cluster.local",
"serviceClusterIPRange": "100.64.0.0/13",
"nonMasqueradeCIDR": "100.64.0.0/10",
"sshAccess": [
"0.0.0.0/0"
],
"kubernetesApiAccess": [
"0.0.0.0/0"
],
"etcdClusters": [
{
"name": "main",
"provider": "Legacy",
"etcdMembers": [
{
"name": "a",
"instanceGroup": "master-us-east-1a"
}
],
"version": "2.2.1",
"image": "k8s.gcr.io/etcd:2.2.1"
},
{
"name": "events",
"provider": "Legacy",
"etcdMembers": [
{
"name": "a",
"instanceGroup": "master-us-east-1a"
}
],
"version": "2.2.1",
"image": "k8s.gcr.io/etcd:2.2.1"
}
],
"docker": {
"ipMasq": false,
"ipTables": false,
"logDriver": "json-file",
"logLevel": "warn",
"logOpt": [
"max-size=10m",
"max-file=5"
],
"storage": "overlay2,overlay,aufs",
"version": "17.03.2"
},
"kubeDNS": {
"cacheMaxSize": 1000,
"cacheMaxConcurrent": 150,
"domain": "cluster.local",
"replicas": 2,
"serverIP": "100.64.0.10"
},
"kubeAPIServer": {
"image": "k8s.gcr.io/kube-apiserver:v1.11.6",
"logLevel": 2,
"cloudProvider": "aws",
"securePort": 443,
"insecurePort": 8080,
"bindAddress": "0.0.0.0",
"insecureBindAddress": "127.0.0.1",
"enableAdmissionPlugins": [
"Initializers",
"NamespaceLifecycle",
"LimitRanger",
"ServiceAccount",
"PersistentVolumeLabel",
"DefaultStorageClass",
"DefaultTolerationSeconds",
"MutatingAdmissionWebhook",
"ValidatingAdmissionWebhook",
"NodeRestriction",
"ResourceQuota"
],
"serviceClusterIPRange": "100.64.0.0/13",
"etcdServers": [
"http://127.0.0.1:4001"
],
"etcdServersOverrides": [
"/events#http://127.0.0.1:4002"
],
"allowPrivileged": true,
"apiServerCount": 1,
"anonymousAuth": false,
"kubeletPreferredAddressTypes": [
"InternalIP",
"Hostname",
"ExternalIP"
],
"storageBackend": "etcd2",
"authorizationMode": "RBAC",
"requestheaderUsernameHeaders": [
"X-Remote-User"
],
"requestheaderGroupHeaders": [
"X-Remote-Group"
],
"requestheaderExtraHeaderPrefixes": [
"X-Remote-Extra-"
],
"requestheaderAllowedNames": [
"aggregator"
],
"etcdQuorumRead": false
},
"kubeControllerManager": {
"logLevel": 2,
"image": "k8s.gcr.io/kube-controller-manager:v1.11.6",
"cloudProvider": "aws",
"clusterName": "vault-cluster.k8s.local",
"clusterCIDR": "100.96.0.0/11",
"allocateNodeCIDRs": true,
"configureCloudRoutes": true,
"leaderElection": {
"leaderElect": true
},
"attachDetachReconcileSyncPeriod": "1m0s",
"useServiceAccountCredentials": true
},
"kubeScheduler": {
"logLevel": 2,
"image": "k8s.gcr.io/kube-scheduler:v1.11.6",
"leaderElection": {
"leaderElect": true
}
},
"kubeProxy": {
"image": "k8s.gcr.io/kube-proxy:v1.11.6",
"cpuRequest": "100m",
"logLevel": 2,
"clusterCIDR": "100.96.0.0/11",
"hostnameOverride": "@aws"
},
"kubelet": {
"anonymousAuth": false,
"kubeconfigPath": "/var/lib/kubelet/kubeconfig",
"logLevel": 2,
"podManifestPath": "/etc/kubernetes/manifests",
"hostnameOverride": "@aws",
"podInfraContainerImage": "k8s.gcr.io/pause-amd64:3.0",
"allowPrivileged": true,
"enableDebuggingHandlers": true,
"clusterDomain": "cluster.local",
"clusterDNS": "100.64.0.10",
"networkPluginName": "kubenet",
"cloudProvider": "aws",
"cgroupRoot": "/",
"nonMasqueradeCIDR": "100.64.0.0/10",
"networkPluginMTU": 9001,
"evictionHard": "memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%",
"featureGates": {
"ExperimentalCriticalPodAnnotation": "true"
}
},
"masterKubelet": {
"anonymousAuth": false,
"kubeconfigPath": "/var/lib/kubelet/kubeconfig",
"logLevel": 2,
"podManifestPath": "/etc/kubernetes/manifests",
"hostnameOverride": "@aws",
"podInfraContainerImage": "k8s.gcr.io/pause-amd64:3.0",
"allowPrivileged": true,
"enableDebuggingHandlers": true,
"clusterDomain": "cluster.local",
"clusterDNS": "100.64.0.10",
"networkPluginName": "kubenet",
"cloudProvider": "aws",
"cgroupRoot": "/",
"registerSchedulable": false,
"nonMasqueradeCIDR": "100.64.0.0/10",
"networkPluginMTU": 9001,
"evictionHard": "memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%",
"featureGates": {
"ExperimentalCriticalPodAnnotation": "true"
}
},
"networking": {
"kubenet": {}
},
"api": {
"loadBalancer": {
"type": "Public"
}
},
"authorization": {
"rbac": {}
},
"iam": {
"legacy": false,
"allowContainerRegistry": true
}
}
I0219 15:05:23.854390 48632 channel.go:150] VersionRecommendationSpec does not specify RecommendedVersion
I0219 15:05:23.854403 48632 channel.go:190] VersionRecommendationSpec does not specify RequiredVersion
I0219 15:05:23.854418 48632 channel.go:142] RecommendedVersion="1.11.6", Have="1.11.6". No upgrade needed.
I0219 15:05:23.854430 48632 channel.go:182] RequiredVersion="1.11.0", Have="1.11.6". No upgrade needed.
I0219 15:05:23.854487 48632 context.go:159] Performing HTTP request: GET https://storage.googleapis.com/kubernetes-release/release/v1.11.6/bin/linux/amd64/kubelet.sha1
I0219 15:05:23.880318 48632 builder.go:301] Found hash "a006b4680640e5c88742e22b904623a77257f416" for "https://storage.googleapis.com/kubernetes-release/release/v1.11.6/bin/linux/amd64/kubelet"
I0219 15:05:23.880427 48632 builder.go:234] adding file: &{FileURL:https://storage.googleapis.com/kubernetes-release/release/v1.11.6/bin/linux/amd64/kubelet CanonicalFileURL:<nil> SHAValue:a006b4680640e5c88742e22b904623a77257f416}
I0219 15:05:23.880549 48632 context.go:159] Performing HTTP request: GET https://storage.googleapis.com/kubernetes-release/release/v1.11.6/bin/linux/amd64/kubectl.sha1
I0219 15:05:23.884167 48632 builder.go:301] Found hash "c3f7fbab5ba39e3ec20b32f0e7bcad6cc0704792" for "https://storage.googleapis.com/kubernetes-release/release/v1.11.6/bin/linux/amd64/kubectl"
I0219 15:05:23.884250 48632 builder.go:234] adding file: &{FileURL:https://storage.googleapis.com/kubernetes-release/release/v1.11.6/bin/linux/amd64/kubectl CanonicalFileURL:<nil> SHAValue:c3f7fbab5ba39e3ec20b32f0e7bcad6cc0704792}
I0219 15:05:23.884359 48632 networking.go:163] Adding default CNI asset for k8s 1.9.x and higher: https://storage.googleapis.com/kubernetes-release/network-plugins/cni-plugins-amd64-v0.6.0.tgz
I0219 15:05:23.884392 48632 urls.go:61] Using default base url: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/"
I0219 15:05:23.884407 48632 context.go:159] Performing HTTP request: GET https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/utils.tar.gz.sha1
I0219 15:05:23.919913 48632 builder.go:301] Found hash "b16b5367e05bad082f416f786c7f8813f7794630" for "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/utils.tar.gz"
I0219 15:05:23.919968 48632 builder.go:234] adding file: &{FileURL:https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/utils.tar.gz CanonicalFileURL:<nil> SHAValue:b16b5367e05bad082f416f786c7f8813f7794630}
I0219 15:05:23.920079 48632 urls.go:53] Using cached kopsBaseUrl url: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/"
I0219 15:05:23.920096 48632 context.go:159] Performing HTTP request: GET https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/nodeup.sha1
I0219 15:05:23.927450 48632 builder.go:301] Found hash "6ee282d77600c47ed7744435400e163fa34ee17e" for "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/nodeup"
I0219 15:05:23.927492 48632 builder.go:234] adding file: &{FileURL:https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/nodeup CanonicalFileURL:<nil> SHAValue:6ee282d77600c47ed7744435400e163fa34ee17e}
I0219 15:05:23.927584 48632 urls.go:115] Using default nodeup location: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/linux/amd64/nodeup"
I0219 15:05:23.927598 48632 urls.go:53] Using cached kopsBaseUrl url: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/"
I0219 15:05:23.927612 48632 context.go:159] Performing HTTP request: GET https://kubeupv2.s3.amazonaws.com/kops/1.11.0/images/protokube.tar.gz.sha1
I0219 15:05:23.934417 48632 builder.go:301] Found hash "725c2de47755544a9aa349e27ed9900d195f0ceb" for "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/images/protokube.tar.gz"
I0219 15:05:23.934474 48632 builder.go:234] adding file: &{FileURL:https://kubeupv2.s3.amazonaws.com/kops/1.11.0/images/protokube.tar.gz CanonicalFileURL:<nil> SHAValue:725c2de47755544a9aa349e27ed9900d195f0ceb}
I0219 15:05:23.934567 48632 urls.go:152] Using default protokube location: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/images/protokube.tar.gz"
I0219 15:05:23.934611 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:23.934709 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:23.969684 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/ssh/public/admin/"
I0219 15:05:23.986320 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/ssh/public/admin: [s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/ssh/public/admin/3b70fbe4dd730e672c715904333e658a]
I0219 15:05:23.986348 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/ssh/public/admin/3b70fbe4dd730e672c715904333e658a"
I0219 15:05:23.998085 48632 apply_cluster.go:542] Gossip DNS: skipping DNS validation
I0219 15:05:23.998113 48632 tagbuilder.go:91] tags: [_aws _k8s_1_6]
I0219 15:05:23.998297 48632 templates.go:80] loading (templated) resource "addons/dns-controller.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:23.998343 48632 templates.go:80] loading (templated) resource "addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:23.998401 48632 templates.go:88] loading resource "addons/external-dns.addons.k8s.io/README.md"
I0219 15:05:23.998456 48632 templates.go:80] loading (templated) resource "addons/external-dns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:23.998499 48632 templates.go:80] loading (templated) resource "addons/external-dns.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:23.998543 48632 templates.go:88] loading resource "addons/limit-range.addons.k8s.io/v1.5.0.yaml"
I0219 15:05:23.998616 48632 templates.go:88] loading resource "addons/limit-range.addons.k8s.io/addon.yaml"
I0219 15:05:23.998708 48632 templates.go:80] loading (templated) resource "addons/networking.romana/k8s-1.7.yaml"
I0219 15:05:23.998814 48632 templates.go:80] loading (templated) resource "addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml"
I0219 15:05:23.998904 48632 templates.go:88] loading resource "addons/scheduler.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:23.999098 48632 templates.go:80] loading (templated) resource "addons/networking.cilium.io/k8s-1.7.yaml"
I0219 15:05:23.999189 48632 templates.go:80] loading (templated) resource "addons/networking.kuberouter/k8s-1.6.yaml"
I0219 15:05:23.999228 48632 templates.go:88] loading resource "addons/storage-aws.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:23.999273 48632 templates.go:88] loading resource "addons/storage-aws.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:23.999389 48632 templates.go:80] loading (templated) resource "addons/networking.weave/k8s-1.8.yaml"
I0219 15:05:23.999461 48632 templates.go:80] loading (templated) resource "addons/networking.weave/pre-k8s-1.6.yaml"
I0219 15:05:23.999587 48632 templates.go:80] loading (templated) resource "addons/networking.weave/k8s-1.6.yaml"
I0219 15:05:23.999683 48632 templates.go:80] loading (templated) resource "addons/networking.weave/k8s-1.7.yaml"
I0219 15:05:23.999752 48632 templates.go:88] loading resource "addons/authentication.aws/k8s-1.10.yaml"
I0219 15:05:23.999827 48632 templates.go:88] loading resource "addons/authentication.kope.io/k8s-1.8.yaml"
I0219 15:05:23.999879 48632 templates.go:80] loading (templated) resource "addons/networking.amazon-vpc-routed-eni/k8s-1.10.yaml"
I0219 15:05:23.999972 48632 templates.go:80] loading (templated) resource "addons/networking.amazon-vpc-routed-eni/k8s-1.7.yaml"
I0219 15:05:24.000047 48632 templates.go:80] loading (templated) resource "addons/networking.amazon-vpc-routed-eni/k8s-1.8.yaml"
I0219 15:05:24.000108 48632 templates.go:80] loading (templated) resource "addons/networking.flannel/k8s-1.6.yaml"
I0219 15:05:24.000199 48632 templates.go:80] loading (templated) resource "addons/networking.flannel/pre-k8s-1.6.yaml"
I0219 15:05:24.000266 48632 templates.go:88] loading resource "addons/networking.kope.io/k8s-1.6.yaml"
I0219 15:05:24.000314 48632 templates.go:88] loading resource "addons/networking.kope.io/pre-k8s-1.6.yaml"
I0219 15:05:24.000452 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org/k8s-1.6.yaml"
I0219 15:05:24.000620 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org/k8s-1.7-v3.yaml"
I0219 15:05:24.000774 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org/k8s-1.7.yaml"
I0219 15:05:24.000955 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org/pre-k8s-1.6.yaml"
I0219 15:05:24.001106 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.12.yaml"
I0219 15:05:24.001228 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.6.yaml"
I0219 15:05:24.001383 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.8.yaml"
I0219 15:05:24.001543 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.9.yaml"
I0219 15:05:24.001757 48632 templates.go:80] loading (templated) resource "addons/networking.projectcalico.org.canal/pre-k8s-1.6.yaml"
I0219 15:05:24.001802 48632 templates.go:88] loading resource "addons/rbac.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.001853 48632 templates.go:80] loading (templated) resource "addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.8.0.yaml"
I0219 15:05:24.001908 48632 templates.go:80] loading (templated) resource "addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.9.0.yaml"
I0219 15:05:24.001983 48632 templates.go:88] loading resource "addons/core.addons.k8s.io/addon.yaml"
I0219 15:05:24.002079 48632 templates.go:80] loading (templated) resource "addons/core.addons.k8s.io/k8s-1.7.yaml"
I0219 15:05:24.002114 48632 templates.go:88] loading resource "addons/core.addons.k8s.io/v1.4.0.yaml"
I0219 15:05:24.002224 48632 templates.go:80] loading (templated) resource "addons/coredns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.002306 48632 templates.go:80] loading (templated) resource "addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.002427 48632 templates.go:80] loading (templated) resource "addons/kube-dns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.002521 48632 templates.go:80] loading (templated) resource "addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.002569 48632 templates.go:80] loading (templated) resource "addons/podsecuritypolicy.addons.k8s.io/k8s-1.10.yaml"
I0219 15:05:24.002621 48632 templates.go:80] loading (templated) resource "addons/podsecuritypolicy.addons.k8s.io/k8s-1.9.yaml"
I0219 15:05:24.002653 48632 templates.go:88] loading resource "addons/storage-gce.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.002679 48632 templates.go:88] loading resource "addons/storage-gce.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.002719 48632 tree_walker.go:98] visit "cloudup/resources"
I0219 15:05:24.002736 48632 tree_walker.go:98] visit "cloudup/resources/addons"
I0219 15:05:24.002777 48632 tree_walker.go:98] visit "cloudup/resources/addons/podsecuritypolicy.addons.k8s.io"
I0219 15:05:24.002795 48632 tree_walker.go:98] visit "cloudup/resources/addons/podsecuritypolicy.addons.k8s.io/k8s-1.9.yaml.template"
I0219 15:05:24.002849 48632 loader.go:354] loading (templated) resource "addons/podsecuritypolicy.addons.k8s.io/k8s-1.9.yaml"
I0219 15:05:24.002860 48632 tree_walker.go:98] visit "cloudup/resources/addons/podsecuritypolicy.addons.k8s.io/k8s-1.10.yaml.template"
I0219 15:05:24.002901 48632 loader.go:354] loading (templated) resource "addons/podsecuritypolicy.addons.k8s.io/k8s-1.10.yaml"
I0219 15:05:24.002914 48632 tree_walker.go:98] visit "cloudup/resources/addons/storage-gce.addons.k8s.io"
I0219 15:05:24.002927 48632 tree_walker.go:98] visit "cloudup/resources/addons/storage-gce.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.002958 48632 loader.go:362] loading resource "addons/storage-gce.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.002968 48632 tree_walker.go:98] visit "cloudup/resources/addons/storage-gce.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.002998 48632 loader.go:362] loading resource "addons/storage-gce.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.003008 48632 tree_walker.go:98] visit "cloudup/resources/addons/core.addons.k8s.io"
I0219 15:05:24.003021 48632 tree_walker.go:98] visit "cloudup/resources/addons/core.addons.k8s.io/addon.yaml"
I0219 15:05:24.003050 48632 loader.go:362] loading resource "addons/core.addons.k8s.io/addon.yaml"
I0219 15:05:24.003059 48632 tree_walker.go:98] visit "cloudup/resources/addons/core.addons.k8s.io/k8s-1.7.yaml.template"
I0219 15:05:24.003131 48632 loader.go:354] loading (templated) resource "addons/core.addons.k8s.io/k8s-1.7.yaml"
I0219 15:05:24.003144 48632 tree_walker.go:98] visit "cloudup/resources/addons/core.addons.k8s.io/v1.4.0.yaml"
I0219 15:05:24.003183 48632 loader.go:362] loading resource "addons/core.addons.k8s.io/v1.4.0.yaml"
I0219 15:05:24.003196 48632 tree_walker.go:98] visit "cloudup/resources/addons/coredns.addons.k8s.io"
I0219 15:05:24.003208 48632 tree_walker.go:98] visit "cloudup/resources/addons/coredns.addons.k8s.io/k8s-1.6.yaml.template"
I0219 15:05:24.003268 48632 loader.go:354] loading (templated) resource "addons/coredns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.003282 48632 tree_walker.go:98] visit "cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io"
I0219 15:05:24.003295 48632 tree_walker.go:98] visit "cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template"
I0219 15:05:24.003345 48632 loader.go:354] loading (templated) resource "addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.003359 48632 tree_walker.go:98] visit "cloudup/resources/addons/kube-dns.addons.k8s.io"
I0219 15:05:24.003372 48632 tree_walker.go:98] visit "cloudup/resources/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml.template"
I0219 15:05:24.003480 48632 loader.go:354] loading (templated) resource "addons/kube-dns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.003495 48632 tree_walker.go:98] visit "cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template"
I0219 15:05:24.003596 48632 loader.go:354] loading (templated) resource "addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.003611 48632 tree_walker.go:98] visit "cloudup/resources/addons/node-authorizer.addons.k8s.io"
I0219 15:05:24.003624 48632 tree_walker.go:98] visit "cloudup/resources/addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml.template"
I0219 15:05:24.003689 48632 loader.go:354] loading (templated) resource "addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml"
I0219 15:05:24.003700 48632 tree_walker.go:98] visit "cloudup/resources/addons/scheduler.addons.k8s.io"
I0219 15:05:24.003715 48632 tree_walker.go:98] visit "cloudup/resources/addons/scheduler.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.003752 48632 loader.go:362] loading resource "addons/scheduler.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.003762 48632 tree_walker.go:98] visit "cloudup/resources/addons/dns-controller.addons.k8s.io"
I0219 15:05:24.003775 48632 tree_walker.go:98] visit "cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml.template"
I0219 15:05:24.003828 48632 loader.go:354] loading (templated) resource "addons/dns-controller.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.003839 48632 tree_walker.go:98] visit "cloudup/resources/addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml.template"
I0219 15:05:24.003882 48632 loader.go:354] loading (templated) resource "addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.003893 48632 tree_walker.go:98] visit "cloudup/resources/addons/external-dns.addons.k8s.io"
I0219 15:05:24.003909 48632 tree_walker.go:98] visit "cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.6.yaml.template"
I0219 15:05:24.003961 48632 loader.go:354] loading (templated) resource "addons/external-dns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.003972 48632 tree_walker.go:98] visit "cloudup/resources/addons/external-dns.addons.k8s.io/pre-k8s-1.6.yaml.template"
I0219 15:05:24.004013 48632 loader.go:354] loading (templated) resource "addons/external-dns.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.004025 48632 tree_walker.go:98] visit "cloudup/resources/addons/external-dns.addons.k8s.io/README.md"
I0219 15:05:24.004071 48632 loader.go:362] loading resource "addons/external-dns.addons.k8s.io/README.md"
I0219 15:05:24.004081 48632 tree_walker.go:98] visit "cloudup/resources/addons/limit-range.addons.k8s.io"
I0219 15:05:24.004094 48632 tree_walker.go:98] visit "cloudup/resources/addons/limit-range.addons.k8s.io/addon.yaml"
I0219 15:05:24.004122 48632 loader.go:362] loading resource "addons/limit-range.addons.k8s.io/addon.yaml"
I0219 15:05:24.004132 48632 tree_walker.go:98] visit "cloudup/resources/addons/limit-range.addons.k8s.io/v1.5.0.yaml"
I0219 15:05:24.004163 48632 loader.go:362] loading resource "addons/limit-range.addons.k8s.io/v1.5.0.yaml"
I0219 15:05:24.004173 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.romana"
I0219 15:05:24.004185 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.romana/k8s-1.7.yaml.template"
I0219 15:05:24.004258 48632 loader.go:354] loading (templated) resource "addons/networking.romana/k8s-1.7.yaml"
I0219 15:05:24.004274 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.cilium.io"
I0219 15:05:24.004287 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.cilium.io/k8s-1.7.yaml.template"
I0219 15:05:24.004412 48632 loader.go:354] loading (templated) resource "addons/networking.cilium.io/k8s-1.7.yaml"
I0219 15:05:24.004423 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.kuberouter"
I0219 15:05:24.004436 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.kuberouter/k8s-1.6.yaml.template"
I0219 15:05:24.004490 48632 loader.go:354] loading (templated) resource "addons/networking.kuberouter/k8s-1.6.yaml"
I0219 15:05:24.004503 48632 tree_walker.go:98] visit "cloudup/resources/addons/storage-aws.addons.k8s.io"
I0219 15:05:24.004516 48632 tree_walker.go:98] visit "cloudup/resources/addons/storage-aws.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.004562 48632 loader.go:362] loading resource "addons/storage-aws.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.004572 48632 tree_walker.go:98] visit "cloudup/resources/addons/storage-aws.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.004610 48632 loader.go:362] loading resource "addons/storage-aws.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.004620 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.kope.io"
I0219 15:05:24.004632 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.kope.io/pre-k8s-1.6.yaml"
I0219 15:05:24.004694 48632 loader.go:362] loading resource "addons/networking.kope.io/pre-k8s-1.6.yaml"
I0219 15:05:24.004705 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.kope.io/k8s-1.6.yaml"
I0219 15:05:24.004761 48632 loader.go:362] loading resource "addons/networking.kope.io/k8s-1.6.yaml"
I0219 15:05:24.004773 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org"
I0219 15:05:24.004787 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org/k8s-1.7-v3.yaml.template"
I0219 15:05:24.004953 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org/k8s-1.7-v3.yaml"
I0219 15:05:24.004979 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org/k8s-1.7.yaml.template"
I0219 15:05:24.005160 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org/k8s-1.7.yaml"
I0219 15:05:24.005172 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org/pre-k8s-1.6.yaml.template"
I0219 15:05:24.005279 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org/pre-k8s-1.6.yaml"
I0219 15:05:24.005290 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org/k8s-1.6.yaml.template"
I0219 15:05:24.005444 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org/k8s-1.6.yaml"
I0219 15:05:24.005473 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org.canal"
I0219 15:05:24.005492 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.12.yaml.template"
I0219 15:05:24.005632 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.12.yaml"
I0219 15:05:24.005651 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.6.yaml.template"
I0219 15:05:24.005760 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.6.yaml"
I0219 15:05:24.005771 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.8.yaml.template"
I0219 15:05:24.005911 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.8.yaml"
I0219 15:05:24.005922 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.9.yaml.template"
I0219 15:05:24.006053 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org.canal/k8s-1.9.yaml"
I0219 15:05:24.006073 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.projectcalico.org.canal/pre-k8s-1.6.yaml.template"
I0219 15:05:24.006450 48632 loader.go:354] loading (templated) resource "addons/networking.projectcalico.org.canal/pre-k8s-1.6.yaml"
I0219 15:05:24.006486 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.weave"
I0219 15:05:24.006520 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.weave/k8s-1.7.yaml.template"
I0219 15:05:24.006641 48632 loader.go:354] loading (templated) resource "addons/networking.weave/k8s-1.7.yaml"
I0219 15:05:24.006673 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template"
I0219 15:05:24.006788 48632 loader.go:354] loading (templated) resource "addons/networking.weave/k8s-1.8.yaml"
I0219 15:05:24.006829 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.weave/pre-k8s-1.6.yaml.template"
I0219 15:05:24.006925 48632 loader.go:354] loading (templated) resource "addons/networking.weave/pre-k8s-1.6.yaml"
I0219 15:05:24.006942 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.weave/k8s-1.6.yaml.template"
I0219 15:05:24.007049 48632 loader.go:354] loading (templated) resource "addons/networking.weave/k8s-1.6.yaml"
I0219 15:05:24.007076 48632 tree_walker.go:98] visit "cloudup/resources/addons/authentication.aws"
I0219 15:05:24.007097 48632 tree_walker.go:98] visit "cloudup/resources/addons/authentication.aws/k8s-1.10.yaml"
I0219 15:05:24.007180 48632 loader.go:362] loading resource "addons/authentication.aws/k8s-1.10.yaml"
I0219 15:05:24.007198 48632 tree_walker.go:98] visit "cloudup/resources/addons/authentication.kope.io"
I0219 15:05:24.007223 48632 tree_walker.go:98] visit "cloudup/resources/addons/authentication.kope.io/k8s-1.8.yaml"
I0219 15:05:24.007320 48632 loader.go:362] loading resource "addons/authentication.kope.io/k8s-1.8.yaml"
I0219 15:05:24.007335 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.amazon-vpc-routed-eni"
I0219 15:05:24.007355 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.10.yaml.template"
I0219 15:05:24.007437 48632 loader.go:354] loading (templated) resource "addons/networking.amazon-vpc-routed-eni/k8s-1.10.yaml"
I0219 15:05:24.007452 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.7.yaml.template"
I0219 15:05:24.007530 48632 loader.go:354] loading (templated) resource "addons/networking.amazon-vpc-routed-eni/k8s-1.7.yaml"
I0219 15:05:24.007546 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.8.yaml.template"
I0219 15:05:24.007634 48632 loader.go:354] loading (templated) resource "addons/networking.amazon-vpc-routed-eni/k8s-1.8.yaml"
I0219 15:05:24.007652 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.flannel"
I0219 15:05:24.007686 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template"
I0219 15:05:24.007767 48632 loader.go:354] loading (templated) resource "addons/networking.flannel/k8s-1.6.yaml"
I0219 15:05:24.007813 48632 tree_walker.go:98] visit "cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template"
I0219 15:05:24.008082 48632 loader.go:354] loading (templated) resource "addons/networking.flannel/pre-k8s-1.6.yaml"
I0219 15:05:24.008174 48632 tree_walker.go:98] visit "cloudup/resources/addons/rbac.addons.k8s.io"
I0219 15:05:24.008223 48632 tree_walker.go:98] visit "cloudup/resources/addons/rbac.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.008279 48632 loader.go:362] loading resource "addons/rbac.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.008291 48632 tree_walker.go:98] visit "cloudup/resources/addons/spotinst-kubernetes-cluster-controller.addons.k8s.io"
I0219 15:05:24.008307 48632 tree_walker.go:98] visit "cloudup/resources/addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.8.0.yaml.template"
I0219 15:05:24.008557 48632 loader.go:354] loading (templated) resource "addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.8.0.yaml"
I0219 15:05:24.008570 48632 tree_walker.go:98] visit "cloudup/resources/addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.9.0.yaml.template"
I0219 15:05:24.008623 48632 loader.go:354] loading (templated) resource "addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.9.0.yaml"
I0219 15:05:24.009582 48632 template_functions.go:190] watch-ingress=false set on dns-controller
I0219 15:05:24.009780 48632 visitor.go:40] float64 value at spec.replicas: 1.000000
I0219 15:05:24.009806 48632 images.go:59] Consider image for re-mapping: "kope/dns-controller:1.11.0"
I0219 15:05:24.009821 48632 visitor.go:35] string value at spec.template.spec.hostNetwork: true
I0219 15:05:24.010196 48632 template_functions.go:190] watch-ingress=false set on dns-controller
I0219 15:05:24.010668 48632 visitor.go:40] float64 value at spec.replicas: 1.000000
I0219 15:05:24.010686 48632 images.go:59] Consider image for re-mapping: "kope/dns-controller:1.11.0"
I0219 15:05:24.010701 48632 visitor.go:35] string value at spec.template.spec.hostNetwork: true
I0219 15:05:24.012208 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.0.0"
I0219 15:05:24.012427 48632 visitor.go:40] float64 value at spec.strategy.rollingUpdate.maxUnavailable: 0.000000
I0219 15:05:24.012444 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].ports.[0].containerPort: 10053.000000
I0219 15:05:24.012454 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].ports.[1].containerPort: 10053.000000
I0219 15:05:24.012463 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].ports.[2].containerPort: 10055.000000
I0219 15:05:24.012472 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].readinessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.012482 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].readinessProbe.httpGet.port: 8081.000000
I0219 15:05:24.012509 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].readinessProbe.initialDelaySeconds: 3.000000
I0219 15:05:24.012519 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/kubedns-amd64:1.9"
I0219 15:05:24.012544 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.failureThreshold: 5.000000
I0219 15:05:24.012574 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.httpGet.port: 8080.000000
I0219 15:05:24.012595 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.initialDelaySeconds: 60.000000
I0219 15:05:24.012603 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.successThreshold: 1.000000
I0219 15:05:24.012611 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.012619 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].ports.[0].containerPort: 53.000000
I0219 15:05:24.012628 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].ports.[1].containerPort: 53.000000
I0219 15:05:24.012638 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/k8s-dns-dnsmasq-amd64:1.14.10"
I0219 15:05:24.012647 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.failureThreshold: 5.000000
I0219 15:05:24.012656 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.httpGet.port: 8080.000000
I0219 15:05:24.012664 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.initialDelaySeconds: 60.000000
I0219 15:05:24.012671 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.successThreshold: 1.000000
I0219 15:05:24.012679 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.012689 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/dnsmasq-metrics-amd64:1.0"
I0219 15:05:24.012698 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.012706 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.failureThreshold: 5.000000
I0219 15:05:24.012714 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.httpGet.port: 10054.000000
I0219 15:05:24.012722 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.initialDelaySeconds: 60.000000
I0219 15:05:24.012730 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.successThreshold: 1.000000
I0219 15:05:24.012753 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].ports.[0].containerPort: 10054.000000
I0219 15:05:24.012763 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/exechealthz-amd64:1.2"
I0219 15:05:24.012773 48632 visitor.go:40] float64 value at spec.template.spec.containers.[3].ports.[0].containerPort: 8080.000000
I0219 15:05:24.013437 48632 visitor.go:40] float64 value at spec.ports.[0].port: 53.000000
I0219 15:05:24.013452 48632 visitor.go:40] float64 value at spec.ports.[1].port: 53.000000
I0219 15:05:24.014808 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.1.2-r2"
I0219 15:05:24.015041 48632 visitor.go:40] float64 value at spec.strategy.rollingUpdate.maxUnavailable: 0.000000
I0219 15:05:24.015100 48632 visitor.go:35] string value at spec.template.spec.volumes.[0].configMap.optional: true
I0219 15:05:24.015111 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].ports.[0].containerPort: 10053.000000
I0219 15:05:24.015120 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].ports.[1].containerPort: 10053.000000
I0219 15:05:24.015129 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].ports.[2].containerPort: 10055.000000
I0219 15:05:24.015137 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].readinessProbe.httpGet.port: 8081.000000
I0219 15:05:24.015145 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].readinessProbe.initialDelaySeconds: 3.000000
I0219 15:05:24.015153 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].readinessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.015163 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10"
I0219 15:05:24.015174 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.successThreshold: 1.000000
I0219 15:05:24.015182 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.015190 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.failureThreshold: 5.000000
I0219 15:05:24.015199 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.httpGet.port: 10054.000000
I0219 15:05:24.015207 48632 visitor.go:40] float64 value at spec.template.spec.containers.[0].livenessProbe.initialDelaySeconds: 60.000000
I0219 15:05:24.015217 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].ports.[0].containerPort: 53.000000
I0219 15:05:24.015226 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].ports.[1].containerPort: 53.000000
I0219 15:05:24.015238 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10"
I0219 15:05:24.015248 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.failureThreshold: 5.000000
I0219 15:05:24.015256 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.httpGet.port: 10054.000000
I0219 15:05:24.015264 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.initialDelaySeconds: 60.000000
I0219 15:05:24.015272 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.successThreshold: 1.000000
I0219 15:05:24.015279 48632 visitor.go:40] float64 value at spec.template.spec.containers.[1].livenessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.015288 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].ports.[0].containerPort: 10054.000000
I0219 15:05:24.015298 48632 images.go:59] Consider image for re-mapping: "k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10"
I0219 15:05:24.015308 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.initialDelaySeconds: 60.000000
I0219 15:05:24.015316 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.successThreshold: 1.000000
I0219 15:05:24.015338 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.timeoutSeconds: 5.000000
I0219 15:05:24.015346 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.failureThreshold: 5.000000
I0219 15:05:24.015354 48632 visitor.go:40] float64 value at spec.template.spec.containers.[2].livenessProbe.httpGet.port: 10054.000000
I0219 15:05:24.016111 48632 visitor.go:40] float64 value at spec.ports.[0].port: 53.000000
I0219 15:05:24.016126 48632 visitor.go:40] float64 value at spec.ports.[1].port: 53.000000
I0219 15:05:24.017052 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017073 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017083 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017091 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017101 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017110 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017123 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017132 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017140 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017148 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017156 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017168 48632 task.go:103] testing task "Keypair"
I0219 15:05:24.017180 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017189 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017197 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017205 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017213 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017222 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017231 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017239 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017247 48632 task.go:103] testing task "Secret"
I0219 15:05:24.017260 48632 task.go:103] testing task "MirrorSecrets"
I0219 15:05:24.017278 48632 task.go:103] testing task "MirrorKeystore"
I0219 15:05:24.017730 48632 task.go:103] testing task "EBSVolume"
I0219 15:05:24.018088 48632 task.go:103] testing task "EBSVolume"
I0219 15:05:24.018123 48632 task.go:103] testing task "LoadBalancer"
I0219 15:05:24.018559 48632 task.go:103] testing task "SecurityGroup"
I0219 15:05:24.018845 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.018906 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.018928 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.018943 48632 task.go:103] testing task "LoadBalancerAttachment"
I0219 15:05:24.018970 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.018980 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.018994 48632 task.go:103] testing task "SecurityGroup"
I0219 15:05:24.019003 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019012 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019025 48632 task.go:103] testing task "SecurityGroup"
I0219 15:05:24.019034 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019043 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019051 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019631 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019640 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019649 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019660 48632 task.go:103] testing task "SecurityGroupRule"
I0219 15:05:24.019690 48632 task.go:103] testing task "SSHKey"
I0219 15:05:24.019714 48632 task.go:103] testing task "VPC"
I0219 15:05:24.019728 48632 task.go:103] testing task "DHCPOptions"
I0219 15:05:24.019742 48632 task.go:103] testing task "VPCDHCPOptionsAssociation"
I0219 15:05:24.019757 48632 task.go:103] testing task "InternetGateway"
I0219 15:05:24.020141 48632 task.go:103] testing task "RouteTable"
I0219 15:05:24.020162 48632 task.go:103] testing task "Route"
I0219 15:05:24.020588 48632 network.go:193] applying subnet tags
I0219 15:05:24.020611 48632 task.go:103] testing task "Subnet"
I0219 15:05:24.020627 48632 task.go:103] testing task "RouteTableAssociation"
I0219 15:05:24.020658 48632 task.go:103] testing task "IAMRole"
I0219 15:05:24.020677 48632 iam.go:131] Task "DNSZone/" not found; won't set route53 permissions in IAM
I0219 15:05:24.020686 48632 task.go:103] testing task "IAMRolePolicy"
I0219 15:05:24.020717 48632 task.go:103] testing task "IAMInstanceProfile"
I0219 15:05:24.020742 48632 task.go:103] testing task "IAMInstanceProfileRole"
I0219 15:05:24.020753 48632 task.go:103] testing task "IAMRolePolicy"
I0219 15:05:24.020774 48632 task.go:103] testing task "IAMRole"
I0219 15:05:24.020786 48632 iam.go:131] Task "DNSZone/" not found; won't set route53 permissions in IAM
I0219 15:05:24.020794 48632 task.go:103] testing task "IAMRolePolicy"
I0219 15:05:24.020802 48632 task.go:103] testing task "IAMInstanceProfile"
I0219 15:05:24.020810 48632 task.go:103] testing task "IAMInstanceProfileRole"
I0219 15:05:24.020837 48632 task.go:103] testing task "IAMRolePolicy"
I0219 15:05:24.020918 48632 task.go:103] testing task "LaunchConfiguration"
I0219 15:05:24.020954 48632 task.go:103] testing task "AutoscalingGroup"
I0219 15:05:24.021025 48632 task.go:103] testing task "LaunchConfiguration"
I0219 15:05:24.021038 48632 task.go:103] testing task "AutoscalingGroup"
I0219 15:05:24.022768 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/cluster.spec"
I0219 15:05:24.022787 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/cluster.spec" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.064413 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:05:24.074512 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:05:24.074552 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/instancegroup/master-us-east-1a" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.101991 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:05:24.102031 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/instancegroup/master-us-east-1a" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.127357 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
I0219 15:05:24.250515 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
I0219 15:05:24.250558 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/instancegroup/nodes" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.294723 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
I0219 15:05:24.294766 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/instancegroup/nodes" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.319913 48632 topological_sort.go:64] Dependencies:
I0219 15:05:24.319936 48632 topological_sort.go:66] MirrorKeystore/mirror-keystore: [Secret/system:monitoring Secret/system:logging Secret/kube Secret/kubelet Secret/system:dns Secret/kube-proxy Secret/system:scheduler Secret/system:controller_manager Secret/admin]
I0219 15:05:24.319951 48632 topological_sort.go:66] LoadBalancer/api.vault-cluster.k8s.local: [Subnet/us-east-1a.vault-cluster.k8s.local SecurityGroup/api-elb.vault-cluster.k8s.local]
I0219 15:05:24.319961 48632 topological_sort.go:66] IAMRolePolicy/nodes.vault-cluster.k8s.local: [IAMRole/nodes.vault-cluster.k8s.local]
I0219 15:05:24.319969 48632 topological_sort.go:66] LoadBalancerAttachment/api-master-us-east-1a: [LoadBalancer/api.vault-cluster.k8s.local AutoscalingGroup/master-us-east-1a.masters.vault-cluster.k8s.local]
I0219 15:05:24.319977 48632 topological_sort.go:66] SecurityGroupRule/all-master-to-node: [SecurityGroup/nodes.vault-cluster.k8s.local SecurityGroup/masters.vault-cluster.k8s.local]
I0219 15:05:24.319985 48632 topological_sort.go:66] LaunchConfiguration/master-us-east-1a.masters.vault-cluster.k8s.local: [SSHKey/kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}} SecurityGroup/masters.vault-cluster.k8s.local IAMInstanceProfile/masters.vault-cluster.k8s.local]
I0219 15:05:24.319997 48632 topological_sort.go:66] IAMRolePolicy/additional.nodes.vault-cluster.k8s.local: [IAMRole/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320010 48632 topological_sort.go:66] Secret/system:logging: []
I0219 15:05:24.320022 48632 topological_sort.go:66] SecurityGroupRule/node-to-master-tcp-1-2379: [SecurityGroup/masters.vault-cluster.k8s.local SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320033 48632 topological_sort.go:66] SSHKey/kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}: []
I0219 15:05:24.320040 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-bootstrap: []
I0219 15:05:24.320048 48632 topological_sort.go:66] InternetGateway/vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local]
I0219 15:05:24.320056 48632 topological_sort.go:66] Keypair/kubecfg: [Keypair/ca]
I0219 15:05:24.320064 48632 topological_sort.go:66] Keypair/apiserver-aggregator: [Keypair/apiserver-aggregator-ca]
I0219 15:05:24.320071 48632 topological_sort.go:66] Secret/system:scheduler: []
I0219 15:05:24.320079 48632 topological_sort.go:66] Secret/admin: []
I0219 15:05:24.320086 48632 topological_sort.go:66] RouteTableAssociation/us-east-1a.vault-cluster.k8s.local: [RouteTable/vault-cluster.k8s.local Subnet/us-east-1a.vault-cluster.k8s.local]
I0219 15:05:24.320095 48632 topological_sort.go:66] SecurityGroupRule/node-to-master-udp-1-65535: [SecurityGroup/masters.vault-cluster.k8s.local SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320102 48632 topological_sort.go:66] SecurityGroupRule/https-elb-to-master: [SecurityGroup/masters.vault-cluster.k8s.local SecurityGroup/api-elb.vault-cluster.k8s.local]
I0219 15:05:24.320110 48632 topological_sort.go:66] EBSVolume/a.etcd-events.vault-cluster.k8s.local: []
I0219 15:05:24.320118 48632 topological_sort.go:66] Keypair/master: [LoadBalancer/api.vault-cluster.k8s.local Keypair/ca]
I0219 15:05:24.320126 48632 topological_sort.go:66] SecurityGroupRule/node-to-master-tcp-4003-65535: [SecurityGroup/masters.vault-cluster.k8s.local SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320134 48632 topological_sort.go:66] Keypair/kubelet: [Keypair/ca]
I0219 15:05:24.320142 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-dns-controller.addons.k8s.io-k8s-1.6: []
I0219 15:05:24.320149 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-kube-dns.addons.k8s.io-pre-k8s-1.6: []
I0219 15:05:24.320157 48632 topological_sort.go:66] IAMInstanceProfile/masters.vault-cluster.k8s.local: []
I0219 15:05:24.320164 48632 topological_sort.go:66] SecurityGroupRule/https-api-elb-0.0.0.0/0: [SecurityGroup/api-elb.vault-cluster.k8s.local]
I0219 15:05:24.320172 48632 topological_sort.go:66] Keypair/apiserver-aggregator-ca: []
I0219 15:05:24.320181 48632 topological_sort.go:66] SecurityGroupRule/api-elb-egress: [SecurityGroup/api-elb.vault-cluster.k8s.local]
I0219 15:05:24.320190 48632 topological_sort.go:66] SecurityGroupRule/ssh-external-to-master-0.0.0.0/0: [SecurityGroup/masters.vault-cluster.k8s.local]
I0219 15:05:24.320197 48632 topological_sort.go:66] Keypair/kube-scheduler: [Keypair/ca]
I0219 15:05:24.320205 48632 topological_sort.go:66] SecurityGroup/nodes.vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local]
I0219 15:05:24.320213 48632 topological_sort.go:66] SecurityGroupRule/all-master-to-master: [SecurityGroup/masters.vault-cluster.k8s.local SecurityGroup/masters.vault-cluster.k8s.local]
I0219 15:05:24.320221 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-storage-aws.addons.k8s.io-v1.6.0: []
I0219 15:05:24.320228 48632 topological_sort.go:66] Secret/kube: []
I0219 15:05:24.320236 48632 topological_sort.go:66] Keypair/kube-controller-manager: [Keypair/ca]
I0219 15:05:24.320243 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-kube-dns.addons.k8s.io-k8s-1.6: []
I0219 15:05:24.320251 48632 topological_sort.go:66] EBSVolume/a.etcd-main.vault-cluster.k8s.local: []
I0219 15:05:24.320258 48632 topological_sort.go:66] Secret/kube-proxy: []
I0219 15:05:24.320266 48632 topological_sort.go:66] IAMRolePolicy/additional.masters.vault-cluster.k8s.local: [IAMRole/masters.vault-cluster.k8s.local]
I0219 15:05:24.320273 48632 topological_sort.go:66] Keypair/kube-proxy: [Keypair/ca]
I0219 15:05:24.320281 48632 topological_sort.go:66] Route/0.0.0.0/0: [RouteTable/vault-cluster.k8s.local InternetGateway/vault-cluster.k8s.local]
I0219 15:05:24.320289 48632 topological_sort.go:66] Keypair/ca: []
I0219 15:05:24.320296 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-storage-aws.addons.k8s.io-v1.7.0: []
I0219 15:05:24.320304 48632 topological_sort.go:66] SecurityGroupRule/ssh-external-to-node-0.0.0.0/0: [SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320311 48632 topological_sort.go:66] AutoscalingGroup/master-us-east-1a.masters.vault-cluster.k8s.local: [Subnet/us-east-1a.vault-cluster.k8s.local LaunchConfiguration/master-us-east-1a.masters.vault-cluster.k8s.local]
I0219 15:05:24.320324 48632 topological_sort.go:66] Keypair/kops: [Keypair/ca]
I0219 15:05:24.320332 48632 topological_sort.go:66] SecurityGroupRule/all-node-to-node: [SecurityGroup/nodes.vault-cluster.k8s.local SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320340 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-limit-range.addons.k8s.io: []
I0219 15:05:24.320348 48632 topological_sort.go:66] Secret/system:dns: []
I0219 15:05:24.320355 48632 topological_sort.go:66] VPC/vault-cluster.k8s.local: []
I0219 15:05:24.320362 48632 topological_sort.go:66] Secret/system:controller_manager: []
I0219 15:05:24.320370 48632 topological_sort.go:66] IAMRole/nodes.vault-cluster.k8s.local: []
I0219 15:05:24.320377 48632 topological_sort.go:66] VPCDHCPOptionsAssociation/vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local DHCPOptions/vault-cluster.k8s.local]
I0219 15:05:24.320385 48632 topological_sort.go:66] SecurityGroupRule/master-egress: [SecurityGroup/masters.vault-cluster.k8s.local]
I0219 15:05:24.320393 48632 topological_sort.go:66] IAMInstanceProfile/nodes.vault-cluster.k8s.local: []
I0219 15:05:24.320401 48632 topological_sort.go:66] Keypair/apiserver-proxy-client: [Keypair/ca]
I0219 15:05:24.320408 48632 topological_sort.go:66] IAMInstanceProfileRole/masters.vault-cluster.k8s.local: [IAMInstanceProfile/masters.vault-cluster.k8s.local IAMRole/masters.vault-cluster.k8s.local]
I0219 15:05:24.320416 48632 topological_sort.go:66] SecurityGroupRule/node-egress: [SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320424 48632 topological_sort.go:66] IAMRole/masters.vault-cluster.k8s.local: []
I0219 15:05:24.320431 48632 topological_sort.go:66] LaunchConfiguration/nodes.vault-cluster.k8s.local: [SSHKey/kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}} SecurityGroup/nodes.vault-cluster.k8s.local IAMInstanceProfile/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320441 48632 topological_sort.go:66] SecurityGroup/masters.vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local]
I0219 15:05:24.320450 48632 topological_sort.go:66] AutoscalingGroup/nodes.vault-cluster.k8s.local: [Subnet/us-east-1a.vault-cluster.k8s.local LaunchConfiguration/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320458 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-core.addons.k8s.io: []
I0219 15:05:24.320465 48632 topological_sort.go:66] Keypair/kubelet-api: [Keypair/ca]
I0219 15:05:24.320473 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-rbac.addons.k8s.io-k8s-1.8: []
I0219 15:05:24.320480 48632 topological_sort.go:66] vault-cluster.k8s.local-addons-dns-controller.addons.k8s.io-pre-k8s-1.6: []
I0219 15:05:24.320488 48632 topological_sort.go:66] MirrorSecrets/mirror-secrets: [Secret/kube-proxy Secret/system:scheduler Secret/system:controller_manager Secret/admin Secret/system:monitoring Secret/system:logging Secret/kube Secret/kubelet Secret/system:dns]
I0219 15:05:24.320497 48632 topological_sort.go:66] RouteTable/vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local]
I0219 15:05:24.320505 48632 topological_sort.go:66] DHCPOptions/vault-cluster.k8s.local: []
I0219 15:05:24.320513 48632 topological_sort.go:66] IAMRolePolicy/masters.vault-cluster.k8s.local: [IAMRole/masters.vault-cluster.k8s.local]
I0219 15:05:24.320521 48632 topological_sort.go:66] Secret/system:monitoring: []
I0219 15:05:24.320528 48632 topological_sort.go:66] Subnet/us-east-1a.vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local]
I0219 15:05:24.320536 48632 topological_sort.go:66] Secret/kubelet: []
I0219 15:05:24.320544 48632 topological_sort.go:66] SecurityGroupRule/node-to-master-tcp-2382-4000: [SecurityGroup/masters.vault-cluster.k8s.local SecurityGroup/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320552 48632 topological_sort.go:66] IAMInstanceProfileRole/nodes.vault-cluster.k8s.local: [IAMInstanceProfile/nodes.vault-cluster.k8s.local IAMRole/nodes.vault-cluster.k8s.local]
I0219 15:05:24.320560 48632 topological_sort.go:66] SecurityGroup/api-elb.vault-cluster.k8s.local: [VPC/vault-cluster.k8s.local]
I0219 15:05:24.320609 48632 executor.go:103] Tasks: 0 done / 77 total; 30 can run
I0219 15:05:24.320683 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-core.addons.k8s.io": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-core.addons.k8s.io","Lifecycle":"Sync","Location":"addons/core.addons.k8s.io/v1.4.0.yaml","Contents":{"Name":"","Resource":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: kube-system\n"}}
I0219 15:05:24.320774 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-rbac.addons.k8s.io-k8s-1.8": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-rbac.addons.k8s.io-k8s-1.8","Lifecycle":"Sync","Location":"addons/rbac.addons.k8s.io/k8s-1.8.yaml","Contents":{"Name":"","Resource":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n labels:\n addonmanager.kubernetes.io/mode: Reconcile\n k8s-addon: rbac.addons.k8s.io\n kubernetes.io/cluster-service: \"true\"\n name: kubelet-cluster-admin\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:node\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n kind: User\n name: kubelet\n"}}
I0219 15:05:24.320794 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-dns-controller.addons.k8s.io-k8s-1.6": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-dns-controller.addons.k8s.io-k8s-1.6","Lifecycle":"Sync","Location":"addons/dns-controller.addons.k8s.io/k8s-1.6.yaml","Contents":{"Name":"","Resource":"apiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n k8s-app: dns-controller\n version: v1.11.0\n name: dns-controller\n namespace: kube-system\nspec:\n replicas: 1\n selector:\n matchLabels:\n k8s-app: dns-controller\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: \"\"\n scheduler.alpha.kubernetes.io/tolerations: '[{\"key\": \"dedicated\", \"value\":\n \"master\"}]'\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n k8s-app: dns-controller\n version: v1.11.0\n spec:\n containers:\n - command:\n - /usr/bin/dns-controller\n - --watch-ingress=false\n - --dns=gossip\n - --gossip-seed=127.0.0.1:3999\n - --zone=*/*\n - -v=2\n image: kope/dns-controller:1.11.0\n name: dns-controller\n resources:\n requests:\n cpu: 50m\n memory: 50Mi\n dnsPolicy: Default\n hostNetwork: true\n nodeSelector:\n node-role.kubernetes.io/master: \"\"\n serviceAccount: dns-controller\n tolerations:\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n name: dns-controller\n namespace: kube-system\n\n---\n\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n name: kops:dns-controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - ingress\n - nodes\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs:\n - get\n - list\n - watch\n\n---\n\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n name: kops:dns-controller\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: kops:dns-controller\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n kind: User\n name: system:serviceaccount:kube-system:dns-controller\n"}}
I0219 15:05:24.320670 48632 executor.go:178] Executing task "VPC/vault-cluster.k8s.local": *awstasks.VPC {"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:24.320949 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/rbac.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.320710 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-storage-aws.addons.k8s.io-v1.6.0": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-storage-aws.addons.k8s.io-v1.6.0","Lifecycle":"Sync","Location":"addons/storage-aws.addons.k8s.io/v1.6.0.yaml","Contents":{"Name":"","Resource":"apiVersion: storage.k8s.io/v1beta1\nkind: StorageClass\nmetadata:\n labels:\n k8s-addon: storage-aws.addons.k8s.io\n name: default\nparameters:\n type: gp2\nprovisioner: kubernetes.io/aws-ebs\n\n---\n\napiVersion: storage.k8s.io/v1beta1\nkind: StorageClass\nmetadata:\n annotations:\n storageclass.beta.kubernetes.io/is-default-class: \"true\"\n labels:\n k8s-addon: storage-aws.addons.k8s.io\n name: gp2\nparameters:\n type: gp2\nprovisioner: kubernetes.io/aws-ebs\n"}}
I0219 15:05:24.320982 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-dns-controller.addons.k8s.io-pre-k8s-1.6": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-dns-controller.addons.k8s.io-pre-k8s-1.6","Lifecycle":"Sync","Location":"addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml","Contents":{"Name":"","Resource":"apiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n k8s-app: dns-controller\n version: v1.11.0\n name: dns-controller\n namespace: kube-system\nspec:\n replicas: 1\n selector:\n matchLabels:\n k8s-app: dns-controller\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: \"\"\n scheduler.alpha.kubernetes.io/tolerations: '[{\"key\": \"dedicated\", \"value\":\n \"master\"}]'\n labels:\n k8s-addon: dns-controller.addons.k8s.io\n k8s-app: dns-controller\n version: v1.11.0\n spec:\n containers:\n - command:\n - /usr/bin/dns-controller\n - --watch-ingress=false\n - --dns=gossip\n - --gossip-seed=127.0.0.1:3999\n - --zone=*/*\n - -v=2\n image: kope/dns-controller:1.11.0\n name: dns-controller\n resources:\n requests:\n cpu: 50m\n memory: 50Mi\n dnsPolicy: Default\n hostNetwork: true\n nodeSelector:\n kubernetes.io/role: master\n"}}
I0219 15:05:24.321088 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.320687 48632 executor.go:178] Executing task "IAMInstanceProfile/masters.vault-cluster.k8s.local": *awstasks.IAMInstanceProfile {"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"Shared":false}
I0219 15:05:24.320968 48632 executor.go:178] Executing task "EBSVolume/a.etcd-events.vault-cluster.k8s.local": *awstasks.EBSVolume {"Name":"a.etcd-events.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"AvailabilityZone":"us-east-1a","VolumeType":"gp2","SizeGB":20,"VolumeIops":null,"KmsKeyId":null,"Encrypted":false,"Tags":{"k8s.io/etcd/events":"a/a","k8s.io/role/master":"1","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:24.320748 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-storage-aws.addons.k8s.io-v1.7.0": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-storage-aws.addons.k8s.io-v1.7.0","Lifecycle":"Sync","Location":"addons/storage-aws.addons.k8s.io/v1.7.0.yaml","Contents":{"Name":"","Resource":"apiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n labels:\n k8s-addon: storage-aws.addons.k8s.io\n name: default\nparameters:\n type: gp2\nprovisioner: kubernetes.io/aws-ebs\n\n---\n\napiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n annotations:\n storageclass.beta.kubernetes.io/is-default-class: \"true\"\n labels:\n k8s-addon: storage-aws.addons.k8s.io\n name: gp2\nparameters:\n type: gp2\nprovisioner: kubernetes.io/aws-ebs\n"}}
I0219 15:05:24.321197 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/storage-aws.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.321077 48632 executor.go:178] Executing task "SSHKey/kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}": *awstasks.SSHKey {"Name":"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}","Lifecycle":"Sync","PublicKey":{"Name":"","Resource":"ssh-rsa {{SSH_RSA_KEY}}\n"},"KeyFingerprint":null}
I0219 15:05:24.321239 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/storage-aws.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.320975 48632 executor.go:178] Executing task "Secret/kubelet": *fitasks.Secret {"Name":"kubelet","Lifecycle":"Sync"}
I0219 15:05:24.321321 48632 sshkey.go:109] Computed SSH key fingerprint as "{{ANOTHER_KEY_FINGERPRINT}}"
I0219 15:05:24.321339 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kubelet"
I0219 15:05:24.321361 48632 request_logger.go:45] AWS request: ec2/DescribeVpcs
I0219 15:05:24.321509 48632 executor.go:178] Executing task "Secret/system:scheduler": *fitasks.Secret {"Name":"system:scheduler","Lifecycle":"Sync"}
I0219 15:05:24.321526 48632 request_logger.go:45] AWS request: ec2/DescribeKeyPairs
I0219 15:05:24.320657 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-bootstrap": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-bootstrap","Lifecycle":"Sync","Location":"addons/bootstrap-channel.yaml","Contents":{"Name":"","Resource":"kind: Addons\nmetadata:\n creationTimestamp: null\n name: bootstrap\nspec:\n addons:\n - manifest: core.addons.k8s.io/v1.4.0.yaml\n name: core.addons.k8s.io\n selector:\n k8s-addon: core.addons.k8s.io\n version: 1.4.0\n - id: pre-k8s-1.6\n kubernetesVersion: \u003c1.6.0\n manifest: kube-dns.addons.k8s.io/pre-k8s-1.6.yaml\n name: kube-dns.addons.k8s.io\n selector:\n k8s-addon: kube-dns.addons.k8s.io\n version: 1.14.10\n - id: k8s-1.6\n kubernetesVersion: '\u003e=1.6.0'\n manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml\n name: kube-dns.addons.k8s.io\n selector:\n k8s-addon: kube-dns.addons.k8s.io\n version: 1.14.10\n - id: k8s-1.8\n kubernetesVersion: '\u003e=1.8.0'\n manifest: rbac.addons.k8s.io/k8s-1.8.yaml\n name: rbac.addons.k8s.io\n selector:\n k8s-addon: rbac.addons.k8s.io\n version: 1.8.0\n - manifest: limit-range.addons.k8s.io/v1.5.0.yaml\n name: limit-range.addons.k8s.io\n selector:\n k8s-addon: limit-range.addons.k8s.io\n version: 1.5.0\n - id: pre-k8s-1.6\n kubernetesVersion: \u003c1.6.0\n manifest: dns-controller.addons.k8s.io/pre-k8s-1.6.yaml\n name: dns-controller.addons.k8s.io\n selector:\n k8s-addon: dns-controller.addons.k8s.io\n version: 1.11.0\n - id: k8s-1.6\n kubernetesVersion: '\u003e=1.6.0'\n manifest: dns-controller.addons.k8s.io/k8s-1.6.yaml\n name: dns-controller.addons.k8s.io\n selector:\n k8s-addon: dns-controller.addons.k8s.io\n version: 1.11.0\n - id: v1.7.0\n kubernetesVersion: '\u003e=1.7.0'\n manifest: storage-aws.addons.k8s.io/v1.7.0.yaml\n name: storage-aws.addons.k8s.io\n selector:\n k8s-addon: storage-aws.addons.k8s.io\n version: 1.7.0\n - id: v1.6.0\n kubernetesVersion: \u003c1.7.0\n manifest: storage-aws.addons.k8s.io/v1.6.0.yaml\n name: storage-aws.addons.k8s.io\n selector:\n k8s-addon: storage-aws.addons.k8s.io\n version: 1.7.0\n"}}
I0219 15:05:24.320687 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-kube-dns.addons.k8s.io-pre-k8s-1.6": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-kube-dns.addons.k8s.io-pre-k8s-1.6","Lifecycle":"Sync","Location":"addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml","Contents":{"Name":"","Resource":"apiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n k8s-app: kube-dns-autoscaler\n kubernetes.io/cluster-service: \"true\"\n name: kube-dns-autoscaler\n namespace: kube-system\nspec:\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: \"\"\n scheduler.alpha.kubernetes.io/tolerations: '[{\"key\":\"CriticalAddonsOnly\",\n \"operator\":\"Exists\"}]'\n labels:\n k8s-app: kube-dns-autoscaler\n spec:\n containers:\n - command:\n - /cluster-proportional-autoscaler\n - --namespace=kube-system\n - --configmap=kube-dns-autoscaler\n - --mode=linear\n - --target=Deployment/kube-dns\n - --default-params={\"linear\":{\"coresPerReplica\":256,\"nodesPerReplica\":16,\"min\":2}}\n - --logtostderr=true\n - --v=2\n image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.0.0\n name: autoscaler\n resources:\n requests:\n cpu: 20m\n memory: 10Mi\n\n---\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n name: kube-dns\n namespace: kube-system\nspec:\n selector:\n matchLabels:\n k8s-app: kube-dns\n strategy:\n rollingUpdate:\n maxSurge: 10%\n maxUnavailable: 0\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: \"\"\n scheduler.alpha.kubernetes.io/tolerations: '[{\"key\":\"CriticalAddonsOnly\",\n \"operator\":\"Exists\"}]'\n labels:\n k8s-app: kube-dns\n spec:\n containers:\n - args:\n - --domain=cluster.local.\n - --dns-port=10053\n - --config-map=kube-dns\n - --v=2\n env:\n - name: PROMETHEUS_PORT\n value: \"10055\"\n image: k8s.gcr.io/kubedns-amd64:1.9\n livenessProbe:\n failureThreshold: 5\n httpGet:\n path: /healthz-kubedns\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 60\n successThreshold: 1\n timeoutSeconds: 5\n name: kubedns\n ports:\n - containerPort: 10053\n name: dns-local\n protocol: UDP\n - containerPort: 10053\n name: dns-tcp-local\n protocol: TCP\n - containerPort: 10055\n name: metrics\n protocol: TCP\n readinessProbe:\n httpGet:\n path: /readiness\n port: 8081\n scheme: HTTP\n initialDelaySeconds: 3\n timeoutSeconds: 5\n resources:\n limits:\n memory: 170Mi\n requests:\n cpu: 100m\n memory: 70Mi\n - args:\n - --cache-size=1000\n - --dns-forward-max=150\n - --no-resolv\n - --server=127.0.0.1#10053\n - --log-facility=-\n image: k8s.gcr.io/k8s-dns-dnsmasq-amd64:1.14.10\n livenessProbe:\n failureThreshold: 5\n httpGet:\n path: /healthz-dnsmasq\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 60\n successThreshold: 1\n timeoutSeconds: 5\n name: dnsmasq\n ports:\n - containerPort: 53\n name: dns\n protocol: UDP\n - containerPort: 53\n name: dns-tcp\n protocol: TCP\n resources:\n requests:\n cpu: 150m\n memory: 10Mi\n - args:\n - --v=2\n - --logtostderr\n image: k8s.gcr.io/dnsmasq-metrics-amd64:1.0\n livenessProbe:\n failureThreshold: 5\n httpGet:\n path: /metrics\n port: 10054\n scheme: HTTP\n initialDelaySeconds: 60\n successThreshold: 1\n timeoutSeconds: 5\n name: dnsmasq-metrics\n ports:\n - containerPort: 10054\n name: metrics\n protocol: TCP\n resources:\n requests:\n memory: 10Mi\n - args:\n - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 \u003e/dev/null\n - --url=/healthz-dnsmasq\n - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1:10053 \u003e/dev/null\n - --url=/healthz-kubedns\n - --port=8080\n - --quiet\n image: k8s.gcr.io/exechealthz-amd64:1.2\n name: healthz\n ports:\n - containerPort: 8080\n protocol: TCP\n resources:\n limits:\n memory: 50Mi\n requests:\n cpu: 10m\n memory: 50Mi\n dnsPolicy: Default\n\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n kubernetes.io/name: KubeDNS\n name: kube-dns\n namespace: kube-system\nspec:\n clusterIP: 100.64.0.10\n ports:\n - name: dns\n port: 53\n protocol: UDP\n - name: dns-tcp\n port: 53\n protocol: TCP\n selector:\n k8s-app: kube-dns\n"}}
I0219 15:05:24.320908 48632 executor.go:178] Executing task "Secret/kube": *fitasks.Secret {"Name":"kube","Lifecycle":"Sync"}
I0219 15:05:24.320966 48632 executor.go:178] Executing task "Secret/system:monitoring": *fitasks.Secret {"Name":"system:monitoring","Lifecycle":"Sync"}
I0219 15:05:24.320829 48632 executor.go:178] Executing task "IAMRole/nodes.vault-cluster.k8s.local": *awstasks.IAMRole {"ID":null,"Lifecycle":"Sync","Name":"nodes.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"nodes"}
I0219 15:05:24.320764 48632 executor.go:178] Executing task "Keypair/ca": *fitasks.Keypair {"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"}
I0219 15:05:24.321657 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:monitoring"
I0219 15:05:24.321708 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:24.320644 48632 executor.go:178] Executing task "Keypair/apiserver-aggregator-ca": *fitasks.Keypair {"Name":"apiserver-aggregator-ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=apiserver-aggregator-ca","type":"ca","format":"v1alpha2"}
I0219 15:05:24.320699 48632 executor.go:178] Executing task "Secret/system:logging": *fitasks.Secret {"Name":"system:logging","Lifecycle":"Sync"}
I0219 15:05:24.321880 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:24.321893 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:logging"
I0219 15:05:24.321996 48632 request_logger.go:45] AWS request: iam/GetRole
I0219 15:05:24.321375 48632 request_logger.go:45] AWS request: ec2/DescribeVolumes
I0219 15:05:24.321202 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.322162 48632 request_logger.go:45] AWS request: iam/GetInstanceProfile
I0219 15:05:24.320755 48632 executor.go:178] Executing task "EBSVolume/a.etcd-main.vault-cluster.k8s.local": *awstasks.EBSVolume {"Name":"a.etcd-main.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"AvailabilityZone":"us-east-1a","VolumeType":"gp2","SizeGB":20,"VolumeIops":null,"KmsKeyId":null,"Encrypted":false,"Tags":{"k8s.io/etcd/main":"a/a","k8s.io/role/master":"1","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:24.320732 48632 executor.go:178] Executing task "Secret/system:dns": *fitasks.Secret {"Name":"system:dns","Lifecycle":"Sync"}
I0219 15:05:24.322288 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:dns"
I0219 15:05:24.321554 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:scheduler"
I0219 15:05:24.320835 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-kube-dns.addons.k8s.io-k8s-1.6": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-kube-dns.addons.k8s.io-k8s-1.6","Lifecycle":"Sync","Location":"addons/kube-dns.addons.k8s.io/k8s-1.6.yaml","Contents":{"Name":"","Resource":"null\n\n---\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n k8s-app: kube-dns-autoscaler\n kubernetes.io/cluster-service: \"true\"\n name: kube-dns-autoscaler\n namespace: kube-system\nspec:\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: \"\"\n scheduler.alpha.kubernetes.io/tolerations: '[{\"key\":\"CriticalAddonsOnly\",\n \"operator\":\"Exists\"}]'\n labels:\n k8s-app: kube-dns-autoscaler\n spec:\n containers:\n - command:\n - /cluster-proportional-autoscaler\n - --namespace=kube-system\n - --configmap=kube-dns-autoscaler\n - --target=Deployment/kube-dns\n - --default-params={\"linear\":{\"coresPerReplica\":256,\"nodesPerReplica\":16,\"preventSinglePointFailure\":true}}\n - --logtostderr=true\n - --v=2\n image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.1.2-r2\n name: autoscaler\n resources:\n requests:\n cpu: 20m\n memory: 10Mi\n serviceAccountName: kube-dns-autoscaler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n\n---\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n name: kube-dns\n namespace: kube-system\nspec:\n selector:\n matchLabels:\n k8s-app: kube-dns\n strategy:\n rollingUpdate:\n maxSurge: 10%\n maxUnavailable: 0\n template:\n metadata:\n annotations:\n prometheus.io/port: \"10055\"\n prometheus.io/scrape: \"true\"\n scheduler.alpha.kubernetes.io/critical-pod: \"\"\n scheduler.alpha.kubernetes.io/tolerations: '[{\"key\":\"CriticalAddonsOnly\",\n \"operator\":\"Exists\"}]'\n labels:\n k8s-app: kube-dns\n spec:\n containers:\n - args:\n - --config-dir=/kube-dns-config\n - --dns-port=10053\n - --domain=cluster.local.\n - --v=2\n env:\n - name: PROMETHEUS_PORT\n value: \"10055\"\n image: k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10\n livenessProbe:\n failureThreshold: 5\n httpGet:\n path: /healthcheck/kubedns\n port: 10054\n scheme: HTTP\n initialDelaySeconds: 60\n successThreshold: 1\n timeoutSeconds: 5\n name: kubedns\n ports:\n - containerPort: 10053\n name: dns-local\n protocol: UDP\n - containerPort: 10053\n name: dns-tcp-local\n protocol: TCP\n - containerPort: 10055\n name: metrics\n protocol: TCP\n readinessProbe:\n httpGet:\n path: /readiness\n port: 8081\n scheme: HTTP\n initialDelaySeconds: 3\n timeoutSeconds: 5\n resources:\n limits:\n memory: 170Mi\n requests:\n cpu: 100m\n memory: 70Mi\n volumeMounts:\n - mountPath: /kube-dns-config\n name: kube-dns-config\n - args:\n - -v=2\n - -logtostderr\n - -configDir=/etc/k8s/dns/dnsmasq-nanny\n - -restartDnsmasq=true\n - --\n - -k\n - --cache-size=1000\n - --dns-forward-max=150\n - --no-negcache\n - --log-facility=-\n - --server=/cluster.local/127.0.0.1#10053\n - --server=/in-addr.arpa/127.0.0.1#10053\n - --server=/in6.arpa/127.0.0.1#10053\n image: k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10\n livenessProbe:\n failureThreshold: 5\n httpGet:\n path: /healthcheck/dnsmasq\n port: 10054\n scheme: HTTP\n initialDelaySeconds: 60\n successThreshold: 1\n timeoutSeconds: 5\n name: dnsmasq\n ports:\n - containerPort: 53\n name: dns\n protocol: UDP\n - containerPort: 53\n name: dns-tcp\n protocol: TCP\n resources:\n requests:\n cpu: 150m\n memory: 20Mi\n volumeMounts:\n - mountPath: /etc/k8s/dns/dnsmasq-nanny\n name: kube-dns-config\n - args:\n - --v=2\n - --logtostderr\n - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A\n - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A\n image: k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10\n livenessProbe:\n failureThreshold: 5\n httpGet:\n path: /metrics\n port: 10054\n scheme: HTTP\n initialDelaySeconds: 60\n successThreshold: 1\n timeoutSeconds: 5\n name: sidecar\n ports:\n - containerPort: 10054\n name: metrics\n protocol: TCP\n resources:\n requests:\n cpu: 10m\n memory: 20Mi\n dnsPolicy: Default\n serviceAccountName: kube-dns\n volumes:\n - configMap:\n name: kube-dns\n optional: true\n name: kube-dns-config\n\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n kubernetes.io/name: KubeDNS\n name: kube-dns\n namespace: kube-system\nspec:\n clusterIP: 100.64.0.10\n ports:\n - name: dns\n port: 53\n protocol: UDP\n - name: dns-tcp\n port: 53\n protocol: TCP\n selector:\n k8s-app: kube-dns\n\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n name: kube-dns-autoscaler\n namespace: kube-system\n\n---\n\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n name: kube-dns-autoscaler\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - list\n- apiGroups:\n - \"\"\n resources:\n - replicationcontrollers/scale\n verbs:\n - get\n - update\n- apiGroups:\n - extensions\n resources:\n - deployments/scale\n - replicasets/scale\n verbs:\n - get\n - update\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - get\n - create\n\n---\n\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n labels:\n k8s-addon: kube-dns.addons.k8s.io\n name: kube-dns-autoscaler\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: kube-dns-autoscaler\nsubjects:\n- kind: ServiceAccount\n name: kube-dns-autoscaler\n namespace: kube-system\n"}}
I0219 15:05:24.322442 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.320930 48632 executor.go:178] Executing task "vault-cluster.k8s.local-addons-limit-range.addons.k8s.io": *fitasks.ManagedFile {"Name":"vault-cluster.k8s.local-addons-limit-range.addons.k8s.io","Lifecycle":"Sync","Location":"addons/limit-range.addons.k8s.io/v1.5.0.yaml","Contents":{"Name":"","Resource":"apiVersion: v1\nkind: LimitRange\nmetadata:\n name: limits\n namespace: default\nspec:\n limits:\n - defaultRequest:\n cpu: 100m\n type: Container\n"}}
I0219 15:05:24.322513 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/limit-range.addons.k8s.io/v1.5.0.yaml"
I0219 15:05:24.320683 48632 executor.go:178] Executing task "DHCPOptions/vault-cluster.k8s.local": *awstasks.DHCPOptions {"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"DomainName":"ec2.internal","DomainNameServers":"AmazonProvidedDNS","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:24.322681 48632 request_logger.go:45] AWS request: ec2/DescribeVolumes
I0219 15:05:24.321571 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/core.addons.k8s.io/v1.4.0.yaml"
I0219 15:05:24.322755 48632 request_logger.go:45] AWS request: ec2/DescribeDhcpOptions
I0219 15:05:24.320772 48632 executor.go:178] Executing task "Secret/system:controller_manager": *fitasks.Secret {"Name":"system:controller_manager","Lifecycle":"Sync"}
I0219 15:05:24.320649 48632 executor.go:178] Executing task "Secret/admin": *fitasks.Secret {"Name":"admin","Lifecycle":"Sync"}
I0219 15:05:24.321595 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/bootstrap-channel.yaml"
I0219 15:05:24.322866 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:controller_manager"
I0219 15:05:24.322885 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/admin"
I0219 15:05:24.320823 48632 executor.go:178] Executing task "Secret/kube-proxy": *fitasks.Secret {"Name":"kube-proxy","Lifecycle":"Sync"}
I0219 15:05:24.320723 48632 executor.go:178] Executing task "IAMRole/masters.vault-cluster.k8s.local": *awstasks.IAMRole {"ID":null,"Lifecycle":"Sync","Name":"masters.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"masters"}
I0219 15:05:24.322975 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube-proxy"
I0219 15:05:24.321611 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.323053 48632 request_logger.go:45] AWS request: iam/GetRole
I0219 15:05:24.321635 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube"
I0219 15:05:24.320917 48632 executor.go:178] Executing task "IAMInstanceProfile/nodes.vault-cluster.k8s.local": *awstasks.IAMInstanceProfile {"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"Shared":false}
I0219 15:05:24.323964 48632 request_logger.go:45] AWS request: iam/GetInstanceProfile
I0219 15:05:24.331079 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/rbac.addons.k8s.io/k8s-1.8.yaml"
I0219 15:05:24.331113 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/rbac.addons.k8s.io/k8s-1.8.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.361885 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.361936 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.370468 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/storage-aws.addons.k8s.io/v1.6.0.yaml"
I0219 15:05:24.370523 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/storage-aws.addons.k8s.io/v1.6.0.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.379309 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:logging"
I0219 15:05:24.385185 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:logging"
I0219 15:05:24.387125 48632 iaminstanceprofile.go:113] Creating IAMInstanceProfile with Name:"nodes.vault-cluster.k8s.local"
I0219 15:05:24.387744 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.387776 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.387822 48632 request_logger.go:45] AWS request: iam/CreateInstanceProfile
I0219 15:05:24.387776 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kubelet"
I0219 15:05:24.388046 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube-proxy"
I0219 15:05:24.388180 48632 iaminstanceprofile.go:113] Creating IAMInstanceProfile with Name:"masters.vault-cluster.k8s.local"
I0219 15:05:24.388243 48632 request_logger.go:45] AWS request: iam/CreateInstanceProfile
I0219 15:05:24.388664 48632 iamrole.go:144] Creating IAMRole with Name:"masters.vault-cluster.k8s.local"
I0219 15:05:24.388746 48632 request_logger.go:45] AWS request: iam/CreateRole
I0219 15:05:24.389827 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:monitoring"
I0219 15:05:24.390559 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/core.addons.k8s.io/v1.4.0.yaml"
I0219 15:05:24.390575 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:dns"
I0219 15:05:24.390582 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/core.addons.k8s.io/v1.4.0.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.390916 48632 vpc.go:155] Creating VPC with CIDR: "172.20.0.0/16"
I0219 15:05:24.391658 48632 request_logger.go:45] AWS request: ec2/CreateVpc
I0219 15:05:24.391680 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/bootstrap-channel.yaml"
I0219 15:05:24.391702 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/bootstrap-channel.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.391746 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/storage-aws.addons.k8s.io/v1.7.0.yaml"
I0219 15:05:24.391769 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/storage-aws.addons.k8s.io/v1.7.0.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.391975 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml"
I0219 15:05:24.391997 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.392606 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml"
I0219 15:05:24.392629 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.393115 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:scheduler"
I0219 15:05:24.393235 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.393257 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/"
I0219 15:05:24.395040 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/admin"
I0219 15:05:24.396164 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:controller_manager"
I0219 15:05:24.396526 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.396547 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/ca/"
I0219 15:05:24.397252 48632 iamrole.go:144] Creating IAMRole with Name:"nodes.vault-cluster.k8s.local"
I0219 15:05:24.397344 48632 request_logger.go:45] AWS request: iam/CreateRole
I0219 15:05:24.401520 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube"
I0219 15:05:24.406674 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca: []
I0219 15:05:24.406706 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:24.407762 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca: []
I0219 15:05:24.407784 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:24.409268 48632 request_logger.go:45] AWS request: iam/GetInstanceProfile
I0219 15:05:24.409359 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/limit-range.addons.k8s.io/v1.5.0.yaml"
I0219 15:05:24.409379 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/addons/limit-range.addons.k8s.io/v1.5.0.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.411836 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:logging"
I0219 15:05:24.411857 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/system:logging" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.412993 48632 request_logger.go:45] AWS request: iam/GetInstanceProfile
I0219 15:05:24.414153 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.414173 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/ca/"
I0219 15:05:24.415245 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.415277 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/"
I0219 15:05:24.423235 48632 iaminstanceprofile.go:143] Found IAM instance profile "nodes.vault-cluster.k8s.local"
I0219 15:05:24.426528 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca: []
I0219 15:05:24.426650 48632 keypair.go:181] creating brand new certificate
I0219 15:05:24.426663 48632 keypair.go:201] Creating PKI keypair "ca"
I0219 15:05:24.426677 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:24.427524 48632 iaminstanceprofile.go:143] Found IAM instance profile "masters.vault-cluster.k8s.local"
I0219 15:05:24.430858 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca: []
I0219 15:05:24.430935 48632 keypair.go:181] creating brand new certificate
I0219 15:05:24.430947 48632 keypair.go:201] Creating PKI keypair "apiserver-aggregator-ca"
I0219 15:05:24.430961 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:24.433952 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.433975 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/ca/"
I0219 15:05:24.438930 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.438952 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/"
I0219 15:05:24.445757 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:logging"
I0219 15:05:24.445769 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kubelet"
I0219 15:05:24.447436 48632 dhcp_options.go:142] Creating DHCPOptions with Name:"vault-cluster.k8s.local"
I0219 15:05:24.449377 48632 request_logger.go:45] AWS request: ec2/CreateDhcpOptions
I0219 15:05:24.450794 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca: []
I0219 15:05:24.450817 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:24.453407 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kubelet"
I0219 15:05:24.453446 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/kubelet" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.454902 48632 ebsvolume.go:137] Creating PersistentVolume with Name:"a.etcd-events.vault-cluster.k8s.local"
I0219 15:05:24.455081 48632 request_logger.go:45] AWS request: ec2/CreateVolume
I0219 15:05:24.455472 48632 ebsvolume.go:137] Creating PersistentVolume with Name:"a.etcd-main.vault-cluster.k8s.local"
I0219 15:05:24.455562 48632 request_logger.go:45] AWS request: ec2/CreateVolume
I0219 15:05:24.458712 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca: []
I0219 15:05:24.458758 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:24.459290 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.459313 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/"
I0219 15:05:24.463740 48632 sshkey.go:125] Creating SSHKey with Name:"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}"
I0219 15:05:24.464195 48632 request_logger.go:45] AWS request: ec2/ImportKeyPair
I0219 15:05:24.466672 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml", falling back to directory-list method
I0219 15:05:24.466699 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/ca/"
I0219 15:05:24.471325 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca: []
I0219 15:05:24.471363 48632 keypair.go:212] Creating privateKey "apiserver-aggregator-ca"
I0219 15:05:24.478806 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca: []
I0219 15:05:24.478843 48632 keypair.go:212] Creating privateKey "ca"
I0219 15:05:24.489043 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kubelet"
I0219 15:05:24.489061 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:monitoring"
I0219 15:05:24.498260 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:monitoring"
I0219 15:05:24.498296 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/system:monitoring" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.540713 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:monitoring"
I0219 15:05:24.540723 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:dns"
I0219 15:05:24.551379 48632 vfs_castore.go:736] Issuing new certificate: "ca"
I0219 15:05:24.552446 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:24.553126 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:dns"
I0219 15:05:24.553149 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/system:dns" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.554144 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/ca/"
I0219 15:05:24.557218 48632 request_logger.go:45] AWS request: ec2/ModifyVpcAttribute
I0219 15:05:24.569131 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/ca: []
I0219 15:05:24.569978 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/ca/keyset.yaml"
I0219 15:05:24.570002 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/ca/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.597391 48632 aws_cloud.go:783] adding tags to "dopt-0a6b7ca6a1aa7965c": map[kubernetes.io/cluster/vault-cluster.k8s.local:owned Name:vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local]
I0219 15:05:24.597503 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:24.615114 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/ca/6659805170905791529473684723.key"
I0219 15:05:24.615149 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/ca/6659805170905791529473684723.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.642268 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/ca/"
I0219 15:05:24.655156 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca: []
I0219 15:05:24.655423 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:24.655442 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/ca/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.669677 48632 vfs_castore.go:736] Issuing new certificate: "apiserver-aggregator-ca"
I0219 15:05:24.672460 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/"
I0219 15:05:24.690799 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/6659805170905791529473684723.crt"
I0219 15:05:24.690841 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/ca/6659805170905791529473684723.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.700605 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca: []
I0219 15:05:24.701088 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:24.701114 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.735684 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/6659805170905791529473684723.crt"
I0219 15:05:24.739760 48632 request_logger.go:45] AWS request: ec2/ModifyVpcAttribute
I0219 15:05:24.745505 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/6659805171413913748226014582.key"
I0219 15:05:24.745530 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/6659805171413913748226014582.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.748049 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:24.748123 48632 keypair.go:230] created certificate with cn=kubernetes
I0219 15:05:24.777070 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/"
I0219 15:05:24.788439 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:dns"
I0219 15:05:24.788452 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:scheduler"
I0219 15:05:24.793404 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca: []
I0219 15:05:24.793663 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:24.793681 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.811036 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:scheduler"
I0219 15:05:24.811063 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/system:scheduler" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.824761 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/6659805171413913748226014582.crt"
I0219 15:05:24.824788 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/6659805171413913748226014582.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.833634 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:scheduler"
I0219 15:05:24.833645 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/admin"
I0219 15:05:24.842354 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/admin"
I0219 15:05:24.842380 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/admin" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.850122 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:24.851983 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:24.868633 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/admin"
I0219 15:05:24.868664 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:controller_manager"
I0219 15:05:24.869769 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/6659805171413913748226014582.crt"
I0219 15:05:24.877138 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:controller_manager"
I0219 15:05:24.877183 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/system:controller_manager" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.883043 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:24.883137 48632 keypair.go:230] created certificate with cn=apiserver-aggregator-ca
I0219 15:05:24.910220 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/system:controller_manager"
I0219 15:05:24.910228 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube"
I0219 15:05:24.916252 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:24.920012 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube"
I0219 15:05:24.920049 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/kube" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.961272 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube"
I0219 15:05:24.961292 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube-proxy"
I0219 15:05:24.969825 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube-proxy"
I0219 15:05:24.969864 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/secrets/kube-proxy" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:24.977063 48632 aws_cloud.go:783] adding tags to "vpc-06b31f5f4629a916f": map[kubernetes.io/cluster/vault-cluster.k8s.local:owned Name:vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local]
I0219 15:05:24.977404 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:24.997138 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube-proxy"
I0219 15:05:25.085214 48632 executor.go:103] Tasks: 30 done / 77 total; 24 can run
I0219 15:05:25.085275 48632 executor.go:178] Executing task "Keypair/kubelet": *fitasks.Keypair {"Name":"kubelet","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"o=system:nodes,cn=kubelet","type":"client","format":"v1alpha2"}
I0219 15:05:25.085314 48632 executor.go:178] Executing task "Keypair/kube-proxy": *fitasks.Keypair {"Name":"kube-proxy","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"cn=system:kube-proxy","type":"client","format":"v1alpha2"}
I0219 15:05:25.085329 48632 executor.go:178] Executing task "Keypair/kube-controller-manager": *fitasks.Keypair {"Name":"kube-controller-manager","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"cn=system:kube-controller-manager","type":"client","format":"v1alpha2"}
I0219 15:05:25.085373 48632 executor.go:178] Executing task "Keypair/kubecfg": *fitasks.Keypair {"Name":"kubecfg","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"o=system:masters,cn=kubecfg","type":"client","format":"v1alpha2"}
I0219 15:05:25.085388 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/keyset.yaml"
I0219 15:05:25.085417 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml"
I0219 15:05:25.085313 48632 executor.go:178] Executing task "Keypair/kubelet-api": *fitasks.Keypair {"Name":"kubelet-api","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"cn=kubelet-api","type":"client","format":"v1alpha2"}
I0219 15:05:25.085361 48632 executor.go:178] Executing task "MirrorSecrets/mirror-secrets": *fitasks.MirrorSecrets {"Name":"mirror-secrets","Lifecycle":null,"MirrorPath":{}}
I0219 15:05:25.085487 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/keyset.yaml"
I0219 15:05:25.085418 48632 executor.go:178] Executing task "VPCDHCPOptionsAssociation/vault-cluster.k8s.local": *awstasks.VPCDHCPOptionsAssociation {"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"DHCPOptions":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"dopt-0a6b7ca6a1aa7965c","DomainName":"ec2.internal","DomainNameServers":"AmazonProvidedDNS","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}}
I0219 15:05:25.085484 48632 executor.go:178] Executing task "MirrorKeystore/mirror-keystore": *fitasks.MirrorKeystore {"Name":"mirror-keystore","Lifecycle":null,"MirrorPath":{}}
I0219 15:05:25.085359 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/keyset.yaml"
I0219 15:05:25.085402 48632 executor.go:178] Executing task "InternetGateway/vault-cluster.k8s.local": *awstasks.InternetGateway {"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:25.085416 48632 executor.go:178] Executing task "Subnet/us-east-1a.vault-cluster.k8s.local": *awstasks.Subnet {"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":null,"VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}
I0219 15:05:25.085632 48632 executor.go:178] Executing task "Keypair/kube-scheduler": *fitasks.Keypair {"Name":"kube-scheduler","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"cn=system:kube-scheduler","type":"client","format":"v1alpha2"}
I0219 15:05:25.085399 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/keyset.yaml"
I0219 15:05:25.085699 48632 executor.go:178] Executing task "Keypair/kops": *fitasks.Keypair {"Name":"kops","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"o=system:masters,cn=kops","type":"client","format":"v1alpha2"}
I0219 15:05:25.085314 48632 executor.go:178] Executing task "RouteTable/vault-cluster.k8s.local": *awstasks.RouteTable {"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/kops/role":"public"}}
I0219 15:05:25.085291 48632 executor.go:178] Executing task "IAMRolePolicy/additional.nodes.vault-cluster.k8s.local": *awstasks.IAMRolePolicy {"ID":null,"Lifecycle":"Sync","Name":"additional.nodes.vault-cluster.k8s.local","Role":{"ID":"AROAI64NJMZP43MOW2ECC","Lifecycle":"Sync","Name":"nodes.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"nodes"},"PolicyDocument":{"Name":"","Resource":""}}
I0219 15:05:25.085382 48632 executor.go:178] Executing task "IAMRolePolicy/nodes.vault-cluster.k8s.local": *awstasks.IAMRolePolicy {"ID":null,"Lifecycle":"Sync","Name":"nodes.vault-cluster.k8s.local","Role":{"ID":"AROAI64NJMZP43MOW2ECC","Lifecycle":"Sync","Name":"nodes.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"nodes"},"PolicyDocument":{"Builder":{"Cluster":{"metadata":{"name":"vault-cluster.k8s.local","creationTimestamp":"2019-02-19T20:05:23Z"},"spec":{"channel":"stable","configBase":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local","cloudProvider":"aws","kubernetesVersion":"1.11.6","subnets":[{"name":"us-east-1a","cidr":"172.20.32.0/19","zone":"us-east-1a","type":"Public"}],"masterPublicName":"api.vault-cluster.k8s.local","masterInternalName":"api.internal.vault-cluster.k8s.local","networkCIDR":"172.20.0.0/16","topology":{"masters":"public","nodes":"public","dns":{"type":"Public"}},"secretStore":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets","keyStore":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki","configStore":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local","clusterDNSDomain":"cluster.local","serviceClusterIPRange":"100.64.0.0/13","nonMasqueradeCIDR":"100.64.0.0/10","sshAccess":["0.0.0.0/0"],"kubernetesApiAccess":["0.0.0.0/0"],"etcdClusters":[{"name":"main","provider":"Legacy","etcdMembers":[{"name":"a","instanceGroup":"master-us-east-1a"}],"version":"2.2.1","image":"k8s.gcr.io/etcd:2.2.1"},{"name":"events","provider":"Legacy","etcdMembers":[{"name":"a","instanceGroup":"master-us-east-1a"}],"version":"2.2.1","image":"k8s.gcr.io/etcd:2.2.1"}],"docker":{"ipMasq":false,"ipTables":false,"logDriver":"json-file","logLevel":"warn","logOpt":["max-size=10m","max-file=5"],"storage":"overlay2,overlay,aufs","version":"17.03.2"},"kubeDNS":{"cacheMaxSize":1000,"cacheMaxConcurrent":150,"domain":"cluster.local","replicas":2,"serverIP":"100.64.0.10"},"kubeAPIServer":{"image":"k8s.gcr.io/kube-apiserver:v1.11.6","logLevel":2,"cloudProvider":"aws","securePort":443,"insecurePort":8080,"bindAddress":"0.0.0.0","insecureBindAddress":"127.0.0.1","enableAdmissionPlugins":["Initializers","NamespaceLifecycle","LimitRanger","ServiceAccount","PersistentVolumeLabel","DefaultStorageClass","DefaultTolerationSeconds","MutatingAdmissionWebhook","ValidatingAdmissionWebhook","NodeRestriction","ResourceQuota"],"serviceClusterIPRange":"100.64.0.0/13","etcdServers":["http://127.0.0.1:4001"],"etcdServersOverrides":["/events#http://127.0.0.1:4002"],"allowPrivileged":true,"apiServerCount":1,"anonymousAuth":false,"kubeletPreferredAddressTypes":["InternalIP","Hostname","ExternalIP"],"storageBackend":"etcd2","authorizationMode":"RBAC","requestheaderUsernameHeaders":["X-Remote-User"],"requestheaderGroupHeaders":["X-Remote-Group"],"requestheaderExtraHeaderPrefixes":["X-Remote-Extra-"],"requestheaderAllowedNames":["aggregator"],"etcdQuorumRead":false},"kubeControllerManager":{"logLevel":2,"image":"k8s.gcr.io/kube-controller-manager:v1.11.6","cloudProvider":"aws","clusterName":"vault-cluster.k8s.local","clusterCIDR":"100.96.0.0/11","allocateNodeCIDRs":true,"configureCloudRoutes":true,"leaderElection":{"leaderElect":true},"attachDetachReconcileSyncPeriod":"1m0s","useServiceAccountCredentials":true},"kubeScheduler":{"logLevel":2,"image":"k8s.gcr.io/kube-scheduler:v1.11.6","leaderElection":{"leaderElect":true}},"kubeProxy":{"image":"k8s.gcr.io/kube-proxy:v1.11.6","cpuRequest":"100m","logLevel":2,"clusterCIDR":"100.96.0.0/11","hostnameOverride":"@aws"},"kubelet":{"anonymousAuth":false,"kubeconfigPath":"/var/lib/kubelet/kubeconfig","logLevel":2,"podManifestPath":"/etc/kubernetes/manifests","hostnameOverride":"@aws","podInfraContainerImage":"k8s.gcr.io/pause-amd64:3.0","allowPrivileged":true,"enableDebuggingHandlers":true,"clusterDomain":"cluster.local","clusterDNS":"100.64.0.10","networkPluginName":"kubenet","cloudProvider":"aws","cgroupRoot":"/","nonMasqueradeCIDR":"100.64.0.0/10","networkPluginMTU":9001,"evictionHard":"memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%","featureGates":{"ExperimentalCriticalPodAnnotation":"true"}},"masterKubelet":{"anonymousAuth":false,"kubeconfigPath":"/var/lib/kubelet/kubeconfig","logLevel":2,"podManifestPath":"/etc/kubernetes/manifests","hostnameOverride":"@aws","podInfraContainerImage":"k8s.gcr.io/pause-amd64:3.0","allowPrivileged":true,"enableDebuggingHandlers":true,"clusterDomain":"cluster.local","clusterDNS":"100.64.0.10","networkPluginName":"kubenet","cloudProvider":"aws","cgroupRoot":"/","registerSchedulable":false,"nonMasqueradeCIDR":"100.64.0.0/10","networkPluginMTU":9001,"evictionHard":"memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%","featureGates":{"ExperimentalCriticalPodAnnotation":"true"}},"networking":{"kubenet":{}},"api":{"loadBalancer":{"type":"Public"}},"authorization":{"rbac":{}},"iam":{"legacy":false,"allowContainerRegistry":true}}},"HostedZoneID":"","KMSKeys":null,"Region":"us-east-1","ResourceARN":null,"Role":"Node"},"DNSZone":null}}
I0219 15:05:25.085750 48632 executor.go:178] Executing task "Keypair/apiserver-aggregator": *fitasks.Keypair {"Name":"apiserver-aggregator","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"apiserver-aggregator-ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=apiserver-aggregator-ca","type":"ca","format":"v1alpha2"},"subject":"cn=aggregator","type":"client","format":"v1alpha2"}
I0219 15:05:25.085357 48632 executor.go:178] Executing task "IAMInstanceProfileRole/masters.vault-cluster.k8s.local": *awstasks.IAMInstanceProfileRole {"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","InstanceProfile":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAI7SPO3UQMIWAEV45O","Shared":false},"Role":{"ID":"AROAJJYVXJ7ALFYSWWRV6","Lifecycle":"Sync","Name":"masters.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"masters"}}
I0219 15:05:25.085809 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/keyset.yaml"
I0219 15:05:25.085829 48632 request_logger.go:45] AWS request: ec2/DescribeRouteTables
I0219 15:05:25.085846 48632 request_logger.go:45] AWS request: iam/GetRolePolicy
I0219 15:05:25.085686 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/keyset.yaml"
I0219 15:05:25.085454 48632 executor.go:178] Executing task "IAMRolePolicy/masters.vault-cluster.k8s.local": *awstasks.IAMRolePolicy {"ID":null,"Lifecycle":"Sync","Name":"masters.vault-cluster.k8s.local","Role":{"ID":"AROAJJYVXJ7ALFYSWWRV6","Lifecycle":"Sync","Name":"masters.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"masters"},"PolicyDocument":{"Builder":{"Cluster":{"metadata":{"name":"vault-cluster.k8s.local","creationTimestamp":"2019-02-19T20:05:23Z"},"spec":{"channel":"stable","configBase":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local","cloudProvider":"aws","kubernetesVersion":"1.11.6","subnets":[{"name":"us-east-1a","cidr":"172.20.32.0/19","zone":"us-east-1a","type":"Public"}],"masterPublicName":"api.vault-cluster.k8s.local","masterInternalName":"api.internal.vault-cluster.k8s.local","networkCIDR":"172.20.0.0/16","topology":{"masters":"public","nodes":"public","dns":{"type":"Public"}},"secretStore":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets","keyStore":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki","configStore":"s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local","clusterDNSDomain":"cluster.local","serviceClusterIPRange":"100.64.0.0/13","nonMasqueradeCIDR":"100.64.0.0/10","sshAccess":["0.0.0.0/0"],"kubernetesApiAccess":["0.0.0.0/0"],"etcdClusters":[{"name":"main","provider":"Legacy","etcdMembers":[{"name":"a","instanceGroup":"master-us-east-1a"}],"version":"2.2.1","image":"k8s.gcr.io/etcd:2.2.1"},{"name":"events","provider":"Legacy","etcdMembers":[{"name":"a","instanceGroup":"master-us-east-1a"}],"version":"2.2.1","image":"k8s.gcr.io/etcd:2.2.1"}],"docker":{"ipMasq":false,"ipTables":false,"logDriver":"json-file","logLevel":"warn","logOpt":["max-size=10m","max-file=5"],"storage":"overlay2,overlay,aufs","version":"17.03.2"},"kubeDNS":{"cacheMaxSize":1000,"cacheMaxConcurrent":150,"domain":"cluster.local","replicas":2,"serverIP":"100.64.0.10"},"kubeAPIServer":{"image":"k8s.gcr.io/kube-apiserver:v1.11.6","logLevel":2,"cloudProvider":"aws","securePort":443,"insecurePort":8080,"bindAddress":"0.0.0.0","insecureBindAddress":"127.0.0.1","enableAdmissionPlugins":["Initializers","NamespaceLifecycle","LimitRanger","ServiceAccount","PersistentVolumeLabel","DefaultStorageClass","DefaultTolerationSeconds","MutatingAdmissionWebhook","ValidatingAdmissionWebhook","NodeRestriction","ResourceQuota"],"serviceClusterIPRange":"100.64.0.0/13","etcdServers":["http://127.0.0.1:4001"],"etcdServersOverrides":["/events#http://127.0.0.1:4002"],"allowPrivileged":true,"apiServerCount":1,"anonymousAuth":false,"kubeletPreferredAddressTypes":["InternalIP","Hostname","ExternalIP"],"storageBackend":"etcd2","authorizationMode":"RBAC","requestheaderUsernameHeaders":["X-Remote-User"],"requestheaderGroupHeaders":["X-Remote-Group"],"requestheaderExtraHeaderPrefixes":["X-Remote-Extra-"],"requestheaderAllowedNames":["aggregator"],"etcdQuorumRead":false},"kubeControllerManager":{"logLevel":2,"image":"k8s.gcr.io/kube-controller-manager:v1.11.6","cloudProvider":"aws","clusterName":"vault-cluster.k8s.local","clusterCIDR":"100.96.0.0/11","allocateNodeCIDRs":true,"configureCloudRoutes":true,"leaderElection":{"leaderElect":true},"attachDetachReconcileSyncPeriod":"1m0s","useServiceAccountCredentials":true},"kubeScheduler":{"logLevel":2,"image":"k8s.gcr.io/kube-scheduler:v1.11.6","leaderElection":{"leaderElect":true}},"kubeProxy":{"image":"k8s.gcr.io/kube-proxy:v1.11.6","cpuRequest":"100m","logLevel":2,"clusterCIDR":"100.96.0.0/11","hostnameOverride":"@aws"},"kubelet":{"anonymousAuth":false,"kubeconfigPath":"/var/lib/kubelet/kubeconfig","logLevel":2,"podManifestPath":"/etc/kubernetes/manifests","hostnameOverride":"@aws","podInfraContainerImage":"k8s.gcr.io/pause-amd64:3.0","allowPrivileged":true,"enableDebuggingHandlers":true,"clusterDomain":"cluster.local","clusterDNS":"100.64.0.10","networkPluginName":"kubenet","cloudProvider":"aws","cgroupRoot":"/","nonMasqueradeCIDR":"100.64.0.0/10","networkPluginMTU":9001,"evictionHard":"memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%","featureGates":{"ExperimentalCriticalPodAnnotation":"true"}},"masterKubelet":{"anonymousAuth":false,"kubeconfigPath":"/var/lib/kubelet/kubeconfig","logLevel":2,"podManifestPath":"/etc/kubernetes/manifests","hostnameOverride":"@aws","podInfraContainerImage":"k8s.gcr.io/pause-amd64:3.0","allowPrivileged":true,"enableDebuggingHandlers":true,"clusterDomain":"cluster.local","clusterDNS":"100.64.0.10","networkPluginName":"kubenet","cloudProvider":"aws","cgroupRoot":"/","registerSchedulable":false,"nonMasqueradeCIDR":"100.64.0.0/10","networkPluginMTU":9001,"evictionHard":"memory.available\u003c100Mi,nodefs.available\u003c10%,nodefs.inodesFree\u003c5%,imagefs.available\u003c10%,imagefs.inodesFree\u003c5%","featureGates":{"ExperimentalCriticalPodAnnotation":"true"}},"networking":{"kubenet":{}},"api":{"loadBalancer":{"type":"Public"}},"authorization":{"rbac":{}},"iam":{"legacy":false,"allowContainerRegistry":true}}},"HostedZoneID":"","KMSKeys":null,"Region":"us-east-1","ResourceARN":null,"Role":"Master"},"DNSZone":null}}
I0219 15:05:25.085281 48632 executor.go:178] Executing task "SecurityGroup/masters.vault-cluster.k8s.local": *awstasks.SecurityGroup {"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:25.085777 48632 request_logger.go:45] AWS request: ec2/DescribeInternetGateways
I0219 15:05:25.085999 48632 request_logger.go:45] AWS request: iam/GetRolePolicy
I0219 15:05:25.086016 48632 request_logger.go:45] AWS request: iam/GetInstanceProfile
I0219 15:05:25.085444 48632 executor.go:178] Executing task "SecurityGroup/nodes.vault-cluster.k8s.local": *awstasks.SecurityGroup {"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:25.085434 48632 executor.go:178] Executing task "IAMInstanceProfileRole/nodes.vault-cluster.k8s.local": *awstasks.IAMInstanceProfileRole {"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","InstanceProfile":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAJMY5EUSYY77WI3NGA","Shared":false},"Role":{"ID":"AROAI64NJMZP43MOW2ECC","Lifecycle":"Sync","Name":"nodes.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"nodes"}}
I0219 15:05:25.085739 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/keyset.yaml"
I0219 15:05:25.086100 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:25.086140 48632 request_logger.go:45] AWS request: iam/GetInstanceProfile
I0219 15:05:25.085557 48632 aws_cloud.go:1006] Calling DescribeVPC for VPC "vpc-06b31f5f4629a916f"
I0219 15:05:25.085273 48632 executor.go:178] Executing task "IAMRolePolicy/additional.masters.vault-cluster.k8s.local": *awstasks.IAMRolePolicy {"ID":null,"Lifecycle":"Sync","Name":"additional.masters.vault-cluster.k8s.local","Role":{"ID":"AROAJJYVXJ7ALFYSWWRV6","Lifecycle":"Sync","Name":"masters.vault-cluster.k8s.local","RolePolicyDocument":{"Name":"","Resource":{}},"ExportWithID":"masters"},"PolicyDocument":{"Name":"","Resource":""}}
I0219 15:05:25.086143 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:25.086318 48632 request_logger.go:45] AWS request: iam/GetRolePolicy
I0219 15:05:25.085773 48632 request_logger.go:45] AWS request: ec2/DescribeSubnets
I0219 15:05:25.085848 48632 executor.go:178] Executing task "Keypair/apiserver-proxy-client": *fitasks.Keypair {"Name":"apiserver-proxy-client","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"cn=apiserver-proxy-client","type":"client","format":"v1alpha2"}
I0219 15:05:25.086419 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/keyset.yaml"
I0219 15:05:25.085989 48632 request_logger.go:45] AWS request: iam/GetRolePolicy
I0219 15:05:25.086245 48632 request_logger.go:45] AWS request: ec2/DescribeVpcs
I0219 15:05:25.085766 48632 executor.go:178] Executing task "SecurityGroup/api-elb.vault-cluster.k8s.local": *awstasks.SecurityGroup {"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}
I0219 15:05:25.086747 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:25.099149 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml", falling back to directory-list method
I0219 15:05:25.099199 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubecfg/"
I0219 15:05:25.099149 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/keyset.yaml", falling back to directory-list method
I0219 15:05:25.099234 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubelet-api/"
I0219 15:05:25.107532 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.107574 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.107591 48632 iam_builder.go:305] Found root location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.107864 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.107886 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.107899 48632 iam_builder.go:305] Found root location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.107961 48632 iamrolepolicy.go:147] Creating IAMRolePolicy
I0219 15:05:25.107971 48632 iamrolepolicy.go:175] PutRolePolicy RoleName=nodes.vault-cluster.k8s.local PolicyName=nodes.vault-cluster.k8s.local: {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}"
]
},
{
"Effect": "Allow",
"Action": [
"s3:Get*"
],
"Resource": [
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/addons/*",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/cluster.spec",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/config",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/*",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/*",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/*",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/*",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/ssh/*",
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/dockerconfig"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Resource": [
"*"
]
}
]
}
I0219 15:05:25.108712 48632 request_logger.go:45] AWS request: iam/PutRolePolicy
I0219 15:05:25.110662 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/keyset.yaml", falling back to directory-list method
I0219 15:05:25.110720 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubelet/"
I0219 15:05:25.115846 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/keyset.yaml", falling back to directory-list method
I0219 15:05:25.115889 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-proxy/"
I0219 15:05:25.117570 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/keyset.yaml", falling back to directory-list method
I0219 15:05:25.117595 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-scheduler/"
I0219 15:05:25.118224 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/keyset.yaml", falling back to directory-list method
I0219 15:05:25.118258 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-aggregator/"
I0219 15:05:25.119351 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/keyset.yaml", falling back to directory-list method
I0219 15:05:25.119386 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-controller-manager/"
I0219 15:05:25.120526 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/keyset.yaml", falling back to directory-list method
I0219 15:05:25.120548 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kops/"
I0219 15:05:25.123925 48632 request_logger.go:45] AWS request: iam/AddRoleToInstanceProfile
I0219 15:05:25.125886 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api: []
I0219 15:05:25.125916 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api/keyset.yaml"
I0219 15:05:25.127072 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet: []
I0219 15:05:25.127096 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/keyset.yaml"
I0219 15:05:25.129699 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler: []
I0219 15:05:25.129727 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler/keyset.yaml"
I0219 15:05:25.130945 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy: []
I0219 15:05:25.130971 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/keyset.yaml"
I0219 15:05:25.130988 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator: []
I0219 15:05:25.131014 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator/keyset.yaml"
I0219 15:05:25.131904 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.131928 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.131941 48632 iam_builder.go:305] Found root location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.132099 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.132114 48632 iam_builder.go:300] Ignoring location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/" because found parent "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.132125 48632 iam_builder.go:305] Found root location "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/"
I0219 15:05:25.132231 48632 iamrolepolicy.go:147] Creating IAMRolePolicy
I0219 15:05:25.132242 48632 iamrolepolicy.go:175] PutRolePolicy RoleName=masters.vault-cluster.k8s.local PolicyName=masters.vault-cluster.k8s.local: {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DescribeVolumesModifications",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "vault-cluster.k8s.local"
}
}
},
{
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"autoscaling:ResourceTag/KubernetesCluster": "vault-cluster.k8s.local"
}
}
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:ListServerCertificates",
"iam:GetServerCertificate"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}"
]
},
{
"Effect": "Allow",
"Action": [
"s3:Get*"
],
"Resource": "arn:aws:s3:::{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/*"
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Resource": [
"*"
]
}
]
}
I0219 15:05:25.132415 48632 request_logger.go:45] AWS request: iam/PutRolePolicy
I0219 15:05:25.132997 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api/keyset.yaml", falling back to directory-list method
I0219 15:05:25.133019 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubelet-api/"
I0219 15:05:25.135942 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops: []
I0219 15:05:25.135965 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops/keyset.yaml"
I0219 15:05:25.139638 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/keyset.yaml", falling back to directory-list method
I0219 15:05:25.139662 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg: []
I0219 15:05:25.139695 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator/keyset.yaml", falling back to directory-list method
I0219 15:05:25.139726 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-aggregator/"
I0219 15:05:25.139702 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml"
I0219 15:05:25.139666 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-proxy/"
I0219 15:05:25.139807 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager: []
I0219 15:05:25.139848 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager/keyset.yaml"
I0219 15:05:25.139728 48632 request_logger.go:45] AWS request: ec2/DescribeRouteTables
I0219 15:05:25.139920 48632 request_logger.go:45] AWS request: iam/AddRoleToInstanceProfile
I0219 15:05:25.140076 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler/keyset.yaml", falling back to directory-list method
I0219 15:05:25.140104 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-scheduler/"
I0219 15:05:25.144218 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops/keyset.yaml", falling back to directory-list method
I0219 15:05:25.144250 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kops/"
I0219 15:05:25.144998 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api: []
I0219 15:05:25.145073 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.145086 48632 keypair.go:201] Creating PKI keypair "kubelet-api"
I0219 15:05:25.145098 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/keyset.yaml"
I0219 15:05:25.150827 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator: []
I0219 15:05:25.150868 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager/keyset.yaml", falling back to directory-list method
I0219 15:05:25.150911 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-controller-manager/"
I0219 15:05:25.150915 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.150940 48632 keypair.go:201] Creating PKI keypair "apiserver-aggregator"
I0219 15:05:25.150954 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/keyset.yaml"
I0219 15:05:25.151641 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml", falling back to directory-list method
I0219 15:05:25.151668 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubecfg/"
I0219 15:05:25.151836 48632 internetgateway.go:150] Creating InternetGateway
I0219 15:05:25.151915 48632 request_logger.go:45] AWS request: ec2/CreateInternetGateway
I0219 15:05:25.154634 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/keyset.yaml", falling back to directory-list method
I0219 15:05:25.154665 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubelet/"
I0219 15:05:25.154647 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy: []
I0219 15:05:25.154737 48632 routetable.go:174] Creating RouteTable with VPC: "vpc-06b31f5f4629a916f"
I0219 15:05:25.154749 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.154810 48632 keypair.go:201] Creating PKI keypair "kube-proxy"
I0219 15:05:25.154835 48632 request_logger.go:45] AWS request: ec2/CreateRouteTable
I0219 15:05:25.154841 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/keyset.yaml"
I0219 15:05:25.157076 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/keyset.yaml", falling back to directory-list method
I0219 15:05:25.157107 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/"
I0219 15:05:25.158477 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler: []
I0219 15:05:25.158499 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/keyset.yaml", falling back to directory-list method
I0219 15:05:25.158527 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubelet-api/"
I0219 15:05:25.158559 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.158572 48632 keypair.go:201] Creating PKI keypair "kube-scheduler"
I0219 15:05:25.158586 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/keyset.yaml"
I0219 15:05:25.162228 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/keyset.yaml", falling back to directory-list method
I0219 15:05:25.162283 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-aggregator/"
I0219 15:05:25.166156 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager: []
I0219 15:05:25.166159 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops: []
I0219 15:05:25.166253 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.166273 48632 keypair.go:201] Creating PKI keypair "kube-controller-manager"
I0219 15:05:25.166283 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.166290 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/keyset.yaml"
I0219 15:05:25.166300 48632 keypair.go:201] Creating PKI keypair "kops"
I0219 15:05:25.166322 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/keyset.yaml"
I0219 15:05:25.168037 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/keyset.yaml", falling back to directory-list method
I0219 15:05:25.168078 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-scheduler/"
I0219 15:05:25.169423 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg: []
I0219 15:05:25.169536 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.169556 48632 keypair.go:201] Creating PKI keypair "kubecfg"
I0219 15:05:25.169576 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml"
I0219 15:05:25.169962 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet: []
I0219 15:05:25.170024 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.170041 48632 keypair.go:201] Creating PKI keypair "kubelet"
I0219 15:05:25.170054 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/keyset.yaml"
I0219 15:05:25.170363 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/keyset.yaml", falling back to directory-list method
I0219 15:05:25.170383 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-proxy/"
I0219 15:05:25.173936 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client: []
I0219 15:05:25.173966 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client/keyset.yaml"
I0219 15:05:25.176113 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml", falling back to directory-list method
I0219 15:05:25.176139 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubecfg/"
I0219 15:05:25.176436 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/keyset.yaml", falling back to directory-list method
I0219 15:05:25.176459 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubelet/"
I0219 15:05:25.177707 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/keyset.yaml", falling back to directory-list method
I0219 15:05:25.177730 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-controller-manager/"
I0219 15:05:25.183383 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler: []
I0219 15:05:25.183420 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler/keyset.yaml"
I0219 15:05:25.186413 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy: []
I0219 15:05:25.186441 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/keyset.yaml"
I0219 15:05:25.187011 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet: []
I0219 15:05:25.187034 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/keyset.yaml"
I0219 15:05:25.187223 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/keyset.yaml", falling back to directory-list method
I0219 15:05:25.187253 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kops/"
I0219 15:05:25.187264 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg: []
I0219 15:05:25.187313 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml"
I0219 15:05:25.190350 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager: []
I0219 15:05:25.190374 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager/keyset.yaml"
I0219 15:05:25.190678 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler/keyset.yaml", falling back to directory-list method
I0219 15:05:25.190700 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-scheduler/"
I0219 15:05:25.193483 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/keyset.yaml", falling back to directory-list method
I0219 15:05:25.193505 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-proxy/"
I0219 15:05:25.193666 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml", falling back to directory-list method
I0219 15:05:25.193688 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubecfg/"
I0219 15:05:25.195225 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client/keyset.yaml", falling back to directory-list method
I0219 15:05:25.195252 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-proxy-client/"
I0219 15:05:25.195724 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/keyset.yaml", falling back to directory-list method
I0219 15:05:25.195746 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubelet/"
I0219 15:05:25.196373 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager/keyset.yaml", falling back to directory-list method
I0219 15:05:25.196395 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-controller-manager/"
I0219 15:05:25.197285 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops: []
I0219 15:05:25.197310 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops/keyset.yaml"
I0219 15:05:25.201630 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator: []
I0219 15:05:25.201653 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator/keyset.yaml"
I0219 15:05:25.203795 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops/keyset.yaml", falling back to directory-list method
I0219 15:05:25.203816 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kops/"
I0219 15:05:25.204482 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy: []
I0219 15:05:25.204504 48632 keypair.go:212] Creating privateKey "kube-proxy"
I0219 15:05:25.206716 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client: []
I0219 15:05:25.206786 48632 keypair.go:181] creating brand new certificate
I0219 15:05:25.206799 48632 keypair.go:201] Creating PKI keypair "apiserver-proxy-client"
I0219 15:05:25.206811 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/keyset.yaml"
I0219 15:05:25.206965 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager: []
I0219 15:05:25.206990 48632 keypair.go:212] Creating privateKey "kube-controller-manager"
I0219 15:05:25.207348 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg: []
I0219 15:05:25.207380 48632 keypair.go:212] Creating privateKey "kubecfg"
I0219 15:05:25.207445 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet: []
I0219 15:05:25.207478 48632 keypair.go:212] Creating privateKey "kubelet"
I0219 15:05:25.208990 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler: []
I0219 15:05:25.209014 48632 keypair.go:212] Creating privateKey "kube-scheduler"
I0219 15:05:25.213230 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops: []
I0219 15:05:25.213253 48632 keypair.go:212] Creating privateKey "kops"
I0219 15:05:25.213644 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator/keyset.yaml", falling back to directory-list method
I0219 15:05:25.213672 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-aggregator/"
I0219 15:05:25.216308 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/keyset.yaml", falling back to directory-list method
I0219 15:05:25.216334 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/"
I0219 15:05:25.223505 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api: []
I0219 15:05:25.223539 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api/keyset.yaml"
I0219 15:05:25.224745 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator: []
I0219 15:05:25.224768 48632 keypair.go:212] Creating privateKey "apiserver-aggregator"
I0219 15:05:25.233119 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api/keyset.yaml", falling back to directory-list method
I0219 15:05:25.233143 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubelet-api/"
I0219 15:05:25.239342 48632 internetgateway.go:163] Creating InternetGatewayAttachment
I0219 15:05:25.245077 48632 request_logger.go:45] AWS request: ec2/AttachInternetGateway
I0219 15:05:25.248075 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client: []
I0219 15:05:25.248099 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client/keyset.yaml"
I0219 15:05:25.251006 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:25.254950 48632 securitygroup.go:166] Creating SecurityGroup with Name:"nodes.vault-cluster.k8s.local" VPC:"vpc-06b31f5f4629a916f"
I0219 15:05:25.255039 48632 request_logger.go:45] AWS request: ec2/CreateSecurityGroup
I0219 15:05:25.258679 48632 securitygroup.go:166] Creating SecurityGroup with Name:"api-elb.vault-cluster.k8s.local" VPC:"vpc-06b31f5f4629a916f"
I0219 15:05:25.258776 48632 request_logger.go:45] AWS request: ec2/CreateSecurityGroup
I0219 15:05:25.258979 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client/keyset.yaml", falling back to directory-list method
I0219 15:05:25.259006 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-proxy-client/"
I0219 15:05:25.263292 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api: []
I0219 15:05:25.263324 48632 keypair.go:212] Creating privateKey "kubelet-api"
I0219 15:05:25.274643 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client: []
I0219 15:05:25.274667 48632 keypair.go:212] Creating privateKey "apiserver-proxy-client"
I0219 15:05:25.287216 48632 securitygroup.go:166] Creating SecurityGroup with Name:"masters.vault-cluster.k8s.local" VPC:"vpc-06b31f5f4629a916f"
I0219 15:05:25.287351 48632 request_logger.go:45] AWS request: ec2/CreateSecurityGroup
I0219 15:05:25.297552 48632 changes.go:81] Field changed "DHCPOptions" actual="{<nil> <nil> 0xc4211c4f28 <nil> <nil> <nil> map[]}" expected="{0xc420913ed0 0xc420e07350 0xc42120dd68 0xc420913ef0 0xc420913ee0 0xc420dc65ad map[Name:vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local kubernetes.io/cluster/vault-cluster.k8s.local:owned]}"
I0219 15:05:25.297726 48632 vpc_dhcpoptions_association.go:89] calling EC2 AssociateDhcpOptions
I0219 15:05:25.297864 48632 request_logger.go:45] AWS request: ec2/AssociateDhcpOptions
I0219 15:05:25.301961 48632 aws_cloud.go:783] adding tags to "rtb-0be6d5ac1bb9fae81": map[Name:vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local kubernetes.io/cluster/vault-cluster.k8s.local:owned kubernetes.io/kops/role:public]
I0219 15:05:25.302099 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:25.351662 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:25.356628 48632 vfs_castore.go:736] Issuing new certificate: "kubelet"
I0219 15:05:25.356780 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:25.357530 48632 subnet.go:181] Creating Subnet with CIDR: "172.20.32.0/19"
I0219 15:05:25.357691 48632 request_logger.go:45] AWS request: ec2/CreateSubnet
I0219 15:05:25.358008 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:25.358236 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:25.361169 48632 vfs_castore.go:736] Issuing new certificate: "kops"
I0219 15:05:25.377863 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.377976 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/ca/keyset.yaml"
I0219 15:05:25.395900 48632 aws_cloud.go:783] adding tags to "sg-0be9f175b564add80": map[kubernetes.io/cluster/vault-cluster.k8s.local:owned Name:api-elb.vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local]
I0219 15:05:25.396062 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:25.398660 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.398769 48632 privatekey.go:176] Parsing pem block: "RSA PRIVATE KEY"
I0219 15:05:25.403895 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubelet/"
I0219 15:05:25.406085 48632 aws_cloud.go:783] adding tags to "igw-063da9e7205a17faf": map[KubernetesCluster:vault-cluster.k8s.local kubernetes.io/cluster/vault-cluster.k8s.local:owned Name:vault-cluster.k8s.local]
I0219 15:05:25.406204 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:25.408266 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kops/"
I0219 15:05:25.408578 48632 aws_cloud.go:783] adding tags to "sg-058d8bc98d20f7d61": map[Name:nodes.vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local kubernetes.io/cluster/vault-cluster.k8s.local:owned]
I0219 15:05:25.408695 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:25.425530 48632 vfs_castore.go:736] Issuing new certificate: "kube-proxy"
I0219 15:05:25.426251 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops: []
I0219 15:05:25.427026 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops/keyset.yaml"
I0219 15:05:25.427055 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kops/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.431076 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-proxy/"
I0219 15:05:25.434405 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet: []
I0219 15:05:25.435023 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/keyset.yaml"
I0219 15:05:25.435054 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kubelet/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.452666 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy: []
I0219 15:05:25.453334 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/keyset.yaml"
I0219 15:05:25.453366 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kube-proxy/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.473763 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kops/6659805174383848918282198502.key"
I0219 15:05:25.473812 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kops/6659805174383848918282198502.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.480372 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet/6659805174364335744919087822.key"
I0219 15:05:25.480407 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kubelet/6659805174364335744919087822.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.491128 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:25.508502 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-proxy/6659805174660267379531317056.key"
I0219 15:05:25.508551 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kube-proxy/6659805174660267379531317056.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.510150 48632 vfs_castore.go:736] Issuing new certificate: "apiserver-proxy-client"
I0219 15:05:25.511877 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kops/"
I0219 15:05:25.513061 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubelet/"
I0219 15:05:25.514634 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-proxy-client/"
I0219 15:05:25.525942 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet: []
I0219 15:05:25.526342 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/keyset.yaml"
I0219 15:05:25.526375 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kubelet/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.526670 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops: []
I0219 15:05:25.526751 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client: []
I0219 15:05:25.527008 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/keyset.yaml"
I0219 15:05:25.527033 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kops/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.527325 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client/keyset.yaml"
I0219 15:05:25.527356 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/apiserver-proxy-client/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.528416 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:25.536830 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-proxy/"
I0219 15:05:25.539004 48632 aws_cloud.go:783] adding tags to "sg-030fed70709878ad9": map[Name:masters.vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local kubernetes.io/cluster/vault-cluster.k8s.local:owned]
I0219 15:05:25.539124 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:25.541118 48632 request_logger.go:45] AWS request: ec2/DescribeTags
I0219 15:05:25.553396 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy: []
I0219 15:05:25.553684 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/keyset.yaml"
I0219 15:05:25.553707 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kube-proxy/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.565112 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/6659805174383848918282198502.crt"
I0219 15:05:25.565154 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kops/6659805174383848918282198502.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.566536 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/6659805174364335744919087822.crt"
I0219 15:05:25.566566 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kubelet/6659805174364335744919087822.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.569882 48632 vfs_castore.go:736] Issuing new certificate: "apiserver-aggregator"
I0219 15:05:25.569905 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:25.576088 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:25.586241 48632 aws_cloud.go:783] adding tags to "subnet-09ee255cd19ff0e36": map[SubnetType:Public kubernetes.io/role/elb:1 Name:us-east-1a.vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local kubernetes.io/cluster/vault-cluster.k8s.local:owned]
I0219 15:05:25.586397 48632 request_logger.go:45] AWS request: ec2/CreateTags
I0219 15:05:25.587049 48632 vfs_castore.go:736] Issuing new certificate: "kubecfg"
I0219 15:05:25.594259 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kops/6659805174383848918282198502.crt"
I0219 15:05:25.595505 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.595598 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator-ca/keyset.yaml"
I0219 15:05:25.599777 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-proxy-client/6659805175023713442660351312.key"
I0219 15:05:25.599820 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/apiserver-proxy-client/6659805175023713442660351312.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.603527 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.603661 48632 keypair.go:230] created certificate with cn=kops
I0219 15:05:25.607059 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.607164 48632 privatekey.go:176] Parsing pem block: "RSA PRIVATE KEY"
I0219 15:05:25.611496 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/apiserver-aggregator/"
I0219 15:05:25.611910 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubecfg/"
I0219 15:05:25.623965 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator: []
I0219 15:05:25.624396 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg: []
I0219 15:05:25.624818 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/6659805174660267379531317056.crt"
I0219 15:05:25.624848 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kube-proxy/6659805174660267379531317056.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.624896 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator/keyset.yaml"
I0219 15:05:25.624923 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/apiserver-aggregator/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.625246 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/"
I0219 15:05:25.625521 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet/6659805174364335744919087822.crt"
I0219 15:05:25.625795 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml"
I0219 15:05:25.625820 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.629229 48632 vfs_castore.go:736] Issuing new certificate: "kube-scheduler"
I0219 15:05:25.632589 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-scheduler/"
I0219 15:05:25.635466 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.635601 48632 keypair.go:230] created certificate with cn=kubelet
I0219 15:05:25.640408 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client: []
I0219 15:05:25.640702 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/keyset.yaml"
I0219 15:05:25.640725 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.651098 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/apiserver-aggregator/6659805175280268883503931949.key"
I0219 15:05:25.651145 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/apiserver-aggregator/6659805175280268883503931949.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.654925 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler: []
I0219 15:05:25.655562 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler/keyset.yaml"
I0219 15:05:25.655592 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kube-scheduler/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.657944 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:25.660509 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/6659805175353998828332819453.key"
I0219 15:05:25.660559 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kubecfg/6659805175353998828332819453.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.663067 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-proxy/6659805174660267379531317056.crt"
I0219 15:05:25.664780 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/6659805175023713442660351312.crt"
I0219 15:05:25.664814 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/6659805175023713442660351312.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.673938 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.674049 48632 keypair.go:230] created certificate with cn=system:kube-proxy
I0219 15:05:25.686654 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-scheduler/6659805175535142947986255267.key"
I0219 15:05:25.686743 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kube-scheduler/6659805175535142947986255267.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.688080 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/apiserver-aggregator/"
I0219 15:05:25.690647 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubecfg/"
I0219 15:05:25.700858 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator: []
I0219 15:05:25.700970 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg: []
I0219 15:05:25.701441 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml"
I0219 15:05:25.701468 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/keyset.yaml"
I0219 15:05:25.701508 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/apiserver-aggregator/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.701479 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.705830 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-proxy-client/6659805175023713442660351312.crt"
I0219 15:05:25.716019 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.716139 48632 keypair.go:230] created certificate with cn=apiserver-proxy-client
I0219 15:05:25.725505 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-scheduler/"
I0219 15:05:25.736235 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/6659805175353998828332819453.crt"
I0219 15:05:25.736284 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kubecfg/6659805175353998828332819453.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.739157 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler: []
I0219 15:05:25.739400 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/keyset.yaml"
I0219 15:05:25.739418 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kube-scheduler/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.748348 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/6659805175280268883503931949.crt"
I0219 15:05:25.748377 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/apiserver-aggregator/6659805175280268883503931949.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.756411 48632 vfs_castore.go:736] Issuing new certificate: "kubelet-api"
I0219 15:05:25.759078 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kubelet-api/"
I0219 15:05:25.761620 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/6659805175535142947986255267.crt"
I0219 15:05:25.761664 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kube-scheduler/6659805175535142947986255267.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.764583 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/6659805175353998828332819453.crt"
I0219 15:05:25.775103 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api: []
I0219 15:05:25.775562 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api/keyset.yaml"
I0219 15:05:25.775587 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kubelet-api/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.776338 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.776410 48632 keypair.go:230] created certificate with cn=kubecfg
I0219 15:05:25.783184 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-scheduler/6659805175535142947986255267.crt"
I0219 15:05:25.783606 48632 vfs_castore.go:736] Issuing new certificate: "kube-controller-manager"
I0219 15:05:25.783717 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/apiserver-aggregator/6659805175280268883503931949.crt"
I0219 15:05:25.786115 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/kube-controller-manager/"
I0219 15:05:25.793252 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.793332 48632 keypair.go:230] created certificate with cn=aggregator
I0219 15:05:25.793846 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.793908 48632 keypair.go:230] created certificate with cn=system:kube-scheduler
I0219 15:05:25.798256 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager: []
I0219 15:05:25.798781 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager/keyset.yaml"
I0219 15:05:25.798803 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kube-controller-manager/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.833586 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kube-controller-manager/6659805176198207020896051717.key"
I0219 15:05:25.833630 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kube-controller-manager/6659805176198207020896051717.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.859720 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kube-controller-manager/"
I0219 15:05:25.862790 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubelet-api/6659805176081399700383809066.key"
I0219 15:05:25.875868 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/kubelet-api/6659805176081399700383809066.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.887197 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager: []
I0219 15:05:25.887541 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/keyset.yaml"
I0219 15:05:25.887570 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kube-controller-manager/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.900869 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/kubelet-api/"
I0219 15:05:25.913494 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api: []
I0219 15:05:25.913838 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/keyset.yaml"
I0219 15:05:25.913863 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kubelet-api/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.929060 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/6659805176198207020896051717.crt"
I0219 15:05:25.929118 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kube-controller-manager/6659805176198207020896051717.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.957395 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/6659805176081399700383809066.crt"
I0219 15:05:25.957442 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/kubelet-api/6659805176081399700383809066.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:25.970225 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kube-controller-manager/6659805176198207020896051717.crt"
I0219 15:05:25.979241 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:25.979328 48632 keypair.go:230] created certificate with cn=system:kube-controller-manager
I0219 15:05:26.079964 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubelet-api/6659805176081399700383809066.crt"
I0219 15:05:26.090934 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:26.091028 48632 keypair.go:230] created certificate with cn=kubelet-api
I0219 15:05:26.091060 48632 executor.go:103] Tasks: 54 done / 77 total; 19 can run
I0219 15:05:26.091094 48632 executor.go:178] Executing task "SecurityGroupRule/ssh-external-to-node-0.0.0.0/0": *awstasks.SecurityGroupRule {"Name":"ssh-external-to-node-0.0.0.0/0","Lifecycle":"Sync","SecurityGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":"0.0.0.0/0","Protocol":"tcp","FromPort":22,"ToPort":22,"SourceGroup":null,"Egress":null}
I0219 15:05:26.091094 48632 executor.go:178] Executing task "SecurityGroupRule/ssh-external-to-master-0.0.0.0/0": *awstasks.SecurityGroupRule {"Name":"ssh-external-to-master-0.0.0.0/0","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":"0.0.0.0/0","Protocol":"tcp","FromPort":22,"ToPort":22,"SourceGroup":null,"Egress":null}
I0219 15:05:26.091110 48632 executor.go:178] Executing task "SecurityGroupRule/https-api-elb-0.0.0.0/0": *awstasks.SecurityGroupRule {"Name":"https-api-elb-0.0.0.0/0","Lifecycle":"Sync","SecurityGroup":{"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-0be9f175b564add80","Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":"0.0.0.0/0","Protocol":"tcp","FromPort":443,"ToPort":443,"SourceGroup":null,"Egress":null}
I0219 15:05:26.091159 48632 executor.go:178] Executing task "SecurityGroupRule/all-master-to-master": *awstasks.SecurityGroupRule {"Name":"all-master-to-master","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":null,"FromPort":null,"ToPort":null,"SourceGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.091131 48632 executor.go:178] Executing task "LaunchConfiguration/nodes.vault-cluster.k8s.local": *awstasks.LaunchConfiguration {"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","UserData":{"Name":"","Resource":{}},"ImageID":"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17","InstanceType":"t2.medium","SSHKey":{"Name":"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}","Lifecycle":"Sync","PublicKey":{"Name":"","Resource":"ssh-rsa {{SSH_RSA_KEY}}\n"},"KeyFingerprint":"{{ANOTHER_KEY_FINGERPRINT}}"},"SecurityGroups":[{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"AssociatePublicIP":true,"IAMInstanceProfile":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAJMY5EUSYY77WI3NGA","Shared":false},"InstanceMonitoring":null,"RootVolumeSize":128,"RootVolumeType":"gp2","RootVolumeIops":null,"RootVolumeOptimization":null,"SpotPrice":"","ID":null,"Tenancy":null}
I0219 15:05:26.091362 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091384 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091167 48632 executor.go:178] Executing task "SecurityGroupRule/https-elb-to-master": *awstasks.SecurityGroupRule {"Name":"https-elb-to-master","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":"tcp","FromPort":443,"ToPort":443,"SourceGroup":{"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-0be9f175b564add80","Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.091425 48632 request_logger.go:45] AWS request: autoscaling/DescribeLaunchConfigurations
I0219 15:05:26.091153 48632 executor.go:178] Executing task "SecurityGroupRule/api-elb-egress": *awstasks.SecurityGroupRule {"Name":"api-elb-egress","Lifecycle":"Sync","SecurityGroup":{"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-0be9f175b564add80","Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":"0.0.0.0/0","Protocol":null,"FromPort":null,"ToPort":null,"SourceGroup":null,"Egress":true}
I0219 15:05:26.091113 48632 executor.go:178] Executing task "LaunchConfiguration/master-us-east-1a.masters.vault-cluster.k8s.local": *awstasks.LaunchConfiguration {"Name":"master-us-east-1a.masters.vault-cluster.k8s.local","Lifecycle":"Sync","UserData":{"Name":"","Resource":{}},"ImageID":"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17","InstanceType":"m3.medium","SSHKey":{"Name":"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}","Lifecycle":"Sync","PublicKey":{"Name":"","Resource":"ssh-rsa {{SSH_RSA_KEY}}\n"},"KeyFingerprint":"{{ANOTHER_KEY_FINGERPRINT}}"},"SecurityGroups":[{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"AssociatePublicIP":true,"IAMInstanceProfile":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAI7SPO3UQMIWAEV45O","Shared":false},"InstanceMonitoring":null,"RootVolumeSize":64,"RootVolumeType":"gp2","RootVolumeIops":null,"RootVolumeOptimization":null,"SpotPrice":"","ID":null,"Tenancy":null}
I0219 15:05:26.091101 48632 executor.go:178] Executing task "SecurityGroupRule/node-to-master-tcp-4003-65535": *awstasks.SecurityGroupRule {"Name":"node-to-master-tcp-4003-65535","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":"tcp","FromPort":4003,"ToPort":65535,"SourceGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.091581 48632 request_logger.go:45] AWS request: autoscaling/DescribeLaunchConfigurations
I0219 15:05:26.091118 48632 executor.go:178] Executing task "RouteTableAssociation/us-east-1a.vault-cluster.k8s.local": *awstasks.RouteTableAssociation {"Name":"us-east-1a.vault-cluster.k8s.local","Lifecycle":"Sync","ID":null,"RouteTable":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"rtb-0be6d5ac1bb9fae81","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/kops/role":"public"}},"Subnet":{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}}
I0219 15:05:26.091140 48632 executor.go:178] Executing task "SecurityGroupRule/node-to-master-udp-1-65535": *awstasks.SecurityGroupRule {"Name":"node-to-master-udp-1-65535","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":"udp","FromPort":1,"ToPort":65535,"SourceGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.091715 48632 request_logger.go:45] AWS request: ec2/DescribeRouteTables
I0219 15:05:26.091144 48632 executor.go:178] Executing task "Route/0.0.0.0/0": *awstasks.Route {"Name":"0.0.0.0/0","Lifecycle":"Sync","RouteTable":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"rtb-0be6d5ac1bb9fae81","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/kops/role":"public"}},"Instance":null,"CIDR":"0.0.0.0/0","InternetGateway":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"igw-063da9e7205a17faf","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"NatGateway":null}
I0219 15:05:26.091801 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091126 48632 executor.go:178] Executing task "SecurityGroupRule/master-egress": *awstasks.SecurityGroupRule {"Name":"master-egress","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":"0.0.0.0/0","Protocol":null,"FromPort":null,"ToPort":null,"SourceGroup":null,"Egress":true}
I0219 15:05:26.091916 48632 request_logger.go:45] AWS request: ec2/DescribeRouteTables
I0219 15:05:26.091947 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091362 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091149 48632 executor.go:178] Executing task "SecurityGroupRule/all-node-to-node": *awstasks.SecurityGroupRule {"Name":"all-node-to-node","Lifecycle":"Sync","SecurityGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":null,"FromPort":null,"ToPort":null,"SourceGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.091119 48632 executor.go:178] Executing task "SecurityGroupRule/all-master-to-node": *awstasks.SecurityGroupRule {"Name":"all-master-to-node","Lifecycle":"Sync","SecurityGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":null,"FromPort":null,"ToPort":null,"SourceGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.091093 48632 executor.go:178] Executing task "SecurityGroupRule/node-egress": *awstasks.SecurityGroupRule {"Name":"node-egress","Lifecycle":"Sync","SecurityGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":"0.0.0.0/0","Protocol":null,"FromPort":null,"ToPort":null,"SourceGroup":null,"Egress":true}
I0219 15:05:26.091530 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091164 48632 executor.go:178] Executing task "SecurityGroupRule/node-to-master-tcp-1-2379": *awstasks.SecurityGroupRule {"Name":"node-to-master-tcp-1-2379","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":"tcp","FromPort":1,"ToPort":2379,"SourceGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.092150 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091528 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091615 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.092207 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091362 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091115 48632 executor.go:178] Executing task "LoadBalancer/api.vault-cluster.k8s.local": *awstasks.LoadBalancer {"Name":"api.vault-cluster.k8s.local","Lifecycle":"Sync","LoadBalancerName":"api-vault-cluster-k8s-loc-mfnq7d","DNSName":null,"HostedZoneId":null,"Subnets":[{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}],"SecurityGroups":[{"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-0be9f175b564add80","Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"Listeners":{"443":{"InstancePort":443,"SSLCertificateID":""}},"Scheme":null,"HealthCheck":{"Target":"SSL:443","HealthyThreshold":2,"UnhealthyThreshold":2,"Interval":10,"Timeout":5},"AccessLog":null,"ConnectionDraining":null,"ConnectionSettings":{"IdleTimeout":300},"CrossZoneLoadBalancing":null,"SSLCertificateID":""}
I0219 15:05:26.092279 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.091143 48632 executor.go:178] Executing task "SecurityGroupRule/node-to-master-tcp-2382-4000": *awstasks.SecurityGroupRule {"Name":"node-to-master-tcp-2382-4000","Lifecycle":"Sync","SecurityGroup":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"CIDR":null,"Protocol":"tcp","FromPort":2382,"ToPort":4000,"SourceGroup":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"Egress":null}
I0219 15:05:26.092317 48632 load_balancer.go:181] Listing all ELBs for findLoadBalancerByNameTag
I0219 15:05:26.092353 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.092413 48632 request_logger.go:45] AWS request: ec2/DescribeSecurityGroups
I0219 15:05:26.094168 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeLoadBalancers
I0219 15:05:26.166037 48632 securitygrouprule.go:278] ssh-external-to-master-0.0.0.0/0: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=22 toPort=22 cidr=0.0.0.0/0)
I0219 15:05:26.166212 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.166238 48632 securitygrouprule.go:278] https-api-elb-0.0.0.0/0: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=443 toPort=443 cidr=0.0.0.0/0)
I0219 15:05:26.166368 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.167264 48632 securitygrouprule.go:278] node-to-master-tcp-4003-65535: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=4003 toPort=65535 sourceGroup=sg-058d8bc98d20f7d61)
I0219 15:05:26.167412 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.171481 48632 securitygrouprule.go:278] node-to-master-tcp-2382-4000: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=2382 toPort=4000 sourceGroup=sg-058d8bc98d20f7d61)
I0219 15:05:26.171585 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.175372 48632 routetableassociation.go:149] Checking for existing RouteTableAssociation to subnet
I0219 15:05:26.175430 48632 securitygrouprule.go:278] node-to-master-udp-1-65535: Calling EC2 AuthorizeSecurityGroupIngress (protocol=udp fromPort=1 toPort=65535 sourceGroup=sg-058d8bc98d20f7d61)
I0219 15:05:26.175514 48632 request_logger.go:45] AWS request: ec2/DescribeRouteTables
I0219 15:05:26.175552 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.177406 48632 securitygrouprule.go:278] ssh-external-to-node-0.0.0.0/0: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=22 toPort=22 cidr=0.0.0.0/0)
I0219 15:05:26.177492 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.178809 48632 securitygrouprule.go:278] node-to-master-tcp-1-2379: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=1 toPort=2379 sourceGroup=sg-058d8bc98d20f7d61)
I0219 15:05:26.178932 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.183446 48632 securitygrouprule.go:278] all-master-to-master: Calling EC2 AuthorizeSecurityGroupIngress (sourceGroup=sg-030fed70709878ad9)
I0219 15:05:26.183625 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.185737 48632 securitygrouprule.go:278] all-node-to-node: Calling EC2 AuthorizeSecurityGroupIngress (sourceGroup=sg-058d8bc98d20f7d61)
I0219 15:05:26.185814 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.189766 48632 route.go:174] Creating Route with RouteTable:"rtb-0be6d5ac1bb9fae81" CIDR:"0.0.0.0/0"
I0219 15:05:26.189840 48632 request_logger.go:45] AWS request: ec2/CreateRoute
I0219 15:05:26.198315 48632 securitygrouprule.go:278] https-elb-to-master: Calling EC2 AuthorizeSecurityGroupIngress (protocol=tcp fromPort=443 toPort=443 sourceGroup=sg-0be9f175b564add80)
I0219 15:05:26.198402 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.209223 48632 securitygrouprule.go:278] all-master-to-node: Calling EC2 AuthorizeSecurityGroupIngress (sourceGroup=sg-030fed70709878ad9)
I0219 15:05:26.209334 48632 request_logger.go:45] AWS request: ec2/AuthorizeSecurityGroupIngress
I0219 15:05:26.211301 48632 load_balancer.go:497] Creating ELB with Name:"api-vault-cluster-k8s-loc-mfnq7d"
I0219 15:05:26.211400 48632 request_logger.go:45] AWS request: elasticloadbalancing/CreateLoadBalancer
I0219 15:05:26.215684 48632 launchconfiguration.go:288] Creating AutoscalingLaunchConfiguration with Name:"master-us-east-1a.masters.vault-cluster.k8s.local-20190219200526"
I0219 15:05:26.215727 48632 aws_cloud.go:1037] Calling DescribeImages to resolve name "kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17"
I0219 15:05:26.215869 48632 request_logger.go:45] AWS request: ec2/DescribeImages
I0219 15:05:26.218855 48632 routetableassociation.go:172] Creating RouteTableAssociation
I0219 15:05:26.219022 48632 request_logger.go:45] AWS request: ec2/AssociateRouteTable
I0219 15:05:26.227632 48632 launchconfiguration.go:288] Creating AutoscalingLaunchConfiguration with Name:"nodes.vault-cluster.k8s.local-20190219200526"
I0219 15:05:26.227702 48632 aws_cloud.go:1037] Calling DescribeImages to resolve name "kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17"
I0219 15:05:26.227864 48632 request_logger.go:45] AWS request: ec2/DescribeImages
I0219 15:05:26.280978 48632 aws_cloud.go:1089] Resolved image "ami-03b850a018c8cd25e"
I0219 15:05:26.281020 48632 aws_cloud.go:1037] Calling DescribeImages to resolve name "kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17"
I0219 15:05:26.281115 48632 request_logger.go:45] AWS request: ec2/DescribeImages
I0219 15:05:26.309392 48632 aws_cloud.go:1089] Resolved image "ami-03b850a018c8cd25e"
I0219 15:05:26.309435 48632 aws_cloud.go:1037] Calling DescribeImages to resolve name "kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17"
I0219 15:05:26.309539 48632 request_logger.go:45] AWS request: ec2/DescribeImages
I0219 15:05:26.336533 48632 aws_cloud.go:1089] Resolved image "ami-03b850a018c8cd25e"
I0219 15:05:26.337443 48632 tagbuilder.go:91] tags: [_aws _k8s_1_6]
I0219 15:05:26.337468 48632 urls.go:142] Using cached protokube location: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/images/protokube.tar.gz"
I0219 15:05:26.337733 48632 launchconfiguration.go:367] AWS CreateLaunchConfiguration master-us-east-1a.masters.vault-cluster.k8s.local-20190219200526
I0219 15:05:26.338813 48632 request_logger.go:45] AWS request: autoscaling/CreateLaunchConfiguration
I0219 15:05:26.364060 48632 launchconfiguration.go:379] got an error indicating that the IAM instance profile "masters.vault-cluster.k8s.local" is not ready: "Invalid IamInstanceProfile: masters.vault-cluster.k8s.local"
I0219 15:05:26.364094 48632 launchconfiguration.go:380] waiting for IAM instance profile "masters.vault-cluster.k8s.local" to be ready
I0219 15:05:26.369118 48632 aws_cloud.go:1089] Resolved image "ami-03b850a018c8cd25e"
I0219 15:05:26.369545 48632 tagbuilder.go:91] tags: [_aws _k8s_1_6]
I0219 15:05:26.369582 48632 urls.go:142] Using cached protokube location: "https://kubeupv2.s3.amazonaws.com/kops/1.11.0/images/protokube.tar.gz"
I0219 15:05:26.369839 48632 launchconfiguration.go:367] AWS CreateLaunchConfiguration nodes.vault-cluster.k8s.local-20190219200526
I0219 15:05:26.370133 48632 request_logger.go:45] AWS request: autoscaling/CreateLaunchConfiguration
I0219 15:05:26.385946 48632 launchconfiguration.go:379] got an error indicating that the IAM instance profile "nodes.vault-cluster.k8s.local" is not ready: "Invalid IamInstanceProfile: nodes.vault-cluster.k8s.local"
I0219 15:05:26.385979 48632 launchconfiguration.go:380] waiting for IAM instance profile "nodes.vault-cluster.k8s.local" to be ready
I0219 15:05:27.026295 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeLoadBalancers
I0219 15:05:27.065292 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeTags
I0219 15:05:27.083765 48632 aws_apitarget.go:73] adding tags to "api-vault-cluster-k8s-loc-mfnq7d": map[Name:api.vault-cluster.k8s.local KubernetesCluster:vault-cluster.k8s.local]
I0219 15:05:27.083869 48632 request_logger.go:45] AWS request: elasticloadbalancing/AddTags
I0219 15:05:27.105195 48632 load_balancer.go:619] Configuring health checks on ELB "api-vault-cluster-k8s-loc-mfnq7d"
I0219 15:05:27.105380 48632 request_logger.go:45] AWS request: elasticloadbalancing/ConfigureHealthCheck
I0219 15:05:27.132287 48632 loadbalancer_attributes.go:170] Configuring ELB attributes for ELB "api-vault-cluster-k8s-loc-mfnq7d"
I0219 15:05:27.132404 48632 request_logger.go:45] AWS request: elasticloadbalancing/ModifyLoadBalancerAttributes
I0219 15:05:27.199039 48632 loadbalancer_attributes.go:177] modified ELB attributes for ELB "api-vault-cluster-k8s-loc-mfnq7d", response {
LoadBalancerAttributes: {
AccessLog: {
Enabled: false
},
ConnectionDraining: {
Enabled: false,
Timeout: 300
},
ConnectionSettings: {
IdleTimeout: 300
},
CrossZoneLoadBalancing: {
Enabled: false
}
},
LoadBalancerName: "api-vault-cluster-k8s-loc-mfnq7d"
}
I0219 15:05:36.365324 48632 launchconfiguration.go:367] AWS CreateLaunchConfiguration master-us-east-1a.masters.vault-cluster.k8s.local-20190219200526
I0219 15:05:36.371780 48632 request_logger.go:45] AWS request: autoscaling/CreateLaunchConfiguration
I0219 15:05:36.386187 48632 launchconfiguration.go:367] AWS CreateLaunchConfiguration nodes.vault-cluster.k8s.local-20190219200526
I0219 15:05:36.386651 48632 request_logger.go:45] AWS request: autoscaling/CreateLaunchConfiguration
I0219 15:05:36.869346 48632 request_logger.go:45] AWS request: autoscaling/DescribeLaunchConfigurations
I0219 15:05:36.885953 48632 request_logger.go:45] AWS request: autoscaling/DescribeLaunchConfigurations
I0219 15:05:36.965469 48632 executor.go:103] Tasks: 73 done / 77 total; 3 can run
I0219 15:05:36.965587 48632 executor.go:178] Executing task "Keypair/master": *fitasks.Keypair {"Name":"master","alternateNames":["kubernetes","kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster.local","api.vault-cluster.k8s.local","api.internal.vault-cluster.k8s.local","100.64.0.1","127.0.0.1"],"alternateNameTasks":[{"Name":"api.vault-cluster.k8s.local","Lifecycle":"Sync","LoadBalancerName":"api-vault-cluster-k8s-loc-mfnq7d","DNSName":"api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com","HostedZoneId":"Z35SXDOTRQ7X7K","Subnets":[{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}],"SecurityGroups":[{"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-0be9f175b564add80","Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"Listeners":{"443":{"InstancePort":443,"SSLCertificateID":""}},"Scheme":null,"HealthCheck":{"Target":"SSL:443","HealthyThreshold":2,"UnhealthyThreshold":2,"Interval":10,"Timeout":5},"AccessLog":null,"ConnectionDraining":null,"ConnectionSettings":{"IdleTimeout":300},"CrossZoneLoadBalancing":null,"SSLCertificateID":""}],"Lifecycle":"Sync","Signer":{"Name":"ca","alternateNames":null,"alternateNameTasks":null,"Lifecycle":"Sync","Signer":null,"subject":"cn=kubernetes","type":"ca","format":"v1alpha2"},"subject":"cn=kubernetes-master","type":"server","format":"v1alpha2"}
I0219 15:05:36.965712 48632 load_balancer.go:181] Listing all ELBs for findLoadBalancerByNameTag
I0219 15:05:36.965533 48632 executor.go:178] Executing task "AutoscalingGroup/master-us-east-1a.masters.vault-cluster.k8s.local": *awstasks.AutoscalingGroup {"Name":"master-us-east-1a.masters.vault-cluster.k8s.local","Lifecycle":"Sync","MinSize":1,"MaxSize":1,"Subnets":[{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}],"Tags":{"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup":"master-us-east-1a","k8s.io/role/master":"1"},"Granularity":"1Minute","Metrics":["GroupMinSize","GroupMaxSize","GroupDesiredCapacity","GroupInServiceInstances","GroupPendingInstances","GroupStandbyInstances","GroupTerminatingInstances","GroupTotalInstances"],"LaunchConfiguration":{"Name":"master-us-east-1a.masters.vault-cluster.k8s.local","Lifecycle":"Sync","UserData":{"Name":"","Resource":{}},"ImageID":"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17","InstanceType":"m3.medium","SSHKey":{"Name":"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}","Lifecycle":"Sync","PublicKey":{"Name":"","Resource":"ssh-rsa {{SSH_RSA_KEY}}\n"},"KeyFingerprint":"{{ANOTHER_KEY_FINGERPRINT}}"},"SecurityGroups":[{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"AssociatePublicIP":true,"IAMInstanceProfile":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAI7SPO3UQMIWAEV45O","Shared":false},"InstanceMonitoring":null,"RootVolumeSize":64,"RootVolumeType":"gp2","RootVolumeIops":null,"RootVolumeOptimization":null,"SpotPrice":"","ID":"master-us-east-1a.masters.vault-cluster.k8s.local-20190219200526","Tenancy":null},"SuspendProcesses":[]}
I0219 15:05:36.965572 48632 executor.go:178] Executing task "AutoscalingGroup/nodes.vault-cluster.k8s.local": *awstasks.AutoscalingGroup {"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","MinSize":2,"MaxSize":2,"Subnets":[{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}],"Tags":{"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup":"nodes","k8s.io/role/node":"1"},"Granularity":"1Minute","Metrics":["GroupMinSize","GroupMaxSize","GroupDesiredCapacity","GroupInServiceInstances","GroupPendingInstances","GroupStandbyInstances","GroupTerminatingInstances","GroupTotalInstances"],"LaunchConfiguration":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","UserData":{"Name":"","Resource":{}},"ImageID":"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17","InstanceType":"t2.medium","SSHKey":{"Name":"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}","Lifecycle":"Sync","PublicKey":{"Name":"","Resource":"ssh-rsa {{SSH_RSA_KEY}}\n"},"KeyFingerprint":"{{ANOTHER_KEY_FINGERPRINT}}"},"SecurityGroups":[{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-058d8bc98d20f7d61","Description":"Security group for nodes","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"nodes.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"AssociatePublicIP":true,"IAMInstanceProfile":{"Name":"nodes.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAJMY5EUSYY77WI3NGA","Shared":false},"InstanceMonitoring":null,"RootVolumeSize":128,"RootVolumeType":"gp2","RootVolumeIops":null,"RootVolumeOptimization":null,"SpotPrice":"","ID":"nodes.vault-cluster.k8s.local-20190219200526","Tenancy":null},"SuspendProcesses":[]}
I0219 15:05:36.965823 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeLoadBalancers
I0219 15:05:36.972208 48632 request_logger.go:45] AWS request: autoscaling/DescribeAutoScalingGroups
I0219 15:05:36.972208 48632 request_logger.go:45] AWS request: autoscaling/DescribeAutoScalingGroups
I0219 15:05:37.019762 48632 load_balancer.go:266] Querying ELB tags for [api-vault-cluster-k8s-loc-mfnq7d]
I0219 15:05:37.019889 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeTags
I0219 15:05:37.038220 48632 keypair.go:143] Resolved alternateName "api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com" for "*awstasks.LoadBalancer {\"Name\":\"api.vault-cluster.k8s.local\",\"Lifecycle\":\"Sync\",\"LoadBalancerName\":\"api-vault-cluster-k8s-loc-mfnq7d\",\"DNSName\":\"api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com\",\"HostedZoneId\":\"Z35SXDOTRQ7X7K\",\"Subnets\":[{\"Name\":\"us-east-1a.vault-cluster.k8s.local\",\"ShortName\":\"us-east-1a\",\"Lifecycle\":\"Sync\",\"ID\":\"subnet-09ee255cd19ff0e36\",\"VPC\":{\"Name\":\"vault-cluster.k8s.local\",\"Lifecycle\":\"Sync\",\"ID\":\"vpc-06b31f5f4629a916f\",\"CIDR\":\"172.20.0.0/16\",\"EnableDNSHostnames\":true,\"EnableDNSSupport\":true,\"Shared\":false,\"Tags\":{\"KubernetesCluster\":\"vault-cluster.k8s.local\",\"Name\":\"vault-cluster.k8s.local\",\"kubernetes.io/cluster/vault-cluster.k8s.local\":\"owned\"}},\"AvailabilityZone\":\"us-east-1a\",\"CIDR\":\"172.20.32.0/19\",\"Shared\":false,\"Tags\":{\"KubernetesCluster\":\"vault-cluster.k8s.local\",\"Name\":\"us-east-1a.vault-cluster.k8s.local\",\"SubnetType\":\"Public\",\"kubernetes.io/cluster/vault-cluster.k8s.local\":\"owned\",\"kubernetes.io/role/elb\":\"1\"}}],\"SecurityGroups\":[{\"Name\":\"api-elb.vault-cluster.k8s.local\",\"Lifecycle\":\"Sync\",\"ID\":\"sg-0be9f175b564add80\",\"Description\":\"Security group for api ELB\",\"VPC\":{\"Name\":\"vault-cluster.k8s.local\",\"Lifecycle\":\"Sync\",\"ID\":\"vpc-06b31f5f4629a916f\",\"CIDR\":\"172.20.0.0/16\",\"EnableDNSHostnames\":true,\"EnableDNSSupport\":true,\"Shared\":false,\"Tags\":{\"KubernetesCluster\":\"vault-cluster.k8s.local\",\"Name\":\"vault-cluster.k8s.local\",\"kubernetes.io/cluster/vault-cluster.k8s.local\":\"owned\"}},\"RemoveExtraRules\":[\"port=443\"],\"Shared\":null,\"Tags\":{\"KubernetesCluster\":\"vault-cluster.k8s.local\",\"Name\":\"api-elb.vault-cluster.k8s.local\",\"kubernetes.io/cluster/vault-cluster.k8s.local\":\"owned\"}}],\"Listeners\":{\"443\":{\"InstancePort\":443,\"SSLCertificateID\":\"\"}},\"Scheme\":null,\"HealthCheck\":{\"Target\":\"SSL:443\",\"HealthyThreshold\":2,\"UnhealthyThreshold\":2,\"Interval\":10,\"Timeout\":5},\"AccessLog\":null,\"ConnectionDraining\":null,\"ConnectionSettings\":{\"IdleTimeout\":300},\"CrossZoneLoadBalancing\":null,\"SSLCertificateID\":\"\"}"
I0219 15:05:37.038429 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/keyset.yaml"
I0219 15:05:37.085873 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/keyset.yaml", falling back to directory-list method
I0219 15:05:37.085936 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/master/"
I0219 15:05:37.102765 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master: []
I0219 15:05:37.102832 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master/keyset.yaml"
I0219 15:05:37.111672 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master/keyset.yaml", falling back to directory-list method
I0219 15:05:37.111740 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/master/"
I0219 15:05:37.117425 48632 autoscalinggroup.go:207] Creating autoscaling Group with Name:"master-us-east-1a.masters.vault-cluster.k8s.local"
I0219 15:05:37.119050 48632 request_logger.go:45] AWS request: autoscaling/CreateAutoScalingGroup
I0219 15:05:37.125238 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master: []
I0219 15:05:37.125347 48632 keypair.go:181] creating brand new certificate
I0219 15:05:37.125367 48632 keypair.go:201] Creating PKI keypair "master"
I0219 15:05:37.125390 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/keyset.yaml"
I0219 15:05:37.135667 48632 vfs_castore.go:384] no certificate bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/keyset.yaml", falling back to directory-list method
I0219 15:05:37.135722 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/master/"
I0219 15:05:37.146723 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master: []
I0219 15:05:37.146781 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master/keyset.yaml"
I0219 15:05:37.156584 48632 vfs_castore.go:838] no private key bundle "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master/keyset.yaml", falling back to directory-list method
I0219 15:05:37.156643 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/master/"
I0219 15:05:37.160795 48632 autoscalinggroup.go:207] Creating autoscaling Group with Name:"nodes.vault-cluster.k8s.local"
I0219 15:05:37.160951 48632 request_logger.go:45] AWS request: autoscaling/CreateAutoScalingGroup
I0219 15:05:37.169340 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master: []
I0219 15:05:37.169382 48632 keypair.go:212] Creating privateKey "master"
I0219 15:05:37.600528 48632 request_logger.go:45] AWS request: autoscaling/EnableMetricsCollection
I0219 15:05:37.692636 48632 request_logger.go:45] AWS request: autoscaling/EnableMetricsCollection
I0219 15:05:37.873765 48632 vfs_castore.go:736] Issuing new certificate: "master"
I0219 15:05:37.876721 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/private/master/"
I0219 15:05:37.900008 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master: []
I0219 15:05:37.900579 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master/keyset.yaml"
I0219 15:05:37.900616 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/master/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:37.934316 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/master/6659805228124996840711691379.key"
I0219 15:05:37.934362 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/private/master/6659805228124996840711691379.key" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:37.963237 48632 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/pki/issued/master/"
I0219 15:05:37.980140 48632 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master: []
I0219 15:05:37.980551 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/keyset.yaml"
I0219 15:05:37.980586 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/master/keyset.yaml" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:38.003063 48632 s3fs.go:128] Writing file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/6659805228124996840711691379.crt"
I0219 15:05:38.003113 48632 s3fs.go:166] Calling S3 PutObject Bucket="{{CONFIG_BUCKET_REDACTED}}" Key="vault-cluster.k8s.local/pki/issued/master/6659805228124996840711691379.crt" SSE="DefaultBucketEncryption" ACL=""
I0219 15:05:38.046667 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/master/6659805228124996840711691379.crt"
I0219 15:05:38.058380 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:38.058554 48632 keypair.go:230] created certificate with cn=kubernetes-master
I0219 15:05:38.058592 48632 executor.go:103] Tasks: 76 done / 77 total; 1 can run
I0219 15:05:38.058621 48632 executor.go:178] Executing task "LoadBalancerAttachment/api-master-us-east-1a": *awstasks.LoadBalancerAttachment {"Name":"api-master-us-east-1a","Lifecycle":"Sync","LoadBalancer":{"Name":"api.vault-cluster.k8s.local","Lifecycle":"Sync","LoadBalancerName":"api-vault-cluster-k8s-loc-mfnq7d","DNSName":"api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com","HostedZoneId":"Z35SXDOTRQ7X7K","Subnets":[{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}],"SecurityGroups":[{"Name":"api-elb.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-0be9f175b564add80","Description":"Security group for api ELB","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=443"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"api-elb.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"Listeners":{"443":{"InstancePort":443,"SSLCertificateID":""}},"Scheme":null,"HealthCheck":{"Target":"SSL:443","HealthyThreshold":2,"UnhealthyThreshold":2,"Interval":10,"Timeout":5},"AccessLog":null,"ConnectionDraining":null,"ConnectionSettings":{"IdleTimeout":300},"CrossZoneLoadBalancing":null,"SSLCertificateID":""},"AutoscalingGroup":{"Name":"master-us-east-1a.masters.vault-cluster.k8s.local","Lifecycle":"Sync","MinSize":1,"MaxSize":1,"Subnets":[{"Name":"us-east-1a.vault-cluster.k8s.local","ShortName":"us-east-1a","Lifecycle":"Sync","ID":"subnet-09ee255cd19ff0e36","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"AvailabilityZone":"us-east-1a","CIDR":"172.20.32.0/19","Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"us-east-1a.vault-cluster.k8s.local","SubnetType":"Public","kubernetes.io/cluster/vault-cluster.k8s.local":"owned","kubernetes.io/role/elb":"1"}}],"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"master-us-east-1a.masters.vault-cluster.k8s.local","k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup":"master-us-east-1a","k8s.io/role/master":"1"},"Granularity":"1Minute","Metrics":["GroupDesiredCapacity","GroupInServiceInstances","GroupMaxSize","GroupMinSize","GroupPendingInstances","GroupStandbyInstances","GroupTerminatingInstances","GroupTotalInstances"],"LaunchConfiguration":{"Name":"master-us-east-1a.masters.vault-cluster.k8s.local","Lifecycle":"Sync","UserData":{"Name":"","Resource":{}},"ImageID":"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17","InstanceType":"m3.medium","SSHKey":{"Name":"kubernetes.vault-cluster.k8s.local-{{SSH_FINGERPRINT}}","Lifecycle":"Sync","PublicKey":{"Name":"","Resource":"ssh-rsa {{SSH_RSA_KEY}}\n"},"KeyFingerprint":"{{ANOTHER_KEY_FINGERPRINT}}"},"SecurityGroups":[{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"sg-030fed70709878ad9","Description":"Security group for masters","VPC":{"Name":"vault-cluster.k8s.local","Lifecycle":"Sync","ID":"vpc-06b31f5f4629a916f","CIDR":"172.20.0.0/16","EnableDNSHostnames":true,"EnableDNSSupport":true,"Shared":false,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}},"RemoveExtraRules":["port=22","port=443","port=2380","port=2381","port=4001","port=4002","port=4789","port=179"],"Shared":null,"Tags":{"KubernetesCluster":"vault-cluster.k8s.local","Name":"masters.vault-cluster.k8s.local","kubernetes.io/cluster/vault-cluster.k8s.local":"owned"}}],"AssociatePublicIP":true,"IAMInstanceProfile":{"Name":"masters.vault-cluster.k8s.local","Lifecycle":"Sync","ID":"AIPAI7SPO3UQMIWAEV45O","Shared":false},"InstanceMonitoring":null,"RootVolumeSize":64,"RootVolumeType":"gp2","RootVolumeIops":null,"RootVolumeOptimization":null,"SpotPrice":"","ID":"master-us-east-1a.masters.vault-cluster.k8s.local-20190219200526","Tenancy":null},"SuspendProcesses":[]},"Subnet":null,"Instance":null}
I0219 15:05:38.059328 48632 request_logger.go:45] AWS request: autoscaling/DescribeAutoScalingGroups
I0219 15:05:38.240502 48632 load_balancer_attachment.go:129] Attaching autoscaling group "master-us-east-1a.masters.vault-cluster.k8s.local" to ELB "api-vault-cluster-k8s-loc-mfnq7d"
I0219 15:05:38.240633 48632 request_logger.go:45] AWS request: autoscaling/AttachLoadBalancers
I0219 15:05:38.844507 48632 executor.go:103] Tasks: 77 done / 77 total; 0 can run
I0219 15:05:38.844547 48632 context.go:91] deleting temp dir: "/var/folders/92/4nb059bj69n74y0z5pr3hm_j48knc0/T/deploy639896962"
I0219 15:05:38.851115 48632 kubectl.go:131] Running command: kubectl config view --output json
I0219 15:05:39.144745 48632 kubectl.go:83] config = "{\n \"kind\": \"Config\",\n \"apiVersion\": \"v1\",\n \"preferences\": {},\n \"clusters\": [\n {\n \"name\": \"minikube\",\n \"cluster\": {\n \"server\": \"https://192.168.99.114:8443\",\n \"certificate-authority\": \"{{HOME}}/.minikube/ca.crt\"\n }\n }\n ],\n \"users\": [\n {\n \"name\": \"minikube\",\n \"user\": {\n \"client-certificate\": \"{{HOME}}/.minikube/client.crt\",\n \"client-key\": \"{{HOME}}/.minikube/client.key\"\n }\n }\n ],\n \"contexts\": [\n {\n \"name\": \"minikube\",\n \"context\": {\n \"cluster\": \"minikube\",\n \"user\": \"minikube\"\n }\n }\n ],\n \"current-context\": \"\"\n}"
I0219 15:05:39.145214 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml"
I0219 15:05:39.159097 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:39.159225 48632 update_cluster.go:290] Exporting kubecfg for cluster
I0219 15:05:39.159533 48632 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:05:39.159679 48632 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:05:39.199366 48632 load_balancer.go:181] Listing all ELBs for findLoadBalancerByNameTag
I0219 15:05:39.199922 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeLoadBalancers
I0219 15:05:39.238184 48632 load_balancer.go:266] Querying ELB tags for [api-vault-cluster-k8s-loc-mfnq7d]
I0219 15:05:39.238303 48632 request_logger.go:45] AWS request: elasticloadbalancing/DescribeTags
I0219 15:05:39.261813 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:39.378059 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:39.378172 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/ca/keyset.yaml"
I0219 15:05:39.390766 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:39.390885 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/ca/keyset.yaml"
I0219 15:05:39.401780 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:39.401889 48632 privatekey.go:176] Parsing pem block: "RSA PRIVATE KEY"
I0219 15:05:39.402185 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/issued/kubecfg/keyset.yaml"
I0219 15:05:39.412680 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:39.412804 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/pki/private/kubecfg/keyset.yaml"
I0219 15:05:39.422866 48632 certificate.go:103] Parsing pem block: "CERTIFICATE"
I0219 15:05:39.422981 48632 privatekey.go:176] Parsing pem block: "RSA PRIVATE KEY"
I0219 15:05:39.423239 48632 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/secrets/kube"
I0219 15:05:39.437185 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.438536 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.438869 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.439098 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.441163 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.442153 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.443185 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
I0219 15:05:39.444900 48632 loader.go:359] Config loaded from file {{HOME}}/.kube/config
kops has set your kubectl context to vault-cluster.k8s.local
Cluster is starting. It should be ready in a few minutes.
Suggestions:
* validate cluster: kops validate cluster
* list nodes: kubectl get nodes --show-labels
* ssh to the master: ssh -i ~/.ssh/id_rsa admin@api.vault-cluster.k8s.local
* the admin user is specific to Debian. If not using Debian please use the appropriate user based on your OS.
* read about installing addons at: https://github.com/kubernetes/kops/blob/master/docs/addons.md.
Raw
manifest.yaml
apiVersion: kops/v1alpha2
kind: Cluster
metadata:
creationTimestamp: 2019-02-19T19:33:49Z
name: vault-cluster.k8s.local
spec:
api:
loadBalancer:
type: Public
authorization:
rbac: {}
channel: stable
cloudProvider: aws
configBase: {{CONFIG_BUCKET_REDACTED}}
etcdClusters:
- etcdMembers:
- instanceGroup: master-us-east-1a
name: a
name: main
- etcdMembers:
- instanceGroup: master-us-east-1a
name: a
name: events
iam:
allowContainerRegistry: true
legacy: false
kubelet:
anonymousAuth: false
kubernetesApiAccess:
- 0.0.0.0/0
kubernetesVersion: 1.11.6
masterPublicName: api.vault-cluster.k8s.local
networkCIDR: 172.20.0.0/16
networking:
kubenet: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
subnets:
- cidr: 172.20.32.0/19
name: us-east-1a
type: Public
zone: us-east-1a
topology:
dns:
type: Public
masters: public
nodes: public
---
apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: 2019-02-19T19:33:49Z
labels:
kops.k8s.io/cluster: vault-cluster.k8s.local
name: master-us-east-1a
spec:
image: kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17
machineType: m3.medium
maxSize: 1
minSize: 1
nodeLabels:
kops.k8s.io/instancegroup: master-us-east-1a
role: Master
subnets:
- us-east-1a
---
apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: 2019-02-19T19:33:49Z
labels:
kops.k8s.io/cluster: vault-cluster.k8s.local
name: nodes
spec:
image: kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17
machineType: t2.medium
maxSize: 2
minSize: 2
nodeLabels:
kops.k8s.io/instancegroup: nodes
role: Node
subnets:
- us-east-1a
Raw
validate
kops validate cluster -v 10 using ☁️ · personal at 03:06:28
I0219 15:39:19.188801 50085 loader.go:359] Config loaded from file {{HOME}}/.kube/config
Using cluster from kubectl context: vault-cluster.k8s.local
I0219 15:39:19.188869 50085 factory.go:68] state store s3://{{CONFIG_BUCKET_REDACTED}}
I0219 15:39:19.363885 50085 s3context.go:194] found bucket in region "us-east-1"
I0219 15:39:19.363949 50085 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/config"
I0219 15:39:19.553831 50085 s3fs.go:257] Listing objects in S3 bucket "{{CONFIG_BUCKET_REDACTED}}" with prefix "vault-cluster.k8s.local/instancegroup/"
I0219 15:39:19.614731 50085 s3fs.go:285] Listed files in s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup: [s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes]
I0219 15:39:19.614763 50085 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/master-us-east-1a"
I0219 15:39:19.665983 50085 s3fs.go:220] Reading file "s3://{{CONFIG_BUCKET_REDACTED}}/vault-cluster.k8s.local/instancegroup/nodes"
Validating cluster vault-cluster.k8s.local
I0219 15:39:19.699260 50085 validate_cluster.go:110] instance group: kops.InstanceGroupSpec{Role:"Master", Image:"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17", MinSize:(*int32)(0xc421211cdc), MaxSize:(*int32)(0xc421211cd0), MachineType:"m3.medium", RootVolumeSize:(*int32)(nil), RootVolumeType:(*string)(nil), RootVolumeIops:(*int32)(nil), RootVolumeOptimization:(*bool)(nil), Subnets:[]string{"us-east-1a"}, Zones:[]string(nil), Hooks:[]kops.HookSpec(nil), MaxPrice:(*string)(nil), AssociatePublicIP:(*bool)(nil), AdditionalSecurityGroups:[]string(nil), CloudLabels:map[string]string(nil), NodeLabels:map[string]string{"kops.k8s.io/instancegroup":"master-us-east-1a"}, FileAssets:[]kops.FileAssetSpec(nil), Tenancy:"", Kubelet:(*kops.KubeletConfigSpec)(nil), Taints:[]string(nil), AdditionalUserData:[]kops.UserData(nil), SuspendProcesses:[]string(nil), ExternalLoadBalancers:[]kops.LoadBalancer(nil), DetailedInstanceMonitoring:(*bool)(nil), IAM:(*kops.IAMProfileSpec)(nil), SecurityGroupOverride:(*string)(nil)}
I0219 15:39:19.699329 50085 validate_cluster.go:110] instance group: kops.InstanceGroupSpec{Role:"Node", Image:"kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2018-08-17", MinSize:(*int32)(0xc42126825c), MaxSize:(*int32)(0xc421268250), MachineType:"t2.medium", RootVolumeSize:(*int32)(nil), RootVolumeType:(*string)(nil), RootVolumeIops:(*int32)(nil), RootVolumeOptimization:(*bool)(nil), Subnets:[]string{"us-east-1a"}, Zones:[]string(nil), Hooks:[]kops.HookSpec(nil), MaxPrice:(*string)(nil), AssociatePublicIP:(*bool)(nil), AdditionalSecurityGroups:[]string(nil), CloudLabels:map[string]string(nil), NodeLabels:map[string]string{"kops.k8s.io/instancegroup":"nodes"}, FileAssets:[]kops.FileAssetSpec(nil), Tenancy:"", Kubelet:(*kops.KubeletConfigSpec)(nil), Taints:[]string(nil), AdditionalUserData:[]kops.UserData(nil), SuspendProcesses:[]string(nil), ExternalLoadBalancers:[]kops.LoadBalancer(nil), DetailedInstanceMonitoring:(*bool)(nil), IAM:(*kops.IAMProfileSpec)(nil), SecurityGroupOverride:(*string)(nil)}
I0219 15:39:19.700416 50085 loader.go:359] Config loaded from file /Users/trigg/.kube/config
I0219 15:39:19.704868 50085 aws_cloud.go:1094] Querying EC2 for all valid zones in region "us-east-1"
I0219 15:39:19.705517 50085 request_logger.go:45] AWS request: ec2/DescribeAvailabilityZones
I0219 15:39:19.786615 50085 round_trippers.go:386] curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: kops/v0.0.0 (darwin/amd64) kubernetes/$Format" -H "Authorization: Basic {{BASIC_AUTH_TOKEN_OR_KEY}}" 'https://api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com/api/v1/nodes'
I0219 15:39:29.809810 50085 round_trippers.go:405] GET https://api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com/api/v1/nodes in 10023 milliseconds
I0219 15:39:29.809862 50085 round_trippers.go:411] Response Headers:
unexpected error during validation: error listing nodes: Get https://api-vault-cluster-k8s-{{ELB_STUFF}}.us-east-1.elb.amazonaws.com/api/v1/nodes: net/http: TLS handshake timeout
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment