Merge pull request #17075 from jpeeler/sc-rebase-0.1.1

Automatic merge from submit-queue.

Rebase service catalog to v0.1.1

Rebase to latest upstream release.

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/.gitignore

@@ -20,6 +20,5 @@ contrib/build/*/tmp/*
 .pkg
 .kube
 .var
-docs/certs
 # this is for buildling service catalog with origin tooling
 _output

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/Makefile

@@ -59,19 +59,7 @@ PLATFORM?=linux
 ARCH?=amd64
 
 # TODO: Consider using busybox instead of debian
-ifeq ($(ARCH),amd64)
-	BASEIMAGE?=debian:jessie
-else ifeq ($(ARCH),arm)
-	BASEIMAGE?=arm32v7/debian:jessie
-else ifeq ($(ARCH),arm64)
-	BASEIMAGE?=arm64v8/debian:jessie
-else ifeq ($(ARCH),ppc64le)
-	BASEIMAGE?=ppc64le/debian:jessie
-else ifeq ($(ARCH),s390x)
-	BASEIMAGE?=s390x/debian:jessie
-else
-$(error Unsupported platform to compile for)
-endif
+BASEIMAGE?=gcr.io/google-containers/debian-base-$(ARCH):0.2
 
 GO_BUILD       = env GOOS=$(PLATFORM) GOARCH=$(ARCH) go build -i $(GOFLAGS) \
                    -ldflags "-X $(SC_PKG)/pkg.VERSION=$(VERSION) $(BUILD_LDFLAGS)"
@@ -94,6 +82,16 @@ ifdef UNIT_TESTS
 	UNIT_TEST_FLAGS=-run $(UNIT_TESTS) -v
 endif
 
+ifdef INT_TESTS
+	INT_TEST_FLAGS=--test.run=$(INT_TESTS)
+endif
+
+ifdef TEST_LOG_LEVEL
+	UNIT_TEST_FLAGS+=-v
+	UNIT_TEST_LOG_FLAGS=-args --alsologtostderr --v=$(TEST_LOG_LEVEL)
+	INT_TEST_FLAGS+=--alsologtostderr --v=$(TEST_LOG_LEVEL)
+endif
+
 ifdef NO_DOCKER
 	DOCKER_CMD =
 	scBuildImageTarget =
@@ -271,14 +269,14 @@ test-unit-native: check-go
 test-unit: .init build
 	@echo Running tests:
 	$(DOCKER_CMD) go test -race $(UNIT_TEST_FLAGS) \
-	  $(addprefix $(SC_PKG)/,$(TEST_DIRS))
+	  $(addprefix $(SC_PKG)/,$(TEST_DIRS)) $(UNIT_TEST_LOG_FLAGS)
 
 test-integration: .init $(scBuildImageTarget) build
 	# test kubectl
 	contrib/hack/setup-kubectl.sh
 	contrib/hack/test-apiserver.sh
 	# golang integration tests
-	$(DOCKER_CMD) test/integration.sh
+	$(DOCKER_CMD) test/integration.sh $(INT_TEST_FLAGS)
 
 clean-e2e:
 	rm -f $(BINDIR)/e2e.test

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/README.md

@@ -114,3 +114,4 @@ check out the [community site](https://github.com/kubernetes/community/tree/mast
 
 Participation in the Kubernetes community is governed by the
 [Kubernetes Code of Conduct](./code-of-conduct.md).
+

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/charts/catalog/README.md

@@ -11,15 +11,15 @@ For more information,
 
 ## Prerequisites
 
-- Kubernetes 1.6+ with Beta APIs enabled
+- Kubernetes 1.7+ with Beta APIs enabled
 - `charts/catalog` already exists in your local machine
 
 ## Installing the Chart
 
 To install the chart with the release name `catalog`:
 
 ```bash
-$ helm install charts/catalog --name catalog --namespace catalog
+$ helm install . --name catalog --namespace catalog
 ```
 
 ## Uninstalling the Chart
@@ -40,23 +40,20 @@ chart and their default values.
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
-| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.0` |
+| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.1` |
 | `imagePullPolicy` | `imagePullPolicy` for the service catalog | `Always` |
-| `apiserver.tls.cert` | Base64-encoded x509 certificate | A self-signed certificate |
-| `apiserver.tls.key` | Base64-encoded private key | The private key for the certificate above |
-| `apiserver.tls.ca` | Base64-encoded CA certificate used to sign the above certificate | |
-| `apiserver.tls.requestHeaderCA` | Base64-encoded CA used to validate request-header authentication, when receiving delegated authentication from an aggregator | *none (will disable requestheader authentication)* |
+| `apiserver.tls.requestHeaderCA` | Base64-encoded CA used to validate request-header authentication, when receiving delegated authentication from an aggregator. If not set, the service catalog API server will inherit this CA from the `extension-apiserver-authentication` ConfigMap if available. | `nil` |
 | `apiserver.service.type` | Type of service; valid values are `LoadBalancer` and `NodePort` | `NodePort` |
 | `apiserver.service.nodePort.securePort` | If service type is `NodePort`, specifies a port in allowable range (e.g. 30000 - 32767 on minikube); The TLS-enabled endpoint will be exposed here | `30443` |
 | `apiserver.storage.type` | The storage backend to use; the only valid value is `etcd`, left for other storages support in future, e.g. `crd` | `etcd` |
 | `apiserver.storage.etcd.useEmbedded` | If storage type is `etcd`: Whether to embed an etcd container in the apiserver pod; THIS IS INADEQUATE FOR PRODUCTION USE! | `true` |
 | `apiserver.storage.etcd.servers` | If storage type is `etcd`: etcd URL(s); override this if NOT using embedded etcd | `http://localhost:2379` |
 | `apiserver.verbosity` | Log level; valid values are in the range 0 - 10 | `10` |
-| `apiserver.auth.enabled` | Enable authentication and authorization | `false` |
+| `apiserver.auth.enabled` | Enable authentication and authorization | `true` |
 | `controllerManager.verbosity` | Log level; valid values are in the range 0 - 10 | `10` |
 | `controllerManager.resyncInterval` | How often the controller should resync informers; duration format (`20m`, `1h`, etc) | `5m` |
 | `controllerManager.brokerRelistInterval` | How often the controller should relist the catalogs of ready brokers; duration format (`20m`, `1h`, etc) | `24h` |
-| `useAggregator` | whether or not to set up the controller-manager to go through the main Kubernetes API server's API aggregator (requires setting `apiserver.tls.ca` to work) | `false` |
+| `useAggregator` | whether or not to set up the controller-manager to go through the main Kubernetes API server's API aggregator | `true` |
 | `rbacEnable` | If true, create & use RBAC resources | `true` |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to
@@ -66,6 +63,5 @@ Alternatively, a YAML file that specifies the values for the parameters can be
 provided while installing the chart. For example:
 
 ```bash
-$ helm install charts/catalog --name catalog --namespace catalog \
-  --values values.yaml
+$ helm install . --name catalog --namespace catalog --values values.yaml
 ```

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/charts/catalog/templates/apiregistration.yaml

@@ -1,3 +1,8 @@
+{{- $ca := genCA "svc-cat-ca" 3650 }}
+{{- $cn := printf "%s-catalog-apiserver" .Release.Name }}
+{{- $altName1 := printf "%s-catalog-apiserver.%s" .Release.Name .Release.Namespace }}
+{{- $altName2 := printf "%s-catalog-apiserver.%s.svc" .Release.Name .Release.Namespace }}
+{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
 {{- if .Values.useAggregator }}
 {{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1beta1" }}
 apiVersion: apiregistration.k8s.io/v1beta1
@@ -13,11 +18,28 @@ spec:
   service:
     namespace: {{ .Release.Namespace }}
     name: {{ template "fullname" . }}-apiserver
-  caBundle: {{ .Values.apiserver.tls.ca }}
+  caBundle: {{ b64enc $ca.Cert }}
   {{ if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1alpha1" -}}
   priority: {{ .Values.apiserver.aggregator.priority }}
   {{ else if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1beta1" -}}
   groupPriorityMinimum: {{ .Values.apiserver.aggregator.groupPriorityMinimum }}
   versionPriority: {{ .Values.apiserver.aggregator.versionPriority }}
   {{- end }}
 {{ end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "fullname" . }}-apiserver-cert
+  labels:
+    app: {{ template "fullname" . }}-apiserver
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  tls.crt: {{ b64enc $cert.Cert }}
+  tls.key: {{ b64enc $cert.Key }}
+  {{- if .Values.apiserver.tls.requestHeaderCA }}
+  requestheader-ca.crt: {{ .Values.apiserver.tls.requestHeaderCA }}
+  {{- end }}

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/charts/catalog/templates/apiserver-deployment.yaml

@@ -18,6 +18,7 @@ spec:
         app: {{ template "fullname" . }}-apiserver
         chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
         release: "{{ .Release.Name }}"
+        releaseRevision: "{{ .Release.Revision }}"
         heritage: "{{ .Release.Service }}"
     spec:
       serviceAccountName: "{{ .Values.apiserver.serviceAccount }}"

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/charts/catalog/values.yaml

@@ -1,11 +1,11 @@
 # Default values for Service Catalog
 # service-catalog image to use
-image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.0
+image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.1
 # imagePullPolicy for the service-catalog; valid values are "IfNotPresent",
 # "Never", and "Always"
 imagePullPolicy: Always
 # determines whether the API server should be registered with the kube-aggregator
-useAggregator: false
+useAggregator: true
 ## If true, create & use RBAC resources
 ##
 rbacEnable: true
@@ -27,13 +27,11 @@ apiserver:
     # for more information on proper values of this field
     versionPriority: 20
   tls:
-    # Base64-encoded certificate authority for the APIService object to register
-    # the Service Catalog API with the apiregistration
-    ca: ""
-    # Base64-encoded x509 certificate
-    cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFpTVNBd0hnWURWUVFEREJjeE1DNHgKTVRJdU1TNHhPRFJBTVRRNE56RTVPRE14TWpBZUZ3MHhOekF5TVRVeU1qTTRNekphRncweE9EQXlNVFV5TWpNNApNekphTUNJeElEQWVCZ05WQkFNTUZ6RXdMakV4TWk0eExqRTRORUF4TkRnM01UazRNekV5TUlJQklqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBc1J6WlcxTllJQ2FaV3NScytrUGZxRU1uUnI0eE91N2gKb0l5ODI2MHltU3lCRkFZaUh0ankrVVc5NldNbXdCQkFRcVlGR3BQczN2UnI1SGF1RkJuV1dicHRMUjlnbVdZWApRa0tzYm9yK1MybTJwYWUyQ2EyVVRnMXJkMkV5VHpkbWkzaFdKMWRQMllRV0tOSXJOSGpmcTM5L25HTU5YWHRjCmJqbWYxb0ZHUER5ODVMNlIyclpVMHlaM0NMNVByczNhV0tQQmtLVXU3NDZhbldONzNTcGRoSTFxMnhNWHJseXMKcFlnUzdjV2FhZERidjVvNjFUYUFyTm0yTCtUWlNESExUMUVzOXdlVCs3TkhQQVlkUVpYTW1lRXU1V1U5ZzZ0UApnOEtmQk5PVG9iUzZPOTZLTzl4Y0VqT0JLcWdaZTQyYVpoZmFja09rcCs5aUFRN1BPQXhTVVFJREFRQUJvNEdOCk1JR0tNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUZJR0ExVWRFUVJMTUVtQ0ZtdDFZbVZ5Ym1WMFpYTXVaR1ZtWVhWc2RDNXpkbU9DRW10MQpZbVZ5Ym1WMFpYTXVaR1ZtWVhWc2RJSUthM1ZpWlhKdVpYUmxjNElKYkc5allXeG9iM04waHdRS2NBRzRNQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCYWlPckpOS3FhMmFWdG13YVdoaDAyVFJrMjlXLzA0WlRCYnJseFlpbHQKVi9CYklHbmF3UzlxcGRyVHJNc0RBVmtBbUpRaGtabHJOeFpYbE01WnR2c2wyc3ZHMVlFVnA1UTJuaU9PT3B1Sgo1UDFINUo2SDJNWUpQS2c3OTAyVnZnZ0xPVG5QU01aVjgyWFRlV2JrRW51UjFlY3pwK1NmWjVjZFArSnE3WVRuCm52dHc3aHUzOW1mSVZIU3g3Rk0vN2lBWUJLN0tNQlNUUHZYdWk0SGRTamUzTkhkNlllL0c1bTgvOXNxVXVIL0gKcWJMT0lpenFRRVFNTFRzaFNHdUtxYlVFZ2tBU0ExaTVPbENZcWpEUGRQNTBvVEJkQ24vRnhrMVIvc0R5UlhtQwpYMUR4cUZjNzdkT0pMaHJKM0tDT1RsTy9RY2tkcytkR0tTU09jV0Y4L0p5egotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-    # Base64-encoded private key
-    key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBc1J6WlcxTllJQ2FaV3NScytrUGZxRU1uUnI0eE91N2hvSXk4MjYweW1TeUJGQVlpCkh0ankrVVc5NldNbXdCQkFRcVlGR3BQczN2UnI1SGF1RkJuV1dicHRMUjlnbVdZWFFrS3Nib3IrUzJtMnBhZTIKQ2EyVVRnMXJkMkV5VHpkbWkzaFdKMWRQMllRV0tOSXJOSGpmcTM5L25HTU5YWHRjYmptZjFvRkdQRHk4NUw2UgoyclpVMHlaM0NMNVByczNhV0tQQmtLVXU3NDZhbldONzNTcGRoSTFxMnhNWHJseXNwWWdTN2NXYWFkRGJ2NW82CjFUYUFyTm0yTCtUWlNESExUMUVzOXdlVCs3TkhQQVlkUVpYTW1lRXU1V1U5ZzZ0UGc4S2ZCTk9Ub2JTNk85NksKTzl4Y0VqT0JLcWdaZTQyYVpoZmFja09rcCs5aUFRN1BPQXhTVVFJREFRQUJBb0lCQUUyYUVWWmxkeWhuSVN4WApBbFRKWm5iSUxhNWVhUjJrU3pIWVdHdDhRTDVDZEsvOFcvamVIOSsrZ2c1L2hod0RRdFN3LzIxOHdQMlRaSzZ1Cm5XbHJSTEw5N3hZbE9HTWVDelRhRjhrN2wxNGRqSXlhcGpVcFcrQ3pHcEl0QVNrYVloRGNBZ3Vzd3V6UVpoRXUKdlFWNXJLN3M1MUh6U0lqY0kweWNiUDlFbHl5T3lhQWJhRnNuQmw5RkFCSUgydmhIRS9NNUZsUHBOaVZPaGhraQpQUWdEQng1VGdrYUJrUDJtMVF1WmdxbnRkakRpcC9ZUWdpNE03ai9FMm9tWWtxOGkvd0lnUTBmaUkrZmxzVXpyCmNBWHNvaTU5TGVwLzEyUllqUEtoMXFJUHd4Y0dvTCtHektxNlQ0RG9xRXgxYXg4c1YwK1ZZVHJ6UHJXbTBZL0cKdHVhaXJnRUNnWUVBMm95RDVDNkdJb1JKU21ldTRTbnlxZTFJTjYrUndTd3RvMmd1SUx3K3dUSVBPTFJyNFJzMwpvRjJ6VS9NcmZpRFliTSswK0NXSGhOb3huMmcwOEsyd0pFV01EY1JlNjJLeEhjUEFXcFZuajVUcEJSaHRibUhZCkFoaGVidnErOW9RSkM3c3FLRHp3dWVpYzZhVlVmcVBtTXJ0M0tpRVh6R3VHWVVGbi93dm12dkVDZ1lFQXozYVQKaGU2OG9neHUrSEs4MElYSWNEMlljNFVYeS9UalNOSVdFakRzTUYrekhyNFNBMHJvQzBCaHc2b1djeUpERXFHdgo3WFg3dmFzMHR2SlBTc1Y3QnZieWxmUzY1cVdyN3JJQ2VsbG44Z3ptbERLUlcwbE5hNVAzWWxsSGx1bXVBR29MCjFJMHBwVUVLN3ZOK2hzQk5CdmtRL3NTVlRqME9aNTJuemo1ZmlXRUNnWUJ3TytrZnJhVEU1UnFlVTFERDRUNzEKZFIyNU96aW04NEVjZ2N2dWs3M0dpV2Ezd0RBR2ttdW10M2Y0ak5DeEhUMEg1RU1UakhKa0Q0bWNTMitraWc0RApFcFF5SGI2Qk0xV3g2MjFGRjZUdlg1R3JSRGd1ajZEV3NwME1jVWpRWUU0azhDRmVPSzJIUzZZSmR4WkZVdlpNCjUyanpBYnV2Qnlram1PdEhWMTFRZ1FLQmdGQ0xsTkxXMFYySXZqeXZMeWMyQ1krcUdsb2ZQaEh0VGFDa0QvV1kKRU5ybkRML093MmVMMlhNazE5QURaUnZtSFd4S1llY3JlMFUwQnc5UUhBREhrdkF0U0JsNEhtZ1Z3aDYxOWNoUwpsY3lmdlpXajNGTTRybG9wNUUzR284aXZpT0tZU1dlSU5yYjEvYXl2MUZ1MHBUTWoxN2xSMFRYQzlxaTd5TDZGCjhNbUJBb0dCQU0vN2ROK2lLN2NOTlFiT3haMWJ0VDduQzkySTI1ekduRWNXZFBzMWdZR2w2SnQ3TXJUQTEzRDUKNDNNTXIvTE1OdnI0ZWMyVHl0VUpkMXMzQ1dEMEM5UHg5dUlURUNOT1ZCRHpvN2hoUFcxb0NkTTl0OWM4V0hSNwpzSSsrWktKOVJVanZzeUNZeHM1SFNlNzFVNXZYMTFMcUhydkc2Q2docnNNc2lCa0N1NGZWCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+    # Base64-encoded CA used to validate request-header authentication, when
+    # receiving delegated authentication from an aggregator. If not set, the
+    # service catalog API server will inherit this CA from the
+    # extension-apiserver-authentication ConfigMap if available.
+    requestHeaderCA:
   # Attributes of the apiserver's service resource
   service:
     # Type of service; valid values are "LoadBalancer" and "NodePort"
@@ -59,10 +57,10 @@ apiserver:
   # Log level; valid values are in the range 0 - 10
   verbosity: 10
   auth:
-    # Enable or disable authentication and authorization.  Disabling authentication
-    # and authorization can be useful for quickly getting the walkthrough up and running,
+    # Enable or disable authentication and authorization. Disabling
+    # authentication and authorization can be useful for outlying scenarios
     # but is not suitable for production.
-    enabled: false
+    enabled: true
   audit:
     # If true, enables the use of audit features via this chart.
     activated: false

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/charts/ups-broker/README.md

@@ -34,7 +34,7 @@ Service Broker
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
-| `image` | Image to use | `quay.io/kubernetes-service-catalog/user-broker:v0.1.0` |
+| `image` | Image to use | `quay.io/kubernetes-service-catalog/user-broker:v0.1.1` |
 | `imagePullPolicy` | `imagePullPolicy` for the ups-broker | `Always` |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/charts/ups-broker/values.yaml

@@ -1,6 +1,6 @@
 # Default values for User-Provided Service Broker
 # Image to use
-image: quay.io/kubernetes-service-catalog/user-broker:v0.1.0
+image: quay.io/kubernetes-service-catalog/user-broker:v0.1.1
 # ImagePullPolicy; valid values are "IfNotPresent", "Never", and "Always"
 imagePullPolicy: Always
 # Certificate details to use for TLS. Leave blank to not use TLS

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/cmd/controller-manager/app/controller_manager.go

@@ -173,7 +173,7 @@ func Run(controllerManagerOptions *options.ControllerManagerServer) error {
 	glog.V(4).Info("Creating event broadcaster")
 	eventBroadcaster := record.NewBroadcaster()
 	eventBroadcaster.StartLogging(glog.Infof)
-	eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: k8sKubeClient.Core().Events("")})
+	eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: k8sKubeClient.CoreV1().Events("")})
 	recorder := eventBroadcaster.NewRecorder(api.Scheme, v1.EventSource{Component: controllerManagerAgentName})
 
 	// 'run' is the logic to run the controllers for the controller manager

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/jenkins/init_build.sh

@@ -20,7 +20,7 @@ ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
 . "${ROOT}/contrib/hack/utilities.sh" || { echo 'Cannot load bash utilities.'; exit 1; }
 
 GO_VERSION='1.9'
-HELM_VERSION='v2.0.0'
+HELM_VERSION='v2.7.0'
 GLIDE_VERSION='v0.12.3'
 
 function update-golang() {

cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/jenkins/install_catalog.sh

@@ -39,18 +39,9 @@ SERVICE_CATALOG_IMAGE="${REGISTRY}service-catalog:${VERSION}"
 
 echo 'INSTALLING SERVICE CATALOG'
 echo '-------------------'
-echo "Using service-catalot image: ${SERVICE_CATALOG_IMAGE}"
+echo "Using service-catalog image: ${SERVICE_CATALOG_IMAGE}"
 echo '-------------------'
 
-# Create certificates for API server
-echo 'Creating API server CA and certificate...'
-
-# The SC_SERVING_CA, SC_SERVING_CERT, and SC_SERVING_KEY environment variables
-# are sourced from this script.
-CERT_FOLDER="${CERT_FOLDER}" source ${ROOT}/contrib/svc-cat-apiserver-aggregation-tls-setup.sh \
-  || error_exit 'Error creating certificates for API server.'
-
-
 # Deploying to cluster
 
 echo 'Deploying service catalog...'
@@ -68,11 +59,6 @@ if [[ "${FIX_CONFIGMAP}" == true ]] && [[ -z "$(kubectl --namespace kube-system
 fi
 
 PARAMETERS="$(cat <<-EOF
-  --set apiserver.auth.enabled=true \
-  --set useAggregator=true \
-  --set apiserver.tls.ca=$(base64 --wrap 0 ${SC_SERVING_CA}) \
-  --set apiserver.tls.cert=$(base64 --wrap 0 ${SC_SERVING_CERT}) \
-  --set apiserver.tls.key=$(base64 --wrap 0 ${SC_SERVING_KEY}) \
   --set image=${SERVICE_CATALOG_IMAGE}
 EOF
 )"