From c84653cd74d4981430096d4a9494ba8827a34caa Mon Sep 17 00:00:00 2001
From: Feilong Wang <flwang@catalyst.net.nz>
Date: Tue, 1 Sep 2020 06:56:09 +1200
Subject: [PATCH] Remove cloud-config from k8s worker node

Now Magnum is not deploying any service or workload on k8s
worker nodes which need to get credentials from local to talk
to Magnum control plane. So the cloud-config file should be
removed from worker nodes to reduce the attach surface from
a security point of view.

Task: 40791
Story: 2008090

Change-Id: I72e418491cbd19291527bbe4b504d599c740fea9
---
 magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
index 209da65eb1..aa84697ccd 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
@@ -480,7 +480,6 @@ resources:
                   $CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256}
             - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
             - get_file: ../../common/templates/kubernetes/fragments/install-clients.sh
-            - get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh
             - get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh
             - get_file: ../../common/templates/fragments/configure-docker-registry.sh
             - get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-minion.sh