custom data is now run through go templates

2017-05-02 19:23:44 -07:00 · 2017-05-02 19:23:44 -07:00 · ec691372c7
--- a/parts/kubeconfig.json
+++ b/parts/kubeconfig.json
@ -3,29 +3,29 @@
    "clusters": [
        {
            "cluster": {
-                "certificate-authority-data": "<<<variables('caCertificate')>>>",
-                "server": "https://<<<reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn>>>"  
+                "certificate-authority-data": "{{WrapAsVerbatim "variables('caCertificate')"}}",
+                "server": "https://{{WrapAsVerbatim "reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn"}}"  
            },
-            "name": "{{{resourceGroup}}}"
+            "name": "{{WrapAsVariable "resourceGroup"}}"
        }
    ],
    "contexts": [
        {
            "context": {
-                "cluster": "{{{resourceGroup}}}",
-                "user": "{{{resourceGroup}}}-admin"
+                "cluster": "{{WrapAsVariable "resourceGroup"}}",
+                "user": "{{WrapAsVariable "resourceGroup"}}-admin"
            },
-            "name": "{{{resourceGroup}}}"
+            "name": "{{WrapAsVariable "resourceGroup"}}"
        }
    ],
-    "current-context": "{{{resourceGroup}}}",
+    "current-context": "{{WrapAsVariable "resourceGroup"}}",
    "kind": "Config",
    "users": [
        {
-            "name": "{{{resourceGroup}}}-admin",
+            "name": "{{WrapAsVariable "resourceGroup"}}-admin",
            "user": {
-                "client-certificate-data": "<<<variables('kubeConfigCertificate')>>>",
-                "client-key-data": "<<<variables('kubeConfigPrivateKey')>>>"
+                "client-certificate-data": "{{WrapAsVerbatim "variables('kubeConfigCertificate')"}}",
+                "client-key-data": "{{WrapAsVerbatim "variables('kubeConfigPrivateKey')"}}"
            }
        }
    ]
--- a/parts/kubernetesagentcustomdata.yml
+++ b/parts/kubernetesagentcustomdata.yml
@ -1,7 +1,5 @@
 #cloud-config

-# { { { variable } } }
-
 write_files:
 - path: "/etc/systemd/system/docker.service.d/clear_mount_propagation_flags.conf"
  permissions: "0644"
@ -42,21 +40,21 @@ write_files:
  encoding: "base64"
  owner: "root"
  content: |
-    {{{caCertificate}}}
+    {{WrapAsVariable "caCertificate"}}

 - path: "/etc/kubernetes/certs/apiserver.crt"
  permissions: "0644"
  encoding: "base64"
  owner: "root"
  content: |
-    {{{apiserverCertificate}}}
+    {{WrapAsVariable "apiserverCertificate"}}

 - path: "/etc/kubernetes/certs/client.crt"
  permissions: "0644"
  encoding: "base64"
  owner: "root"
  content: |
-    {{{clientCertificate}}}
+    {{WrapAsVariable "clientCertificate"}}

 - path: "/var/lib/kubelet/kubeconfig"
  permissions: "0644"
@ -68,7 +66,7 @@ write_files:
    - name: localcluster
      cluster:
        certificate-authority: /etc/kubernetes/certs/ca.crt
-        server: https://{{{masterInternalLbIp}}}:443
+        server: https://{{WrapAsVariable "masterInternalLbIp"}}:443
    users:
    - name: client
      user:
@ -96,8 +94,8 @@ write_files:
    Restart=on-failure
    RestartSec=5s
    ExecStartPre=/bin/mkdir -p /tmp/kubectldir
-    ExecStartPre=/usr/bin/docker pull {{{kubernetesHyperkubeSpec}}}
-    ExecStartPre=/usr/bin/docker run --rm -v /tmp/kubectldir:/opt/kubectldir {{{kubernetesHyperkubeSpec}}} /bin/bash -c "cp /hyperkube /opt/kubectldir/"
+    ExecStartPre=/usr/bin/docker pull {{WrapAsVariable "kubernetesHyperkubeSpec"}}
+    ExecStartPre=/usr/bin/docker run --rm -v /tmp/kubectldir:/opt/kubectldir {{WrapAsVariable "kubernetesHyperkubeSpec"}} /bin/bash -c "cp /hyperkube /opt/kubectldir/"
    ExecStartPre=/bin/mv /tmp/kubectldir/hyperkube /usr/local/bin/kubectl
    ExecStart=/bin/chmod a+x /usr/local/bin/kubectl

@ -108,15 +106,15 @@ write_files:
  permissions: "0644"
  owner: "root"
  content: |
-    KUBELET_CLUSTER_DNS={{{kubeDnsServiceIP}}}
-    KUBELET_API_SERVERS=https://{{{masterInternalLbIp}}}:443
-    KUBELET_IMAGE={{{kubernetesHyperkubeSpec}}}
+    KUBELET_CLUSTER_DNS={{WrapAsVariable "kubeDnsServiceIP"}}
+    KUBELET_API_SERVERS=https://{{WrapAsVariable "masterInternalLbIp"}}:443
+    KUBELET_IMAGE={{WrapAsVariable "kubernetesHyperkubeSpec"}}
    KUBELET_NETWORK_PLUGIN=kubenet
    DOCKER_OPTS=
    CUSTOM_CMD=/bin/true
    KUBELET_REGISTER_SCHEDULABLE=true
    KUBELET_NODE_LABELS=role=agent
-    KUBELET_POD_INFRA_CONTAINER_IMAGE={{{kubernetesPodInfraContainerSpec}}}
+    KUBELET_POD_INFRA_CONTAINER_IMAGE={{WrapAsVariable "kubernetesPodInfraContainerSpec"}}

 - path: "/etc/systemd/system/kubelet.service"
  permissions: "0644"
@ -137,7 +135,7 @@ write_files:
  encoding: gzip
  owner: "root"
  content: !!binary |
-    {{{provisionScript}}}
+    {{WrapAsVariable "provisionScript"}}

 runcmd:
 - apt-get update
@ -147,12 +145,12 @@ runcmd:
 - systemctl start rpcbind
 - systemctl start rpc-statd
 - for i in 1 2 3 4 5; do curl --max-time 60 -fsSL https://aptdocker.azureedge.net/gpg | apt-key add -; [ $? -eq 0 ] && break || sleep 5; done
- echo "deb {{{dockerEngineDownloadRepo}}} ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
- "echo \"Package: docker-engine\nPin: version {{{dockerEngineVersion}}}\nPin-Priority: 550\n\" > /etc/apt/preferences.d/docker.pref"
+- echo "deb {{WrapAsVariable "dockerEngineDownloadRepo"}} ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
+- "echo \"Package: docker-engine\nPin: version {{WrapAsVariable "dockerEngineVersion"}}\nPin-Priority: 550\n\" > /etc/apt/preferences.d/docker.pref"
 - apt-get update
 - apt-get install -y ebtables
 - apt-get install -y docker-engine
 - systemctl restart docker
 - mkdir -p /etc/kubernetes/manifests
- usermod -aG docker {{{username}}}
+- usermod -aG docker {{WrapAsVariable "username"}}

--- a/parts/kubernetesagentresourcesvmas.t
+++ b/parts/kubernetesagentresourcesvmas.t
@ -146,7 +146,7 @@
        "osProfile": {
          "adminUsername": "[variables('username')]",
          "computername": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
-          {{GetKubernetesAgentCustomData}}
+          {{GetKubernetesAgentCustomData .}}
          "linuxConfiguration": {
              "disablePasswordAuthentication": "true",
              "ssh": {
--- a/parts/kubernetesmastercustomdata.yml
+++ b/parts/kubernetesmastercustomdata.yml
@ -1,7 +1,5 @@
 #cloud-config

-# { { { variable } } }
-
 packages:
 - etcd
 - jq
@ -63,21 +61,21 @@ write_files:
  encoding: "base64"
  owner: "root"
  content: |
-    {{{caCertificate}}}
+    {{WrapAsVariable "caCertificate"}}

 - path: "/etc/kubernetes/certs/apiserver.crt"
  permissions: "0644"
  encoding: "base64"
  owner: "root"
  content: |
-    {{{apiServerCertificate}}}
+    {{WrapAsVariable "apiServerCertificate"}}

 - path: "/etc/kubernetes/certs/client.crt"
  permissions: "0644"
  encoding: "base64"
  owner: "root"
  content: |
-    {{{clientCertificate}}}
+    {{WrapAsVariable "clientCertificate"}}

 - path: "/var/lib/kubelet/kubeconfig"
  permissions: "0644"
@ -89,7 +87,7 @@ write_files:
    - name: localcluster
      cluster:
        certificate-authority: /etc/kubernetes/certs/ca.crt
-        server: <<<concat('https://', variables('masterPrivateIpAddrs')[copyIndex()], ':443')>>>
+        server: {{WrapAsVerbatim "concat('https://', variables('masterPrivateIpAddrs')[copyIndex()], ':443')"}}
    users:
    - name: client
      user:
@ -201,8 +199,8 @@ write_files:
    Restart=on-failure
    RestartSec=5s
    ExecStartPre=/bin/mkdir -p /tmp/kubectldir
-    ExecStartPre=/usr/bin/docker pull {{{kubernetesHyperkubeSpec}}}
-    ExecStartPre=/usr/bin/docker run --rm -v /tmp/kubectldir:/opt/kubectldir {{{kubernetesHyperkubeSpec}}} /bin/bash -c "cp /hyperkube /opt/kubectldir/"
+    ExecStartPre=/usr/bin/docker pull {{WrapAsVariable "kubernetesHyperkubeSpec"}}
+    ExecStartPre=/usr/bin/docker run --rm -v /tmp/kubectldir:/opt/kubectldir {{WrapAsVariable "kubernetesHyperkubeSpec"}} /bin/bash -c "cp /hyperkube /opt/kubectldir/"
    ExecStartPre=/bin/mv /tmp/kubectldir/hyperkube /usr/local/bin/kubectl
    ExecStart=/bin/chmod a+x /usr/local/bin/kubectl

@ -213,14 +211,14 @@ write_files:
  permissions: "0644"
  owner: "root"
  content: |
-    KUBELET_CLUSTER_DNS={{{kubeDnsServiceIP}}}
-    KUBELET_API_SERVERS=<<<concat('https://', variables('masterPrivateIpAddrs')[copyIndex()], ':443')>>>
-    KUBELET_IMAGE={{{kubernetesHyperkubeSpec}}}
+    KUBELET_CLUSTER_DNS={{WrapAsVariable "kubeDnsServiceIP"}}
+    KUBELET_API_SERVERS={{WrapAsVerbatim "concat('https://', variables('masterPrivateIpAddrs')[copyIndex()], ':443')"}}
+    KUBELET_IMAGE={{WrapAsVariable "kubernetesHyperkubeSpec"}}
    KUBELET_NETWORK_PLUGIN=
    DOCKER_OPTS=
-    KUBELET_REGISTER_SCHEDULABLE={{{registerSchedulable}}}
+    KUBELET_REGISTER_SCHEDULABLE={{WrapAsVariable "registerSchedulable"}}
    KUBELET_NODE_LABELS=role=master
-    KUBELET_POD_INFRA_CONTAINER_IMAGE={{{kubernetesPodInfraContainerSpec}}}
+    KUBELET_POD_INFRA_CONTAINER_IMAGE={{WrapAsVariable "kubernetesPodInfraContainerSpec"}}

 - path: "/etc/systemd/system/kubelet.service"
  permissions: "0644"
@ -241,24 +239,24 @@ write_files:
    # This IPTable rule then redirects ILB traffic to port 443 in the prerouting chain
    iptables -t nat -A PREROUTING -p tcp --dport 4443 -j REDIRECT --to-port 443

-    sed -i "s|<kubernetesAddonManagerSpec>|{{{kubernetesAddonManagerSpec}}}|g" "/etc/kubernetes/manifests/kube-addon-manager.yaml"
-    sed -i "s|<kubernetesHyperkubeSpec>|{{{kubernetesHyperkubeSpec}}}|g; s|<kubeServiceCidr>|{{{kubeServiceCidr}}}|g; s|<masterEtcdClientPort>|{{{masterEtcdClientPort}}}|g; s|<masterCount>|{{{masterCount}}}|g" "/etc/kubernetes/manifests/kube-apiserver.yaml"
-    sed -i "s|<kubernetesHyperkubeSpec>|{{{kubernetesHyperkubeSpec}}}|g; s|<masterFqdnPrefix>|{{{masterFqdnPrefix}}}|g; s|<allocateNodeCidrs>|{{{allocateNodeCidrs}}}|g" "/etc/kubernetes/manifests/kube-controller-manager.yaml"
-    sed -i "s|<kubernetesHyperkubeSpec>|{{{kubernetesHyperkubeSpec}}}|g" "/etc/kubernetes/manifests/kube-scheduler.yaml"
-    sed -i "s|<kubernetesHyperkubeSpec>|{{{kubernetesHyperkubeSpec}}}|g" "/etc/kubernetes/addons/kube-proxy-daemonset.yaml"
-    sed -i "s|<kubernetesKubeDNSSpec>|{{{kubernetesKubeDNSSpec}}}|g; s|<kubernetesDNSMasqSpec>|{{{kubernetesDNSMasqSpec}}}|g; s|<kubernetesExecHealthzSpec>|{{{kubernetesExecHealthzSpec}}}|g" "/etc/kubernetes/addons/kube-dns-deployment.yaml"
-    sed -i "s|<kubernetesHeapsterSpec>|{{{kubernetesHeapsterSpec}}}|g; s|<kubernetesAddonResizerSpec>|{{{kubernetesAddonResizerSpec}}}|g" "/etc/kubernetes/addons/kube-heapster-deployment.yaml"
-    sed -i "s|<kubernetesDashboardSpec>|{{{kubernetesDashboardSpec}}}|g" "/etc/kubernetes/addons/kubernetes-dashboard-deployment.yaml"
+    sed -i "s|<kubernetesAddonManagerSpec>|{{WrapAsVariable "kubernetesAddonManagerSpec"}}|g" "/etc/kubernetes/manifests/kube-addon-manager.yaml"
+    sed -i "s|<kubernetesHyperkubeSpec>|{{WrapAsVariable "kubernetesHyperkubeSpec"}}|g; s|<kubeServiceCidr>|{{WrapAsVariable "kubeServiceCidr"}}|g; s|<masterEtcdClientPort>|{{WrapAsVariable "masterEtcdClientPort"}}|g; s|<masterCount>|{{WrapAsVariable "masterCount"}}|g" "/etc/kubernetes/manifests/kube-apiserver.yaml"
+    sed -i "s|<kubernetesHyperkubeSpec>|{{WrapAsVariable "kubernetesHyperkubeSpec"}}|g; s|<masterFqdnPrefix>|{{WrapAsVariable "masterFqdnPrefix"}}|g; s|<allocateNodeCidrs>|{{WrapAsVariable "allocateNodeCidrs"}}|g" "/etc/kubernetes/manifests/kube-controller-manager.yaml"
+    sed -i "s|<kubernetesHyperkubeSpec>|{{WrapAsVariable "kubernetesHyperkubeSpec"}}|g" "/etc/kubernetes/manifests/kube-scheduler.yaml"
+    sed -i "s|<kubernetesHyperkubeSpec>|{{WrapAsVariable "kubernetesHyperkubeSpec"}}|g" "/etc/kubernetes/addons/kube-proxy-daemonset.yaml"
+    sed -i "s|<kubernetesKubeDNSSpec>|{{WrapAsVariable "kubernetesKubeDNSSpec"}}|g; s|<kubernetesDNSMasqSpec>|{{WrapAsVariable "kubernetesDNSMasqSpec"}}|g; s|<kubernetesExecHealthzSpec>|{{WrapAsVariable "kubernetesExecHealthzSpec"}}|g" "/etc/kubernetes/addons/kube-dns-deployment.yaml"
+    sed -i "s|<kubernetesHeapsterSpec>|{{WrapAsVariable "kubernetesHeapsterSpec"}}|g; s|<kubernetesAddonResizerSpec>|{{WrapAsVariable "kubernetesAddonResizerSpec"}}|g" "/etc/kubernetes/addons/kube-heapster-deployment.yaml"
+    sed -i "s|<kubernetesDashboardSpec>|{{WrapAsVariable "kubernetesDashboardSpec"}}|g" "/etc/kubernetes/addons/kubernetes-dashboard-deployment.yaml"

 - path: "/opt/azure/containers/provision.sh"
  permissions: "0744"
  encoding: gzip
  owner: "root"
  content: !!binary |
-    {{{provisionScript}}}
+    {{WrapAsVariable "provisionScript"}}

 runcmd:
- /bin/echo DAEMON_ARGS=--name "<<<variables('masterVMNames')[copyIndex()]>>>" --initial-advertise-peer-urls "<<<variables('masterEtcdPeerURLs')[copyIndex()]>>>" --listen-peer-urls "<<<variables('masterEtcdPeerURLs')[copyIndex()]>>>" --advertise-client-urls "<<<variables('masterEtcdClientURLs')[copyIndex()]>>>" --listen-client-urls "<<<concat(variables('masterEtcdClientURLs')[copyIndex()], ',http://127.0.0.1:', variables('masterEtcdClientPort'))>>>" --initial-cluster-token "k8s-etcd-cluster" --initial-cluster "<<<variables('masterEtcdClusterStates')[div(variables('masterCount'), 2)]>>> --data-dir "/var/lib/etcddisk"" --initial-cluster-state "new" | tee -a /etc/default/etcd
+- /bin/echo DAEMON_ARGS=--name "{{WrapAsVerbatim "variables('masterVMNames')[copyIndex()]"}}" --initial-advertise-peer-urls "{{WrapAsVerbatim "variables('masterEtcdPeerURLs')[copyIndex()]"}}" --listen-peer-urls "{{WrapAsVerbatim "variables('masterEtcdPeerURLs')[copyIndex()]"}}" --advertise-client-urls "{{WrapAsVerbatim "variables('masterEtcdClientURLs')[copyIndex()]"}}" --listen-client-urls "{{WrapAsVerbatim "concat(variables('masterEtcdClientURLs')[copyIndex()], ',http://127.0.0.1:', variables('masterEtcdClientPort'))"}}" --initial-cluster-token "k8s-etcd-cluster" --initial-cluster "{{WrapAsVerbatim "variables('masterEtcdClusterStates')[div(variables('masterCount'), 2)]"}} --data-dir "/var/lib/etcddisk"" --initial-cluster-state "new" | tee -a /etc/default/etcd
 - sudo /bin/chown -R etcd:etcd /var/lib/etcd/default
 - sudo /bin/chown -R etcd:etcd /var/lib/etcddisk
 - systemctl stop etcd
@ -268,12 +266,12 @@ runcmd:
 - apt-get update
 - apt-get install -y apt-transport-https ca-certificates
 - for i in 1 2 3 4 5; do curl --max-time 60 -fsSL https://aptdocker.azureedge.net/gpg | apt-key add -; [ $? -eq 0 ] && break || sleep 5; done
- echo "deb {{{dockerEngineDownloadRepo}}} ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
- "echo \"Package: docker-engine\nPin: version {{{dockerEngineVersion}}}\nPin-Priority: 550\n\" > /etc/apt/preferences.d/docker.pref"
+- echo "deb {{WrapAsVariable "dockerEngineDownloadRepo"}} ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
+- "echo \"Package: docker-engine\nPin: version {{WrapAsVariable "dockerEngineVersion"}}\nPin-Priority: 550\n\" > /etc/apt/preferences.d/docker.pref"
 - apt-get update
 - apt-get install -y ebtables
 - apt-get install -y docker-engine
 - systemctl restart docker
 - mkdir -p /etc/kubernetes/manifests
- usermod -aG docker {{{username}}}
+- usermod -aG docker {{WrapAsVariable "username"}}

--- a/parts/kubernetesmasterresources.t
+++ b/parts/kubernetesmasterresources.t
@ -379,7 +379,7 @@
        "osProfile": {
          "adminUsername": "[variables('username')]",
          "computername": "[concat(variables('masterVMNamePrefix'), copyIndex())]",
-          {{GetKubernetesMasterCustomData}}
+          {{GetKubernetesMasterCustomData .}}
          "linuxConfiguration": {
            "disablePasswordAuthentication": "true",
            "ssh": {
--- a/parts/kuberneteswinagentresourcesvmas.t
+++ b/parts/kuberneteswinagentresourcesvmas.t
@ -116,7 +116,7 @@
        }, 
        "osProfile": {
          "computername": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
-          {{GetKubernetesWindowsAgentCustomData}}
+          {{GetKubernetesWindowsAgentCustomData .}}
          "adminUsername": "[variables('windowsAdminUsername')]",
          "adminPassword": "[variables('windowsAdminPassword')]"
        }, 
--- a/parts/kuberneteswindowssetup.ps1
+++ b/parts/kuberneteswindowssetup.ps1
@ -40,26 +40,26 @@ param(
    $AADClientSecret
 )

-$global:CACertificate = "{{{caCertificate}}}"
-$global:AgentCertificate = "{{{clientCertificate}}}"
+$global:CACertificate = "{{WrapAsVariable "caCertificate"}}"
+$global:AgentCertificate = "{{WrapAsVariable "clientCertificate"}}"
 $global:DockerServiceName = "Docker"
 $global:RRASServiceName = "RemoteAccess"
 $global:KubeDir = "c:\k"
-$global:KubeBinariesSASURL = "{{{kubeBinariesSASURL}}}"
-$global:KubeBinariesVersion = "{{{kubeBinariesVersion}}}"
+$global:KubeBinariesSASURL = "{{WrapAsVariable "kubeBinariesSASURL"}}"
+$global:KubeBinariesVersion = "{{WrapAsVariable "kubeBinariesVersion"}}"
 $global:KubeletStartFile = $global:KubeDir + "\kubeletstart.ps1"
 $global:KubeProxyStartFile = $global:KubeDir + "\kubeproxystart.ps1"
 $global:NatNetworkName="nat"
 $global:TransparentNetworkName="transparentNet"

-$global:TenantId = "{{{tenantID}}}"
-$global:SubscriptionId = "{{{subscriptionId}}}"
-$global:ResourceGroup = "{{{resourceGroup}}}"
-$global:SubnetName = "{{{subnetName}}}"
-$global:SecurityGroupName = "{{{nsgName}}}"
-$global:VNetName = "{{{virtualNetworkName}}}"
-$global:RouteTableName = "{{{routeTableName}}}"
-$global:PrimaryAvailabilitySetName = "{{{primaryAvailablitySetName}}}"
+$global:TenantId = "{{WrapAsVariable "tenantID"}}"
+$global:SubscriptionId = "{{WrapAsVariable "subscriptionId"}}"
+$global:ResourceGroup = "{{WrapAsVariable "resourceGroup"}}"
+$global:SubnetName = "{{WrapAsVariable "subnetName"}}"
+$global:SecurityGroupName = "{{WrapAsVariable "nsgName"}}"
+$global:VNetName = "{{WrapAsVariable "virtualNetworkName"}}"
+$global:RouteTableName = "{{WrapAsVariable "routeTableName"}}"
+$global:PrimaryAvailabilitySetName = "{{WrapAsVariable "primaryAvailablitySetName"}}"
 $global:NeedPatchWinNAT = $false

 filter Timestamp {"$(Get-Date -Format o): $_"}
--- a/pkg/acsengine/engine.go
+++ b/pkg/acsengine/engine.go
@ -271,11 +271,11 @@ func GenerateKubeConfig(properties *api.Properties, location string) (string, er
 	}
 	kubeconfig := string(b)
 	// variable replacement
-	kubeconfig = strings.Replace(kubeconfig, "<<<variables('caCertificate')>>>", base64.StdEncoding.EncodeToString([]byte(properties.CertificateProfile.CaCertificate)), -1)
-	kubeconfig = strings.Replace(kubeconfig, "<<<reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn>>>", FormatAzureProdFQDN(properties.MasterProfile.DNSPrefix, location), -1)
-	kubeconfig = strings.Replace(kubeconfig, "{{{resourceGroup}}}", properties.MasterProfile.DNSPrefix, -1)
-	kubeconfig = strings.Replace(kubeconfig, "<<<variables('kubeConfigCertificate')>>>", base64.StdEncoding.EncodeToString([]byte(properties.CertificateProfile.KubeConfigCertificate)), -1)
-	kubeconfig = strings.Replace(kubeconfig, "<<<variables('kubeConfigPrivateKey')>>>", base64.StdEncoding.EncodeToString([]byte(properties.CertificateProfile.KubeConfigPrivateKey)), -1)
+	kubeconfig = strings.Replace(kubeconfig, "{{WrapAsVerbatim \"variables('caCertificate')\"}}", base64.StdEncoding.EncodeToString([]byte(properties.CertificateProfile.CaCertificate)), -1)
+	kubeconfig = strings.Replace(kubeconfig, "{{WrapAsVerbatim \"reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn\"}}", FormatAzureProdFQDN(properties.MasterProfile.DNSPrefix, location), -1)
+	kubeconfig = strings.Replace(kubeconfig, "{{WrapAsVariable \"resourceGroup\"}}", properties.MasterProfile.DNSPrefix, -1)
+	kubeconfig = strings.Replace(kubeconfig, "{{WrapAsVerbatim \"variables('kubeConfigCertificate')\"}}", base64.StdEncoding.EncodeToString([]byte(properties.CertificateProfile.KubeConfigCertificate)), -1)
+	kubeconfig = strings.Replace(kubeconfig, "{{WrapAsVerbatim \"variables('kubeConfigPrivateKey')\"}}", base64.StdEncoding.EncodeToString([]byte(properties.CertificateProfile.KubeConfigPrivateKey)), -1)

 	return kubeconfig, nil
 }
@ -581,8 +581,8 @@ func (t *TemplateGenerator) getTemplateFuncMap(cs *api.ContainerService) map[str
 		"GetKubernetesMasterCustomScript": func() string {
 			return getBase64CustomScript(kubernetesMasterCustomScript)
 		},
-		"GetKubernetesMasterCustomData": func() string {
-			str, e := getSingleLineForTemplate(kubernetesMasterCustomDataYaml)
+		"GetKubernetesMasterCustomData": func(profile *api.Properties) string {
+			str, e := t.getSingleLineForTemplate(kubernetesMasterCustomDataYaml, cs, profile)
 			if e != nil {
 				return ""
 			}
@ -606,8 +606,8 @@ func (t *TemplateGenerator) getTemplateFuncMap(cs *api.ContainerService) map[str
 			// return the custom data
 			return fmt.Sprintf("\"customData\": \"[base64(concat('%s'))]\",", str)
 		},
-		"GetKubernetesAgentCustomData": func() string {
-			str, e := getSingleLineForTemplate(kubernetesAgentCustomDataYaml)
+		"GetKubernetesAgentCustomData": func(profile *api.AgentPoolProfile) string {
+			str, e := t.getSingleLineForTemplate(kubernetesAgentCustomDataYaml, cs, profile)
 			if e != nil {
 				return ""
 			}
@ -646,20 +646,13 @@ func (t *TemplateGenerator) getTemplateFuncMap(cs *api.ContainerService) map[str
 			str := getBase64CustomScript(swarmModeWindowsProvision)
 			return fmt.Sprintf("\"customData\": \"%s\"", str)
 		},
-		"GetKubernetesWindowsAgentCustomData": func() string {
-			str, e := getSingleLineForTemplate(kubernetesWindowsAgentCustomDataPS1)
+		"GetKubernetesWindowsAgentCustomData": func(profile *api.AgentPoolProfile) string {
+			str, e := t.getSingleLineForTemplate(kubernetesWindowsAgentCustomDataPS1, cs, profile)
 			if e != nil {
 				return ""
 			}
 			return fmt.Sprintf("\"customData\": \"[base64(concat('%s'))]\",", str)
 		},
-		"GetKubernetesKubeConfig": func() string {
-			str, e := getSingleLineForTemplate(kubeConfigJSON)
-			if e != nil {
-				return ""
-			}
-			return str
-		},
 		"GetMasterSwarmModeCustomData": func() string {
 			files := []string{swarmModeProvision}
 			str := buildYamlFileWithWriteFiles(files)
@ -678,6 +671,12 @@ func (t *TemplateGenerator) getTemplateFuncMap(cs *api.ContainerService) map[str
 		"GetKubernetesPodStartIndex": func() string {
 			return fmt.Sprintf("%d", getKubernetesPodStartIndex(cs.Properties))
 		},
+		"WrapAsVariable": func(s string) string {
+			return fmt.Sprintf("',variables('%s'),'", s)
+		},
+		"WrapAsVerbatim": func(s string) string {
+			return fmt.Sprintf("',%s,'", s)
+		},
 		"AnyAgentHasDisks": func() bool {
 			for _, agentProfile := range cs.Properties.AgentPoolProfiles {
 				if agentProfile.HasDisks() {
@ -997,26 +996,26 @@ func getSecurityRules(ports []int) string {
 }

 // getSingleLineForTemplate returns the file as a single line for embedding in an arm template
-func getSingleLineForTemplate(textFilename string) (string, error) {
+func (t *TemplateGenerator) getSingleLineForTemplate(textFilename string, cs *api.ContainerService, profile interface{}) (string, error) {
 	b, err := Asset(textFilename)
 	if err != nil {
 		return "", fmt.Errorf("yaml file %s does not exist", textFilename)
 	}

-	textStr := escapeSingleLine(string(b))
+	// use go templates to process the text filename
+	templ := template.New("customdata template").Funcs(t.getTemplateFuncMap(cs))
+	if _, err = templ.New(textFilename).Parse(string(b)); err != nil {
+		return "", fmt.Errorf("error parsing file %s: %v", textFilename, err)
+	}

-	// variable replacement
-	rVariable, e1 := regexp.Compile("{{{([^}]*)}}}")
-	if e1 != nil {
-		return "", e1
+	var buffer bytes.Buffer
+	if err = templ.ExecuteTemplate(&buffer, textFilename, profile); err != nil {
+		return "", fmt.Errorf("error executing template for file %s: %v", textFilename, err)
 	}
-	textStr = rVariable.ReplaceAllString(textStr, "',variables('$1'),'")
-	// verbatim replacement
-	rVerbatim, e2 := regexp.Compile("<<<([^>]*)>>>")
-	if e2 != nil {
-		return "", e2
-	}
-	textStr = rVerbatim.ReplaceAllString(textStr, "',$1,'")
+	expandedTemplate := buffer.String()
+
+	textStr := escapeSingleLine(string(expandedTemplate))
+
 	return textStr, nil
 }

--- a/pkg/acsengine/templates.go
+++ b/pkg/acsengine/templates.go