Honor --use-service-account-credentials in cloud-controller-manager #50289
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-github-robot
added
size/XS
|
cc @kubernetes/sig-auth-pr-reviews |
k8s-ci-robot
added
the
sig/auth
| @@ -75,7 +75,6 @@ func (s *CloudControllerManagerServer) AddFlags(fs *pflag.FlagSet) { | |||
| fs.DurationVar(&s.NodeMonitorPeriod.Duration, "node-monitor-period", s.NodeMonitorPeriod.Duration, | |||
| "The period for syncing NodeStatus in NodeController.") | |||
| fs.DurationVar(&s.NodeStatusUpdateFrequency.Duration, "node-status-update-frequency", s.NodeStatusUpdateFrequency.Duration, "Specifies how often the controller updates nodes' status.") | |||
| fs.StringVar(&s.ServiceAccountKeyFile, "service-account-private-key-file", s.ServiceAccountKeyFile, "Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.") | |||
There was a problem hiding this comment.
This flag was definitely around in 1.7 https://github.com/kubernetes/kubernetes/blob/v1.7.0/cmd/cloud-controller-manager/app/options/options.go#L78
Do we need to mark it depricated first or is it okay just to remove it?
There was a problem hiding this comment.
Do we need to mark it depricated first or is it okay just to remove it?
not sure, so marked deprecated for now instead of removing
|
@liggitt relnote? |
liggitt
force-pushed
the
cloud-controller-manager
branch
from
c9bbf89
to
55c7ce1
Compare
liggitt
added
release-note
k8s-github-robot
added
size/S
|
/retest |
1 similar comment
|
/retest |
|
/lgtm /test pull-kubernetes-e2e-gce-etcd3 |
k8s-ci-robot
added
the
lgtm
|
This looks good! Thanks for the PR @liggitt |
|
/test pull-kubernetes-kubemark-e2e-gce |
|
/retest |
|
Whoa, how didn't this get merged? /lgtm |
|
/approve no-issue |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, luxas, wlan0 Associated issue requirement bypassed by: luxas The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
/retest |
| @@ -77,7 +77,9 @@ func (s *CloudControllerManagerServer) AddFlags(fs *pflag.FlagSet) { | |||
| fs.DurationVar(&s.NodeMonitorPeriod.Duration, "node-monitor-period", s.NodeMonitorPeriod.Duration, | |||
| "The period for syncing NodeStatus in NodeController.") | |||
| fs.DurationVar(&s.NodeStatusUpdateFrequency.Duration, "node-status-update-frequency", s.NodeStatusUpdateFrequency.Duration, "Specifies how often the controller updates nodes' status.") | |||
| // TODO: remove --service-account-private-key-file 6 months after 1.8 is released (~1.10) | |||
There was a problem hiding this comment.
As this is in alpha, we're probably gonna delete this (not include) when going to beta (hopefully in v1.9)
|
/test all Tests are more than 96 hours old. Re-running tests. |
|
/retest Review the full test history for this PR. |
|
/test pull-kubernetes-federation-e2e-gce |
1 similar comment
|
/test pull-kubernetes-federation-e2e-gce |
|
/retest Review the full test history for this PR. |
1 similar comment
|
/retest Review the full test history for this PR. |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
@liggitt: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Automatic merge from submit-queue (batch tested with PRs 50289, 52106) |
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. remove --service-account-private-key-file in v1.11 `kube-cloud-controller-manager` flag `--service-account-private-key-file` is removed in v1.11 ref: #50289 **Release note**: ```release-note `kube-cloud-controller-manager` flag `--service-account-private-key-file` is removed in v1.11 ```
If --use-service-account-credentials is specified, the cloud controller manager should honor it
The distinction between the rootclientbuilder and the clientbuilder came from kube-controller-manager, which is responsible for running the very controllers that enable service accounts. That two-layer approach is not needed in the cloud-controller-manager.