Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Honor --use-service-account-credentials in cloud-controller-manager #50289

Merged

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Aug 8, 2017

If --use-service-account-credentials is specified, the cloud controller manager should honor it

The distinction between the rootclientbuilder and the clientbuilder came from kube-controller-manager, which is responsible for running the very controllers that enable service accounts. That two-layer approach is not needed in the cloud-controller-manager.

The `kube-cloud-controller-manager` flag `--service-account-private-key-file` was non-functional and is now deprecated.
The `kube-cloud-controller-manager` flag `--use-service-account-credentials` is now honored consistently, regardless of whether `--service-account-private-key-file` was specified.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 8, 2017
@k8s-github-robot k8s-github-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. release-note-label-needed labels Aug 8, 2017
@liggitt
Copy link
Member Author

liggitt commented Aug 8, 2017

cc @kubernetes/sig-auth-pr-reviews

@k8s-ci-robot k8s-ci-robot added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Aug 8, 2017
@@ -75,7 +75,6 @@ func (s *CloudControllerManagerServer) AddFlags(fs *pflag.FlagSet) {
fs.DurationVar(&s.NodeMonitorPeriod.Duration, "node-monitor-period", s.NodeMonitorPeriod.Duration,
"The period for syncing NodeStatus in NodeController.")
fs.DurationVar(&s.NodeStatusUpdateFrequency.Duration, "node-status-update-frequency", s.NodeStatusUpdateFrequency.Duration, "Specifies how often the controller updates nodes' status.")
fs.StringVar(&s.ServiceAccountKeyFile, "service-account-private-key-file", s.ServiceAccountKeyFile, "Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This flag was definitely around in 1.7 https://github.com/kubernetes/kubernetes/blob/v1.7.0/cmd/cloud-controller-manager/app/options/options.go#L78

Do we need to mark it depricated first or is it okay just to remove it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to mark it depricated first or is it okay just to remove it?

not sure, so marked deprecated for now instead of removing

@thockin thockin assigned cheftako and unassigned thockin and dchen1107 Aug 17, 2017
@thockin
Copy link
Member

thockin commented Aug 17, 2017

@wlan0

@thockin
Copy link
Member

thockin commented Aug 17, 2017

@liggitt relnote?

@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Aug 17, 2017
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 17, 2017
@ericchiang
Copy link
Contributor

/retest

1 similar comment
@liggitt
Copy link
Member Author

liggitt commented Aug 18, 2017

/retest

@wlan0
Copy link
Member

wlan0 commented Aug 18, 2017

/lgtm

/test pull-kubernetes-e2e-gce-etcd3

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 18, 2017
@wlan0
Copy link
Member

wlan0 commented Aug 18, 2017

This looks good! Thanks for the PR @liggitt

@wlan0
Copy link
Member

wlan0 commented Aug 21, 2017

/test pull-kubernetes-kubemark-e2e-gce

@liggitt
Copy link
Member Author

liggitt commented Aug 22, 2017

/retest

@luxas
Copy link
Member

luxas commented Sep 10, 2017

Whoa, how didn't this get merged?
We really should get this in to make the deprecation start taking effect.
This touches only alpha codepaths
This was LGTM'd way before code freeze.
It just seems like we hadn't the right OWNERS files in place back then...

/lgtm

@luxas
Copy link
Member

luxas commented Sep 10, 2017

/approve no-issue

@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, luxas, wlan0

Associated issue requirement bypassed by: luxas

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 10, 2017
@luxas
Copy link
Member

luxas commented Sep 10, 2017

(both myself and @wlan0 are CCM OWNERS)

@jdumars may I add the v1.8 milestone to this PR?

@luxas
Copy link
Member

luxas commented Sep 10, 2017

/retest

@@ -77,7 +77,9 @@ func (s *CloudControllerManagerServer) AddFlags(fs *pflag.FlagSet) {
fs.DurationVar(&s.NodeMonitorPeriod.Duration, "node-monitor-period", s.NodeMonitorPeriod.Duration,
"The period for syncing NodeStatus in NodeController.")
fs.DurationVar(&s.NodeStatusUpdateFrequency.Duration, "node-status-update-frequency", s.NodeStatusUpdateFrequency.Duration, "Specifies how often the controller updates nodes' status.")
// TODO: remove --service-account-private-key-file 6 months after 1.8 is released (~1.10)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is in alpha, we're probably gonna delete this (not include) when going to beta (hopefully in v1.9)

@k8s-github-robot
Copy link

/test all

Tests are more than 96 hours old. Re-running tests.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

@jdumars jdumars added this to the v1.8 milestone Sep 11, 2017
@jdumars
Copy link
Member

jdumars commented Sep 11, 2017

/test pull-kubernetes-federation-e2e-gce

1 similar comment
@jdumars
Copy link
Member

jdumars commented Sep 11, 2017

/test pull-kubernetes-federation-e2e-gce

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

1 similar comment
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-ci-robot
Copy link
Contributor

@liggitt: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-e2e-gce-etcd3 55c7ce1 link /test pull-kubernetes-e2e-gce-etcd3

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 50289, 52106)

@k8s-github-robot k8s-github-robot merged commit ae8780f into kubernetes:master Sep 12, 2017
@liggitt liggitt deleted the cloud-controller-manager branch September 12, 2017 13:44
k8s-github-robot pushed a commit that referenced this pull request Mar 20, 2018
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

remove --service-account-private-key-file in v1.11

`kube-cloud-controller-manager` flag `--service-account-private-key-file` is removed in v1.11

ref: #50289


**Release note**:

```release-note
`kube-cloud-controller-manager` flag `--service-account-private-key-file` is removed in v1.11
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.