pkg/types/aws/machinepool: Drop IAM-role overrides #1154
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci-robot
added
size/L
wking
force-pushed
the
remove-user-facing-instance-profile-knobs
branch
from
3feb1d8 to
5b46586
Compare
wking
force-pushed
the
remove-user-facing-instance-profile-knobs
branch
from
5b46586 to
dca6982
Compare
|
I've pushed 5b46586 -> dca6982, fixing some broken |
wking
force-pushed
the
remove-user-facing-instance-profile-knobs
branch
2 times, most recently
from
fa74b39 to
93df306
Compare
|
image timed out awaiting headers (openshift/release#2505). /test images |
|
/retest |
/retest |
wking
force-pushed
the
remove-user-facing-instance-profile-knobs
branch
from
93df306 to
5b005cb
Compare
|
I've pushed 93df306 -> 5b005cb to address: because CI continues to supply the v1beta1 install config (although it does not set the property I'm removing). |
/retest |
wking
force-pushed
the
remove-user-facing-instance-profile-knobs
branch
from
5b005cb to
80b3bf4
Compare
openshift-ci-robot
added
needs-rebase
We're planning on dropping instance profiles in favor of the new credentials operator [1], because we want AWS access to have operator/pod/namespace granularity and not instance granularity. Many pods could be running on a given instance, and not all of them should have a given permission. While we're blocked from dropping these at the moment due to kubelet cloud-config+secrets [2], we can drop the user-facing knobs for this feature now. Then pivoting the internal approach once we get the kubelet sorted will be a non-breaking change. [1]: https://github.com/openshift/cloud-credential-operator [2]: openshift#697 (comment)
wking
force-pushed
the
remove-user-facing-instance-profile-knobs
branch
from
80b3bf4 to
3b393da
Compare
openshift-ci-robot
added
size/L
Probably the CI master CPU pegging from last night. /retest |
/retest |
|
All green :) |
|
I consider this a bug fix. /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: crawford, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
wking
added a commit
to wking/openshift-release
that referenced
this pull request
Feb 2, 2019
To keep up with openshift/installer@3b393da (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154). The change only affected AWS, and we didn't set the removed property anyway.
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 14, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013) and openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 14, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013) and openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 14, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013), openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154), and openshift/installer@9ad20c35 (pkg/destroy/aws: Remove ClusterName consumer, 2019-01-31, openshift/installer#1170). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 14, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013), openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154), and openshift/installer@9ad20c35 (pkg/destroy/aws: Remove ClusterName consumer, 2019-01-31, openshift/installer#1170). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 14, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013), openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154), and openshift/installer@9ad20c35 (pkg/destroy/aws: Remove ClusterName consumer, 2019-01-31, openshift/installer#1170). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 14, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013), openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154), and openshift/installer@9ad20c35 (pkg/destroy/aws: Remove ClusterName consumer, 2019-01-31, openshift/installer#1170). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
csrwng
pushed a commit
to csrwng/hive
that referenced
this pull request
Feb 19, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013), openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154), and openshift/installer@9ad20c35 (pkg/destroy/aws: Remove ClusterName consumer, 2019-01-31, openshift/installer#1170). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/hive
that referenced
this pull request
Feb 21, 2019
Catching up with openshift/installer@dafc79f0 (Generate Network.cluster config instead of NetworkConfig.networkoperator, 2019-01-15, openshift/installer#1013), openshift/installer@3b393da8 (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift/installer#1154), and openshift/installer@9ad20c35 (pkg/destroy/aws: Remove ClusterName consumer, 2019-01-31, openshift/installer#1170). The uint32 -> int32 cast is slightly dangerous, because it will silently wrap overflowing values [1,2]. But I'll try and get the installer updated to use unsigned types as well, and then we won't have to worry about converting. [1]: golang/go#19624 [2]: golang/go#30209
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Feb 26, 2019
I'd kept this in 3b393da (pkg/types/aws/machinepool: Drop IAM-role overrides, 2019-01-30, openshift#1154) to support CI. But with openshift/release@d31f601e (ci-operator/templates/openshift: Bump install-config.yaml to v1beta2, 2019-02-02, openshift/release#2772) and openshift/hive@ab7ee975 (*: Bump to install-config v0.12.0, 2019-02-14, openshift/hive#222) landed, we no longer need the workaround.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We're planning on dropping instance profiles in favor of the new credentials operator, because we want AWS access to have operator/pod/namespace granularity and not instance granularity. Many pods could be running on a given instance, and not all of them should have a given permission. While we're blocked from dropping these at the moment due to kubelet cloud-config+secrets, we can drop the user-facing knobs for this feature now. Then pivoting the internal approach once we get the kubelet sorted will be a non-breaking change.
CC @rajatchopra.