Merge pull request #108624 from ialidzhikov/cleanup/service-account-api-audiences

apiserver: Remove the deprecated `--service-account-api-audiences` flag
This commit is contained in:
Kubernetes Prow Robot 2022-08-02 09:15:44 -07:00 committed by GitHub
commit 3051cb2ba1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -341,12 +341,6 @@ func (o *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
"and key set are served to relying parties from a URL other than the "+
"API server's external (as auto-detected or overridden with external-hostname). ")
// Deprecated in 1.13
fs.StringSliceVar(&o.APIAudiences, "service-account-api-audiences", o.APIAudiences, ""+
"Identifiers of the API. The service account token authenticator will validate that "+
"tokens used against the API are bound to at least one of these audiences.")
fs.MarkDeprecated("service-account-api-audiences", "Use --api-audiences")
fs.DurationVar(&o.ServiceAccounts.MaxExpiration, "service-account-max-token-expiration", o.ServiceAccounts.MaxExpiration, ""+
"The maximum validity duration of a token created by the service account token issuer. If an otherwise valid "+
"TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value.")