Merge pull request #108624 from ialidzhikov/cleanup/service-account-api-audiences

apiserver: Remove the deprecated `--service-account-api-audiences` flag
2025-07-29 14:37:00 +00:00 · 2022-08-02 09:15:44 -07:00 · 2022-08-02 09:15:44 -07:00 · 3051cb2ba1
commit 3051cb2ba1
parent 0d46dc1f46 92707cafbb
1 changed files with 0 additions and 6 deletions
--- a/pkg/kubeapiserver/options/authentication.go
+++ b/pkg/kubeapiserver/options/authentication.go
@ -341,12 +341,6 @@ func (o *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
 			"and key set are served to relying parties from a URL other than the "+
 			"API server's external (as auto-detected or overridden with external-hostname). ")

-		// Deprecated in 1.13
-		fs.StringSliceVar(&o.APIAudiences, "service-account-api-audiences", o.APIAudiences, ""+
-			"Identifiers of the API. The service account token authenticator will validate that "+
-			"tokens used against the API are bound to at least one of these audiences.")
-		fs.MarkDeprecated("service-account-api-audiences", "Use --api-audiences")
-
 		fs.DurationVar(&o.ServiceAccounts.MaxExpiration, "service-account-max-token-expiration", o.ServiceAccounts.MaxExpiration, ""+
 			"The maximum validity duration of a token created by the service account token issuer. If an otherwise valid "+
 			"TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value.")