github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #122635 from carlory/KEP-2799

Browse Source 
Promote LegacyServiceAccountTokenCleanUp to GA
This commit is contained in:
Kubernetes Prow Robot 2024-02-02 12:47:23 -08:00 committed by GitHub
commit 42941cb88a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 13 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kube-controller-manager/app/controllermanager_test.go
View File

@ -146,8 +146,8 @@ func TestFeatureGatedControllersShouldNotDefineAliases(t *testing.T) {
continue continue
} }
// DO NOT ADD any new controllers here. These two controllers are an exception, because they were added before this test was introduced // DO NOT ADD any new controllers here. one controller is an exception, because it was added before this test was introduced
if name == names.LegacyServiceAccountTokenCleanerController || name == names.ResourceClaimController { if name == names.ResourceClaimController {
continue continue
} }

3
cmd/kube-controller-manager/app/core.go
View File

@ -768,9 +768,6 @@ func newLegacyServiceAccountTokenCleanerControllerDescriptor() *ControllerDescri
name: names.LegacyServiceAccountTokenCleanerController, name: names.LegacyServiceAccountTokenCleanerController,
aliases: []string{"legacy-service-account-token-cleaner"}, aliases: []string{"legacy-service-account-token-cleaner"},
initFunc: startLegacyServiceAccountTokenCleanerController, initFunc: startLegacyServiceAccountTokenCleanerController,
requiredFeatureGates: []featuregate.Feature{
features.LegacyServiceAccountTokenCleanUp, // TODO update app.TestFeatureGatedControllersShouldNotDefineAliases when removing this feature
},
} }
} }

5
pkg/features/kube_features.go
View File

@ -428,9 +428,10 @@ const (
KubeProxyDrainingTerminatingNodes featuregate.Feature = "KubeProxyDrainingTerminatingNodes" KubeProxyDrainingTerminatingNodes featuregate.Feature = "KubeProxyDrainingTerminatingNodes"
// owner: @yt2985 // owner: @yt2985
// kep: http://kep.k8s.io/2800 // kep: http://kep.k8s.io/2799
// alpha: v1.28 // alpha: v1.28
// beta: v1.29 // beta: v1.29
// GA: v1.30
// //
// Enables cleaning up of secret-based service account tokens. // Enables cleaning up of secret-based service account tokens.
LegacyServiceAccountTokenCleanUp featuregate.Feature = "LegacyServiceAccountTokenCleanUp" LegacyServiceAccountTokenCleanUp featuregate.Feature = "LegacyServiceAccountTokenCleanUp"
@ -1032,7 +1033,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
KubeProxyDrainingTerminatingNodes: {Default: true, PreRelease: featuregate.Beta}, KubeProxyDrainingTerminatingNodes: {Default: true, PreRelease: featuregate.Beta},
LegacyServiceAccountTokenCleanUp: {Default: true, PreRelease: featuregate.Beta}, LegacyServiceAccountTokenCleanUp: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // GA in 1.30; remove in 1.32
LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha}, LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha},

3
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@ -478,7 +478,7 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
}, },
}) })
} }
if utilfeature.DefaultFeatureGate.Enabled(features.LegacyServiceAccountTokenCleanUp) {
addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "legacy-service-account-token-cleaner"}, ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "legacy-service-account-token-cleaner"},
Rules: []rbacv1.PolicyRule{ Rules: []rbacv1.PolicyRule{
@ -486,7 +486,6 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
rbacv1helpers.NewRule("patch", "delete").Groups(legacyGroup).Resources("secrets").RuleOrDie(), rbacv1helpers.NewRule("patch", "delete").Groups(legacyGroup).Resources("secrets").RuleOrDie(),
}, },
}) })
}
return controllerRoles, controllerRoleBindings return controllerRoles, controllerRoleBindings
} }

4
test/integration/serviceaccount/legacy_service_account_token_clean_up_test.go
View File

@ -30,15 +30,12 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
utilfeature "k8s.io/apiserver/pkg/util/feature"
applyv1 "k8s.io/client-go/applyconfigurations/core/v1" applyv1 "k8s.io/client-go/applyconfigurations/core/v1"
clientinformers "k8s.io/client-go/informers" clientinformers "k8s.io/client-go/informers"
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
listersv1 "k8s.io/client-go/listers/core/v1" listersv1 "k8s.io/client-go/listers/core/v1"
featuregatetesting "k8s.io/component-base/featuregate/testing"
serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount" serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount"
"k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking" "k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking"
kubefeatures "k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/serviceaccount" "k8s.io/kubernetes/pkg/serviceaccount"
"k8s.io/utils/clock" "k8s.io/utils/clock"
testingclock "k8s.io/utils/clock/testing" testingclock "k8s.io/utils/clock/testing"
@ -53,7 +50,6 @@ const (
) )
func TestLegacyServiceAccountTokenCleanUp(t *testing.T) { func TestLegacyServiceAccountTokenCleanUp(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, kubefeatures.LegacyServiceAccountTokenCleanUp, true)()
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
c, config, stopFunc, informers, err := startServiceAccountTestServerAndWaitForCaches(ctx, t) c, config, stopFunc, informers, err := startServiceAccountTestServerAndWaitForCaches(ctx, t)