diff --git a/pkg/kubelet/apis/podresources/client.go b/pkg/kubelet/apis/podresources/client.go index 2d27c623e0c..fcc6f1b903d 100644 --- a/pkg/kubelet/apis/podresources/client.go +++ b/pkg/kubelet/apis/podresources/client.go @@ -22,6 +22,7 @@ import ( "time" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" "k8s.io/kubelet/pkg/apis/podresources/v1" "k8s.io/kubelet/pkg/apis/podresources/v1alpha1" @@ -41,7 +42,10 @@ func GetV1alpha1Client(socket string, connectionTimeout time.Duration, maxMsgSiz ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout) defer cancel() - conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) + conn, err := grpc.DialContext(ctx, addr, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithContextDialer(dialer), + grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) if err != nil { return nil, nil, fmt.Errorf("error dialing socket %s: %v", socket, err) } @@ -57,7 +61,10 @@ func GetV1Client(socket string, connectionTimeout time.Duration, maxMsgSize int) ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout) defer cancel() - conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) + conn, err := grpc.DialContext(ctx, addr, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithContextDialer(dialer), + grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) if err != nil { return nil, nil, fmt.Errorf("error dialing socket %s: %v", socket, err) } diff --git a/pkg/kubelet/cm/devicemanager/plugin/v1beta1/client.go b/pkg/kubelet/cm/devicemanager/plugin/v1beta1/client.go index 13b1249009b..79436a17561 100644 --- a/pkg/kubelet/cm/devicemanager/plugin/v1beta1/client.go +++ b/pkg/kubelet/cm/devicemanager/plugin/v1beta1/client.go @@ -24,6 +24,7 @@ import ( "time" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" "k8s.io/klog/v2" api "k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1" @@ -117,7 +118,9 @@ func dial(unixSocketPath string) (api.DevicePluginClient, *grpc.ClientConn, erro ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - c, err := grpc.DialContext(ctx, unixSocketPath, grpc.WithInsecure(), grpc.WithBlock(), + c, err := grpc.DialContext(ctx, unixSocketPath, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithBlock(), grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { return (&net.Dialer{}).DialContext(ctx, "unix", addr) }), diff --git a/pkg/kubelet/cm/devicemanager/plugin/v1beta1/stub.go b/pkg/kubelet/cm/devicemanager/plugin/v1beta1/stub.go index dee1a9414aa..d354222590b 100644 --- a/pkg/kubelet/cm/devicemanager/plugin/v1beta1/stub.go +++ b/pkg/kubelet/cm/devicemanager/plugin/v1beta1/stub.go @@ -25,6 +25,7 @@ import ( "time" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/klog/v2" @@ -191,7 +192,9 @@ func (m *Stub) Register(kubeletEndpoint, resourceName string, pluginSockDir stri ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - conn, err := grpc.DialContext(ctx, kubeletEndpoint, grpc.WithInsecure(), grpc.WithBlock(), + conn, err := grpc.DialContext(ctx, kubeletEndpoint, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithBlock(), grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { return (&net.Dialer{}).DialContext(ctx, "unix", addr) })) diff --git a/pkg/kubelet/cri/remote/remote_image.go b/pkg/kubelet/cri/remote/remote_image.go index e1c88f8014b..73236896d64 100644 --- a/pkg/kubelet/cri/remote/remote_image.go +++ b/pkg/kubelet/cri/remote/remote_image.go @@ -24,6 +24,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" "k8s.io/klog/v2" @@ -51,7 +52,10 @@ func NewRemoteImageService(endpoint string, connectionTimeout time.Duration) (in ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout) defer cancel() - conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) + conn, err := grpc.DialContext(ctx, addr, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithContextDialer(dialer), + grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) if err != nil { klog.ErrorS(err, "Connect remote image service failed", "address", addr) return nil, err diff --git a/pkg/kubelet/cri/remote/remote_runtime.go b/pkg/kubelet/cri/remote/remote_runtime.go index 95e5d3f39a2..aaed9f33805 100644 --- a/pkg/kubelet/cri/remote/remote_runtime.go +++ b/pkg/kubelet/cri/remote/remote_runtime.go @@ -25,6 +25,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" "k8s.io/klog/v2" @@ -76,7 +77,10 @@ func NewRemoteRuntimeService(endpoint string, connectionTimeout time.Duration) ( ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout) defer cancel() - conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) + conn, err := grpc.DialContext(ctx, addr, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithContextDialer(dialer), + grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) if err != nil { klog.ErrorS(err, "Connect remote runtime failed", "address", addr) return nil, err diff --git a/pkg/kubelet/pluginmanager/operationexecutor/operation_generator.go b/pkg/kubelet/pluginmanager/operationexecutor/operation_generator.go index 3941d5de738..65cb549c339 100644 --- a/pkg/kubelet/pluginmanager/operationexecutor/operation_generator.go +++ b/pkg/kubelet/pluginmanager/operationexecutor/operation_generator.go @@ -30,6 +30,7 @@ import ( "k8s.io/klog/v2" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" "k8s.io/client-go/tools/record" registerapi "k8s.io/kubelet/pkg/apis/pluginregistration/v1" "k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache" @@ -178,7 +179,9 @@ func dial(unixSocketPath string, timeout time.Duration) (registerapi.Registratio ctx, cancel := context.WithTimeout(context.Background(), timeout) defer cancel() - c, err := grpc.DialContext(ctx, unixSocketPath, grpc.WithInsecure(), grpc.WithBlock(), + c, err := grpc.DialContext(ctx, unixSocketPath, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithBlock(), grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { return (&net.Dialer{}).DialContext(ctx, "unix", addr) }), diff --git a/pkg/kubelet/pluginmanager/pluginwatcher/example_handler.go b/pkg/kubelet/pluginmanager/pluginwatcher/example_handler.go index 6978826c9ce..e9a40710ea0 100644 --- a/pkg/kubelet/pluginmanager/pluginwatcher/example_handler.go +++ b/pkg/kubelet/pluginmanager/pluginwatcher/example_handler.go @@ -26,6 +26,7 @@ import ( "time" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" "k8s.io/klog/v2" registerapi "k8s.io/kubelet/pkg/apis/pluginregistration/v1" @@ -155,7 +156,9 @@ func dial(unixSocketPath string, timeout time.Duration) (registerapi.Registratio ctx, cancel := context.WithTimeout(context.Background(), timeout) defer cancel() - c, err := grpc.DialContext(ctx, unixSocketPath, grpc.WithInsecure(), grpc.WithBlock(), + c, err := grpc.DialContext(ctx, unixSocketPath, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithBlock(), grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { return (&net.Dialer{}).DialContext(ctx, "unix", addr) }), diff --git a/pkg/probe/grpc/grpc.go b/pkg/probe/grpc/grpc.go index b7720dd7793..09a8064dae5 100644 --- a/pkg/probe/grpc/grpc.go +++ b/pkg/probe/grpc/grpc.go @@ -24,6 +24,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials/insecure" grpchealth "google.golang.org/grpc/health/grpc_health_v1" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" @@ -55,7 +56,7 @@ func (p grpcProber) Probe(host, service string, port int, timeout time.Duration) opts := []grpc.DialOption{ grpc.WithUserAgent(fmt.Sprintf("kube-probe/%s.%s", v.Major, v.Minor)), grpc.WithBlock(), - grpc.WithInsecure(), //credentials are currently not supported + grpc.WithTransportCredentials(insecure.NewCredentials()), //credentials are currently not supported } ctx, cancel := context.WithTimeout(context.Background(), timeout) diff --git a/pkg/volume/csi/csi_client.go b/pkg/volume/csi/csi_client.go index fc5a6a42c50..bbbe762def2 100644 --- a/pkg/volume/csi/csi_client.go +++ b/pkg/volume/csi/csi_client.go @@ -28,6 +28,7 @@ import ( csipbv1 "github.com/container-storage-interface/spec/lib/go/csi" "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" api "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -534,7 +535,7 @@ func newGrpcConn(addr csiAddr, metricsManager *MetricsManager) (*grpc.ClientConn return grpc.Dial( string(addr), - grpc.WithInsecure(), + grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(func(ctx context.Context, target string) (net.Conn, error) { return (&net.Dialer{}).DialContext(ctx, network, target) }), diff --git a/staging/src/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go b/staging/src/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go index 1115c66d701..3f7bd4ad5dc 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go +++ b/staging/src/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go @@ -30,6 +30,7 @@ import ( "time" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" utilnet "k8s.io/apimachinery/pkg/util/net" "k8s.io/apiserver/pkg/apis/apiserver" @@ -214,7 +215,8 @@ func (u *udsGRPCConnector) connect(_ context.Context) (proxier, error) { // we cannot use ctx just for dialing and control the connection lifetime separately. // See https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/357. tunnelCtx := context.TODO() - tunnel, err := client.CreateSingleUseGrpcTunnel(tunnelCtx, udsName, dialOption, grpc.WithInsecure()) + tunnel, err := client.CreateSingleUseGrpcTunnel(tunnelCtx, udsName, dialOption, + grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { return nil, err } diff --git a/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go b/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go index 7aa5d232f8a..3013bfa0109 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go @@ -29,6 +29,7 @@ import ( "k8s.io/klog/v2" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" kmsapi "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1" ) @@ -64,7 +65,7 @@ func NewGRPCService(endpoint string, callTimeout time.Duration) (Service, error) s := &gRPCService{callTimeout: callTimeout} s.connection, err = grpc.Dial( addr, - grpc.WithInsecure(), + grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithUnaryInterceptor(s.interceptor), grpc.WithDefaultCallOptions(grpc.WaitForReady(true)), grpc.WithContextDialer(