Merge pull request #111616 from ndixita/credential-api-ga

Move the Kubelet Credential Provider feature to GA and Update the Credential Provider API to GA
2025-09-13 13:14:05 +00:00 · 2022-10-15 07:53:09 -07:00
parent b6e8dfec61 20fa9635d6
commit 6f579d3ceb
36 changed files with 1308 additions and 29 deletions
--- a/test/e2e_node/plugins/gcp-credential-provider/main.go
+++ b/test/e2e_node/plugins/gcp-credential-provider/main.go
@@ -27,7 +27,7 @@ import (

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog/v2"
-	credentialproviderv1beta1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1"
+	credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
 )

 const metadataTokenEndpoint = "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/token"
@@ -51,7 +51,7 @@ func getCredentials(tokenEndpoint string, r io.Reader, w io.Writer) error {
 		return err
 	}

-	var authRequest credentialproviderv1beta1.CredentialProviderRequest
+	var authRequest credentialproviderv1.CredentialProviderRequest
 	err = json.Unmarshal(data, &authRequest)
 	if err != nil {
 		return err
@@ -62,12 +62,12 @@ func getCredentials(tokenEndpoint string, r io.Reader, w io.Writer) error {
 		return err
 	}

-	response := &credentialproviderv1beta1.CredentialProviderResponse{
+	response := &credentialproviderv1.CredentialProviderResponse{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "CredentialProviderResponse",
-			APIVersion: "credentialprovider.kubelet.k8s.io/v1beta1",
+			APIVersion: "credentialprovider.kubelet.k8s.io/v1",
 		},
-		CacheKeyType: credentialproviderv1beta1.RegistryPluginCacheKeyType,
+		CacheKeyType: credentialproviderv1.RegistryPluginCacheKeyType,
 		Auth:         auth,
 	}

--- a/test/e2e_node/plugins/gcp-credential-provider/main_test.go
+++ b/test/e2e_node/plugins/gcp-credential-provider/main_test.go
@@ -36,7 +36,7 @@ func Test_getCredentials(t *testing.T) {
 	server := httptest.NewServer(&fakeTokenServer{token: "abc123"})
 	defer server.Close()

-	in := bytes.NewBuffer([]byte(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1beta1","image":"gcr.io/foobar"}`))
+	in := bytes.NewBuffer([]byte(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1","image":"gcr.io/foobar"}`))
 	out := bytes.NewBuffer(nil)

 	err := getCredentials(server.URL, in, out)
@@ -44,7 +44,7 @@ func Test_getCredentials(t *testing.T) {
 		t.Fatalf("unexpected error running getCredentials: %v", err)
 	}

-	expected := `{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1beta1","cacheKeyType":"Registry","auth":{"*.gcr.io":{"username":"_token","password":"abc123"},"*.pkg.dev":{"username":"_token","password":"abc123"},"container.cloud.google.com":{"username":"_token","password":"abc123"},"gcr.io":{"username":"_token","password":"abc123"}}}
+	expected := `{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1","cacheKeyType":"Registry","auth":{"*.gcr.io":{"username":"_token","password":"abc123"},"*.pkg.dev":{"username":"_token","password":"abc123"},"container.cloud.google.com":{"username":"_token","password":"abc123"},"gcr.io":{"username":"_token","password":"abc123"}}}
 `

 	if out.String() != expected {
--- a/test/e2e_node/plugins/gcp-credential-provider/provider.go
+++ b/test/e2e_node/plugins/gcp-credential-provider/provider.go
@@ -25,7 +25,7 @@ import (
 	"io/ioutil"
 	"net/http"

-	credentialproviderv1beta1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1"
+	credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
 )

 const (
@@ -59,8 +59,8 @@ type provider struct {
 	tokenEndpoint string
 }

-func (p *provider) Provide(image string) (map[string]credentialproviderv1beta1.AuthConfig, error) {
-	cfg := map[string]credentialproviderv1beta1.AuthConfig{}
+func (p *provider) Provide(image string) (map[string]credentialproviderv1.AuthConfig, error) {
+	cfg := map[string]credentialproviderv1.AuthConfig{}

 	tokenJSONBlob, err := readURL(p.tokenEndpoint, p.client)
 	if err != nil {
@@ -72,7 +72,7 @@ func (p *provider) Provide(image string) (map[string]credentialproviderv1beta1.A
 		return cfg, err
 	}

-	authConfig := credentialproviderv1beta1.AuthConfig{
+	authConfig := credentialproviderv1.AuthConfig{
 		Username: "_token",
 		Password: parsedBlob.AccessToken,
 	}
--- a/test/e2e_node/remote/utils.go
+++ b/test/e2e_node/remote/utils.go
@@ -49,10 +49,10 @@ const cniConfig = `{
 `

 const credentialProviderConfig = `kind: CredentialProviderConfig
-apiVersion: kubelet.config.k8s.io/v1beta1
+apiVersion: kubelet.config.k8s.io/v1
 providers:
  - name: gcp-credential-provider
-    apiVersion: credentialprovider.kubelet.k8s.io/v1beta1
+    apiVersion: credentialprovider.kubelet.k8s.io/v1
    matchImages:
    - "gcr.io"
    - "*.gcr.io"