From 7911a08fb315b459e2fccec0e7ec7ce28abc3f7c Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Wed, 14 Jul 2021 18:43:59 +0800 Subject: [PATCH] Remove ServiceAccountIssuerDiscovery feature gate --- pkg/features/kube_features.go | 12 ------------ pkg/kubeapiserver/options/authentication.go | 3 +-- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 181f9a8ae25..5b7c1691d3b 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -164,17 +164,6 @@ const ( // to the API server. BoundServiceAccountTokenVolume featuregate.Feature = "BoundServiceAccountTokenVolume" - // owner: @mtaufen - // alpha: v1.18 - // beta: v1.20 - // stable: v1.21 - // - // Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service - // account issuer in the API server. - // Note these endpoints serve minimally-compliant discovery docs that are - // intended to be used for service account token verification. - ServiceAccountIssuerDiscovery featuregate.Feature = "ServiceAccountIssuerDiscovery" - // owner: @saad-ali // ga: v1.10 // @@ -833,7 +822,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS SupportPodPidsLimit: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23 SupportNodePidsLimit: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23 BoundServiceAccountTokenVolume: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23 - ServiceAccountIssuerDiscovery: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.22 CSIMigration: {Default: true, PreRelease: featuregate.Beta}, CSIMigrationGCE: {Default: false, PreRelease: featuregate.Beta}, // Off by default (requires GCE PD CSI Driver) InTreePluginGCEUnregister: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/pkg/kubeapiserver/options/authentication.go b/pkg/kubeapiserver/options/authentication.go index 550f3d86e51..82b461ed731 100644 --- a/pkg/kubeapiserver/options/authentication.go +++ b/pkg/kubeapiserver/options/authentication.go @@ -339,8 +339,7 @@ func (o *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { "Overrides the URI for the JSON Web Key Set in the discovery doc served at "+ "/.well-known/openid-configuration. This flag is useful if the discovery doc"+ "and key set are served to relying parties from a URL other than the "+ - "API server's external (as auto-detected or overridden with external-hostname). "+ - "Only valid if the ServiceAccountIssuerDiscovery feature gate is enabled.") + "API server's external (as auto-detected or overridden with external-hostname). ") // Deprecated in 1.13 fs.StringSliceVar(&o.APIAudiences, "service-account-api-audiences", o.APIAudiences, ""+