From 70369bfe29955ad44f60afcdc9ff4c04f1d64b36 Mon Sep 17 00:00:00 2001 From: Paco Xu Date: Fri, 24 Mar 2023 10:21:50 +0800 Subject: [PATCH 1/2] remove GAed KubeletCredentialProviders --- cluster/gce/config-default.sh | 2 +- cluster/gce/gci/configure.sh | 4 ++-- pkg/features/kube_features.go | 10 ---------- .../e2e_node/plugins/gcp-credential-provider/README.md | 2 +- test/e2e_node/remote/node_e2e.go | 2 +- 5 files changed, 5 insertions(+), 15 deletions(-) diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index fc247c30f5e..c4aa4c030c7 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -556,6 +556,6 @@ export CLOUD_PROVIDER_FLAG="${CLOUD_PROVIDER_FLAG:-gce}" # are presented to kubelet: # --image-credential-provider-config=${path-to-config} # --image-credential-provider-bin-dir=${path-to-auth-provider-binary} -# Also, it is required that DisableKubeletCloudCredentialProviders and KubeletCredentialProviders +# Also, it is required that DisableKubeletCloudCredentialProviders # feature gates are set to true for kubelet to use external credential provider. ENABLE_AUTH_PROVIDER_GCP="${ENABLE_AUTH_PROVIDER_GCP:-false}" diff --git a/cluster/gce/gci/configure.sh b/cluster/gce/gci/configure.sh index 9c9e0c3139c..de52167dc9a 100644 --- a/cluster/gce/gci/configure.sh +++ b/cluster/gce/gci/configure.sh @@ -717,8 +717,8 @@ function install-kube-binary-config { # are presented to kubelet: # --image-credential-provider-config=${path-to-config} # --image-credential-provider-bin-dir=${path-to-auth-provider-binary} - # Also, it is required that DisableKubeletCloudCredentialProviders and KubeletCredentialProviders - # feature gates are set to true for kubelet to use external credential provider. + # Also, it is required that DisableKubeletCloudCredentialProviders + # feature gate is set to true for kubelet to use external credential provider. if [[ "${ENABLE_AUTH_PROVIDER_GCP:-}" == "true" ]]; then # Install out-of-tree auth-provider-gcp binary to enable kubelet to dynamically # retrieve credentials for a container image registry. diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index dae17977504..0c14c9c0512 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -436,14 +436,6 @@ const ( // yet. JobTrackingWithFinalizers featuregate.Feature = "JobTrackingWithFinalizers" - // owner: @andrewsykim @adisky @ndixita - // alpha: v1.20 - // beta: v1.24 - // GA: v1.26 - // - // Enable kubelet exec plugins for image pull credentials. - KubeletCredentialProviders featuregate.Feature = "KubeletCredentialProviders" - // owner: @AkihiroSuda // alpha: v1.22 // @@ -1036,8 +1028,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS JobTrackingWithFinalizers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - KubeletCredentialProviders: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - KubeletInUserNamespace: {Default: false, PreRelease: featuregate.Alpha}, KubeletPodResources: {Default: true, PreRelease: featuregate.Beta}, diff --git a/test/e2e_node/plugins/gcp-credential-provider/README.md b/test/e2e_node/plugins/gcp-credential-provider/README.md index 2a63d95398c..345d800db64 100644 --- a/test/e2e_node/plugins/gcp-credential-provider/README.md +++ b/test/e2e_node/plugins/gcp-credential-provider/README.md @@ -29,7 +29,7 @@ providers: 3. Configuring the following additional flags on the kubelet: ``` ---feature-gates=DisableKubeletCloudCredentialProviders=true,KubeletCredentialProviders=true +--feature-gates=DisableKubeletCloudCredentialProviders=true --image-credential-provider-config=/tmp/node-e2e-123456/credential-provider.yaml --image-credential-provider-bin-dir=/tmp/node-e2e-12345 ``` diff --git a/test/e2e_node/remote/node_e2e.go b/test/e2e_node/remote/node_e2e.go index 79944293a7a..419766a5a7c 100644 --- a/test/e2e_node/remote/node_e2e.go +++ b/test/e2e_node/remote/node_e2e.go @@ -96,7 +96,7 @@ func prependMemcgNotificationFlag(args string) string { // a credential provider plugin. func prependGCPCredentialProviderFlag(args, workspace string) string { credentialProviderConfig := filepath.Join(workspace, "credential-provider.yaml") - featureGateFlag := "--kubelet-flags=--feature-gates=DisableKubeletCloudCredentialProviders=true,KubeletCredentialProviders=true" + featureGateFlag := "--kubelet-flags=--feature-gates=DisableKubeletCloudCredentialProviders=true" configFlag := fmt.Sprintf("--kubelet-flags=--image-credential-provider-config=%s", credentialProviderConfig) binFlag := fmt.Sprintf("--kubelet-flags=--image-credential-provider-bin-dir=%s", workspace) return fmt.Sprintf("%s %s %s %s", featureGateFlag, configFlag, binFlag, args) From 27cdddeaf16717d0115d9445128520a0db85c245 Mon Sep 17 00:00:00 2001 From: Paco Xu Date: Mon, 8 May 2023 11:53:14 +0800 Subject: [PATCH 2/2] update Feature:KubeletCredentialProviders] e2e test name --- test/e2e_node/image_credential_provider.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e_node/image_credential_provider.go b/test/e2e_node/image_credential_provider.go index abf6336c511..aa77a0602e0 100644 --- a/test/e2e_node/image_credential_provider.go +++ b/test/e2e_node/image_credential_provider.go @@ -30,7 +30,7 @@ import ( admissionapi "k8s.io/pod-security-admission/api" ) -var _ = SIGDescribe("ImageCredentialProvider [Feature:KubeletCredentialProviders]", func() { +var _ = SIGDescribe("ImageCredentialProvider", func() { f := framework.NewDefaultFramework("image-credential-provider") f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged var podClient *e2epod.PodClient