Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove generation of static tokens for cluster members #11567

Merged
merged 2 commits into from
Sep 26, 2024
Merged

Remove generation of static tokens for cluster members #11567

merged 2 commits into from
Sep 26, 2024

Conversation

VannTen
Copy link
Contributor

@VannTen VannTen commented Sep 24, 2024
edited
Loading

What type of PR is this?
/kind cleanup

What this PR does / why we need it:
This removes the generation of static tokens for the node in the Kubernetes cluster.
kube_token_auth is disabled by default since d487b2f (in 2017).
I also don't think that we actually using it for the nodes even when kube_token_auth is true.
This DOES NOT remove kube_token_auth.

Special notes for your reviewer:
This does needs some discussion, so I'll remove implicit approval
/unapprove

Does this PR introduce a user-facing change?:

action required
Removes the generation of static tokens for every node in the cluster when `kube_token_auth: true`

/label tide/merge-method-merge

@VannTen
Don't generate static tokens for nodes and control planes
baf0a33 
Nodes to api-server relies by default certificates, and bootstrap
tokens, and there should be no need to generate tokens for every nodes,
even when enabling static token auth.
@VannTen
k8s/control-plane: cleanup excessive defaulting
a2a2dfa
@k8s-ci-robot k8s-ci-robot added release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Sep 24, 2024
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 24, 2024
@VannTen
Copy link
Contributor Author

VannTen commented Sep 24, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Sep 24, 2024
@VannTen
Copy link
Contributor Author

VannTen commented Sep 24, 2024

/approve cancel

@k8s-ci-robot k8s-ci-robot removed the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 24, 2024
MrFreezeex
MrFreezeex approved these changes Sep 24, 2024
View reviewed changes
Copy link
Member

@MrFreezeex MrFreezeex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, that's a nice cleanup :D
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 24, 2024
@VannTen
Copy link
Contributor Author

VannTen commented Sep 26, 2024

@ant31 @mzaian wdyt @mattymo wdyt ?

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MrFreezeex, mzaian

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 26, 2024
@k8s-ci-robot k8s-ci-robot merged commit 6c112a9 into kubernetes-sigs:master Sep 26, 2024
40 checks passed
@tico88612 tico88612 mentioned this pull request Nov 27, 2024
Closed
@VannTen VannTen deleted the cleanup/remove_node_static_token_generation branch November 29, 2024 10:30
@sathieu
Copy link
Contributor

sathieu commented Jan 8, 2025

@VannTen Is there anything we should do on existing clusters to clean up?

@VannTen
Copy link
Contributor Author

VannTen commented Jan 8, 2025 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrFreezeex MrFreezeex MrFreezeex approved these changes

@mzaian mzaian mzaian approved these changes

@yankay yankay Awaiting requested review from yankay

Assignees

@MrFreezeex MrFreezeex

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@VannTen @k8s-ci-robot @sathieu @mzaian @MrFreezeex