Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kube-up: ensure tokens file is correct on upgrades/downgrades #43676

Merged
merged 2 commits into from
Mar 27, 2017
Merged

kube-up: ensure tokens file is correct on upgrades/downgrades #43676

merged 2 commits into from
Mar 27, 2017

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Mar 26, 2017
edited
Loading

Fixes #43668

1.5 hard-codes authorization rules, but if the known_tokens.csv file already exists, it does not ensure it works with those authorization rules.

kube-up (with gce/gci and gce/coreos providers) now ensures the authentication token file contains correct tokens for the control plane components, even if the file already exists (ensures upgrades and downgrades work successfully)

This issue was fixed in 1.6 for the gce and coreos providers. This PR picks those fixes for the control plane elements from these commits:

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 26, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@k8s-github-robot k8s-github-robot added do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note-label-needed labels Mar 26, 2017
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 26, 2017
@liggitt liggitt force-pushed the fixup-tokens branch 2 times, most recently from c48397c to 2d614e3 Compare March 26, 2017 22:04
@k8s-github-robot k8s-github-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Mar 27, 2017
@liggitt liggitt added this to the v1.5 milestone Mar 27, 2017
@liggitt
Copy link
Member Author

liggitt commented Mar 27, 2017
edited
Loading

@euank @yifan-gu @ethernetdan PTAL at the coreos change

@cjcullen @mikedanese PTAL at the gci change

cc @saad-ali @mwielgus @enisoc for v1.5.6 build

@cjcullen
Copy link
Member

change LGTM, as long as this is a kosher way to fix downgrades...

@liggitt
Copy link
Member Author

liggitt commented Mar 27, 2017
edited
Loading

It's one of several upgrade/downgrade related changes that will be in v1.5.6:

#43532
#42423
#43041

We'd want to fix it regardless.

@yifan-gu
Copy link
Contributor

Changes lgtm, but @ethernetdan said he has problems verifying the PR on coreos. Will be investigating.

@mikedanese
Copy link
Member

/approve

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 27, 2017
@mwielgus
Copy link
Contributor

/lgtm
applying lgtm per @cjcullen (and thumbs-up from @calebamiles on slack)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 27, 2017
@mwielgus mwielgus added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cherrypick-candidate labels Mar 27, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, mikedanese, mwielgus

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@mwielgus mwielgus removed the do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. label Mar 27, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 7eb4d69 into kubernetes:release-1.5 Mar 27, 2017
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.5" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

@liggitt
Copy link
Member Author

liggitt commented Mar 28, 2017

successfully upgraded v1.5.5 -> ci/latest-1.6 -> ci/latest-1.5 and ensured kube-proxy and kube-dns were functioning correctly after upgrade and downgrade, and tokens file contained correct control plane users after each step

@liggitt liggitt mentioned this pull request Mar 28, 2017
Closed
@liggitt liggitt deleted the fixup-tokens branch April 22, 2019 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mikedanese mikedanese

@enisoc enisoc

@cjcullen cjcullen

@saad-ali saad-ali

@mwielgus mwielgus

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.5
Development

Successfully merging this pull request may close these issues.