Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: remove --insecure-allow-any-token option #49045

Merged
merged 1 commit into from
Jul 19, 2017
Merged

*: remove --insecure-allow-any-token option #49045

merged 1 commit into from
Jul 19, 2017

Conversation

ericchiang
Copy link
Contributor

@ericchiang ericchiang commented Jul 17, 2017
edited
Loading

Since the authenticator is still used in e2e tests, don't remove
the actual package. Maybe a follow up?

edit: e2e and integration tests have been switched over to the tokenfile
authenticator instead.

The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.

closes #49031

cc @kubernetes/sig-auth-pr-reviews

@k8s-ci-robot k8s-ci-robot added sig/auth Categorizes an issue or PR as relevant to SIG Auth. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jul 17, 2017
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Jul 17, 2017
@luxas luxas added release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. and removed release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Jul 17, 2017
@ericchiang ericchiang force-pushed the remove-anytoken-authenticator-option branch 2 times, most recently from 0b02ee7 to 828e964 Compare July 17, 2017 23:00
@ericchiang
Copy link
Contributor Author

/test pull-kubernetes-federation-e2e-gce

@ncdc
Copy link
Member

ncdc commented Jul 18, 2017

/unassign
/assign @liggitt
FYI @mattmoyer

@k8s-ci-robot k8s-ci-robot assigned liggitt and unassigned ncdc Jul 18, 2017
@liggitt
Copy link
Member

liggitt commented Jul 18, 2017

Since the authenticator is still used in e2e tests, don't remove the actual package. Maybe a follow up?

If we're going to remove it, let's remove it.

@ericchiang ericchiang force-pushed the remove-anytoken-authenticator-option branch from 828e964 to 1a267db Compare July 18, 2017 16:51
@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 18, 2017
@ericchiang ericchiang force-pushed the remove-anytoken-authenticator-option branch from 1a267db to 7636491 Compare July 18, 2017 18:37
@ericchiang
*: remove --insecure-allow-any-token option
e2f2ab6 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
@ericchiang ericchiang force-pushed the remove-anytoken-authenticator-option branch from 7636491 to e2f2ab6 Compare July 18, 2017 23:04
@ericchiang
Copy link
Contributor Author

/test pull-kubernetes-kubemark-e2e-gce

@ericchiang
Copy link
Contributor Author

Fully removed

@deads2k
Copy link
Contributor

deads2k commented Jul 19, 2017

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 19, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, ericchiang

Associated issue: 49031

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 19, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

@k8s-github-robot k8s-github-robot merged commit b78fc20 into kubernetes:master Jul 19, 2017
@ericchiang ericchiang deleted the remove-anytoken-authenticator-option branch July 19, 2017 17:29
@php-coder php-coder mentioned this pull request Jul 25, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@liggitt liggitt

@enisoc enisoc

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove --insecure-allow-any-token authenticator
8 participants
@ericchiang @ncdc @liggitt @deads2k @k8s-github-robot @luxas @enisoc @k8s-ci-robot