Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/k8s: use subresource "nodes/status" to update node annotations #19590

Merged
merged 1 commit into from
Apr 28, 2022
Merged

pkg/k8s: use subresource "nodes/status" to update node annotations #19590

merged 1 commit into from
Apr 28, 2022

Conversation

aanm
Copy link
Member

@aanm aanm commented Apr 27, 2022

We can use the "status" subresource to update node annotations which
also allow us to reduce the clusterrole's permissions of the cilium
DaemonSet even further.

Signed-off-by: André Martins andre@cilium.io

@aanm aanm requested a review from a team April 27, 2022 12:35
@aanm aanm requested a review from a team as a code owner April 27, 2022 12:35
@aanm aanm requested a review from sayboras April 27, 2022 12:35
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 27, 2022
@aanm
Copy link
Member Author

aanm commented Apr 27, 2022

/test

@aanm aanm force-pushed the pr/trim-down-cilium-clusterrole branch from a90ff4e to f1c2c89 Compare April 27, 2022 12:42
@aanm
Copy link
Member Author

aanm commented Apr 27, 2022

/test

@aanm aanm added release-note/misc This PR makes changes that have no direct user impact. release-blocker/1.12 This issue will prevent the release of the next version of Cilium. labels Apr 27, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 27, 2022
@aanm aanm force-pushed the pr/trim-down-cilium-clusterrole branch from f1c2c89 to 6f5b095 Compare April 27, 2022 15:09
@aanm
Copy link
Member Author

aanm commented Apr 27, 2022
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.22-kernel-4.19' failed:

Click to show.

Test Name

K8sServicesTest Checks graceful termination of service endpoints Checks client terminates gracefully on service endpoint deletion

Failure Output

FAIL: Timed out after 60.001s.

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.22-kernel-4.19 so I can create one.

@aanm aanm requested a review from sayboras April 27, 2022 15:09
sayboras
sayboras approved these changes Apr 27, 2022
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :shipit:

$ kg node kind-worker -o json | jq .metadata.annotations                 
{
  "io.cilium.network.ipv4-cilium-host": "10.0.0.227",
  "io.cilium.network.ipv4-health-ip": "10.0.0.190",
  "io.cilium.network.ipv4-pod-cidr": "10.0.0.0/24",
  "kind.x-k8s.io/registry": "localhost:5000",
  "kubeadm.alpha.kubernetes.io/cri-socket": "unix:///run/containerd/containerd.sock",
  "node.alpha.kubernetes.io/ttl": "0",
  "volumes.kubernetes.io/controller-managed-attach-detach": "true"
}

@aanm
pkg/k8s: use subresource "nodes/status" to update node annotations
1add133 
We can use the "status" subresource to update node annotations which
also allow us to reduce the clusterrole's permissions of the cilium
DaemonSet even further.

Signed-off-by: André Martins <andre@cilium.io>
@aanm aanm force-pushed the pr/trim-down-cilium-clusterrole branch from 6f5b095 to 1add133 Compare April 27, 2022 21:37
@aanm
Copy link
Member Author

aanm commented Apr 27, 2022

/(test-1.22-4.19

@aanm
Copy link
Member Author

aanm commented Apr 27, 2022

/test-1.22-4.19

@aanm aanm merged commit 9014253 into cilium:master Apr 28, 2022
@aanm aanm deleted the pr/trim-down-cilium-clusterrole branch April 28, 2022 01:05
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport pending to v1.10 in 1.11.5 May 3, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport pending to v1.10 in 1.10.11 May 3, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport pending to v1.9 in 1.9.16 May 3, 2022
This was referenced May 3, 2022
Merged
Merged
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.10 to Backport done to v1.10 in 1.10.11 May 4, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.9 to Backport done to v1.9 in 1.9.16 May 4, 2022
@aanm aanm added backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. and removed backport-pending/1.11 labels May 4, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.10 to Backport done to v1.11 in 1.11.5 May 4, 2022
This was referenced May 9, 2022
Merged
Merged
Merged
@sayboras sayboras mentioned this pull request May 16, 2022
Closed
2 tasks
@cure53
Copy link

cure53 commented Nov 15, 2022

✔️ LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

Assignees
No one assigned
Labels
backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. release-blocker/1.12 This issue will prevent the release of the next version of Cilium. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
1.10.11
Backport done to v1.10
1.11.5
Backport done to v1.11
1.9.16
Backport done to v1.9
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@aanm @cure53 @sayboras