Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds a number of flags/options #4799

Closed
wants to merge 2 commits into from
Closed

Adds a number of flags/options #4799

wants to merge 2 commits into from

Conversation

valdisrigdon
Copy link

These flags are required to comply with various parts of the CIS Kubernetes Benchmark.

The ability to disable basic and token auth are parts of the CIS Kubernetes Benchmark, but that isn't as simple as a flag, so it's added as a second commit.

@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 26, 2018
@valdisrigdon
Copy link
Author

CLA is signed.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Mar 26, 2018
@mikesplain
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Mar 26, 2018
@valdisrigdon valdisrigdon force-pushed the more-flags branch 2 times, most recently from d6aad3f to 10ed493 Compare March 26, 2018 17:58
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 27, 2018
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 28, 2018
mikesplain
mikesplain reviewed Mar 29, 2018
View reviewed changes
pkg/apis/kops/componentconfig.go
// CAdvisorPort The port of the localhost cAdvisor endpoint (set to 0 to disable) (default 4194)
CAdvisorPort *int32 `json:"cadvisorPort,omitempty" flag:"cadvisor-port"`
// ProtectKernelDefaults Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults.
ProtectKernelDefaults *bool `json:"protectKernelDefaults,omitempty" flag:"protect-kernel-defaults"`
Copy link
Contributor

@mikesplain mikesplain Mar 29, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should any of these be documented? None jump out to me as something most users would adjust but worth thinking about.

pkg/apis/kops/componentconfig.go
// DisableBasicAuth removes the --basic-auth-file flag
DisableBasicAuth bool `json:"disableBasicAuth,omitempty"`
// EnableTokenAuth removes the --token-auth-file flag
DisableTokenAuth bool `json:"disableTokenAuth,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get docs for these included in this commit?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated the commit to include docs for these two options.

@mikesplain
Copy link
Contributor

Looks pretty good, thanks for the contribution @valdisrigdon!

/assign

@mikesplain
Copy link
Contributor

Great thanks so much @valdisrigdon!
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 30, 2018
@chrislovecnm
Copy link
Contributor

We are close to 1.9, so we are probably going to hold this for 1.10. The 1.10 is going to be a pretty quick turn around.

@mikesplain
Copy link
Contributor

Agreed @chrislovecnm :)

@justinsb justinsb added this to the 1.10 milestone Apr 2, 2018
@valdisrigdon
Copy link
Author

Can this merge now that 1.9.0 is cut?

@valdisrigdon valdisrigdon mentioned this pull request Apr 17, 2018
Closed
@mikesplain
Copy link
Contributor

/assign @chrislovecnm

Mind taking another look at this?

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 11, 2018
@chrislovecnm
Copy link
Contributor

Can we get this rebased? Ping me on slack and I will take a look after a rebase. Thanks

@kaazoo
Copy link

kaazoo commented May 15, 2018

Any update?

@fernandocarletti fernandocarletti mentioned this pull request Aug 9, 2018
Merged
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 6, 2018
@justinsb justinsb modified the milestones: 1.11, 1.12 Nov 19, 2018
@eupestov eupestov mentioned this pull request Dec 10, 2018
Open
@carpenterm
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 17, 2018
@justinsb justinsb modified the milestones: 1.12, backlog Mar 15, 2019
@Peter-Lankton
Copy link

So, has this been added, yet?

@johannes-gehrs
Copy link
Contributor

This PR would be important for my org. Let me know if I can help getting this merged (as a non-KOPS-committer).

@jaybe78
Copy link

jaybe78 commented May 8, 2019

how long before merging this ? can someone give an update ?

@mat285
Copy link

mat285 commented Jul 9, 2019

Any updates on this?

@mpfgomes
Copy link

+1

@msiuts
Copy link

msiuts commented Sep 13, 2019

Are there any updates on this? Something one could do to speed this up?

@javierlga
Copy link

Any updates? I'm doing some hardening to my cluster

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 2, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 1, 2020
@mikesplain
Copy link
Contributor

/remove-lifecycle-rotten

@mikesplain mikesplain removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Apr 2, 2020
@michalschott michalschott mentioned this pull request Apr 23, 2020
Merged
@olemarkus
Copy link
Member

With #8967 merged and no activity here for quite some time, I guess this one can be closed now.

@mikesplain
Copy link
Contributor

Thanks @olemarkus agreed.

/close

@k8s-ci-robot
Copy link
Contributor

@mikesplain: Closed this PR.

In response to this:

Thanks @olemarkus agreed.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinsb justinsb justinsb left review comments

@mikesplain mikesplain mikesplain left review comments

Assignees

@chrislovecnm chrislovecnm

@mikesplain mikesplain

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. waiting-for-input
Projects
None yet
Milestone
backlog
Development

Successfully merging this pull request may close these issues.

None yet