-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove basic authentication support for k8s 1.19+ #8783
Conversation
707c790
to
9ad0f5f
Compare
9ad0f5f
to
7debe25
Compare
Adding some context: The updown prow job was failing because the kube-apiserver pod was in a crashloop. There were no logs in /var/log/kube-apiserver.log so the job artifact was empty. I manually launched a cluster using the same Kops creates basic auth credentials for each cluster (visible from a We came up with a few options on how to proceed:
My main concern with this dropping of support is providing any sort of workaround for users of basic auth, if possible. Since kops creates these credentials, we'll need to make it known that they will no longer work, as well as no longer create these credentials for new clusters (or even delete them for existing clusters? possible downgrade concerns there...). The k/k commit mentions Anyone else have any thoughts or suggestions? This is blocking a lot of visibility into our e2e jobs. I'll add a note to discuss this at office hours as well. |
Additionally, it'd be great to find out why the /var/log/kube-apiserver.log files were empty. My guess is that the container exited before |
7debe25
to
b905064
Compare
b905064
to
ad8e1ce
Compare
Co-Authored-By: John Gardiner Myers <jgmyers@proofpoint.com>
Nice, I like this compromise of disabling by default for one k8s version before removing /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman, rifelpet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Support for basic auth was removed in Kubernetes 1.19: kubernetes/kubernetes#89069.
Kops e2e test are failing since this was merged. @rifelpet and me tracked this issue and tested that
kube-apiserver
can start now.https://testgrid.k8s.io/sig-cluster-lifecycle-kops#kops-aws-updown