Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate and Remove audit.k8s.io/v1[alpha|beta]1 Versions #98035

Closed
vpnachev opened this issue Jan 13, 2021 · 16 comments · Fixed by #108092
Closed

Deprecate and Remove audit.k8s.io/v1[alpha|beta]1 Versions #98035

vpnachev opened this issue Jan 13, 2021 · 16 comments · Fixed by #108092
Assignees
@carlory @CKchen0726
Labels
area/audit help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth Old
Milestone
v1.24

Comments

@vpnachev
Copy link
Contributor

vpnachev commented Jan 13, 2021
edited
Loading

What would you like to be added:
Since k8s v1.12 the API audit.k8s.io has a stable version V1, ref: #65891.
However, the v1alpha1 and v1beta1 versions of the API are still not deprecated and available

If they got removed, the kube-apiserver flags --audit-log-version and --audit-webhook-version will accept only single valid value audit.k8s.io/v1, so these flags can be also deprecated at the moment, however I lean toward keeping them in case a new API version is implemented in the future.

/area audit
/sig auth
/kind deprecation
/kind cleanup
/kind api-change
@vpnachev vpnachev added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 13, 2021
@k8s-ci-robot k8s-ci-robot added area/audit sig/auth Categorizes an issue or PR as relevant to SIG Auth. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 13, 2021
@vpnachev
Copy link
Contributor Author

/kind deprecation

@k8s-ci-robot k8s-ci-robot added the kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. label Jan 13, 2021
@CKchen0726
Copy link
Contributor

/assign

@liggitt
Copy link
Member

liggitt commented Jan 20, 2021

cc @soltysh @tallclair

Marking the alpha/beta version as deprecated and starting the clock on them seems reasonable. That would also mean warning if a version other than audit.k8s.io/v1 was passed to those two flags.

@liggitt
Copy link
Member

liggitt commented Jan 20, 2021

/triage accepted
/help-wanted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 20, 2021
@liggitt liggitt added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Jan 20, 2021
@carlory
Copy link
Member

carlory commented Jan 27, 2021

/assign

@carlory carlory mentioned this issue Feb 8, 2021
Merged
@carlory
Copy link
Member

carlory commented Feb 8, 2021

@liggitt I send a pr about it, but it failed in some tests. Can you give me some guide? how to deprecate some audit versions located at staging/src/k8s.io/apiserver?

@vpnachev vpnachev mentioned this issue Mar 16, 2021
Merged
@vpnachev
Copy link
Contributor Author

Now when #98858 is merged, should this issue be closed as fixed?

@carlory
Copy link
Member

carlory commented Mar 17, 2021

@vpnachev audit.k8s.io/v1[alpha|beta]1 versions will be removed in v1.24.

release notes:

`audit.k8s.io/v1beta1` and `audit.k8s.io/v1alpha1` audit policy configuration and audit events are deprecated in favor of `audit.k8s.io/v1`, available since v1.13. kube-apiserver invocations that specify alpha or beta policy configurations with `--audit-policy-file`, or explicitly request alpha or beta audit events with `--audit-log-version` / `--audit-webhook-version` must update to use `audit.k8s.io/v1` and accept `audit.k8s.io/v1` events prior to v1.24.

@enj enj added this to Backlog in SIG Auth Old Apr 9, 2021
@liggitt liggitt moved this from Needs Triage to Backlog in SIG Auth Old May 24, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 15, 2021
@vpnachev
Copy link
Contributor Author

Now when #98858 is merged, should this issue be closed as fixed?

Still valid question. @liggitt any opinion? Should it stay open till v1[alpha|beta]1 are removed in 1.24 or we can close it now?

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 15, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 13, 2021
@ialidzhikov
Copy link
Contributor

Still valid question. @liggitt any opinion? Should it stay open till v1[alpha|beta]1 are removed in 1.24 or we can close it now?

ping @liggitt

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 13, 2021
@liggitt liggitt added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Sep 14, 2021
@liggitt liggitt added this to the v1.24 milestone Sep 14, 2021
@liggitt
Copy link
Member

liggitt commented Sep 14, 2021

we can keep it open until then

@doshyt
Copy link

doshyt commented Jan 29, 2022

@liggitt - I'm from Bug triage for 1.24. This issue caught my eye since there were no updates for a long time. It seems everything is done and ready to be wrapped. Do you prefer this issue to be closed after 1.24 is released or now while we are in it? Thanks!

@enj
Copy link
Member

enj commented Jan 31, 2022

/assign @ritazh

@carlory carlory mentioned this issue Feb 13, 2022
Merged
@ritazh
Copy link
Member

ritazh commented Feb 23, 2022

/unassign
/assign @carlory

@ritazh ritazh moved this from Backlog to In Progress in SIG Auth Old Feb 28, 2022
SIG Auth Old automation moved this from In Progress to Closed / Done Mar 8, 2022
zachmandeville added a commit to kubernetes-sigs/apisnoop that referenced this issue Jan 9, 2023
@zachmandeville
Update audit and kubeadm policies in kind startup
79f96fc 
This update makes our config work with latest kind version 0.17.0 and
latest kubernetes version v1beta3.  The audit policy version needed to
be updated, as beta versions were deprecated.  See:
kubernetes/kubernetes#98035
@zachmandeville zachmandeville mentioned this issue Jan 9, 2023
Merged
zachmandeville added a commit to kubernetes-sigs/apisnoop that referenced this issue Jan 9, 2023
@zachmandeville
Update audit and kubeadm policies in kind startup
aeb3658 
This update makes our config work with latest kind version 0.17.0 and
latest kubernetes version v1beta3.  The audit policy version needed to
be updated, as beta versions were deprecated.  See:
kubernetes/kubernetes#98035

Signed-off-by: zim <webmaster@coolguy.website>
@zachmandeville zachmandeville mentioned this issue Jan 9, 2023
Closed
@haiwu haiwu mentioned this issue May 30, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carlory carlory

@CKchen0726 CKchen0726

Labels
area/audit help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG Auth Old
Closed / Done
Milestone
v1.24
Development

Successfully merging a pull request may close this issue.

remove audit.k8s.io/v1[alpha|beta]1 versions carlory/kubernetes