Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deprecate audit.k8s.io/v1[alpha|beta]1 versions #98858

Merged
merged 1 commit into from Mar 4, 2021
Merged

deprecate audit.k8s.io/v1[alpha|beta]1 versions #98858

merged 1 commit into from Mar 4, 2021

Conversation

carlory
Copy link
Member

@carlory carlory commented Feb 8, 2021
edited by liggitt

What type of PR is this?

/kind cleanup
/kind feature
/kind api-change
/kind deprecation

What this PR does / why we need it:

Since k8s v1.12 the API audit.k8s.io has a stable version V1, ref: #65891.
However, the v1alpha1 and v1beta1 versions of the API are still not deprecated and available.

marking audit.k8s.io/v1[alpha|beta]1 versions as deprecated and warning if a version other than audit.k8s.io/v1 was passed to the kube-apiserver flags --audit-log-version and --audit-webhook-version .

Which issue(s) this PR fixes:

ref #98035

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

`audit.k8s.io/v1beta1` and `audit.k8s.io/v1alpha1` audit policy configuration and audit events are deprecated in favor of `audit.k8s.io/v1`, available since v1.13. kube-apiserver invocations that specify alpha or beta policy configurations with `--audit-policy-file`, or explicitly request alpha or beta audit events with `--audit-log-version` / `--audit-webhook-version` must update to use `audit.k8s.io/v1` and accept `audit.k8s.io/v1` events prior to v1.24.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Feb 8, 2021
@carlory
Copy link
Member Author

carlory commented Feb 8, 2021

/test pull-kubernetes-bazel-test
/test pull-kubernetes-e2e-kind-ipv6
/test pull-kubernetes-e2e-kind

@fejta-bot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@carlory
Copy link
Member Author

carlory commented Feb 8, 2021

/test pull-kubernetes-verify

@jpbetz
Copy link
Contributor

jpbetz commented Feb 9, 2021

/remove-sig api-machinery

This MIGHT need API review? That is separate from api-machinery.

@k8s-ci-robot k8s-ci-robot removed the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Feb 9, 2021
soltysh
soltysh reviewed Feb 25, 2021
View reviewed changes
staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go Outdated
return nil, fmt.Errorf("unknown group version field %v in policy", gvk)
}

if gv != auditv1.SchemeGroupVersion {
klog.Warningf("all resources under the alpha/beta version were deprecated - use %q instead", auditv1.SchemeGroupVersion)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

%q is deprecated and will be removed in a future release, use %q instead is better to show what's being used and how to replace it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@soltysh thanks for your review.

updated

@k8s-ci-robot k8s-ci-robot added the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Feb 26, 2021
@carlory
Copy link
Member Author

carlory commented Feb 26, 2021

/remove-sig api-machinery

@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. and removed sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. labels Feb 26, 2021
@carlory
Copy link
Member Author

carlory commented Feb 26, 2021

/test pull-kubernetes-bazel-test

@carlory
Copy link
Member Author

carlory commented Feb 26, 2021

/assign @smarterclayton

@carlory
Copy link
Member Author

carlory commented Mar 3, 2021

/remove-sig api-machinery

@k8s-ci-robot k8s-ci-robot removed the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Mar 3, 2021
@carlory
Copy link
Member Author

carlory commented Mar 3, 2021

/test pull-kubernetes-e2e-gce-ubuntu-containerd

@soltysh soltysh removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 3, 2021
soltysh
soltysh approved these changes Mar 3, 2021
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/triage accepted
/priority backlog
/lgtm
/label api-review

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/backlog Higher priority than priority/awaiting-more-evidence. api-review Categorizes an issue or PR as actively needing an API review. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Mar 3, 2021
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2021
liggitt
liggitt reviewed Mar 3, 2021
View reviewed changes
staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go
return nil, fmt.Errorf("unknown group version field %v in policy", gvk)
}

if gv != auditv1.SchemeGroupVersion {
klog.Warningf("%q is deprecated and will be removed in a future release, use %q instead", gv, auditv1.SchemeGroupVersion)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indicate the specific version (v1.24) rather than "a future release"

liggitt
liggitt reviewed Mar 3, 2021
View reviewed changes
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@@ -247,6 +247,9 @@ func validateGroupVersionString(groupVersion string) error {
if !knownGroupVersion(gv) {
return fmt.Errorf("invalid group version, allowed versions are %q", knownGroupVersions)
}
if gv != auditv1.SchemeGroupVersion {
klog.Warningf("%q is deprecated and will be removed in a future release, use %q instead", gv, auditv1.SchemeGroupVersion)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indicate the specific version (v1.24) rather than "a future release"

@liggitt
Copy link
Member

liggitt commented Mar 3, 2021

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: carlory, liggitt, soltysh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 3, 2021
@liggitt liggitt added this to API review completed, 1.21 in API Reviews Mar 3, 2021
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@dims
Copy link
Member

dims commented Mar 4, 2021

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 4, 2021
@dims
Copy link
Member

dims commented Mar 4, 2021

/hold cancel
/retest

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 4, 2021
@k8s-ci-robot k8s-ci-robot merged commit 5106581 into kubernetes:master Mar 4, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Mar 4, 2021
@vpnachev vpnachev mentioned this pull request Mar 16, 2021
Closed
@rfranzke rfranzke mentioned this pull request Apr 9, 2021
Closed
@EmilyM1 EmilyM1 mentioned this pull request Aug 6, 2021
Merged
@pacoxu pacoxu mentioned this pull request Jul 27, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@soltysh soltysh soltysh approved these changes

@cjcullen cjcullen Awaiting requested review from cjcullen

@hzxuzhonghu hzxuzhonghu Awaiting requested review from hzxuzhonghu

@tallclair tallclair Awaiting requested review from tallclair

Assignees

@soltysh soltysh

@liggitt liggitt

@smarterclayton smarterclayton

Labels
api-review Categorizes an issue or PR as actively needing an API review. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
API Reviews
Status: API review completed, 1.21
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@carlory @fejta-bot @jpbetz @k8s-ci-robot @fedebongio @liggitt @dims @soltysh @smarterclayton