-
Notifications
You must be signed in to change notification settings - Fork 39.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authz: nodes should not be able to delete themselves #62818
Conversation
c6a4c21
to
c632ba3
Compare
TestNodeAuthorizer tests need updating |
updated release note, PTAL |
/retest |
cc @kubernetes/sig-node-pr-reviews |
for reference, the node self-deletion case that required this permission was removed in #61877 @mikedanese can you summarize your findings on when that scenario was exercised (which cloudproviders, which circumstances)? |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, mikedanese The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
ExternalID was immutable but we changed the format of the feature between releases for some of the cloud providers. Thus kubelet's had to delete and recreate their node object when it changed. We no longer update that field so nodes don't need the delete permission anymore. |
thanks for the explanation. will hold through tomorrow for comments, then tag. |
/hold cancel |
Automatic merge from submit-queue (batch tested with PRs 62590, 62818, 63015, 62922, 63000). If you want to cherry-pick this change to another branch, please follow the instructions here. |
@kubernetes/sig-auth-pr-reviews
legacy release note (removed because this was reverted in #63712):