Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport] Label deprecated setting kubeconfig-token-ttl-minutes from v3 and v1 API for future removal #43992

Closed
MKlimuszka opened this issue Jan 10, 2024 · 6 comments
Closed

[Backport] Label deprecated setting kubeconfig-token-ttl-minutes from v3 and v1 API for future removal #43992

MKlimuszka opened this issue Jan 10, 2024 · 6 comments
Assignees
@pmatseykanets @joesims22
Labels
area/authentication kind/enhancement Issues that improve or augment existing functionality priority/1 QA/M release-note Note this issue in the milestone's release notes status/release-note-added team/collie the team that is responsible for auth and rbac within rancher [zube]: Done
Milestone
v2.8-Next1

Comments

@MKlimuszka
Copy link
Collaborator

Backport for issue #43103

Is your feature request related to a problem? Please describe.
Currently on an upgraded setup, the setting kubeconfig-token-ttl-minutes is not removed since it is a resource in the local cluster.

Describe the solution you'd like
As the setting kubeconfig-token-ttl-minutes has been deprecated and removed, it would be nice to remove the setting from v3/v1 API on an upgraded rancher server.

Additional context
#38535
@MKlimuszka MKlimuszka added this to the v2.8.3 milestone Jan 10, 2024
@pmatseykanets pmatseykanets mentioned this issue Jan 10, 2024
Merged
@MKlimuszka MKlimuszka modified the milestones: v2.8.3, v2.8-Next1 Jan 22, 2024
@samjustus samjustus added team/collie the team that is responsible for auth and rbac within rancher and removed squad/auth-providers team/area3 labels Feb 1, 2024
@anupama2501 anupama2501 assigned anupama2501 and unassigned nickwsuse Mar 5, 2024
@anupama2501
Copy link
Contributor

Verified on an upgrade from v2.8.2 to v2.8-head c4743333c5
kubeconfig-token-ttl-minutes is not listed anymore in the settings from /v3/settings and /v1/management.cattle.io.settings

Verified on v2.8-head c4743333c5
kubeconfig-token-ttl-minutes is not listed anymore in the settings from /v3/settings and /v1/management.cattle.io.settings

@anupama2501
Copy link
Contributor

Re opening the ticket for few more validations

@anupama2501 anupama2501 reopened this Mar 5, 2024
@anupama2501
Copy link
Contributor

Verified on an upgrade from v2.7.9 >> v2.8-head c474333
Test1

  1. Created a rancher server on v2.7.9
  2. Verified the setting kubeconfig-token-ttl-minutes exists
  3. Upgrade rancher server to v2.8-head
  4. Verified the setting exists and the following label is added on the setting: cattle.io/unknown: "true"
apiVersion: management.cattle.io/v3
customized: false
default: "960"
kind: Setting
metadata:
  labels:
    cattle.io/unknown: "true"
  name: kubeconfig-token-ttl-minutes
source: ""
value: ""

Test2:

  1. Created a test setting on v2.8-head:
apiVersion: management.cattle.io/v3
customized: false
default: "960"
kind: Setting
metadata:
  name: test-setting
source: ""
value: ""
  1. Restart the rancher server
  2. Verified on a restart, label cattle.io/unknown: "true" is added.

@samjustus samjustus added the release-note Note this issue in the milestone's release notes label Mar 20, 2024
@pmatseykanets
Copy link
Contributor

Release Notes

Rancher General

Behavior Changes

When starting Rancher now identifies all deprecated and unrecognized setting resources and adds a cattle.io/unknown label. These settings can be listed with kubectl get settings -l 'cattle.io/unknown==true'. Starting with Rancher 2.9 such settings will be removed instead.

@pmatseykanets
Copy link
Contributor

Need to backport #45084 to fix the issue with eula-agreed setting.

@pmatseykanets pmatseykanets reopened this Apr 10, 2024
@pmatseykanets pmatseykanets mentioned this issue Apr 12, 2024
Merged
pmatseykanets added a commit that referenced this issue Apr 12, 2024
@pmatseykanets
[v2.8] Make eula-agreed setting known to Rancher (#45117)
68a0ba3 
Backport of #45084
Ref: #43992
@samjustus samjustus modified the milestones: v2.8.3, v2.8-Next1 Apr 12, 2024
@joesims22 joesims22 self-assigned this Apr 15, 2024
@anupama2501 anupama2501 removed their assignment Apr 15, 2024
@joesims22
Copy link

Verified on an upgrade from v2.7.9 -> v2.8-head id 59bef33

  • eula-agreed setting does not have cattle.io/unknown label ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmatseykanets pmatseykanets

@joesims22 joesims22

Labels
area/authentication kind/enhancement Issues that improve or augment existing functionality priority/1 QA/M release-note Note this issue in the milestone's release notes status/release-note-added team/collie the team that is responsible for auth and rbac within rancher [zube]: Done
Projects
None yet
Milestone
v2.8-Next1
Development

No branches or pull requests
7 participants
@pmatseykanets @btat @MKlimuszka @anupama2501 @samjustus @nickwsuse @joesims22