Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: add a warning about the default token TTL changing in 1.8 #48838

Merged
merged 1 commit into from
Jul 14, 2017
Merged

kubeadm: add a warning about the default token TTL changing in 1.8 #48838

merged 1 commit into from
Jul 14, 2017

Conversation

mattmoyer
Copy link
Contributor

@mattmoyer mattmoyer commented Jul 12, 2017
edited by wojtek-t
Loading

What this PR does / why we need it:
This adds a warning to kubeadm init and kubeadm token create if they are run without the --token-ttl / --ttl flags. In 1.7 and before, the tokens generated by these commands defaulted to an infinite TTL (no expiration). In 1.8, they will generate a token with a 24 hour TTL.

The actual default change is in #48783. This change is separate so we can cherry pick the warning into the release-1.7 branch.

Which issue this PR fixes: ref kubernetes/kubeadm#343

Special notes for your reviewer:
This change is blocked on kubernetes/kubeadm#343. These warnings should probably be removed in the 1.9 cycle.

Release note:

Add a runtime warning about the kubeadm default token TTL changes.

/assign @luxas

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 12, 2017
@k8s-ci-robot
Copy link
Contributor

Hi @mattmoyer. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 12, 2017
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Jul 12, 2017
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 13, 2017
luxas
luxas approved these changes Jul 13, 2017
View reviewed changes
Copy link
Member

@luxas luxas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@luxas
Copy link
Member

luxas commented Jul 13, 2017

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 13, 2017
@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 13, 2017
@mattmoyer
Copy link
Contributor Author

/test pull-kubernetes-federation-e2e-gce

luxas
luxas reviewed Jul 14, 2017
View reviewed changes
Copy link
Member

@luxas luxas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise than the comment, LGTM

cmd/kubeadm/app/cmd/init.go Outdated
@@ -87,6 +87,12 @@ func NewCmdInit(out io.Writer) *cobra.Command {
i, err := NewInit(cfgPath, internalcfg, skipPreFlight, skipTokenPrint)
kubeadmutil.CheckErr(err)
kubeadmutil.CheckErr(i.Validate(cmd))

// TODO: remove this warning in 1.9
if !cmd.PersistentFlags().Lookup("token-ttl").Changed {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flags or PersistentFlags?
I think Flags aggregate everything, try looking at the source and see if you can come to the same conclusion...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think you're right. The docs agree as well.

@mattmoyer
kubeadm: add a warning about the default token TTL changing in 1.8
06bd22e 
This adds a warning to `kubeadm init` and `kubeadm token create` if they are run without the `--token-ttl` / `--ttl` flags. In 1.7 and before, the tokens generated by these commands defaulted to an infinite TTL (no expiration) in 1.8, they will generate a token with a 24 hour TTL.

The actual default change is in kubernetes#48783. This change is separate so we can cherry pick the warning into the release-1.7 branch.
@mattmoyer mattmoyer force-pushed the kubeadm-add-default-token-ttl-warning branch from 88e2a24 to 06bd22e Compare July 14, 2017 15:21
@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 14, 2017
@luxas
Copy link
Member

luxas commented Jul 14, 2017

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 14, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: luxas, mattmoyer

Associated issue: 343

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 48572, 48838, 48931, 48783, 47090)

@k8s-github-robot k8s-github-robot merged commit c08a620 into kubernetes:master Jul 14, 2017
@mattmoyer mattmoyer deleted the kubeadm-add-default-token-ttl-warning branch July 14, 2017 18:03
This was referenced Jul 14, 2017
Merged
Closed
@wojtek-t wojtek-t added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cherrypick-candidate labels Jul 18, 2017
@wojtek-t wojtek-t added this to the v1.7 milestone Jul 18, 2017
k8s-github-robot pushed a commit that referenced this pull request Jul 18, 2017
Merge pull request #48955 from mattmoyer/automated-cherry-pick-of-#48…
4ba75f9 
…838-upstream-release-1.7

Automatic merge from submit-queue

Automated cherry pick of #48838

Cherry pick of #48838 on release-1.7.

#48838: kubeadm: add a warning about the default token TTL changing
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luxas luxas luxas approved these changes

Assignees

@luxas luxas

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.7
Development

Successfully merging this pull request may close these issues.
6 participants
@mattmoyer @k8s-ci-robot @luxas @k8s-github-robot @k8s-cherrypick-bot @wojtek-t