-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
envtest with Kubernetes 1.20 #1357
Comments
Yeah, getting this fixed and not using /help |
@alvaroaleman: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I'm poking at this now /assign @DirectXMan12 |
@DirectXMan12 WDYT about merging #984 and building on top of that? |
lemme take a look |
hmmm... insecure just stops working in 1.20, and secure should work across all the versions we support, so I'd lean towards making stuff work by default, and making an optional switch to force insecure -- something like type Environment struct {
// ...
// ForceInsecure forces communication to the API server to occur over the insecure port.
// This will only work on API servers 1.19 and below. It's recommended that you use
// the default and communicate over the secure port.
//
// Deprecated: Only works with Kubernetes 1.19 and below, will be removed once those age out.
ForceInsecure bool
} |
I think we can make this transparent by populating the However, the alternative of forcing people to manually turn this on for the future or use different fields seems less ideal to me, I think. |
I'll poke around a bit. Lemme see what it actually looks like in practice |
Great! Only one wish: lets please not use the AllowAll authorizer, because it makes it impossible to write tests where you need the apiserver to respond with a 403 for some apis only. We can still by default return a kubeconfig that has global admin perms, that still leaves the possibility of using impersonation for the 403 case. |
ack 👍 yeah, admin for a default case, plus a helper to produce non-admin users. |
There is a kubebuilder-tools-1.20.2 since kubernetes-sigs/kubebuilder@3147a65, but as pointed out in kubernetes-sigs/kubebuilder#1902 this version has stronger opinions about
--insecure
flags. See kubernetes/kubernetes@cfc2b33.When I try to use controller-runtime@v0.8.1 with kubebuilder-tools-1.20.2, the control plane does not start:
The text was updated successfully, but these errors were encountered: