Update client.authorization to v1beta1 #1426
Conversation
eks-distro-bot
added
approved
size/XS
mdsgabriel
requested review from
abhay-krishna,
micahhausler,
vivek-koppuru and
pokearu
and removed request for
ewollesen
| @@ -16,7 +16,7 @@ users: | |||
| - name: {{.clusterName}}-aws | |||
| user: | |||
| exec: | |||
| apiVersion: client.authentication.k8s.io/v1alpha1 | |||
| apiVersion: client.authentication.k8s.io/v1beta1 | |||
There was a problem hiding this comment.
I'm not positive you can do this. The older versions still use the older iam auth which I believe expects the v1alpha1. Worth a sort to verify tho.
There was a problem hiding this comment.
V1beta1 is available since k8s 1.11
This was tested by manually creating 1.21 and 1.22 clusters and using the generated kubeconfig (cluster name-aws.kubeconfig) to get the list of pods (similar to what's done by the tests that are failing).
What other scenarios should be tested?
There was a problem hiding this comment.
v1beta1 apiversion has been available since k8s v1.11, but only since aws-iam-auth v0.5.4. Since 1.21 and below use aws-iam-auth versions previous to v0.5.4, we want to confirm if this change will work on them in a backward compatible manner.
There was a problem hiding this comment.
This is the iam auth pr where it was changed
https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/386/files
Like Abhay said, eksd kube versions less than 1.22 are still using the older iam auth which was parsing it as v1alpha. I wasn't sure if they would also work if the version was v1beta1 in the config file. If you tried a 1.21 cluster with this change and it worked, then it must be ok with it. Let's just make sure we still have the 121 test in addition to the new 122 one and then we can merge and make sure tests still pass.
There was a problem hiding this comment.
I wonder if doing this migration will affect our upgrade use case as well.
There was a problem hiding this comment.
We should make sure there is an upgrade test for this.
|
This is also interesting, looks Jyoti is trying to add a migration path to iam auth upstream for this situation |
|
/test eks-anywhere-e2e-presubmit |
mdsgabriel
force-pushed
the
update-client.authentication-apiVersion
branch
3 times, most recently
from
3c86faf
to
24c5302
Compare
eks-distro-bot
added
size/M
Temporarily change default docker test
mdsgabriel
force-pushed
the
update-client.authentication-apiVersion
branch
from
24c5302
to
809242f
Compare
eks-distro-bot
added
size/XS
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jaxesn, mdsgabriel The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Issue #, if available:
Description of changes:
Fix TestDockerKubernetes122AWSIamAuth" and "TestVSphereKubernetes122AWSIamAuth
client.authentication v1alpha1 has been deprecated in K8s 1.22.
Testing (if applicable):
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.