github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set external credential provider to true by default in kube-up.sh

Browse Source 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas
2023-09-03 15:39:53 -04:00
parent 6fa2df07d6
commit 3f8f14397e
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/gce/config-default.sh
View File

@@ -564,4 +564,4 @@ fi
# --image-credential-provider-bin-dir=${path-to-auth-provider-binary} # --image-credential-provider-bin-dir=${path-to-auth-provider-binary}
# Also, it is required that DisableKubeletCloudCredentialProviders # Also, it is required that DisableKubeletCloudCredentialProviders
# feature gates are set to true for kubelet to use external credential provider. # feature gates are set to true for kubelet to use external credential provider.
export ENABLE_AUTH_PROVIDER_GCP="${ENABLE_AUTH_PROVIDER_GCP:-false}" export ENABLE_AUTH_PROVIDER_GCP="${ENABLE_AUTH_PROVIDER_GCP:-true}"

2
cluster/gce/config-test.sh
View File

@@ -613,4 +613,4 @@ fi
# --image-credential-provider-bin-dir=${path-to-auth-provider-binary} # --image-credential-provider-bin-dir=${path-to-auth-provider-binary}
# Also, it is required that DisableKubeletCloudCredentialProviders and KubeletCredentialProviders # Also, it is required that DisableKubeletCloudCredentialProviders and KubeletCredentialProviders
# feature gates are set to true for kubelet to use external credential provider. # feature gates are set to true for kubelet to use external credential provider.
export ENABLE_AUTH_PROVIDER_GCP="${ENABLE_AUTH_PROVIDER_GCP:-false}" export ENABLE_AUTH_PROVIDER_GCP="${ENABLE_AUTH_PROVIDER_GCP:-true}"

6
cluster/gce/util.sh
View File

@@ -770,7 +770,7 @@ function construct-linux-kubelet-flags {
# If ENABLE_AUTH_PROVIDER_GCP is set to true, kubelet is enabled to use out-of-tree auth # If ENABLE_AUTH_PROVIDER_GCP is set to true, kubelet is enabled to use out-of-tree auth
# credential provider instead of in-tree auth credential provider. # credential provider instead of in-tree auth credential provider.
# https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider # https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider
if [[ "${ENABLE_AUTH_PROVIDER_GCP:-false}" == "true" ]]; then if [[ "${ENABLE_AUTH_PROVIDER_GCP:-true}" == "true" ]]; then
# Keep the values of --image-credential-provider-config and --image-credential-provider-bin-dir # Keep the values of --image-credential-provider-config and --image-credential-provider-bin-dir
# in sync with value of auth_config_file and auth_provider_dir set in install-auth-provider-gcp function # in sync with value of auth_config_file and auth_provider_dir set in install-auth-provider-gcp function
# in gci/configure.sh. # in gci/configure.sh.
@@ -882,7 +882,7 @@ function construct-windows-kubelet-flags {
# If ENABLE_AUTH_PROVIDER_GCP is set to true, kubelet is enabled to use out-of-tree auth # If ENABLE_AUTH_PROVIDER_GCP is set to true, kubelet is enabled to use out-of-tree auth
# credential provider. https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider # credential provider. https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider
if [[ "${ENABLE_AUTH_PROVIDER_GCP:-false}" == "true" ]]; then if [[ "${ENABLE_AUTH_PROVIDER_GCP:-true}" == "true" ]]; then
flags+=" --image-credential-provider-config=${AUTH_PROVIDER_GCP_WINDOWS_CONF_FILE}" flags+=" --image-credential-provider-config=${AUTH_PROVIDER_GCP_WINDOWS_CONF_FILE}"
flags+=" --image-credential-provider-bin-dir=${AUTH_PROVIDER_GCP_WINDOWS_BIN_DIR}" flags+=" --image-credential-provider-bin-dir=${AUTH_PROVIDER_GCP_WINDOWS_BIN_DIR}"
fi fi
@@ -1127,7 +1127,7 @@ METADATA_AGENT_CLUSTER_LEVEL_MEMORY_REQUEST: $(yaml-quote "${METADATA_AGENT_CLUS
DOCKER_REGISTRY_MIRROR_URL: $(yaml-quote "${DOCKER_REGISTRY_MIRROR_URL:-}") DOCKER_REGISTRY_MIRROR_URL: $(yaml-quote "${DOCKER_REGISTRY_MIRROR_URL:-}")
ENABLE_L7_LOADBALANCING: $(yaml-quote "${ENABLE_L7_LOADBALANCING:-none}") ENABLE_L7_LOADBALANCING: $(yaml-quote "${ENABLE_L7_LOADBALANCING:-none}")
ENABLE_CLUSTER_LOGGING: $(yaml-quote "${ENABLE_CLUSTER_LOGGING:-false}") ENABLE_CLUSTER_LOGGING: $(yaml-quote "${ENABLE_CLUSTER_LOGGING:-false}")
ENABLE_AUTH_PROVIDER_GCP: $(yaml-quote "${ENABLE_AUTH_PROVIDER_GCP:-false}") ENABLE_AUTH_PROVIDER_GCP: $(yaml-quote "${ENABLE_AUTH_PROVIDER_GCP:-true}")
ENABLE_NODE_PROBLEM_DETECTOR: $(yaml-quote "${ENABLE_NODE_PROBLEM_DETECTOR:-none}") ENABLE_NODE_PROBLEM_DETECTOR: $(yaml-quote "${ENABLE_NODE_PROBLEM_DETECTOR:-none}")
NODE_PROBLEM_DETECTOR_VERSION: $(yaml-quote "${NODE_PROBLEM_DETECTOR_VERSION:-}") NODE_PROBLEM_DETECTOR_VERSION: $(yaml-quote "${NODE_PROBLEM_DETECTOR_VERSION:-}")
NODE_PROBLEM_DETECTOR_TAR_HASH: $(yaml-quote "${NODE_PROBLEM_DETECTOR_TAR_HASH:-}") NODE_PROBLEM_DETECTOR_TAR_HASH: $(yaml-quote "${NODE_PROBLEM_DETECTOR_TAR_HASH:-}")