github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #117573 from pacoxu/use-allowlist

Browse Source 
user --prune-allowlist in kube-addons.sh
This commit is contained in:
Kubernetes Prow Robot
2023-05-15 13:21:58 -07:00
committed by GitHub
parent 4d4d92808b f562375c8a
commit 8411524daa
3 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/addons/addon-manager/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
### Version 9.1.7 (Thu May 15 2023 Paco Xu <paco.xu@daocloud.io>)
- Update kubectl to v1.27.1.
- Use `--prune-allowlist` instead of deprecated `--prune-whitelist`.
### Version 9.1.6 (Thu February 24 2022 Shihang Zhang <zshihang@google.com>) ### Version 9.1.6 (Thu February 24 2022 Shihang Zhang <zshihang@google.com>)
- Clean up the wait check for service account (https://github.com/kubernetes/kubernetes/pull/108313) - Clean up the wait check for service account (https://github.com/kubernetes/kubernetes/pull/108313)

4
cluster/addons/addon-manager/Makefile
View File

@@ -15,8 +15,8 @@
IMAGE=gcr.io/k8s-staging-addon-manager/kube-addon-manager IMAGE=gcr.io/k8s-staging-addon-manager/kube-addon-manager
ARCH?=amd64 ARCH?=amd64
TEMP_DIR:=$(shell mktemp -d) TEMP_DIR:=$(shell mktemp -d)
VERSION=v9.1.6 VERSION=v9.1.7
KUBECTL_VERSION?=v1.20.2 KUBECTL_VERSION?=v1.27.1
BASEIMAGE=registry.k8s.io/debian-base-$(ARCH):v1.0.1 BASEIMAGE=registry.k8s.io/debian-base-$(ARCH):v1.0.1

22
cluster/addons/addon-manager/kube-addons.sh
View File

@@ -114,28 +114,28 @@ function log() {
esac esac
} }
# Generate kubectl prune-whitelist flags from provided resource list. # Generate kubectl prune-allowlist flags from provided resource list.
function generate_prune_whitelist_flags() { function generate_prune_allowlist_flags() {
local -r resources=( "$@" ) local -r resources=( "$@" )
for resource in "${resources[@]}"; do for resource in "${resources[@]}"; do
# Check if $resource isn't composed just of whitespaces by replacing ' ' # Check if $resource isn't composed just of whitespaces by replacing ' '
# with '' and checking whether the resulting string is not empty. # with '' and checking whether the resulting string is not empty.
if [[ -n "${resource// /}" ]]; then if [[ -n "${resource// /}" ]]; then
printf "%s" "--prune-whitelist ${resource} " printf "%s" "--prune-allowlist ${resource} "
fi fi
done done
} }
# KUBECTL_EXTRA_PRUNE_WHITELIST is a list of extra whitelisted resources # KUBECTL_EXTRA_PRUNE_WHITELIST is a list of extra allowed resources
# besides the default ones. # besides the default ones.
extra_prune_whitelist= extra_prune_allowlist=
if [ -n "${KUBECTL_EXTRA_PRUNE_WHITELIST:-}" ]; then if [ -n "${KUBECTL_EXTRA_PRUNE_WHITELIST:-}" ]; then
read -ra extra_prune_whitelist <<< "${KUBECTL_EXTRA_PRUNE_WHITELIST}" read -ra extra_prune_allowlist <<< "${KUBECTL_EXTRA_PRUNE_WHITELIST}"
fi fi
prune_whitelist=( "${KUBECTL_PRUNE_WHITELIST[@]}" "${extra_prune_whitelist[@]}" ) prune_allowlist=( "${KUBECTL_PRUNE_WHITELIST[@]}" "${extra_prune_allowlist[@]}" )
prune_whitelist_flags=$(generate_prune_whitelist_flags "${prune_whitelist[@]}") prune_allowlist_flags=$(generate_prune_allowallowlist_flags "${prune_allowlist[@]}")
log INFO "== Generated kubectl prune whitelist flags: $prune_whitelist_flags ==" log INFO "== Generated kubectl prune allowlist flags: $prune_allowlist_flags =="
# $1 filename of addon to start. # $1 filename of addon to start.
# $2 count of tries to start the addon. # $2 count of tries to start the addon.
@@ -240,14 +240,14 @@ function reconcile_addons() {
# Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here # Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here
${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \ ${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \
-l ${CLUSTER_SERVICE_LABEL}=true,${ADDON_MANAGER_LABEL}!=EnsureExists \ -l ${CLUSTER_SERVICE_LABEL}=true,${ADDON_MANAGER_LABEL}!=EnsureExists \
--prune=true ${prune_whitelist_flags} --recursive | grep -v configured --prune=true ${prune_allowlist_flags} --recursive | grep -v configured
log INFO "== Reconciling with addon-manager label ==" log INFO "== Reconciling with addon-manager label =="
# shellcheck disable=SC2086 # shellcheck disable=SC2086
# Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here # Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here
${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \ ${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \
-l ${CLUSTER_SERVICE_LABEL}!=true,${ADDON_MANAGER_LABEL}=Reconcile \ -l ${CLUSTER_SERVICE_LABEL}!=true,${ADDON_MANAGER_LABEL}=Reconcile \
--prune=true ${prune_whitelist_flags} --recursive | grep -v configured --prune=true ${prune_allowlist_flags} --recursive | grep -v configured
log INFO "== Kubernetes addon reconcile completed at $(date -Is) ==" log INFO "== Kubernetes addon reconcile completed at $(date -Is) =="
} }