Re: [kubernetes/kubernetes] cloud-provider needs cluster-role to apply taint to the node (#56709)

[Kubernetes Submit Queue]

[MILESTONENOTIFIER] Milestone Pull Request Needs Attention

@deads2k @enj @ericchiang @gnufied @liggitt @kubernetes/sig-auth-misc @kubernetes/sig-cluster-lifecycle-misc @kubernetes/sig-storage-misc

Action Required: This pull request has not been updated since Dec 2. Please provide an update.

Note: This pull request is marked as priority/critical-urgent, and must be updated every 1 day during code freeze.

Example update:

ACK.  In progress
ETA: DD/MM/YYYY
Risks: Complicated fix required

Pull Request Labels

• sig/auth sig/cluster-lifecycle sig/storage: Pull Request will be escalated to these SIGs if needed.
• priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
• kind/bug: Fixes a bug discovered during the current release.

Help

• Additional instructions
• Commands for setting labels

—
You are receiving this because you are on a team that was mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

[Kubernetes Submit Queue]

[MILESTONENOTIFIER] Milestone Pull Request Current

@deads2k @enj @ericchiang @gnufied @liggitt

Note: This pull request is marked as priority/critical-urgent, and must be updated every 1 day during code freeze.

[Hemant Kumar]

@liggitt @jhorwit2 fixed the PR to have aws-cloud-provider serviceaccount for applying taints. PTAL

[Hemant Kumar]

@justinsb this may need another round of approval from you, because we changed the serviceaccount that applies the taint.

[Davanum Srinivas]

/assign @justinsb

[Kubernetes Submit Queue]

[MILESTONENOTIFIER] Milestone Pull Request Current

@deads2k @enj @ericchiang @gnufied @justinsb @liggitt

Note: This pull request is marked as priority/critical-urgent, and must be updated every 1 day during code freeze.

Example update:

ACK.  In progress
ETA: DD/MM/YYYY
Risks: Complicated fix required

Pull Request Labels

• sig/auth sig/cluster-lifecycle sig/storage: Pull Request will be escalated to these SIGs if needed.
• priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
• kind/bug: Fixes a bug discovered during the current release.

Help

• Additional instructions
• Commands for setting labels

—

[Jordan Liggitt]

auth change LGTM

[Kubernetes Submit Queue]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gnufied, liggitt
We suggest the following additional approver: justinsb

Assign the PR to them by writing /assign @justinsb in a comment when ready.

No associated issue. Update pull-request body to add a reference to an issue, or get approval with /approve no-issue

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/cloudprovider/providers/aws/OWNERS
• plugin/pkg/auth/OWNERS [liggitt]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[Jordan Liggitt]

/approve

[Josh Horwitz]

LGTM. Thanks @gnufied!

[Eric Chiang]

/assign @justinsb

[Justin Santa Barbara]

/lgtm

[Kubernetes Submit Queue]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gnufied, justinsb, liggitt

No associated issue. Update pull-request body to add a reference to an issue, or get approval with /approve no-issue

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/cloudprovider/providers/aws/OWNERS [justinsb]
• plugin/pkg/auth/OWNERS [liggitt]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

—

[Justin Santa Barbara]

/approve no-issue

[Kubernetes Submit Queue]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gnufied, justinsb, liggitt

Associated issue requirement bypassed by: justinsb

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/cloudprovider/providers/aws/OWNERS [justinsb]
• plugin/pkg/auth/OWNERS [liggitt]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

—

[Kubernetes Submit Queue]

Merged #56709.

[Kubernetes Submit Queue]

Automatic merge from submit-queue (batch tested with PRs 56785, 56709). If you want to cherry-pick this change to another branch, please follow the instructions here.

[Tim Allclair (St. Clair)]

I just came across this. Provider-specific roles should not be part of the hardcoded universal bootstrap policy. The ClusterRole(Binding) should be created as part of the provider-specific cluster setup.

[Jordan Liggitt]

Agree. This was discussed further in
#59945 (comment)

Would like to see this deprecated/removed from default policy