kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Simplify

This commit is contained in:
John Gardiner Myers 2022-12-17 10:01:02 -08:00
parent f4984dafab
commit 1b590f5111
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.26-NOTES.md
View File

@ -33,6 +33,8 @@ with "control-plane-". The names of groups for existing clusters are unchanged.
* Node Termination Handler, when in Queue-Processor mode, no longer drains on rebalance recommendations unless configured to do so.
* When an S3 bucket for Service Account Issuer Discovery (IRSA) is public, kOps no longer sets object-level ACLs on the files placed therein.
## GCP
* The default instance type is now `e2-medium` for control-plane and worker nodes, and `e2-micro` for bastions.

7
pkg/model/issuerdiscovery.go
View File

@ -77,7 +77,7 @@ func (b *IssuerDiscoveryModelBuilder) Build(c *fi.ModelBuilderContext) error {
return err
}
publicFileACL := fi.PtrTo(true)
var publicFileACL *bool
discoveryStorePath := b.Cluster.Spec.ServiceAccountIssuerDiscovery.DiscoveryStore
discoveryStore, err := vfs.Context.BuildVfsPath(discoveryStorePath)
@ -92,9 +92,8 @@ func (b *IssuerDiscoveryModelBuilder) Build(c *fi.ModelBuilderContext) error {
return fmt.Errorf("checking if bucket was public: %w", err)
}
if !isPublic {
klog.Infof("serviceAccountIssuers bucket %q is not public, will use object ACL", discoveryStore.Bucket())
} else {
publicFileACL = nil
klog.Infof("serviceAccountIssuers bucket %q is not public; will use object ACL", discoveryStore.Bucket())
publicFileACL = fi.PtrTo(true)
}
case *vfs.MemFSPath: