-
Notifications
You must be signed in to change notification settings - Fork 478
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove creation of static node bootstrapToken #4824
Remove creation of static node bootstrapToken #4824
Conversation
/assign |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, thanks! A few nit improvements for the docs, otherwise lgtm
/merge squash |
Thank you very much for the review. I applied your suggestions. |
/rebase |
This commit is part of issue [gardener#3898](gardener#3898) which replaces the long-valid bootstrap-token shared between nodes with a short-lived token unique for each node. The new flow of using smaller-scoped, short-lived tokens was already active once you updated to compatible versions of the infrastructure-extension, operatingsystem-extension and of gardener/gardener as specified in: gardener#3898 With this commit we are now removing the old secret from the Shoot which means you need to run supported versions of the os-extensions and the infrastructure-provider-extensions when upgrading gardener to this version.
Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>
032ee50
to
5def4de
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>
* Remove creation of static node bootstrapToken This commit is part of issue [gardener#3898](gardener#3898) which replaces the long-valid bootstrap-token shared between nodes with a short-lived token unique for each node. The new flow of using smaller-scoped, short-lived tokens was already active once you updated to compatible versions of the infrastructure-extension, operatingsystem-extension and of gardener/gardener as specified in: gardener#3898 With this commit we are now removing the old secret from the Shoot which means you need to run supported versions of the os-extensions and the infrastructure-provider-extensions when upgrading gardener to this version. * Apply suggestions from rfranzke Co-authored-by: Rafael Franzke <rafael.franzke@sap.com> * Change shipped feature to v1.35 Co-authored-by: Rafael Franzke <rafael.franzke@sap.com> Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>
* Remove creation of static node bootstrapToken This commit is part of issue [gardener#3898](gardener#3898) which replaces the long-valid bootstrap-token shared between nodes with a short-lived token unique for each node. The new flow of using smaller-scoped, short-lived tokens was already active once you updated to compatible versions of the infrastructure-extension, operatingsystem-extension and of gardener/gardener as specified in: gardener#3898 With this commit we are now removing the old secret from the Shoot which means you need to run supported versions of the os-extensions and the infrastructure-provider-extensions when upgrading gardener to this version. * Apply suggestions from rfranzke Co-authored-by: Rafael Franzke <rafael.franzke@sap.com> * Change shipped feature to v1.35 Co-authored-by: Rafael Franzke <rafael.franzke@sap.com> Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>
How to categorize this PR?
/area security
/kind cleanup
What this PR does / why we need it:
This commit is part of issue #3898
which replaces the long-valid bootstrap-token shared between nodes with a
short-lived token unique for each node.
The new flow of using smaller-scoped, short-lived tokens was already active
once you updated to compatible versions of the infrastructure-extension,
operatingsystem-extension and of gardener/gardener.
With this commit we are now removing the old secret from the Shoot
which means you need to run supported versions of the os-extensions
and the infrastructure-provider-extensions when
upgrading gardener to this version.
A compatibility matrix is added to the documentation which includes the required versions needed.
Which issue(s) this PR fixes:
Fixes #3898
Release note: