Skip to content

Commit cded0f9

Browse files
benluddybenluddy
committed
Stop serving admissionregistration.k8s.io/v1beta1.
1 parent 475ae1b commit cded0f9

2 files changed

Lines changed: 2 additions & 26 deletions

File tree

control-plane-operator/controllers/hostedcontrolplane/v2/kas/config.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,7 @@ func generateConfig(p KubeAPIServerConfigParams) (*kcpv1.KubeAPIServerConfig, er
214214
args.Set("event-ttl", "3h")
215215
// TODO remove in 4.16 once we're able to have different featuregates for hypershift
216216
featureGates := append([]string{}, p.FeatureGates...)
217-
featureGates = enforceFeatureGates(featureGates, "ValidatingAdmissionPolicy=true", "StructuredAuthenticationConfiguration=true")
217+
featureGates = enforceFeatureGates(featureGates, "StructuredAuthenticationConfiguration=true")
218218
args.Set("feature-gates", featureGates...)
219219
args.Set("goaway-chance", p.GoAwayChance)
220220
args.Set("http2-max-streams-per-connection", "2000")
@@ -236,9 +236,6 @@ func generateConfig(p KubeAPIServerConfigParams) (*kcpv1.KubeAPIServerConfig, er
236236
args.Set("requestheader-username-headers", "X-Remote-User")
237237
runtimeConfig := []string{}
238238
for _, gate := range featureGates {
239-
if gate == "ValidatingAdmissionPolicy=true" {
240-
runtimeConfig = append(runtimeConfig, "admissionregistration.k8s.io/v1beta1=true")
241-
}
242239
if gate == "DynamicResourceAllocation=true" {
243240
runtimeConfig = append(runtimeConfig, "resource.k8s.io/v1beta1=true")
244241
}

control-plane-operator/controllers/hostedcontrolplane/v2/kas/config_test.go

Lines changed: 1 addition & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -515,26 +515,6 @@ func TestGenerateConfig(t *testing.T) {
515515
},
516516
),
517517
},
518-
{
519-
name: "with ValidatingAdmissionPolicy feature gate explicitly enabled",
520-
params: KubeAPIServerConfigParams{
521-
FeatureGates: []string{
522-
"ValidatingAdmissionPolicy=true",
523-
},
524-
},
525-
// shouldn't be any different than the default configuration because this feature gate is enabled by default
526-
expected: defaultKASConfig(),
527-
},
528-
{
529-
name: "with ValidatingAdmissionPolicy feature gate explicitly disabled",
530-
params: KubeAPIServerConfigParams{
531-
FeatureGates: []string{
532-
"ValidatingAdmissionPolicy=false",
533-
},
534-
},
535-
// shouldn't be any different than the default configuration because this feature gate is forced to be enabled
536-
expected: defaultKASConfig(),
537-
},
538518
{
539519
name: "with StructuredAuthenticationConfiguration feature gate explicitly disabled",
540520
params: KubeAPIServerConfigParams{
@@ -759,7 +739,6 @@ func defaultKASConfig() *kcpv1.KubeAPIServerConfig {
759739
"event-ttl": {"3h"},
760740
"feature-gates": {
761741
"StructuredAuthenticationConfiguration=true",
762-
"ValidatingAdmissionPolicy=true",
763742
},
764743
"goaway-chance": {""},
765744
"http2-max-streams-per-connection": {"2000"},
@@ -783,7 +762,7 @@ func defaultKASConfig() *kcpv1.KubeAPIServerConfig {
783762
"requestheader-extra-headers-prefix": {"X-Remote-Extra-"},
784763
"requestheader-group-headers": {"X-Remote-Group"},
785764
"requestheader-username-headers": {"X-Remote-User"},
786-
"runtime-config": {"admissionregistration.k8s.io/v1beta1=true"},
765+
"runtime-config": {},
787766
"service-account-issuer": {""},
788767
"service-account-jwks-uri": {"/openid/v1/jwks"},
789768
"service-account-lookup": {"true"},

0 commit comments

Comments
 (0)