Skip to content

[GRM] Drop TokenInvalidator controller and webhook and disable PodTopologySpreadConstraints webhook in favour of matchLabelKeys in deployment #11497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Mar 10, 2025
Merged

[GRM] Drop TokenInvalidator controller and webhook and disable PodTopologySpreadConstraints webhook in favour of matchLabelKeys in deployment #11497

merged 6 commits into from
Mar 10, 2025

Conversation

shafeeqes
Copy link
Contributor

How to categorize this PR?

/area open-source
/kind cleanup

What this PR does / why we need it:

  • Drop GRM TokenInvalidator controller. In 1.27 LegacyServiceAccountTokenNoAutoGeneration becomes LockToDefault: true ref.
  • MatchLabelKeysInPodTopologySpread feature gate is beta since kubernetes v1.27 ref. Disable PodTopologySpreadConstraints webhook for seeds and use spec.topologySpreadConstraints[*].matchLabelKeys in deployments. Only enable PodTopologySpreadConstraints for Shoots if the kubernetes feature gate is disabled explicitly.

Which issue(s) this PR fixes:
Part of #10339

Special notes for your reviewer:
Need to adapt some tests, hence in draft.

Release note:

`TokenInvalidator` controller and webhook in the `gardener-resource-manager` are removed.  

`PodTopologySpreadConstraints` webhook in the `gardener-resource-manager` is disabled for seeds unconditionally and for shoots which doesn't disable kubernetes feature gate `MatchLabelKeysInPodTopologySpread` explicitly.

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Feb 24, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@gardener-prow gardener-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related kind/cleanup Something that is not needed anymore and can be cleaned up cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Feb 24, 2025
@gardener-prow gardener-prow bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Feb 24, 2025
@shafeeqes shafeeqes mentioned this pull request Feb 24, 2025
Closed
29 tasks
@shafeeqes shafeeqes force-pushed the cleanup/k8s-1.26-grm branch 3 times, most recently from e510ef5 to 21e1f62 Compare February 25, 2025 10:51
@shafeeqes shafeeqes marked this pull request as ready for review February 25, 2025 10:51
@gardener-prow gardener-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 25, 2025
@shafeeqes
Copy link
Contributor Author

/cc @timuthy

@shafeeqes shafeeqes force-pushed the cleanup/k8s-1.26-grm branch from 21e1f62 to 576a4e3 Compare February 25, 2025 11:55
@shafeeqes
Copy link
Contributor Author

/retest

timuthy
timuthy reviewed Feb 27, 2025
View reviewed changes
Copy link
Member

@timuthy timuthy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for taking care 👏
/lgtm

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Feb 27, 2025
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Feb 27, 2025

LGTM label has been added.

Git tree hash: 05b090194c96b44ba79c3481ffbf4e01713015a1

@shafeeqes
Copy link
Contributor Author

Upgrade tests seem to be failing consistently, will take a look.

shafeeqes added 4 commits March 9, 2025 05:58
@shafeeqes
Drop TokenInvalidator controller and webhook from GRM
4aec3bd
@shafeeqes
Disable PodTopologySpreadConstraints webhook for Seed and mutate th…
da1c8df 
…e Deployment in `HighAvailabilityConfig` webhook for the match label keys

For shoots, disable it only if the `MatchLabelKeysInPodTopologySpread` feature gate is disabled in kube-apiserver and kube-scheduler
@shafeeqes
Drop topology-spread-constraints.resources.gardener.cloud/skip anno…
24453d4 
…tation from seed resources
@shafeeqes
Remove labels only in the next version to prevent upgrade failures
6b8d4e4
@shafeeqes shafeeqes force-pushed the cleanup/k8s-1.26-grm branch from 576a4e3 to 6b8d4e4 Compare March 9, 2025 02:03
@gardener-prow gardener-prow bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 9, 2025
@gardener-prow gardener-prow bot requested a review from timuthy March 9, 2025 02:03
timuthy
timuthy reviewed Mar 10, 2025
View reviewed changes
Copy link
Member

@timuthy timuthy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 10, 2025
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 10, 2025

LGTM label has been added.

Git tree hash: 75d686de0e2decac24b1fe02f9ac32eace163ce7

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 10, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: timuthy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 10, 2025
@gardener-prow gardener-prow bot merged commit 63cb5ea into gardener:master Mar 10, 2025
19 checks passed
@shafeeqes shafeeqes deleted the cleanup/k8s-1.26-grm branch March 10, 2025 08:02
@shafeeqes shafeeqes mentioned this pull request Apr 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timuthy timuthy timuthy left review comments

@ScheererJ ScheererJ Awaiting requested review from ScheererJ

@tobschli tobschli Awaiting requested review from tobschli

@LucaBernstein LucaBernstein Awaiting requested review from LucaBernstein

Assignees

@timuthy timuthy

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/cleanup Something that is not needed anymore and can be cleaned up lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shafeeqes @timuthy