Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally prevent metadata concealment firewall from being set #58104

Merged
merged 1 commit into from
Jan 19, 2018
Merged

Optionally prevent metadata concealment firewall from being set #58104

merged 1 commit into from
Jan 19, 2018

Conversation

ikehz
Copy link
Contributor

@ikehz ikehz commented Jan 10, 2018

What this PR does / why we need it: GCP: allow a master to not include a metadata concealment firewall rule (if it's not running the metadata proxy).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Release note:

GCP: allow a master to not include a metadata concealment firewall rule (if it's not running the metadata proxy).

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jan 10, 2018
@ikehz ikehz changed the title Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set Optionally prevent metadata concealment firewall from being set Jan 10, 2018
@ikehz
Copy link
Contributor Author

ikehz commented Jan 11, 2018

/assign @cjcullen

@ikehz
Copy link
Contributor Author

ikehz commented Jan 11, 2018

/retest

@cjcullen
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 11, 2018
@jszczepkowski jszczepkowski removed their assignment Jan 12, 2018
@ikehz
Copy link
Contributor Author

ikehz commented Jan 12, 2018

/assign @bowei

@ikehz
Copy link
Contributor Author

ikehz commented Jan 12, 2018

/unassign @bowei

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 14, 2018
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 16, 2018
@k8s-github-robot k8s-github-robot removed lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jan 16, 2018
@ikehz
Copy link
Contributor Author

ikehz commented Jan 17, 2018

/retest

@ikehz
Copy link
Contributor Author

ikehz commented Jan 17, 2018

/assign @bowei

I can't seem to get in touch with @vishh.

@bowei
Copy link
Member

bowei commented Jan 18, 2018

/approve no-issue

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 18, 2018
@cjcullen
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 19, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bowei, cjcullen, ihmccreery

Associated issue requirement bypassed by: bowei

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 58104, 58492, 58491). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 7ad797e into kubernetes:master Jan 19, 2018
This was referenced Jan 22, 2018
Closed
Merged
k8s-github-robot pushed a commit that referenced this pull request Jan 26, 2018
Merge pull request #58622 from ihmccreery/automated-cherry-pick-of-#5…
8ae6d31 
…5813-#58104-#58221-upstream-release-1.9

Automatic merge from submit-queue.

Automated cherry pick of #55813: Add resource limits to prometheus-to-sd to guarantee qos #58104: Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent #58221: Bump metadata proxy to v1.9

Cherry pick of #55813 #58104 #58221 on release-1.9.

#55813: Add resource limits to prometheus-to-sd to guarantee qos
#58104: Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent
#58221: Bump metadata proxy to v1.9


```release-note
GCP: allow a master to not include a metadata concealment firewall rule (if it's not running the metadata proxy), and reintroduce memory limits & bump metadata proxy to v0.1.9 to pick up security fixes.
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bowei bowei

@vishh vishh

@cjcullen cjcullen

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ikehz @cjcullen @bowei @k8s-ci-robot @k8s-github-robot @vishh @jszczepkowski