diff --git a/CHANGELOG.md b/CHANGELOG.md index 25fe64eb127..86defb0a6b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,35 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 0.13.1 - 2019-02-28 + +### Changed + +- The aggregator and etcd-client certificate authorities are now + self-signed authorities decoupled from the root certificate + authority, continuing the transition begun in 0.13.0. +- On AWS, Route 53 A records for the API load balancer no longer use + health checks. +- On AWS, the security group configuration has been simplified, with + several stale rules being removed. + +### Fixed + +- When rendering manifests before pushing them to the cluster, the + bootstrap machine now correctly cleans up broken renders before + re-rendering. +- The bootstrap machine now uses an `etcdctl` referenced from the + release image, instead of hard-coding its own version. + +### Removed + +- The nominal install-config compatibility with `v1beta1` and + `v1beta2` has been removed, so the installer will error out if + provided with an older `install-config.yaml`. `v1beta1` was + deprecated in 0.12.0 and `v1beta2` was deprecated in 0.13.0. In + both cases, the installer would ignore removed properties but not + error out. + ## 0.13.0 - 2019-02-26 ### Added diff --git a/data/data/aws/route53/base.tf b/data/data/aws/route53/base.tf index 0fc68c38bc5..80e1478d2d3 100644 --- a/data/data/aws/route53/base.tf +++ b/data/data/aws/route53/base.tf @@ -23,7 +23,7 @@ resource "aws_route53_record" "api_external" { alias { name = "${var.api_external_lb_dns_name}" zone_id = "${var.api_external_lb_zone_id}" - evaluate_target_health = true + evaluate_target_health = false } } @@ -35,7 +35,7 @@ resource "aws_route53_record" "api_internal" { alias { name = "${var.api_internal_lb_dns_name}" zone_id = "${var.api_internal_lb_zone_id}" - evaluate_target_health = true + evaluate_target_health = false } } diff --git a/data/data/aws/vpc/outputs.tf b/data/data/aws/vpc/outputs.tf index e0e5302d16a..b175fca82da 100644 --- a/data/data/aws/vpc/outputs.tf +++ b/data/data/aws/vpc/outputs.tf @@ -18,14 +18,6 @@ output "worker_sg_id" { value = "${aws_security_group.worker.id}" } -output "api_sg_id" { - value = "${aws_security_group.api.id}" -} - -output "console_sg_id" { - value = "${aws_security_group.console.id}" -} - output "aws_lb_target_group_arns" { value = "${compact(concat(aws_lb_target_group.api_internal.*.arn, aws_lb_target_group.services.*.arn, aws_lb_target_group.api_external.*.arn))}" } diff --git a/data/data/aws/vpc/sg-elb.tf b/data/data/aws/vpc/sg-elb.tf deleted file mode 100644 index ae515f0e633..00000000000 --- a/data/data/aws/vpc/sg-elb.tf +++ /dev/null @@ -1,75 +0,0 @@ -resource "aws_security_group" "api" { - vpc_id = "${data.aws_vpc.cluster_vpc.id}" - - tags = "${merge(map( - "Name", "${var.cluster_id}-api-sg", - ), var.tags)}" -} - -resource "aws_security_group_rule" "api_egress" { - type = "egress" - security_group_id = "${aws_security_group.api.id}" - - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "api_ingress_console" { - type = "ingress" - security_group_id = "${aws_security_group.api.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 6443 - to_port = 6443 -} - -resource "aws_security_group_rule" "mcs_ingress" { - type = "ingress" - security_group_id = "${aws_security_group.api.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 22623 - to_port = 22623 -} - -resource "aws_security_group" "console" { - vpc_id = "${data.aws_vpc.cluster_vpc.id}" - - tags = "${merge(map( - "Name", "${var.cluster_id}-console-sg", - ), var.tags)}" -} - -resource "aws_security_group_rule" "console_egress" { - type = "egress" - security_group_id = "${aws_security_group.console.id}" - - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "console_ingress_http" { - type = "ingress" - security_group_id = "${aws_security_group.console.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 80 - to_port = 80 -} - -resource "aws_security_group_rule" "console_ingress_https" { - type = "ingress" - security_group_id = "${aws_security_group.console.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - to_port = 443 -} diff --git a/data/data/aws/vpc/sg-master.tf b/data/data/aws/vpc/sg-master.tf index 1cbcf48d8f2..6e47a60df44 100644 --- a/data/data/aws/vpc/sg-master.tf +++ b/data/data/aws/vpc/sg-master.tf @@ -11,7 +11,7 @@ resource "aws_security_group_rule" "master_mcs" { security_group_id = "${aws_security_group.master.id}" protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"] from_port = 22623 to_port = 22623 } @@ -41,21 +41,11 @@ resource "aws_security_group_rule" "master_ingress_ssh" { security_group_id = "${aws_security_group.master.id}" protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"] from_port = 22 to_port = 22 } -resource "aws_security_group_rule" "master_ingress_http" { - type = "ingress" - security_group_id = "${aws_security_group.master.id}" - - protocol = "tcp" - cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"] - from_port = 80 - to_port = 80 -} - resource "aws_security_group_rule" "master_ingress_https" { type = "ingress" security_group_id = "${aws_security_group.master.id}" @@ -63,27 +53,7 @@ resource "aws_security_group_rule" "master_ingress_https" { protocol = "tcp" cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"] from_port = 6443 - to_port = 6445 -} - -resource "aws_security_group_rule" "master_ingress_heapster" { - type = "ingress" - security_group_id = "${aws_security_group.master.id}" - - protocol = "tcp" - from_port = 4194 - to_port = 4194 - self = true -} - -resource "aws_security_group_rule" "master_ingress_heapster_from_worker" { - type = "ingress" - security_group_id = "${aws_security_group.master.id}" - source_security_group_id = "${aws_security_group.worker.id}" - - protocol = "tcp" - from_port = 4194 - to_port = 4194 + to_port = 6443 } resource "aws_security_group_rule" "master_ingress_vxlan" { @@ -166,7 +136,7 @@ resource "aws_security_group_rule" "master_ingress_kube_controller_manager_from_ to_port = 10252 } -resource "aws_security_group_rule" "master_ingress_kubelet_insecure" { +resource "aws_security_group_rule" "master_ingress_kubelet_secure" { type = "ingress" security_group_id = "${aws_security_group.master.id}" @@ -176,7 +146,7 @@ resource "aws_security_group_rule" "master_ingress_kubelet_insecure" { self = true } -resource "aws_security_group_rule" "master_ingress_kubelet_insecure_from_worker" { +resource "aws_security_group_rule" "master_ingress_kubelet_secure_from_worker" { type = "ingress" security_group_id = "${aws_security_group.master.id}" source_security_group_id = "${aws_security_group.worker.id}" @@ -186,26 +156,6 @@ resource "aws_security_group_rule" "master_ingress_kubelet_insecure_from_worker" to_port = 10250 } -resource "aws_security_group_rule" "master_ingress_kubelet_secure" { - type = "ingress" - security_group_id = "${aws_security_group.master.id}" - - protocol = "tcp" - from_port = 10255 - to_port = 10255 - self = true -} - -resource "aws_security_group_rule" "master_ingress_kubelet_secure_from_worker" { - type = "ingress" - security_group_id = "${aws_security_group.master.id}" - source_security_group_id = "${aws_security_group.worker.id}" - - protocol = "tcp" - from_port = 10255 - to_port = 10255 -} - resource "aws_security_group_rule" "master_ingress_etcd" { type = "ingress" security_group_id = "${aws_security_group.master.id}" @@ -235,13 +185,3 @@ resource "aws_security_group_rule" "master_ingress_services" { to_port = 32767 self = true } - -resource "aws_security_group_rule" "master_ingress_services_from_console" { - type = "ingress" - security_group_id = "${aws_security_group.master.id}" - source_security_group_id = "${aws_security_group.console.id}" - - protocol = "tcp" - from_port = 30000 - to_port = 32767 -} diff --git a/data/data/aws/vpc/sg-worker.tf b/data/data/aws/vpc/sg-worker.tf index bc25e20d3ac..58d111809d0 100644 --- a/data/data/aws/vpc/sg-worker.tf +++ b/data/data/aws/vpc/sg-worker.tf @@ -31,51 +31,11 @@ resource "aws_security_group_rule" "worker_ingress_ssh" { security_group_id = "${aws_security_group.worker.id}" protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"] from_port = 22 to_port = 22 } -resource "aws_security_group_rule" "worker_ingress_http" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 80 - to_port = 80 -} - -resource "aws_security_group_rule" "worker_ingress_https" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - to_port = 443 -} - -resource "aws_security_group_rule" "worker_ingress_heapster" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - - protocol = "tcp" - from_port = 4194 - to_port = 4194 - self = true -} - -resource "aws_security_group_rule" "worker_ingress_heapster_from_master" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - source_security_group_id = "${aws_security_group.master.id}" - - protocol = "tcp" - from_port = 4194 - to_port = 4194 -} - resource "aws_security_group_rule" "worker_ingress_vxlan" { type = "ingress" security_group_id = "${aws_security_group.worker.id}" @@ -136,26 +96,6 @@ resource "aws_security_group_rule" "worker_ingress_kubelet_insecure_from_master" to_port = 10250 } -resource "aws_security_group_rule" "worker_ingress_kubelet_secure" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - - protocol = "tcp" - from_port = 10255 - to_port = 10255 - self = true -} - -resource "aws_security_group_rule" "worker_ingress_kubelet_secure_from_master" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - source_security_group_id = "${aws_security_group.master.id}" - - protocol = "tcp" - from_port = 10255 - to_port = 10255 -} - resource "aws_security_group_rule" "worker_ingress_services" { type = "ingress" security_group_id = "${aws_security_group.worker.id}" @@ -165,13 +105,3 @@ resource "aws_security_group_rule" "worker_ingress_services" { to_port = 32767 self = true } - -resource "aws_security_group_rule" "worker_ingress_services_from_console" { - type = "ingress" - security_group_id = "${aws_security_group.worker.id}" - source_security_group_id = "${aws_security_group.console.id}" - - protocol = "tcp" - from_port = 30000 - to_port = 32767 -} diff --git a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template index 6d06caa9ecc..4e16218b897 100755 --- a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template +++ b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template @@ -36,10 +36,12 @@ CLUSTER_BOOTSTRAP_IMAGE=$(podman run --quiet --rm ${release} image cluster-boots mkdir --parents ./{bootstrap-manifests,manifests} -if [ ! -d cvo-bootstrap ] +if [ ! -f cvo-bootstrap.done ] then echo "Rendering Cluster Version Operator Manifests..." + rm -rf cvo-bootstrap + # shellcheck disable=SC2154 podman run \ --quiet \ @@ -53,12 +55,16 @@ then cp cvo-bootstrap/manifests/* manifests/ ## FIXME: CVO should use `/etc/kubernetes/bootstrap-secrets/kubeconfig` instead cp auth/kubeconfig /etc/kubernetes/kubeconfig + + touch cvo-bootstrap.done fi -if [ ! -d config-bootstrap ] +if [ ! -f config-bootstrap.done ] then echo "Rendering cluster config manifests..." + rm -rf config-bootstrap + # shellcheck disable=SC2154 podman run \ --quiet \ @@ -70,12 +76,16 @@ then --asset-output-dir=/assets/config-bootstrap cp config-bootstrap/manifests/* manifests/ + + touch config-bootstrap.done fi -if [ ! -d kube-apiserver-bootstrap ] +if [ ! -f kube-apiserver-bootstrap.done ] then echo "Rendering Kubernetes API server core manifests..." + rm -rf kube-apiserver-bootstrap + # shellcheck disable=SC2154 podman run \ --quiet \ @@ -93,12 +103,16 @@ then cp kube-apiserver-bootstrap/config /etc/kubernetes/bootstrap-configs/kube-apiserver-config.yaml cp kube-apiserver-bootstrap/bootstrap-manifests/* bootstrap-manifests/ cp kube-apiserver-bootstrap/manifests/* manifests/ + + touch kube-apiserver-bootstrap.done fi -if [ ! -d kube-controller-manager-bootstrap ] +if [ ! -f kube-controller-manager-bootstrap.done ] then echo "Rendering Kubernetes Controller Manager core manifests..." + rm -rf kube-controller-manager-bootstrap + # shellcheck disable=SC2154 podman run \ --quiet \ @@ -114,12 +128,16 @@ then cp kube-controller-manager-bootstrap/config /etc/kubernetes/bootstrap-configs/kube-controller-manager-config.yaml cp kube-controller-manager-bootstrap/bootstrap-manifests/* bootstrap-manifests/ cp kube-controller-manager-bootstrap/manifests/* manifests/ + + touch kube-controller-manager-bootstrap.done fi -if [ ! -d kube-scheduler-bootstrap ] +if [ ! -f kube-scheduler-bootstrap.done ] then echo "Rendering Kubernetes Scheduler core manifests..." + rm -rf kube-scheduler-bootstrap + # shellcheck disable=SC2154 podman run \ --quiet \ @@ -134,12 +152,16 @@ then cp kube-scheduler-bootstrap/config /etc/kubernetes/bootstrap-configs/kube-scheduler-config.yaml cp kube-scheduler-bootstrap/bootstrap-manifests/* bootstrap-manifests/ cp kube-scheduler-bootstrap/manifests/* manifests/ + + touch kube-scheduler-bootstrap.done fi -if [ ! -d mco-bootstrap ] +if [ ! -f mco-bootstrap.done ] then echo "Rendering MCO manifests..." + rm -rf mco-bootstrap + # shellcheck disable=SC2154 podman run \ --quiet \ @@ -175,6 +197,8 @@ then mkdir --parents /etc/ssl/mcs/ cp tls/machine-config-server.crt /etc/ssl/mcs/tls.crt cp tls/machine-config-server.key /etc/ssl/mcs/tls.key + + touch mco-bootstrap.done fi # We originally wanted to run the etcd cert signer as @@ -216,8 +240,8 @@ until podman run \ --name etcdctl \ --env ETCDCTL_API=3 \ --volume /opt/openshift/tls:/opt/openshift/tls:ro,z \ - "{{.EtcdctlImage}}" \ - /usr/local/bin/etcdctl \ + --entrypoint etcdctl \ + "${MACHINE_CONFIG_ETCD_IMAGE}" \ --dial-timeout=10m \ --cacert=/opt/openshift/tls/etcd-client-ca.crt \ --cert=/opt/openshift/tls/etcd-client.crt \ diff --git a/docs/user/aws/limits.md b/docs/user/aws/limits.md index 9169e796288..1182eca1d03 100644 --- a/docs/user/aws/limits.md +++ b/docs/user/aws/limits.md @@ -57,8 +57,13 @@ the new VPC. If you intend to create more than 20 clusters, you will need to req ## Security Groups -Each cluster creates 10 distinct security groups. The default limit of 2,500 for new accounts allows for many clusters -to be created. +Each cluster creates distinct security groups. The default limit of 2,500 for new accounts allows for many clusters +to be created. The security groups which exist after the default install are: + + 1. VPC default + 1. Master + 1. Worker + 1. Router/Ingress ## Instance Limits diff --git a/hack/build.sh b/hack/build.sh index 8b79ed465e6..16ec11ee1bc 100755 --- a/hack/build.sh +++ b/hack/build.sh @@ -2,6 +2,9 @@ set -ex +RELEASE_IMAGE="${RELEASE_IMAGE:-quay.io/openshift-release-dev/ocp-release:4.0.0-0.6}" +RHCOS_BUILD_NAME="${RELEASE_BUILD_NAME:-47.330}" + # shellcheck disable=SC2068 version() { IFS="."; printf "%03d%03d%03d\\n" $@; unset IFS;} diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index e672bbff029..72abd1c14b4 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -32,7 +32,6 @@ const ( rootDir = "/opt/openshift" bootstrapIgnFilename = "bootstrap.ign" etcdCertSignerImage = "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6" - etcdctlImage = "quay.io/coreos/etcd:v3.3.10" ignitionUser = "core" ) @@ -45,7 +44,6 @@ var ( type bootstrapTemplateData struct { EtcdCertSignerImage string EtcdCluster string - EtcdctlImage string PullSecret string ReleaseImage string } @@ -175,14 +173,13 @@ func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst } releaseImage := defaultReleaseImage - if ri, ok := os.LookupEnv("OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" { + if ri, ok := os.LookupEnv("_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" { logrus.Warn("Found override for ReleaseImage. Please be warned, this is not advised") releaseImage = ri } return &bootstrapTemplateData{ EtcdCertSignerImage: etcdCertSignerImage, - EtcdctlImage: etcdctlImage, PullSecret: installConfig.PullSecret, ReleaseImage: releaseImage, EtcdCluster: strings.Join(etcdEndpoints, ","), diff --git a/pkg/asset/tls/aggregator.go b/pkg/asset/tls/aggregator.go index 02366d9fe93..036c96a9b5d 100644 --- a/pkg/asset/tls/aggregator.go +++ b/pkg/asset/tls/aggregator.go @@ -10,7 +10,7 @@ import ( // AggregatorCA is the asset that generates the aggregator-ca key/cert pair. // [DEPRECATED] type AggregatorCA struct { - SignedCertKey + SelfSignedCertKey } var _ asset.Asset = (*AggregatorCA)(nil) @@ -19,16 +19,11 @@ var _ asset.Asset = (*AggregatorCA)(nil) // the parent CA, and install config if it depends on the install config for // DNS names, etc. func (a *AggregatorCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &RootCA{}, - } + return []asset.Asset{} } // Generate generates the cert/key pair based on its dependencies. func (a *AggregatorCA) Generate(dependencies asset.Parents) error { - rootCA := &RootCA{} - dependencies.Get(rootCA) - cfg := &CertCfg{ Subject: pkix.Name{CommonName: "aggregator", OrganizationalUnit: []string{"bootkube"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, @@ -36,7 +31,7 @@ func (a *AggregatorCA) Generate(dependencies asset.Parents) error { IsCA: true, } - return a.SignedCertKey.Generate(cfg, rootCA, "aggregator-ca", DoNotAppendParent) + return a.SelfSignedCertKey.Generate(cfg, "aggregator-ca") } // Name returns the human-friendly name of the asset. diff --git a/pkg/asset/tls/etcd.go b/pkg/asset/tls/etcd.go index 9870362aca7..3929d9ccd8f 100644 --- a/pkg/asset/tls/etcd.go +++ b/pkg/asset/tls/etcd.go @@ -10,7 +10,7 @@ import ( // EtcdCA is the asset that generates the etcd-ca key/cert pair. // [DEPRECATED] type EtcdCA struct { - SignedCertKey + SelfSignedCertKey } var _ asset.Asset = (*EtcdCA)(nil) @@ -19,16 +19,11 @@ var _ asset.Asset = (*EtcdCA)(nil) // the parent CA, and install config if it depends on the install config for // DNS names, etc. func (a *EtcdCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &RootCA{}, - } + return []asset.Asset{} } // Generate generates the cert/key pair based on its dependencies. func (a *EtcdCA) Generate(dependencies asset.Parents) error { - rootCA := &RootCA{} - dependencies.Get(rootCA) - cfg := &CertCfg{ Subject: pkix.Name{CommonName: "etcd", OrganizationalUnit: []string{"etcd"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, @@ -36,7 +31,7 @@ func (a *EtcdCA) Generate(dependencies asset.Parents) error { IsCA: true, } - return a.SignedCertKey.Generate(cfg, rootCA, "etcd-client-ca", DoNotAppendParent) + return a.SelfSignedCertKey.Generate(cfg, "etcd-client-ca") } // Name returns the human-friendly name of the asset. diff --git a/pkg/types/aws/validation/platform.go b/pkg/types/aws/validation/platform.go index f2f2c058867..6ca7eca6873 100644 --- a/pkg/types/aws/validation/platform.go +++ b/pkg/types/aws/validation/platform.go @@ -15,25 +15,25 @@ var ( Regions = map[string]string{ "ap-northeast-1": "Tokyo", "ap-northeast-2": "Seoul", - "ap-northeast-3": "Osaka-Local", + //"ap-northeast-3": "Osaka-Local", "ap-south-1": "Mumbai", "ap-southeast-1": "Singapore", "ap-southeast-2": "Sydney", "ca-central-1": "Central", - "cn-north-1": "Beijing", - "cn-northwest-1": "Ningxia", - "eu-central-1": "Frankfurt", - "eu-north-1": "Stockholm", - "eu-west-1": "Ireland", - "eu-west-2": "London", - "eu-west-3": "Paris", - "sa-east-1": "São Paulo", - "us-east-1": "N. Virginia", - "us-east-2": "Ohio", - "us-gov-east-1": "AWS GovCloud (US-East)", - "us-gov-west-1": "AWS GovCloud (US-West)", - "us-west-1": "N. California", - "us-west-2": "Oregon", + //"cn-north-1": "Beijing", + //"cn-northwest-1": "Ningxia", + "eu-central-1": "Frankfurt", + //"eu-north-1": "Stockholm", + "eu-west-1": "Ireland", + "eu-west-2": "London", + "eu-west-3": "Paris", + "sa-east-1": "São Paulo", + "us-east-1": "N. Virginia", + "us-east-2": "Ohio", + //"us-gov-east-1": "AWS GovCloud (US-East)", + //"us-gov-west-1": "AWS GovCloud (US-West)", + "us-west-1": "N. California", + "us-west-2": "Oregon", } validRegionValues = func() []string { diff --git a/pkg/types/validation/installconfig.go b/pkg/types/validation/installconfig.go index 8184af366b8..7636b3c791b 100644 --- a/pkg/types/validation/installconfig.go +++ b/pkg/types/validation/installconfig.go @@ -38,8 +38,6 @@ func ValidateInstallConfig(c *types.InstallConfig, openStackValidValuesFetcher o switch v := c.APIVersion; v { case types.InstallConfigVersion: // Current version - case "v1beta1", "v1beta2": - logrus.Warnf("install-config.yaml is using a deprecated version %q. The expected version is %q.", v, types.InstallConfigVersion) default: return field.ErrorList{field.Invalid(field.NewPath("apiVersion"), c.TypeMeta.APIVersion, fmt.Sprintf("install-config version must be %q", types.InstallConfigVersion))} } diff --git a/pkg/types/validation/installconfig_test.go b/pkg/types/validation/installconfig_test.go index 29abd40f338..e0428630dbd 100644 --- a/pkg/types/validation/installconfig_test.go +++ b/pkg/types/validation/installconfig_test.go @@ -326,7 +326,7 @@ func TestValidateInstallConfig(t *testing.T) { } return c }(), - expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-gov-east-1", "us-gov-west-1", "us-west-1", "us-west-2"$`, + expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"$`, }, { name: "valid libvirt platform",