chore: remove service.beta.kubernetes.io/azure-shared-securityrule#10168
chore: remove service.beta.kubernetes.io/azure-shared-securityrule#10168YurDuiachenko wants to merge 1 commit intokubernetes-sigs:masterfrom
Conversation
|
Hi @YurDuiachenko. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: YurDuiachenko The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
closes #9905 |
|
/assign nilo19 |
|
/assign JoelSpeed |
|
also removed from docs MicrosoftDocs/azure-aks-docs#410 |
There was a problem hiding this comment.
Pull request overview
Removes the deprecated service.beta.kubernetes.io/azure-shared-securityrule Service annotation and all in-repo references to it, including related helper logic and test coverage.
Changes:
- Deleted the
ServiceAnnotationSharedSecurityRuleconstant and its documentation. - Removed
useSharedSecurityRule(...)and simplifiedgetSecurityRuleName(...)to always use the per-service rule prefix. - Updated unit/e2e tests to stop setting or validating the deprecated annotation behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/e2e/network/ensureloadbalancer.go | Stops setting the deprecated shared-security-rule annotation in the e2e scenario. |
| pkg/provider/azure_standard_test.go | Removes the unit test case that depended on the shared-rule naming behavior. |
| pkg/provider/azure_standard.go | Simplifies security rule naming by removing the shared-rule branch. |
| pkg/provider/azure_loadbalancer.go | Deletes the now-unused useSharedSecurityRule helper. |
| pkg/consts/consts.go | Removes the deprecated annotation constant and associated comments. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@nilo19 can you take a look? |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // ServiceAnnotationDNSLabelName is the annotation used on the service | ||
| // to specify the DNS label name for the service. | ||
| ServiceAnnotationDNSLabelName = "service.beta.kubernetes.io/azure-dns-label-name" | ||
|
|
||
| // ServiceAnnotationSharedSecurityRule is the annotation used on the service | ||
| // to specify that the service should be exposed using an Azure security rule | ||
| // that may be shared with other service, trading specificity of rules for an | ||
| // increase in the number of services that can be exposed. This relies on the | ||
| // Azure "augmented security rules" feature. | ||
| ServiceAnnotationSharedSecurityRule = "service.beta.kubernetes.io/azure-shared-securityrule" | ||
|
|
||
| // ServiceAnnotationLoadBalancerResourceGroup is the annotation used on the service | ||
| // to specify the resource group of load balancer objects that are not in the same resource group as the cluster. | ||
| ServiceAnnotationLoadBalancerResourceGroup = "service.beta.kubernetes.io/azure-load-balancer-resource-group" |
There was a problem hiding this comment.
This change removes support for a previously recognized Service annotation. Even if it was deprecated, this is still a user-facing behavioral change for clusters/services that still set it (it will now be ignored and security rule names will change). Please add an explicit release note and/or upgrade/migration note, or (if desired) retain a compatibility shim that detects the raw annotation key and logs a warning to help users discover the removal.
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Removes the deprecated annotation service.beta.kubernetes.io/azure-shared-securityrule
Which issue(s) this PR fixes:
NONE
Special notes for your reviewer:
NONE
Does this PR introduce a user-facing change?