Skip to content

Commit 203db6c

Browse files
ejona86ejona86
committed
Stabilize security flags
8765051 enabled the security output by default, but didn't end up stabilizing other related flags. Node-metadata is used by endpoint policies to select backends and the x8s security component allows configuring secrets-dir (although we generally expect it to be the default).
1 parent ea8146f commit 203db6c

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

main.go

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ var (
4141
localityZone = flag.String("locality-zone", "", "the locality zone to use, instead of retrieving it from the metadata server. Useful when not running on GCP and/or for testing")
4242
includeV3Features = flag.Bool("include-v3-features-experimental", true, "whether or not to generate configs which works with the xDS v3 implementation in TD. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
4343
includePSMSecurity = flag.Bool("include-psm-security-experimental", true, "whether or not to generate config required for PSM security. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
44-
secretsDir = flag.String("secrets-dir-experimental", "/var/run/secrets/workload-spiffe-credentials", "path to a directory containing TLS certificates and keys required for PSM security. Used only if --include-psm-security-experimental is set. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
44+
secretsDir = flag.String("secrets-dir", "/var/run/secrets/workload-spiffe-credentials", "path to a directory containing TLS certificates and keys required for PSM security")
4545
includeDeploymentInfo = flag.Bool("include-deployment-info-experimental", false, "whether or not to generate config which contains deployment related information. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
4646
gkeClusterName = flag.String("gke-cluster-name-experimental", "", "GKE cluster name to use, instead of retrieving it from the metadata server. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
4747
gkePodName = flag.String("gke-pod-name-experimental", "", "GKE pod name to use, instead of reading it from $HOSTNAME or /etc/hostname file. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
@@ -52,7 +52,13 @@ var (
5252

5353
func main() {
5454
nodeMetadata := make(map[string]string)
55-
flag.CommandLine.Var(newStringMapVal(&nodeMetadata), "node-metadata-experimental", "additional metadata of the form key=value to be included in the node configuration. This flag is EXPERIMENTAL and may be changed or removed in a later release.")
55+
flag.Var(newStringMapVal(&nodeMetadata), "node-metadata",
56+
"additional metadata of the form key=value to be included in the node configuration")
57+
58+
flag.Var(flag.Lookup("secrets-dir").Value, "secrets-dir-experimental",
59+
"alias of secrets-dir. This flag is EXPERIMENTAL and will be removed in a later release")
60+
flag.Var(flag.Lookup("node-metadata").Value, "node-metadata-experimental",
61+
"alias of node-metadata. This flag is EXPERIMENTAL and will be removed in a later release")
5662

5763
flag.Parse()
5864
if *gcpProjectNumber == 0 {

0 commit comments

Comments
 (0)