diff --git a/api/v1alpha2/linodemachine_types.go b/api/v1alpha2/linodemachine_types.go
index 2b4d7b076..ea359e544 100644
--- a/api/v1alpha2/linodemachine_types.go
+++ b/api/v1alpha2/linodemachine_types.go
@@ -527,13 +527,6 @@ type LinodeMachineStatus struct {
// +listMapKey=address
Addresses []clusterv1.MachineAddress `json:"addresses,omitempty"`
- // cloudinitMetadataSupport determines whether to use cloud-init or not.
- // Deprecated: Stackscript no longer in use, so this field is not used.
- // +kubebuilder:deprecatedversion:warning="CloudinitMetadataSupport is deprecated"
- // +optional
- // +kubebuilder:default=true
- CloudinitMetadataSupport bool `json:"cloudinitMetadataSupport,omitempty"`
-
// instanceState is the state of the Linode instance for this machine.
// +optional
InstanceState *linodego.InstanceStatus `json:"instanceState,omitempty"`
diff --git a/api/v1alpha2/linodeobjectstoragekey_types.go b/api/v1alpha2/linodeobjectstoragekey_types.go
index 59aa66ed0..fd7e2d71c 100644
--- a/api/v1alpha2/linodeobjectstoragekey_types.go
+++ b/api/v1alpha2/linodeobjectstoragekey_types.go
@@ -89,19 +89,6 @@ type LinodeObjectStorageKeySpec struct {
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
// +required
GeneratedSecret `json:"generatedSecret"`
-
- // secretType instructs the controller what type of secret to generate containing access key details.
- // Deprecated: Use generatedSecret.type.
- // +kubebuilder:validation:Enum=Opaque;addons.cluster.x-k8s.io/resource-set
- // +kubebuilder:deprecatedversion:warning="secretType deprecated by generatedSecret.type"
- // +optional
- SecretType corev1.SecretType `json:"secretType,omitempty"`
-
- // secretDataFormat instructs the controller how to format the data stored in the secret containing access key details.
- // Deprecated: Use generatedSecret.format.
- // +kubebuilder:deprecatedversion:warning="secretDataFormat deprecated by generatedSecret.format"
- // +optional
- SecretDataFormat map[string]string `json:"secretDataFormat,omitempty"`
}
// LinodeObjectStorageKeyStatus defines the observed state of LinodeObjectStorageKey
diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go
index 4162940e2..33d199a7c 100644
--- a/api/v1alpha2/zz_generated.deepcopy.go
+++ b/api/v1alpha2/zz_generated.deepcopy.go
@@ -1424,13 +1424,6 @@ func (in *LinodeObjectStorageKeySpec) DeepCopyInto(out *LinodeObjectStorageKeySp
**out = **in
}
in.GeneratedSecret.DeepCopyInto(&out.GeneratedSecret)
- if in.SecretDataFormat != nil {
- in, out := &in.SecretDataFormat, &out.SecretDataFormat
- *out = make(map[string]string, len(*in))
- for key, val := range *in {
- (*out)[key] = val
- }
- }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinodeObjectStorageKeySpec.
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml
index d026f107b..d0e5a9d32 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml
@@ -937,12 +937,6 @@ spec:
x-kubernetes-list-map-keys:
- address
x-kubernetes-list-type: map
- cloudinitMetadataSupport:
- default: true
- description: |-
- cloudinitMetadataSupport determines whether to use cloud-init or not.
- Deprecated: Stackscript no longer in use, so this field is not used.
- type: boolean
conditions:
description: conditions define the current service state of the LinodeMachine.
items:
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodeobjectstoragekeys.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodeobjectstoragekeys.yaml
index 3eebfbace..a6ed5ec60 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodeobjectstoragekeys.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodeobjectstoragekeys.yaml
@@ -140,21 +140,6 @@ spec:
description: keyGeneration may be modified to trigger a rotation of
the access key.
type: integer
- secretDataFormat:
- additionalProperties:
- type: string
- description: |-
- secretDataFormat instructs the controller how to format the data stored in the secret containing access key details.
- Deprecated: Use generatedSecret.format.
- type: object
- secretType:
- description: |-
- secretType instructs the controller what type of secret to generate containing access key details.
- Deprecated: Use generatedSecret.type.
- enum:
- - Opaque
- - addons.cluster.x-k8s.io/resource-set
- type: string
required:
- bucketAccess
- generatedSecret
diff --git a/docs/src/reference/out.md b/docs/src/reference/out.md
index 51b69f586..4feda4ff3 100644
--- a/docs/src/reference/out.md
+++ b/docs/src/reference/out.md
@@ -723,7 +723,6 @@ _Appears in:_
| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | conditions define the current service state of the LinodeMachine. | | |
| `ready` _boolean_ | ready is true when the provider resource is ready. | false | |
| `addresses` _MachineAddress array_ | addresses contains the Linode instance associated addresses. | | |
-| `cloudinitMetadataSupport` _boolean_ | cloudinitMetadataSupport determines whether to use cloud-init or not.
Deprecated: Stackscript no longer in use, so this field is not used. | true | |
| `instanceState` _[InstanceStatus](#instancestatus)_ | instanceState is the state of the Linode instance for this machine. | | |
| `failureReason` _string_ | failureReason will be set in the event that there is a terminal problem
reconciling the Machine and will contain a succinct value suitable
for machine interpretation.
This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over
time (like service outages), but instead indicate that something is
fundamentally wrong with the Machine's spec or the configuration of
the controller, and that manual intervention is required. Examples
of terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the
responsible controller itself being critically misconfigured.
Any transient errors that occur during the reconciliation of Machines
can be added as events to the Machine object and/or logged in the
controller's output. | | |
| `failureMessage` _string_ | failureMessage will be set in the event that there is a terminal problem
reconciling the Machine and will contain a more verbose string suitable
for logging and human consumption.
This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over
time (like service outages), but instead indicate that something is
fundamentally wrong with the Machine's spec or the configuration of
the controller, and that manual intervention is required. Examples
of terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the
responsible controller itself being critically misconfigured.
Any transient errors that occur during the reconciliation of Machines
can be added as events to the Machine object and/or logged in the
controller's output. | | |
@@ -982,8 +981,6 @@ _Appears in:_
| `credentialsRef` _[SecretReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#secretreference-v1-core)_ | credentialsRef is a reference to a Secret that contains the credentials to use for generating access keys.
If not supplied, then the credentials of the controller will be used. | | |
| `keyGeneration` _integer_ | keyGeneration may be modified to trigger a rotation of the access key. | 0 | |
| `generatedSecret` _[GeneratedSecret](#generatedsecret)_ | generatedSecret configures the Secret to generate containing access key details. | | |
-| `secretType` _[SecretType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#secrettype-v1-core)_ | secretType instructs the controller what type of secret to generate containing access key details.
Deprecated: Use generatedSecret.type. | | Enum: [Opaque addons.cluster.x-k8s.io/resource-set]
|
-| `secretDataFormat` _object (keys:string, values:string)_ | secretDataFormat instructs the controller how to format the data stored in the secret containing access key details.
Deprecated: Use generatedSecret.format. | | |
#### LinodeObjectStorageKeyStatus
diff --git a/e2e/linodeobjectstoragekey-controller/deprecated-secret/assert-capi-resources.yaml b/e2e/linodeobjectstoragekey-controller/deprecated-secret/assert-capi-resources.yaml
deleted file mode 100644
index 8a5b8dbab..000000000
--- a/e2e/linodeobjectstoragekey-controller/deprecated-secret/assert-capi-resources.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: capi-controller-manager
- namespace: capi-system
-status:
- availableReplicas: 1
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: capl-controller-manager
- namespace: capl-system
-status:
- availableReplicas: 1
diff --git a/e2e/linodeobjectstoragekey-controller/deprecated-secret/assert-key-and-secret.yaml b/e2e/linodeobjectstoragekey-controller/deprecated-secret/assert-key-and-secret.yaml
deleted file mode 100644
index a211ea9d6..000000000
--- a/e2e/linodeobjectstoragekey-controller/deprecated-secret/assert-key-and-secret.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
-kind: LinodeObjectStorageKey
-metadata:
- name: ($key)
-spec:
- keyGeneration: 0
-status:
- ready: true
- lastKeyGeneration: 0
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: ($access_secret)
- namespace: default
-data:
- (the_access != null): true
- (the_secret != null): true
diff --git a/e2e/linodeobjectstoragekey-controller/deprecated-secret/chainsaw-test.yaml b/e2e/linodeobjectstoragekey-controller/deprecated-secret/chainsaw-test.yaml
deleted file mode 100755
index 955b8ab1d..000000000
--- a/e2e/linodeobjectstoragekey-controller/deprecated-secret/chainsaw-test.yaml
+++ /dev/null
@@ -1,108 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
-apiVersion: chainsaw.kyverno.io/v1alpha1
-kind: Test
-metadata:
- name: deprecated-secret
- # Label to trigger the test on every PR
- labels:
- all:
- quick:
- linodeobjkey:
- linodeobjkeysecretdep:
-spec:
- bindings:
- # A short identifier for the E2E test run
- - name: run
- value: (join('-', ['e2e', 'deprecated-secret', random('[0-9a-z]{5}')]))
- - name: key
- # Format the key name into a valid Kubernetes object name
- # TODO: This is over-truncated to account for the Kubernetes access key Secret
- value: (trim((truncate(($run), `52`)), '-'))
- - name: access_secret
- value: (join('-', [($key), 'custom']))
- template: true
- steps:
- - name: Check if CAPI provider resources exist
- try:
- - assert:
- file: assert-capi-resources.yaml
- - name: Create bucket
- try:
- - script:
- env:
- - name: URI
- value: object-storage/buckets
- - name: BUCKET_LABEL
- value: ($key)
- content: |
- set -e
-
- curl -s \
- -X POST \
- -H "Authorization: Bearer $LINODE_TOKEN" \
- -H "Content-Type: application/json" \
- -d "{\"label\":\"$BUCKET_LABEL\",\"region\":\"us-sea\"}" \
- "https://api.linode.com/v4/$URI"
- check:
- ($error): ~
- - name: Create LinodeObjectStorageKey
- try:
- - apply:
- file: create-linodeobjectstoragekey.yaml
- - assert:
- file: assert-key-and-secret.yaml
- catch:
- - describe:
- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
- kind: LinodeObjectStorageKey
- - describe:
- apiVersion: v1
- kind: Secret
- namespace: default
- - name: Ensure the access key was created
- try:
- - script:
- env:
- - name: URI
- value: object-storage/keys
- - name: OBJ_KEY
- value: ($key)
- content: |
- set -e
-
- export KEY_ID=$(kubectl -n $NAMESPACE get lobjkey $OBJ_KEY -ojson | jq '.status.accessKeyRef')
-
- curl -s \
- -H "Authorization: Bearer $LINODE_TOKEN" \
- -H "Content-Type: application/json" \
- "https://api.linode.com/v4/$URI/$KEY_ID"
- check:
- ($error): ~
- - name: Delete LinodeObjectStorageKey
- try:
- - delete:
- ref:
- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
- kind: LinodeObjectStorageKey
- name: ($key)
- - name: Check if the LinodeObjectStorageKey and Secret were deleted
- try:
- - error:
- file: check-key-and-secret-deletion.yaml
- - name: Delete bucket
- try:
- - script:
- env:
- - name: URI
- value: object-storage/buckets/us-sea
- - name: BUCKET_LABEL
- value: ($key)
- content: |
- set -e
-
- curl -s \
- -X DELETE \
- -H "Authorization: Bearer $LINODE_TOKEN" \
- "https://api.linode.com/v4/$URI/$BUCKET_LABEL"
- check:
- ($error): ~
\ No newline at end of file
diff --git a/e2e/linodeobjectstoragekey-controller/deprecated-secret/check-key-and-secret-deletion.yaml b/e2e/linodeobjectstoragekey-controller/deprecated-secret/check-key-and-secret-deletion.yaml
deleted file mode 100644
index 20839f86c..000000000
--- a/e2e/linodeobjectstoragekey-controller/deprecated-secret/check-key-and-secret-deletion.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
-kind: LinodeObjectStorageKey
-metadata:
- name: ($key)
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: ($access_secret)
- namespace: default
\ No newline at end of file
diff --git a/e2e/linodeobjectstoragekey-controller/deprecated-secret/create-linodeobjectstoragekey.yaml b/e2e/linodeobjectstoragekey-controller/deprecated-secret/create-linodeobjectstoragekey.yaml
deleted file mode 100644
index 79256c010..000000000
--- a/e2e/linodeobjectstoragekey-controller/deprecated-secret/create-linodeobjectstoragekey.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
-kind: LinodeObjectStorageKey
-metadata:
- name: ($key)
-spec:
- bucketAccess:
- - bucketName: ($key)
- permissions: read_only
- region: us-sea
- secretType: Opaque
- secretDataFormat:
- the_access: "{{ .AccessKey }}"
- the_secret: "{{ .SecretKey }}"
- generatedSecret:
- name: ($access_secret)
- namespace: default
diff --git a/internal/controller/linodeobjectstoragekey_controller_test.go b/internal/controller/linodeobjectstoragekey_controller_test.go
index d23ecedcf..666e43316 100644
--- a/internal/controller/linodeobjectstoragekey_controller_test.go
+++ b/internal/controller/linodeobjectstoragekey_controller_test.go
@@ -255,9 +255,9 @@ var _ = Describe("lifecycle", Ordered, Label("key", "key-lifecycle"), func() {
}),
),
),
- Once("secret type set to cluster resource set fails", func(ctx context.Context, _ Mock) {
+ Once("secret type set to cluster resource set succeeds", func(ctx context.Context, _ Mock) {
key.Spec.Type = clusteraddonsv1.ClusterResourceSetSecretType
- Expect(k8sClient.Update(ctx, &key)).NotTo(Succeed())
+ Expect(k8sClient.Update(ctx, &key)).To(Succeed())
}),
Once("resource is deleted", func(ctx context.Context, _ Mock) {
// nb: client.Delete does not set DeletionTimestamp on the object, so re-fetch from the apiserver.
diff --git a/internal/webhook/v1alpha2/linodeobjectstoragekey_webhook.go b/internal/webhook/v1alpha2/linodeobjectstoragekey_webhook.go
index 4aee5e294..300a69580 100644
--- a/internal/webhook/v1alpha2/linodeobjectstoragekey_webhook.go
+++ b/internal/webhook/v1alpha2/linodeobjectstoragekey_webhook.go
@@ -149,13 +149,5 @@ func (d *LinodeObjectStorageKeyDefaulter) Default(ctx context.Context, obj runti
key.Spec.Namespace = key.Namespace
}
- // Support deprecated fields when specified and updated fields are empty.
- if key.Spec.SecretType != "" && key.Spec.Type == "" {
- key.Spec.Type = key.Spec.SecretType
- }
- if len(key.Spec.SecretDataFormat) > 0 && len(key.Spec.Format) == 0 {
- key.Spec.Format = key.Spec.SecretDataFormat
- }
-
return nil
}