Remove deprecated flags in v1.26 (#6574)

* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET

Signed-off-by: Derek Nola <derek.nola@suse.com>

README.md

@@ -123,7 +123,7 @@ sudo kubectl get nodes
 
 `K3S_TOKEN` is created at `/var/lib/rancher/k3s/server/node-token` on your server.
 To install on worker nodes, pass `K3S_URL` along with
-`K3S_TOKEN` or `K3S_CLUSTER_SECRET` environment variables, for example:
+`K3S_TOKEN` environment variables, for example:
 
 ```bash
 curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -

install.sh

@@ -18,7 +18,7 @@ set -o noglob
 #     Environment variables which begin with K3S_ will be preserved for the
 #     systemd service to use. Setting K3S_URL without explicitly setting
 #     a systemd exec command will default the command to "agent", and we
-#     enforce that K3S_TOKEN or K3S_CLUSTER_SECRET is also set.
+#     enforce that K3S_TOKEN is also set.
 #
 #   - INSTALL_K3S_SKIP_DOWNLOAD
 #     If set to true will not download k3s hash or binary.
@@ -170,8 +170,8 @@ setup_env() {
             if [ -z "${K3S_URL}" ]; then
                 CMD_K3S=server
             else
-                if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_TOKEN_FILE}" ] && [ -z "${K3S_CLUSTER_SECRET}" ]; then
-                    fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN, K3S_TOKEN_FILE or K3S_CLUSTER_SECRET is not defined."
+                if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_TOKEN_FILE}" ]; then
+                    fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN or K3S_TOKEN_FILE is not defined."
                 fi
                 CMD_K3S=agent
             fi

package/rpm/install.sh

@@ -17,7 +17,7 @@ set -e
 #     Environment variables which begin with K3S_ will be preserved for the
 #     systemd service to use. Setting K3S_URL without explicitly setting
 #     a systemd exec command will default the command to "agent", and we
-#     enforce that K3S_TOKEN or K3S_CLUSTER_SECRET is also set.
+#     enforce that K3S_TOKEN is also set.
 #
 #   - INSTALL_K3S_SKIP_DOWNLOAD
 #     If set to true will not download k3s hash or binary.
@@ -166,8 +166,8 @@ setup_env() {
             if [ -z "${K3S_URL}" ]; then
                 CMD_K3S=server
             else
-                if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_CLUSTER_SECRET}" ]; then
-                    fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN or K3S_CLUSTER_SECRET is not defined."
+                if [ -z "${K3S_TOKEN}" ]; then
+                    fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN is not defined."
                 fi
                 CMD_K3S=agent
             fi

pkg/agent/config/config.go

@@ -340,7 +340,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 	}
 
 	var flannelIface *net.Interface
-	if !envInfo.NoFlannel && len(envInfo.FlannelIface) > 0 {
+	if controlConfig.FlannelBackend != config.FlannelBackendNone && len(envInfo.FlannelIface) > 0 {
 		flannelIface, err = net.InterfaceByName(envInfo.FlannelIface)
 		if err != nil {
 			return nil, errors.Wrapf(err, "unable to find interface")
@@ -512,14 +512,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 		nodeConfig.AgentConfig.NodeExternalIP = nodeExternalIP.String()
 	}
 
-	if nodeConfig.FlannelBackend == config.FlannelBackendNone {
-		nodeConfig.NoFlannel = true
-	} else if envInfo.NoFlannel {
-		logrus.Fatal("no-flannel is deprecated. Use --flannel-backend=none instead.")
-	} else {
-		nodeConfig.NoFlannel = envInfo.NoFlannel
-	}
-
+	nodeConfig.NoFlannel = nodeConfig.FlannelBackend == config.FlannelBackendNone
 	if !nodeConfig.NoFlannel {
 		hostLocal, err := exec.LookPath("host-local")
 		if err != nil {

pkg/agent/flannel/setup.go

@@ -69,15 +69,6 @@ const (
 	"PSK": "%psk%"
 }`
 
-	wireguardBackend = `{
-	"Type": "extension",
-	"PreStartupCommand": "wg genkey | tee %flannelConfDir%/privatekey | wg pubkey",
-	"PostStartupCommand": "export SUBNET_IP=$(echo $SUBNET | cut -d'/' -f 1); ip link del flannel.1 2>/dev/null; echo $PATH >&2; wg-add.sh flannel.1 && wg set flannel.1 listen-port 51820 private-key %flannelConfDir%/privatekey && ip addr add $SUBNET_IP/32 dev flannel.1 && ip link set flannel.1 up && ip route add $NETWORK dev flannel.1",
-	"ShutdownCommand": "ip link del flannel.1",
-	"SubnetAddCommand": "read PUBLICKEY; wg set flannel.1 peer $PUBLICKEY endpoint $PUBLIC_IP:51820 allowed-ips $SUBNET persistent-keepalive 25",
-	"SubnetRemoveCommand": "read PUBLICKEY; wg set flannel.1 peer $PUBLICKEY remove"
-}`
-
 	wireguardNativeBackend = `{
 	"Type": "wireguard",
 	"PersistentKeepaliveInterval": %PersistentKeepaliveInterval%,
@@ -234,8 +225,7 @@ func createFlannelConf(nodeConfig *config.Node) error {
 		}
 		logrus.Warnf("The ipsec backend is deprecated and will be removed in k3s v1.27; please switch to wireguard-native. Check our docs for information on how to migrate.")
 	case config.FlannelBackendWireguard:
-		backendConf = strings.ReplaceAll(wireguardBackend, "%flannelConfDir%", filepath.Dir(nodeConfig.FlannelConfFile))
-		logrus.Warnf("The wireguard backend is deprecated and will be removed in k3s v1.26, please switch to wireguard-native. Check our docs for information about how to migrate.")
+		logrus.Fatalf("The wireguard backend was deprecated in K3s v1.26, please switch to wireguard-native. Check our docs at docs.k3s.io/installation/network-options for information about how to migrate.")
 	case config.FlannelBackendWireguardNative:
 		mode, ok := backendOptions["Mode"]
 		if !ok {

pkg/agent/flannel/setup_test.go

@@ -62,7 +62,7 @@ func Test_createFlannelConf(t *testing.T) {
 		var agent = config.Agent{}
 		agent.ClusterCIDR = stringToCIDR(tt.args)[0]
 		agent.ClusterCIDRs = stringToCIDR(tt.args)
-		var nodeConfig = &config.Node{Docker: false, ContainerRuntimeEndpoint: "", NoFlannel: false, SELinux: false, FlannelBackend: "vxlan", FlannelConfFile: "test_file", FlannelConfOverride: false, FlannelIface: nil, Containerd: containerd, Images: "", AgentConfig: agent, Token: "", Certificate: nil, ServerHTTPSPort: 0}
+		var nodeConfig = &config.Node{Docker: false, ContainerRuntimeEndpoint: "", SELinux: false, FlannelBackend: "vxlan", FlannelConfFile: "test_file", FlannelConfOverride: false, FlannelIface: nil, Containerd: containerd, Images: "", AgentConfig: agent, Token: "", Certificate: nil, ServerHTTPSPort: 0}
 
 		t.Run(tt.name, func(t *testing.T) {
 			if err := createFlannelConf(nodeConfig); (err != nil) != tt.wantErr {

pkg/cli/agent/agent.go

@@ -45,10 +45,6 @@ func Run(ctx *cli.Context) error {
 		cmds.AgentConfig.Token = token
 	}
 
-	if cmds.AgentConfig.Token == "" && cmds.AgentConfig.ClusterSecret != "" {
-		logrus.Fatal("cluster-secret is deprecated. Use --token instead.")
-	}
-
 	if cmds.AgentConfig.Token == "" {
 		return fmt.Errorf("--token is required")
 	}

pkg/cli/cmds/agent.go

@@ -5,7 +5,6 @@ import (
 	"path/filepath"
 
 	"github.com/k3s-io/k3s/pkg/version"
-	"github.com/pkg/errors"
 	"github.com/urfave/cli"
 )
 
@@ -28,7 +27,6 @@ type Agent struct {
 	Snapshotter              string
 	Docker                   bool
 	ContainerRuntimeEndpoint string
-	NoFlannel                bool
 	FlannelIface             string
 	FlannelConf              string
 	FlannelCniConfFile       string
@@ -191,35 +189,13 @@ var (
 		Destination: &AgentConfig.ImageCredProvConfig,
 		Value:       "/var/lib/rancher/credentialprovider/config.yaml",
 	}
-	DisableSELinuxFlag = cli.BoolTFlag{
-		Name:   "disable-selinux",
-		Usage:  "(deprecated) Use --selinux to explicitly enable SELinux",
-		Hidden: true,
-	}
-	FlannelFlag = cli.BoolFlag{
-		Hidden:      true,
-		Name:        "no-flannel",
-		Usage:       "(deprecated) use --flannel-backend=none",
-		Destination: &AgentConfig.NoFlannel,
-	}
 )
 
-func CheckSELinuxFlags(ctx *cli.Context) error {
-	disable, enable := DisableSELinuxFlag.Name, SELinuxFlag.Name
-	switch {
-	case ctx.IsSet(disable) && ctx.IsSet(enable):
-		return errors.Errorf("--%s is deprecated in favor of --%s to affirmatively enable it in containerd", disable, enable)
-	case ctx.IsSet(disable):
-		AgentConfig.EnableSELinux = !ctx.Bool(disable)
-	}
-	return nil
-}
 func NewAgentCommand(action func(ctx *cli.Context) error) cli.Command {
 	return cli.Command{
 		Name:      "agent",
 		Usage:     "Run node agent",
 		UsageText: appName + " agent [OPTIONS]",
-		Before:    CheckSELinuxFlags,
 		Action:    action,
 		Flags: []cli.Flag{
 			ConfigFlag,
@@ -277,16 +253,7 @@ func NewAgentCommand(action func(ctx *cli.Context) error) cli.Command {
 			},
 			PreferBundledBin,
 			// Deprecated/hidden below
-			&DisableSELinuxFlag,
 			DockerFlag,
-			FlannelFlag,
-			cli.StringFlag{
-				Name:        "cluster-secret",
-				Usage:       "(deprecated) use --token",
-				Destination: &AgentConfig.ClusterSecret,
-				EnvVar:      version.ProgramUpper + "_CLUSTER_SECRET",
-				Hidden:      true,
-			},
 		},
 	}
 }

pkg/cli/cmds/server.go

@@ -249,7 +249,7 @@ var ServerFlags = []cli.Flag{
 	ServerToken,
 	cli.StringFlag{
 		Name:        "token-file",
-		Usage:       "(cluster) File containing the cluster-secret/token",
+		Usage:       "(cluster) File containing the token",
 		Destination: &ServerConfig.TokenFile,
 		EnvVar:      version.ProgramUpper + "_TOKEN_FILE",
 	},
@@ -520,20 +520,6 @@ var ServerFlags = []cli.Flag{
 
 	// Hidden/Deprecated flags below
 
-	&DisableSELinuxFlag,
-	FlannelFlag,
-	cli.StringSliceFlag{
-		Name:   "no-deploy",
-		Usage:  "(deprecated) Do not deploy packaged components (valid items: " + DisableItems + ")",
-		Hidden: true,
-	},
-	cli.StringFlag{
-		Name:        "cluster-secret",
-		Usage:       "(deprecated) use --token",
-		Destination: &ServerConfig.ClusterSecret,
-		EnvVar:      version.ProgramUpper + "_CLUSTER_SECRET",
-		Hidden:      true,
-	},
 	cli.BoolFlag{
 		Name:        "disable-agent",
 		Usage:       "Do not run a local agent and register a local kubelet",
@@ -559,7 +545,6 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command {
 		Name:      "server",
 		Usage:     "Run management server",
 		UsageText: appName + " server [OPTIONS]",
-		Before:    CheckSELinuxFlags,
 		Action:    action,
 		Flags:     ServerFlags,
 	}

pkg/cli/server/server.go

@@ -91,10 +91,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 		}
 	}
 
-	if cfg.Token == "" && cfg.ClusterSecret != "" {
-		logrus.Fatal("cluster-secret is deprecated. Use --token instead.")
-	}
-
 	agentReady := make(chan struct{})
 
 	serverConfig := server.Config{}
@@ -352,9 +348,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 	}
 
 	serverConfig.ControlConfig.Skips = map[string]bool{}
-	if noDeploy := app.StringSlice("no-deploy"); len(noDeploy) > 0 {
-		logrus.Fatal("no-deploy flag is deprecated. Use --disable instead.")
-	}
 	serverConfig.ControlConfig.Disables = map[string]bool{}
 	for _, disable := range app.StringSlice("disable") {
 		for _, v := range strings.Split(disable, ",") {

pkg/nodeconfig/nodeconfig.go

@@ -129,7 +129,6 @@ func isSecret(key string) bool {
 		"-t",
 		"--agent-token",
 		"--datastore-endpoint",
-		"--cluster-secret",
 		"--etcd-s3-access-key",
 		"--etcd-s3-secret-key",
 	}

pkg/nodeconfig/nodeconfig_test.go

@@ -28,16 +28,16 @@ var FakeNodeWithAnnotation = &corev1.Node{
 	ObjectMeta: metav1.ObjectMeta{
 		Name: "fakeNode-with-annotation",
 		Annotations: map[string]string{
-			NodeArgsAnnotation:       `["server","--no-flannel"]`,
+			NodeArgsAnnotation:       `["server","--flannel-backend=none"]`,
 			NodeEnvAnnotation:        `{"` + TestEnvName + `":"fakeNode-with-annotation"}`,
-			NodeConfigHashAnnotation: "LNQOAOIMOQIBRMEMACW7LYHXUNPZADF6RFGOSPIHJCOS47UVUJAA====",
+			NodeConfigHashAnnotation: "5E6GSWFRVCOEB3BFFVXKWVD7IQEVJFJAALHPOTCLV7SL33N6SIYA====",
 		},
 	},
 }
 
 func Test_UnitSetExistingNodeConfigAnnotations(t *testing.T) {
 	// adding same config
-	os.Args = []string{version.Program, "server", "--no-flannel"}
+	os.Args = []string{version.Program, "server", "--flannel-backend=none"}
 	os.Setenv(version.ProgramUpper+"_NODE_NAME", "fakeNode-with-annotation")
 	nodeUpdated, err := SetNodeConfigAnnotations(FakeNodeWithAnnotation)
 	if err != nil {
@@ -73,21 +73,21 @@ func Test_UnitSetNodeConfigAnnotations(t *testing.T) {
 			name: "Set empty NodeConfigAnnotations",
 			args: args{
 				node:   FakeNodeWithAnnotation,
-				osArgs: []string{version.Program, "server", "--no-flannel"},
+				osArgs: []string{version.Program, "server", "--flannel-backend=none"},
 			},
 			want:               true,
-			wantNodeArgs:       `["server","--no-flannel"]`,
+			wantNodeArgs:       `["server","--flannel-backend","none"]`,
 			wantNodeEnv:        `{"` + TestEnvName + `":"fakeNode-with-no-annotation"}`,
-			wantNodeConfigHash: "FBV4UQYLF2N7NH7EK42GKOTU5YA24TXB4WAYZHA5ZOFNGZHC4ZPA====",
+			wantNodeConfigHash: "DRWW63TXZZGSKLARSFZLNSJ3RZ6VR7LQ46WPKZMSLTSGNI2J42WA====",
 		},
 		{
 			name: "Set args with equal",
 			args: args{
 				node:   FakeNodeWithNoAnnotation,
-				osArgs: []string{version.Program, "server", "--no-flannel", "--write-kubeconfig-mode=777"},
+				osArgs: []string{version.Program, "server", "--flannel-backend=none", "--write-kubeconfig-mode=777"},
 			},
 			want:         true,
-			wantNodeArgs: `["server","--no-flannel","--write-kubeconfig-mode","777"]`,
+			wantNodeArgs: `["server","--flannel-backend","none","--write-kubeconfig-mode","777"]`,
 			wantNodeEnv:  `{"` + TestEnvName + `":"fakeNode-with-no-annotation"}`,
 		},
 	}