[k8s-keystone-auth] Invalid args in keystone auth examples

[addyess]

The Example deployment for k8s-keystone-auth fails because of missing arguments in provider-os/k8s-keystone-auth:v1.28.1

https://github.com/kubernetes/cloud-provider-openstack/blob/fdba36babb2c4b46e759c99cca50ac7eba2ee06f/examples/webhook/keystone-deployment.yaml#L22-L31

Logs when the pod starts

2023/11/03 13:30:22 Running command:                                                                                                                                                                                                                                              
Command env: (log-file=, also-stdout=false, redirect-stderr=true)                                                                                                                                                                                                                 
Run from directory:                                                                                                                                                                                                                                                               
Executable path: ./bin/k8s-keystone-auth                                                                                                                                                                                                                                          
Args (comma-delimited): ./bin/k8s-keystone-auth,--tls-cert-file,/etc/pki/tls.crt,--tls-private-key-file,/etc/pki/tls.key,--policy-configmap-name,k8s-auth-policy,--keystone-url,http://10.246.154.17:5000/v3                                                                      
2023/11/03 13:30:22 Now listening for interrupts                                                                                                                                                                                                                                  
unknown flag: --tls-cert-file                                                                                                                                                                                                                                                     
Usage of ./bin/k8s-keystone-auth:                                                                                                                                                                                                                                                 
      --log-flush-frequency duration   Maximum number of seconds between log flushes (default 5s)                                                                                                                                                                                 
      --user-agent stringArray         Extra data to add to gophercloud user-agent. Use multiple times to add more than one component.                                                                                                                                            
  -v, --v Level                        number for the log level verbosity                                                                                                                                                                                                         
      --version                        Show current version and exit                                                                                                                                                                                                              
      --vmodule moduleSpec             comma-separated list of pattern=N settings for file-filtered logging (only works for the default text log format)                                                                                                                          
unknown flag: --tls-cert-file                                                                                                                                                                                                                                                     
2023/11/03 13:30:22 running command: exit status 2                                                                                                                                                                                                                                
Stream closed EOF for kube-system/k8s-keystone-auth-5b99f99956-6qg7l (k8s-keystone-auth) 

[addyess]

it is possible to set all of these with env variables:

        args:
        - ./bin/k8s-keystone-auth
        env:
        - name: OS_AUTH_URL
          value: http://<my-keystone-ip>:5000/v3
        - name: TLS_CERT_FILE
          value: /etc/pki/tls.crt
        - name: TLS_PRIVATE_KEY_FILE
          value: /etc/pki/tls.key
        - name: KEYSTONE_POLICY_CONFIGMAP_NAME
          value: k8s-auth-policy

[dulek]

@stephenfin do you think your commit might have affected this?

[jichenjc]

I rebuilt the exec file and seems it's supported?

CGO_ENABLED=0 GOOS=linux GOARCH= GOPROXY=https://proxy.golang.org,direct go build \
        -trimpath \
        -ldflags "-w -s -X 'k8s.io/component-base/version.gitVersion=v1.27.0-alpha.0-127-gfdba36ba' -X 'k8s.io/cloud-provider-openstack/pkg/version.Version=v1.27.0-alpha.0-127-gfdba36ba'" \
        -o k8s-keystone-auth \
        cmd/k8s-keystone-auth/main.go

[root@ocp2 cloud-provider-openstack]# ./k8s-keystone-auth  -h
Usage of ./k8s-keystone-auth:
      --keystone-ca-file string        File containing the certificate authority for Keystone Service.
      --keystone-policy-file string    File containing the policy, if provided, it takes precedence over the policy configmap.
      --keystone-url string            URL for the OpenStack Keystone API
      --kubeconfig string              Kubeconfig file used to connect to Kubernetes API to get policy configmap. If the service is running inside the pod, this option is not necessary, will use in-cluster config instead.
      --listen string                  <address>:<port> to listen on (default "0.0.0.0:8443")
      --log-flush-frequency duration   Maximum number of seconds between log flushes (default 5s)
      --policy-configmap-name string   ConfigMap in kube-system namespace containing the policy configuration, the ConfigMap data must contain the key 'policies'
      --sync-config-file string        File containing config values for data synchronization beetween Keystone and Kubernetes.
      --sync-configmap-name string     ConfigMap in kube-system namespace containing config values for data synchronization beetween Keystone and Kubernetes.
      --tls-cert-file string           File containing the default x509 Certificate for HTTPS.
      --tls-private-key-file string    File containing the default x509 private key matching --tls-cert-file.
      --user-agent stringArray         Extra data to add to gophercloud user-agent. Use multiple times to add more than one component.
  -v, --v Level                        number for the log level verbosity
      --version                        Show current version and exit
      --vmodule moduleSpec             comma-separated list of pattern=N settings for file-filtered logging (only works for the default text log format)
pflag: help requested

[stephenfin]

@stephenfin do you think your commit might have affected this?

Yup, this was me. Looks like I broke this with f6ca48ee768260444db6762447f1cd071f52b6fd but fixed it again with one of the commits that was squashed into #2325, de63646776be513fb1365d01c7a5ce4693f0fcb8. I'll see if I can propose a backport.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[addyess]

/remove-lifecycle stale

[stephenfin]

This was resolved in https://github.com/kubernetes/cloud-provider-openstack/pull/2467 but we have yet to release that. I don't know why this hasn't been marked as closed by us merging that PR either: perhaps we need to have a release cut first?

[jichenjc]

/close

per above , I guess we don't have fix=>release=>validate=>close process ,so let's close then if needed, let's reopen

[k8s-ci-robot]

@jichenjc: Closing this issue.

In response to [this](https://github.com/kubernetes/cloud-provider-openstack/issues/2464#issuecomment-1951821871): >/close > >per above , I guess we don't have fix=>release=>validate=>close process ,so let's close then if needed, let's reopen Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.