Revert deprecation of useInsecureCookies in #310

api/v1/ytsaurus_types.go

@@ -480,9 +480,9 @@ type UISpec struct {
 	ServiceType  corev1.ServiceType `json:"serviceType,omitempty"`
 	HttpNodePort *int32             `json:"httpNodePort,omitempty"`
 	// If defined allows insecure (over http) authentication.
-	// Deprecated: use `secure` instead.
+	//+kubebuilder:default:=true
 	//+optional
-	UseInsecureCookies *bool `json:"useInsecureCookies"`
+	UseInsecureCookies bool `json:"useInsecureCookies"`
 	// Use secure connection to the cluster's http-proxies.
 	//+kubebuilder:default:=false
 	//+optional

api/v1/ytsaurus_webhook.go

@@ -401,22 +401,17 @@ func (r *Ytsaurus) validateYQLAgents(*Ytsaurus) field.ErrorList {
 func (r *Ytsaurus) validateUi(*Ytsaurus) field.ErrorList {
 	var allErrors field.ErrorList
 
-	if r.Spec.UI != nil {
-		if r.Spec.UI.UseInsecureCookies != nil && !*r.Spec.UI.UseInsecureCookies && !r.Spec.UI.Secure {
-			allErrors = append(allErrors, field.Invalid(field.NewPath("spec", "ui", "useInsecureCookies"), r.Spec.UI.UseInsecureCookies, "useInsecureCookies is deprecated, use secure instead"))
-		}
-		if r.Spec.UI.Secure {
-			for i, hp := range r.Spec.HTTPProxies {
-				if hp.Role != consts.DefaultHTTPProxyRole {
-					continue
-				}
-				if hp.Transport.HTTPSSecret == nil {
-					allErrors = append(allErrors, field.Required(
-						field.NewPath("spec", "httpProxies").Index(i).Child("transport", "httpsSecret"),
-						fmt.Sprintf("configured HTTPS for proxy with `%s` role is required for ui.secure", consts.DefaultHTTPProxyRole)))
-				}
-				break
+	if r.Spec.UI != nil && r.Spec.UI.Secure {
+		for i, hp := range r.Spec.HTTPProxies {
+			if hp.Role != consts.DefaultHTTPProxyRole {
+				continue
+			}
+			if hp.Transport.HTTPSSecret == nil {
+				allErrors = append(allErrors, field.Required(
+					field.NewPath("spec", "httpProxies").Index(i).Child("transport", "httpsSecret"),
+					fmt.Sprintf("configured HTTPS for proxy with `%s` role is required for ui.secure", consts.DefaultHTTPProxyRole)))
 			}
+			break
 		}
 	}
 

config/crd/bases/cluster.ytsaurus.tech_ytsaurus.yaml

@@ -34566,6 +34566,7 @@ spec:
                     default: lavander
                     type: string
                   useInsecureCookies:
+                    default: true
                     description: If defined allows insecure (over http) authentication.
                     type: boolean
                 type: object

docs/api.md

@@ -1541,7 +1541,7 @@ _Appears in:_
 | `image` _string_ |  |  |  |
 | `serviceType` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ |  | NodePort |  |
 | `httpNodePort` _integer_ |  |  |  |
-| `useInsecureCookies` _boolean_ | If defined allows insecure (over http) authentication.<br />Deprecated: use `secure` instead. |  |  |
+| `useInsecureCookies` _boolean_ | If defined allows insecure (over http) authentication. | true |  |
 | `secure` _boolean_ | Use secure connection to the cluster's http-proxies. | false |  |
 | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#resourcerequirements-v1-core)_ |  |  |  |
 | `instanceCount` _integer_ |  |  |  |

pkg/components/ui.go

@@ -168,7 +168,7 @@ func (u *UI) syncComponents(ctx context.Context) (err error) {
 		},
 	}
 
-	if !ytsaurusResource.Spec.UI.Secure {
+	if ytsaurusResource.Spec.UI.UseInsecureCookies {
 		env = append(env, corev1.EnvVar{
 			Name:  "YT_AUTH_ALLOW_INSECURE",
 			Value: "1",

ytop-chart/templates/ytsaurus-crd.yaml

@@ -34353,6 +34353,7 @@ spec:
                     default: lavander
                     type: string
                   useInsecureCookies:
+                    default: true
                     description: If defined allows insecure (over http) authentication.
                     type: boolean
                 type: object