github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #71816 from liggitt/service-account-lookup

Browse Source 
Look up service accounts from informer before trying live lookup
This commit is contained in:
Kubernetes Prow Robot
2018-12-31 21:18:55 -08:00
committed by GitHub
parent 7284660483 a9dc919f82
commit 6e182ed5ea
7 changed files with 105 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/kube-apiserver/app/server.go
View File

@@ -504,7 +504,12 @@ func buildGenericConfig(
func BuildAuthenticator(s *options.ServerRunOptions, extclient clientgoclientset.Interface, versionedInformer clientgoinformers.SharedInformerFactory) (authenticator.Request, *spec.SecurityDefinitions, error) {
authenticatorConfig := s.Authentication.ToAuthenticationConfig()
if s.Authentication.ServiceAccounts.Lookup {
authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(extclient)
authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(
extclient,
versionedInformer.Core().V1().Secrets().Lister(),
versionedInformer.Core().V1().ServiceAccounts().Lister(),
versionedInformer.Core().V1().Pods().Lister(),
)
}
authenticatorConfig.BootstrapTokenAuthenticator = bootstrap.NewTokenAuthenticator(
versionedInformer.Core().V1().Secrets().Lister().Secrets(v1.NamespaceSystem),