github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

options/authentication: fix serviceaccount TokenGetter with ServiceAccountTokenNodeBindingValidation

Browse Source 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
This commit is contained in:
Dr. Stefan Schimanski
2024-07-21 22:04:38 +02:00
parent dc0bcd62e3
commit b6aebb0e4b
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/kubeapiserver/options/authentication.go
View File

@@ -676,15 +676,15 @@ func (o *BuiltInAuthenticationOptions) ApplyTo(
authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers)
}
// If the optional token getter function is set, use it. Otherwise, use the default token getter.
if o.ServiceAccounts != nil && o.ServiceAccounts.OptionalTokenGetter != nil {
authenticatorConfig.ServiceAccountTokenGetter = o.ServiceAccounts.OptionalTokenGetter(versionedInformer)
} else {
var nodeLister v1listers.NodeLister
if utilfeature.DefaultFeatureGate.Enabled(features.ServiceAccountTokenNodeBindingValidation) {
nodeLister = versionedInformer.Core().V1().Nodes().Lister()
}
// If the optional token getter function is set, use it. Otherwise, use the default token getter.
if o.ServiceAccounts != nil && o.ServiceAccounts.OptionalTokenGetter != nil {
authenticatorConfig.ServiceAccountTokenGetter = o.ServiceAccounts.OptionalTokenGetter(versionedInformer)
} else {
authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(
extclient,
versionedInformer.Core().V1().Secrets().Lister(),