use in-cluster kubeconfig for genericapiserver
This commit is contained in:
deads2k
@@ -399,7 +399,9 @@ func (c *Config) ApplyDelegatingAuthenticationOptions(o *options.DelegatingAuthe
|
||||
}
|
||||
|
||||
c.Authenticator = authenticator
|
||||
c.OpenAPIConfig.SecurityDefinitions = securityDefinitions
|
||||
if c.OpenAPIConfig != nil {
|
||||
c.OpenAPIConfig.SecurityDefinitions = securityDefinitions
|
||||
}
|
||||
c.SupportsBasicAuth = false
|
||||
|
||||
return c, nil
|
||||
|
||||
@@ -25,6 +25,7 @@ go_library(
|
||||
"//pkg/apiserver/authenticator:go_default_library",
|
||||
"//pkg/client/clientset_generated/clientset/typed/authentication/v1beta1:go_default_library",
|
||||
"//pkg/client/clientset_generated/clientset/typed/authorization/v1beta1:go_default_library",
|
||||
"//pkg/client/restclient:go_default_library",
|
||||
"//pkg/client/unversioned/clientcmd:go_default_library",
|
||||
"//pkg/controller/informers:go_default_library",
|
||||
"//pkg/genericapiserver/authorizer:go_default_library",
|
||||
|
||||
@@ -23,6 +23,7 @@ import (
|
||||
|
||||
"k8s.io/kubernetes/pkg/apiserver/authenticator"
|
||||
authenticationclient "k8s.io/kubernetes/pkg/client/clientset_generated/clientset/typed/authentication/v1beta1"
|
||||
"k8s.io/kubernetes/pkg/client/restclient"
|
||||
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
|
||||
)
|
||||
|
||||
@@ -411,17 +412,23 @@ func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticato
|
||||
}
|
||||
|
||||
func (s *DelegatingAuthenticationOptions) newTokenAccessReview() (authenticationclient.TokenReviewInterface, error) {
|
||||
if len(s.RemoteKubeConfigFile) == 0 {
|
||||
return nil, nil
|
||||
var clientConfig *restclient.Config
|
||||
var err error
|
||||
if len(s.RemoteKubeConfigFile) > 0 {
|
||||
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile}
|
||||
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
|
||||
|
||||
clientConfig, err = loader.ClientConfig()
|
||||
|
||||
} else {
|
||||
// without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will
|
||||
// use this path
|
||||
clientConfig, err = restclient.InClusterConfig()
|
||||
}
|
||||
|
||||
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile}
|
||||
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
|
||||
|
||||
clientConfig, err := loader.ClientConfig()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// set high qps/burst limits since this will effectively limit API server responsiveness
|
||||
clientConfig.QPS = 200
|
||||
clientConfig.Burst = 400
|
||||
|
||||
@@ -23,6 +23,7 @@ import (
|
||||
"github.com/spf13/pflag"
|
||||
|
||||
authorizationclient "k8s.io/kubernetes/pkg/client/clientset_generated/clientset/typed/authorization/v1beta1"
|
||||
"k8s.io/kubernetes/pkg/client/restclient"
|
||||
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
|
||||
"k8s.io/kubernetes/pkg/controller/informers"
|
||||
"k8s.io/kubernetes/pkg/genericapiserver/authorizer"
|
||||
@@ -151,17 +152,23 @@ func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizer.Del
|
||||
}
|
||||
|
||||
func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorizationclient.SubjectAccessReviewInterface, error) {
|
||||
if len(s.RemoteKubeConfigFile) == 0 {
|
||||
return nil, nil
|
||||
var clientConfig *restclient.Config
|
||||
var err error
|
||||
if len(s.RemoteKubeConfigFile) > 0 {
|
||||
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile}
|
||||
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
|
||||
|
||||
clientConfig, err = loader.ClientConfig()
|
||||
|
||||
} else {
|
||||
// without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will
|
||||
// use this path
|
||||
clientConfig, err = restclient.InClusterConfig()
|
||||
}
|
||||
|
||||
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile}
|
||||
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
|
||||
|
||||
clientConfig, err := loader.ClientConfig()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// set high qps/burst limits since this will effectively limit API server responsiveness
|
||||
clientConfig.QPS = 200
|
||||
clientConfig.Burst = 400
|
||||
|
||||
Reference in New Issue
Block a user