thorw error if webhook retry backoof is not specified

pkg/kubeapiserver/authenticator/BUILD

@@ -26,7 +26,6 @@ go_library(
         "//staging/src/k8s.io/apiserver/pkg/authentication/token/tokenfile:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/authentication/token/union:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
         "//staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc:go_default_library",
         "//staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook:go_default_library",
         "//staging/src/k8s.io/client-go/plugin/pkg/client/auth:go_default_library",

pkg/kubeapiserver/authenticator/config.go

@@ -17,6 +17,7 @@ limitations under the License.
 package authenticator
 
 import (
+	"errors"
 	"time"
 
 	"github.com/go-openapi/spec"
@@ -36,7 +37,6 @@ import (
 	"k8s.io/apiserver/pkg/authentication/token/tokenfile"
 	tokenunion "k8s.io/apiserver/pkg/authentication/token/union"
 	"k8s.io/apiserver/pkg/server/dynamiccertificates"
-	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
 
@@ -286,13 +286,11 @@ func newServiceAccountAuthenticator(iss string, keyfiles []string, apiAudiences
 }
 
 func newWebhookTokenAuthenticator(config Config) (authenticator.Token, error) {
-	// Provide a default if WebhookRetryBackoff has not been set by the user.
+	if config.WebhookRetryBackoff == nil {
-	retryBackoff := config.WebhookRetryBackoff
+		return nil, errors.New("retry backoff parameters for authentication webhook has not been specified")
-	if retryBackoff == nil {
-		retryBackoff = genericoptions.DefaultAuthWebhookRetryBackoff()
 	}
 
-	webhookTokenAuthenticator, err := webhook.New(config.WebhookTokenAuthnConfigFile, config.WebhookTokenAuthnVersion, config.APIAudiences, *retryBackoff, config.CustomDial)
+	webhookTokenAuthenticator, err := webhook.New(config.WebhookTokenAuthnConfigFile, config.WebhookTokenAuthnVersion, config.APIAudiences, *config.WebhookRetryBackoff, config.CustomDial)
 	if err != nil {
 		return nil, err
 	}

pkg/kubeapiserver/authorizer/BUILD

@@ -21,7 +21,6 @@ go_library(
         "//staging/src/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/authorization/authorizerfactory:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/authorization/union:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
         "//staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook:go_default_library",
         "//staging/src/k8s.io/client-go/informers:go_default_library",
     ],

pkg/kubeapiserver/authorizer/config.go

@@ -17,6 +17,7 @@ limitations under the License.
 package authorizer
 
 import (
+	"errors"
 	"fmt"
 	"time"
 
@@ -25,7 +26,6 @@ import (
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"k8s.io/apiserver/pkg/authorization/authorizerfactory"
 	"k8s.io/apiserver/pkg/authorization/union"
-	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/plugin/pkg/authorizer/webhook"
 	versionedinformers "k8s.io/client-go/informers"
 	"k8s.io/kubernetes/pkg/auth/authorizer/abac"
@@ -110,17 +110,14 @@ func (config Config) New() (authorizer.Authorizer, authorizer.RuleResolver, erro
 			authorizers = append(authorizers, abacAuthorizer)
 			ruleResolvers = append(ruleResolvers, abacAuthorizer)
 		case modes.ModeWebhook:
-			// Provide a default if WebhookRetryBackoff has not been set by the user.
+			if config.WebhookRetryBackoff == nil {
-			retryBackoff := config.WebhookRetryBackoff
+				return nil, nil, errors.New("retry backoff parameters for authorization webhook has not been specified")
-			if retryBackoff == nil {
-				retryBackoff = genericoptions.DefaultAuthWebhookRetryBackoff()
 			}
-
 			webhookAuthorizer, err := webhook.New(config.WebhookConfigFile,
 				config.WebhookVersion,
 				config.WebhookCacheAuthorizedTTL,
 				config.WebhookCacheUnauthorizedTTL,
-				*retryBackoff,
+				*config.WebhookRetryBackoff,
 				config.CustomDial)
 			if err != nil {
 				return nil, nil, err

staging/src/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go

@@ -85,13 +85,10 @@ func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.Secur
 	}
 
 	if c.TokenAccessReviewClient != nil {
-		// Provide a default if WebhookRetryBackoff has not been set by the user.
+		if c.WebhookRetryBackoff == nil {
-		retryBackoff := c.WebhookRetryBackoff
+			return nil, nil, errors.New("retry backoff parameters for delegating authentication webhook has not been specified")
-		if retryBackoff == nil {
-			retryBackoff = webhooktoken.DefaultRetryBackoff()
 		}
-
+		tokenAuth, err := webhooktoken.NewFromInterface(c.TokenAccessReviewClient, c.APIAudiences, *c.WebhookRetryBackoff)
-		tokenAuth, err := webhooktoken.NewFromInterface(c.TokenAccessReviewClient, c.APIAudiences, *retryBackoff)
 		if err != nil {
 			return nil, nil, err
 		}

staging/src/k8s.io/apiserver/pkg/authorization/authorizerfactory/delegating.go

@@ -17,6 +17,7 @@ limitations under the License.
 package authorizerfactory
 
 import (
+	"errors"
 	"time"
 
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -44,16 +45,14 @@ type DelegatingAuthorizerConfig struct {
 }
 
 func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error) {
-	// Provide a default if WebhookRetryBackoff has not been set by the user.
+	if c.WebhookRetryBackoff == nil {
-	retryBackoff := c.WebhookRetryBackoff
+		return nil, errors.New("retry backoff parameters for delegating authorization webhook has not been specified")
-	if retryBackoff == nil {
-		retryBackoff = webhook.DefaultRetryBackoff()
 	}
 
 	return webhook.NewFromInterface(
 		c.SubjectAccessReviewClient,
 		c.AllowCacheTTL,
 		c.DenyCacheTTL,
-		*retryBackoff,
+		*c.WebhookRetryBackoff,
 	)
 }