github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add LRU Expire cache to webhook authorizer.

Browse Source
This commit is contained in:
CJ Cullen
2016-05-14 17:47:26 -07:00
parent 346f965871
commit d03dbbcc14
6 changed files with 53 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/apiserver/authz.go
View File

@@ -19,6 +19,7 @@ package apiserver
import (
"errors"
"fmt"
"time"
"k8s.io/kubernetes/pkg/auth/authorizer"
"k8s.io/kubernetes/pkg/auth/authorizer/abac"
@@ -77,6 +78,10 @@ type AuthorizationConfig struct {
// Kubeconfig file for Webhook authorization plugin.
WebhookConfigFile string
// TTL for caching of authorized responses from the webhook server.
WebhookCacheAuthorizedTTL time.Duration
// TTL for caching of unauthorized responses from the webhook server.
WebhookCacheUnauthorizedTTL time.Duration
}
// NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects
@@ -114,7 +119,9 @@ func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config Au
if config.WebhookConfigFile == "" {
return nil, errors.New("Webhook's configuration file not passed")
}
webhookAuthorizer, err := webhook.New(config.WebhookConfigFile)
webhookAuthorizer, err := webhook.New(config.WebhookConfigFile,
config.WebhookCacheAuthorizedTTL,
config.WebhookCacheUnauthorizedTTL)
if err != nil {
return nil, err
}