github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

jwt: support opaque signer and push errors to token generator creation

Browse Source
This commit is contained in:
Mike Danese
2018-04-11 11:24:06 -07:00
parent 9ea39419eb
commit e68f14a249
6 changed files with 53 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/kube-apiserver/app/server.go
View File

@@ -360,7 +360,11 @@ func CreateKubeAPIServerConfig(
}
}
issuer = serviceaccount.JWTTokenGenerator(s.Authentication.ServiceAccounts.Issuer, sk)
issuer, err = serviceaccount.JWTTokenGenerator(s.Authentication.ServiceAccounts.Issuer, sk)
if err != nil {
lastErr = fmt.Errorf("failed to build token generator: %v", err)
return
}
apiAudiences = s.Authentication.ServiceAccounts.APIAudiences
maxExpiration = s.Authentication.ServiceAccounts.MaxExpiration
}

6
cmd/kube-controller-manager/app/controllermanager.go
View File

@@ -516,12 +516,16 @@ func (c serviceAccountTokenControllerStarter) startServiceAccountTokenController
rootCA = c.rootClientBuilder.ConfigOrDie("tokens-controller").CAData
}
tokenGenerator, err := serviceaccount.JWTTokenGenerator(serviceaccount.LegacyIssuer, privateKey)
if err != nil {
return nil, false, fmt.Errorf("failed to build token generator: %v", err)
}
controller, err := serviceaccountcontroller.NewTokensController(
ctx.InformerFactory.Core().V1().ServiceAccounts(),
ctx.InformerFactory.Core().V1().Secrets(),
c.rootClientBuilder.ClientOrDie("tokens-controller"),
serviceaccountcontroller.TokensControllerOptions{
TokenGenerator: serviceaccount.JWTTokenGenerator(serviceaccount.LegacyIssuer, privateKey),
TokenGenerator: tokenGenerator,
RootCA: rootCA,
},
)