df292749c9
This change removes support for basic authn in v1.19 via the --basic-auth-file flag. This functionality was deprecated in v1.16 in response to ATR-K8S-002: Non-constant time password comparison. Similar functionality is available via the --token-auth-file flag for development purposes. Signed-off-by: Monis Khan <mok@vmware.com>
72 lines
2.6 KiB
Go
72 lines
2.6 KiB
Go
/*
|
|
Copyright 2018 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package app
|
|
|
|
import (
|
|
"net/http"
|
|
goruntime "runtime"
|
|
|
|
genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
|
|
apirequest "k8s.io/apiserver/pkg/endpoints/request"
|
|
apiserver "k8s.io/apiserver/pkg/server"
|
|
genericfilters "k8s.io/apiserver/pkg/server/filters"
|
|
"k8s.io/apiserver/pkg/server/healthz"
|
|
"k8s.io/apiserver/pkg/server/mux"
|
|
"k8s.io/apiserver/pkg/server/routes"
|
|
componentbaseconfig "k8s.io/component-base/config"
|
|
"k8s.io/component-base/metrics/legacyregistry"
|
|
_ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metric registration
|
|
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
|
"k8s.io/kubernetes/pkg/util/configz"
|
|
)
|
|
|
|
// BuildHandlerChain builds a handler chain with a base handler and CompletedConfig.
|
|
func BuildHandlerChain(apiHandler http.Handler, authorizationInfo *apiserver.AuthorizationInfo, authenticationInfo *apiserver.AuthenticationInfo) http.Handler {
|
|
requestInfoResolver := &apirequest.RequestInfoFactory{}
|
|
failedHandler := genericapifilters.Unauthorized(legacyscheme.Codecs)
|
|
|
|
handler := apiHandler
|
|
if authorizationInfo != nil {
|
|
handler = genericapifilters.WithAuthorization(apiHandler, authorizationInfo.Authorizer, legacyscheme.Codecs)
|
|
}
|
|
if authenticationInfo != nil {
|
|
handler = genericapifilters.WithAuthentication(handler, authenticationInfo.Authenticator, failedHandler, nil)
|
|
}
|
|
handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver)
|
|
handler = genericapifilters.WithCacheControl(handler)
|
|
handler = genericfilters.WithPanicRecovery(handler)
|
|
|
|
return handler
|
|
}
|
|
|
|
// NewBaseHandler takes in CompletedConfig and returns a handler.
|
|
func NewBaseHandler(c *componentbaseconfig.DebuggingConfiguration, checks ...healthz.HealthChecker) *mux.PathRecorderMux {
|
|
mux := mux.NewPathRecorderMux("controller-manager")
|
|
healthz.InstallHandler(mux, checks...)
|
|
if c.EnableProfiling {
|
|
routes.Profiling{}.Install(mux)
|
|
if c.EnableContentionProfiling {
|
|
goruntime.SetBlockProfileRate(1)
|
|
}
|
|
}
|
|
configz.InstallHandler(mux)
|
|
//lint:ignore SA1019 See the Metrics Stability Migration KEP
|
|
mux.Handle("/metrics", legacyregistry.Handler())
|
|
|
|
return mux
|
|
}
|