scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 11:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver

Browse Source
This commit is contained in:
p0lyn0mial
2017-09-27 22:05:34 +02:00
parent cd37a28fa5
commit 475493ced6
15 changed files with 98 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
cmd/kube-apiserver/app/server.go
View File

@@ -467,9 +467,28 @@ func BuildGenericConfig(s *options.ServerRunOptions, proxyTransport *http.Transp
return nil, nil, nil, nil, nil, fmt.Errorf("failed to create admission plugin initializer: %v", err)
}
// TODO: this is the wrong cert/key pair.
// Given the generic case of webhook admission from a generic apiserver,
// this key pair should be signed by the the API server's client CA.
// Read client cert/key for plugins that need to make calls out
certBytes, keyBytes := []byte{}, []byte{}
if len(s.ProxyClientCertFile) > 0 && len(s.ProxyClientKeyFile) > 0 {
var err error
certBytes, err = ioutil.ReadFile(s.ProxyClientCertFile)
if err != nil {
return nil, nil, nil, nil, nil, fmt.Errorf("failed to read proxy client cert file from: %s, err: %v", s.ProxyClientCertFile, err)
}
keyBytes, err = ioutil.ReadFile(s.ProxyClientKeyFile)
if err != nil {
return nil, nil, nil, nil, nil, fmt.Errorf("failed to read proxy client key file from: %s, err: %v", s.ProxyClientKeyFile, err)
}
}
err = s.Admission.ApplyTo(
genericConfig,
versionedInformers,
certBytes,
keyBytes,
pluginInitializer)
if err != nil {
return nil, nil, nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err)
@@ -498,19 +517,6 @@ func BuildAdmissionPluginInitializer(s *options.ServerRunOptions, client interna
pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, externalClient, sharedInformers, apiAuthorizer, cloudConfig, restMapper, quotaRegistry)
// Read client cert/key for plugins that need to make calls out
if len(s.ProxyClientCertFile) > 0 && len(s.ProxyClientKeyFile) > 0 {
certBytes, err := ioutil.ReadFile(s.ProxyClientCertFile)
if err != nil {
return nil, err
}
keyBytes, err := ioutil.ReadFile(s.ProxyClientKeyFile)
if err != nil {
return nil, err
}
pluginInitializer = pluginInitializer.SetClientCert(certBytes, keyBytes)
}
pluginInitializer = pluginInitializer.SetServiceResolver(serviceResolver)
pluginInitializer = pluginInitializer.SetProxyTransport(proxyTransport)