Add statusz to kubelet auth.

2025-11-02 19:28:16 +00:00 · 2024-12-11 14:34:13 +08:00
parent 902dedbb52
commit 7caff55fd9
4 changed files with 10 additions and 1 deletions
--- a/pkg/kubelet/server/auth.go
+++ b/pkg/kubelet/server/auth.go
@@ -27,6 +27,7 @@ import (
 	"k8s.io/apiserver/pkg/server/healthz"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/component-base/configz"
+	"k8s.io/component-base/zpages/statusz"
 	"k8s.io/klog/v2"
 	"k8s.io/kubernetes/pkg/features"
 )
@@ -72,6 +73,7 @@ func isSubpath(subpath, path string) bool {
 //	/runningPods/*	=> verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy
 //	/healthz/* 		=> verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=healthz,proxy
 //	/configz 		=> verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=configz,proxy
+//	/statusz 		=> verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=statusz,proxy
 func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *http.Request) []authorizer.Attributes {

 	apiVerb := ""
@@ -99,6 +101,8 @@ func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *htt
 			subresources = append(subresources, "healthz")
 		case isSubpath(requestPath, configz.DefaultConfigzPath):
 			subresources = append(subresources, "configz")
+		case isSubpath(requestPath, statusz.DefaultStatuszPath):
+			subresources = append(subresources, "statusz")
 		// We put runningpods last since it will allocate a new string on every
 		// check since the handler path has a trailing slash.
 		case isSubpath(requestPath, runningPodsPath):