From 6007d7f0a9fdb56ea9b34098934969725dd07d09 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Wed, 22 Aug 2018 11:56:07 +0200 Subject: [PATCH] authn/z: optionally opt-out of mandatory authn/authz kubeconfig Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb --- rest/config.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/rest/config.go b/rest/config.go index 39fde2de..6700f5b4 100644 --- a/rest/config.go +++ b/rest/config.go @@ -18,6 +18,7 @@ package rest import ( "context" + "errors" "fmt" "io/ioutil" "net" @@ -44,6 +45,8 @@ const ( DefaultBurst int = 10 ) +var ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined") + // Config holds the common attributes that can be passed to a Kubernetes client on // initialization. type Config struct { @@ -308,12 +311,12 @@ func DefaultKubernetesUserAgent() string { // InClusterConfig returns a config object which uses the service account // kubernetes gives to pods. It's intended for clients that expect to be -// running inside a pod running on kubernetes. It will return an error if -// called from a process not running in a kubernetes environment. +// running inside a pod running on kubernetes. It will return ErrNotInCluster +// if called from a process not running in a kubernetes environment. func InClusterConfig() (*Config, error) { host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT") if len(host) == 0 || len(port) == 0 { - return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined") + return nil, ErrNotInCluster } token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")