authn/z: optionally opt-out of mandatory authn/authz kubeconfig

Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb
2026-05-18 13:45:51 +00:00 · 2018-08-22 11:56:07 +02:00
parent d38fdf805c
commit f272f4e32d
1 changed files with 6 additions and 3 deletions
--- a/rest/config.go
+++ b/rest/config.go
@@ -18,6 +18,7 @@ package rest

 import (
 	"context"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -44,6 +45,8 @@ const (
 	DefaultBurst int     = 10
 )

+var ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
+
 // Config holds the common attributes that can be passed to a Kubernetes client on
 // initialization.
 type Config struct {
@@ -308,12 +311,12 @@ func DefaultKubernetesUserAgent() string {

 // InClusterConfig returns a config object which uses the service account
 // kubernetes gives to pods. It's intended for clients that expect to be
-// running inside a pod running on kubernetes. It will return an error if
-// called from a process not running in a kubernetes environment.
+// running inside a pod running on kubernetes. It will return ErrNotInCluster
+// if called from a process not running in a kubernetes environment.
 func InClusterConfig() (*Config, error) {
 	host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
 	if len(host) == 0 || len(port) == 0 {
-		return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
+		return nil, ErrNotInCluster
 	}

 	token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")