mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #60320 from cjcullen/flags
Automatic merge from submit-queue (batch tested with PRs 59882, 59434, 57722, 60320, 51249). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Allow TTLs to be plumbed through to webhook authn/authz in gce scripts. Just allows these flags to be configured from the startup scripts.
This commit is contained in:
commit
1f03d40170
@ -1690,6 +1690,9 @@ function start-kube-apiserver {
|
||||
params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config"
|
||||
webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false},"
|
||||
webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\", \"type\": \"FileOrCreate\"}},"
|
||||
if [[ -n "${GCP_AUTHN_CACHE_TTL:-}" ]]; then
|
||||
params+=" --authentication-token-webhook-cache-ttl=${GCP_AUTHN_CACHE_TTL}"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -1721,6 +1724,12 @@ function start-kube-apiserver {
|
||||
params+=" --authorization-webhook-config-file=/etc/gcp_authz.config"
|
||||
webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false},"
|
||||
webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\", \"type\": \"FileOrCreate\"}},"
|
||||
if [[ -n "${GCP_AUTHZ_CACHE_AUTHORIZED_TTL:-}" ]]; then
|
||||
params+=" --authorization-webhook-cache-authorized-ttl=${GCP_AUTHZ_CACHE_AUTHORIZED_TTL}"
|
||||
fi
|
||||
if [[ -n "${GCP_AUTHZ_CACHE_UNAUTHORIZED_TTL:-}" ]]; then
|
||||
params+=" --authorization-webhook-cache-unauthorized-ttl=${GCP_AUTHZ_CACHE_UNAUTHORIZED_TTL}"
|
||||
fi
|
||||
fi
|
||||
authorization_mode="Node,${authorization_mode}"
|
||||
params+=" --authorization-mode=${authorization_mode}"
|
||||
|
Loading…
Reference in New Issue
Block a user