github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Put loopback authn/authz first in chain

Browse Source
This commit is contained in:
Jordan Liggitt 2016-09-22 15:03:34 -04:00
parent b79c99da1b
commit 2ac293a0bd
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kube-apiserver/app/server.go
View File

@ -279,10 +279,10 @@ func Run(s *options.APIServer) error {
} }
tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens) tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens)
apiAuthenticator = authenticatorunion.New(apiAuthenticator, tokenAuthenticator) apiAuthenticator = authenticatorunion.New(tokenAuthenticator, apiAuthenticator)
tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters") tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters")
apiAuthorizer = authorizerunion.New(apiAuthorizer, tokenAuthorizer) apiAuthorizer = authorizerunion.New(tokenAuthorizer, apiAuthorizer)
} }
sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)

4
federation/cmd/federation-apiserver/app/server.go
View File

@ -187,10 +187,10 @@ func Run(s *options.ServerRunOptions) error {
} }
tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens) tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens)
apiAuthenticator = authenticatorunion.New(apiAuthenticator, tokenAuthenticator) apiAuthenticator = authenticatorunion.New(tokenAuthenticator, apiAuthenticator)
tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters") tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters")
apiAuthorizer = authorizerunion.New(apiAuthorizer, tokenAuthorizer) apiAuthorizer = authorizerunion.New(tokenAuthorizer, apiAuthorizer)
} }
sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)