diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go index 5a08faabc7f..5c8209c35d0 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go @@ -230,10 +230,10 @@ func (s *DelegatingAuthenticationOptions) lookupMissingConfigInCluster(client ku } if client == nil { if len(s.ClientCert.ClientCA) == 0 { - glog.Warningf("No authentication-kubeconfig provided in order to lookup client-ca-file in configmap/%s in %s, so client certificate authentication to extension api-server won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) + glog.Warningf("No authentication-kubeconfig provided in order to lookup client-ca-file in configmap/%s in %s, so client certificate authentication won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) } if len(s.RequestHeader.ClientCAFile) == 0 { - glog.Warningf("No authentication-kubeconfig provided in order to lookup requestheader-client-ca-file in configmap/%s in %s, so request-header client certificate authentication to extension api-server won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) + glog.Warningf("No authentication-kubeconfig provided in order to lookup requestheader-client-ca-file in configmap/%s in %s, so request-header client certificate authentication won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) } return nil } @@ -262,7 +262,7 @@ func (s *DelegatingAuthenticationOptions) lookupMissingConfigInCluster(client ku } } if len(s.ClientCert.ClientCA) == 0 { - glog.Warningf("Cluster doesn't provide client-ca-file in configmap/%s in %s, so client certificate authentication to extension api-server won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) + glog.Warningf("Cluster doesn't provide client-ca-file in configmap/%s in %s, so client certificate authentication won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) } } @@ -277,7 +277,7 @@ func (s *DelegatingAuthenticationOptions) lookupMissingConfigInCluster(client ku } } if len(s.RequestHeader.ClientCAFile) == 0 { - glog.Warningf("Cluster doesn't provide requestheader-client-ca-file in configmap/%s in %s, so request-header client certificate authentication to extension api-server won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) + glog.Warningf("Cluster doesn't provide requestheader-client-ca-file in configmap/%s in %s, so request-header client certificate authentication won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) } } @@ -364,9 +364,12 @@ func (s *DelegatingAuthenticationOptions) getClient() (kubernetes.Interface, err clientConfig, err = loader.ClientConfig() } else { // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will - // use this path + // use this path. If it is optional, ignore errors. clientConfig, err = rest.InClusterConfig() - if err == rest.ErrNotInCluster && s.RemoteKubeConfigFileOptional { + if err != nil && s.RemoteKubeConfigFileOptional { + if err != rest.ErrNotInCluster { + glog.Warningf("failed to read in-cluster kubeconfig for delegated authentication: %v", err) + } return nil, nil } } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go index a014d94a2c7..7c65dd39184 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go @@ -151,9 +151,12 @@ func (s *DelegatingAuthorizationOptions) getClient() (kubernetes.Interface, erro clientConfig, err = loader.ClientConfig() } else { // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will - // use this path + // use this path. If it is optional, ignore errors. clientConfig, err = rest.InClusterConfig() - if err == rest.ErrNotInCluster && s.RemoteKubeConfigFileOptional { + if err != nil && s.RemoteKubeConfigFileOptional { + if err != rest.ErrNotInCluster { + glog.Warningf("failed to read in-cluster kubeconfig for delegated authorization: %v", err) + } return nil, nil } }