diff --git a/cmd/kubelet/app/BUILD b/cmd/kubelet/app/BUILD index 0e9526f117c..569dd2d4f02 100644 --- a/cmd/kubelet/app/BUILD +++ b/cmd/kubelet/app/BUILD @@ -95,6 +95,7 @@ go_library( "//staging/src/k8s.io/apiserver/pkg/server:go_default_library", "//staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates:go_default_library", "//staging/src/k8s.io/apiserver/pkg/server/healthz:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library", "//staging/src/k8s.io/client-go/kubernetes:go_default_library", "//staging/src/k8s.io/client-go/kubernetes/typed/authentication/v1:go_default_library", diff --git a/cmd/kubelet/app/auth.go b/cmd/kubelet/app/auth.go index 6eadf29bb1b..76b35f5db98 100644 --- a/cmd/kubelet/app/auth.go +++ b/cmd/kubelet/app/auth.go @@ -27,6 +27,7 @@ import ( "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/authorization/authorizerfactory" "k8s.io/apiserver/pkg/server/dynamiccertificates" + genericoptions "k8s.io/apiserver/pkg/server/options" clientset "k8s.io/client-go/kubernetes" authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1" authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1" @@ -84,6 +85,7 @@ func BuildAuthn(client authenticationclient.TokenReviewInterface, authn kubeletc if client == nil { return nil, nil, errors.New("no client provided, cannot use webhook authentication") } + authenticatorConfig.WebhookRetryBackoff = genericoptions.DefaultAuthWebhookRetryBackoff() authenticatorConfig.TokenAccessReviewClient = client } @@ -113,6 +115,7 @@ func BuildAuthz(client authorizationclient.SubjectAccessReviewInterface, authz k SubjectAccessReviewClient: client, AllowCacheTTL: authz.Webhook.CacheAuthorizedTTL.Duration, DenyCacheTTL: authz.Webhook.CacheUnauthorizedTTL.Duration, + WebhookRetryBackoff: genericoptions.DefaultAuthWebhookRetryBackoff(), } return authorizerConfig.New()