mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #33297 from liggitt/loopback-union-ordering
Automatic merge from submit-queue Put loopback authn/authz first in chain We want the loopback token auth to go first in the chain, for performance reasons, and so the loopback token isn't seen by any remote token authenticators configured. The loopback authorizer should also go first in the chain for performance.
This commit is contained in:
commit
4476561659
@ -279,10 +279,10 @@ func Run(s *options.APIServer) error {
|
||||
}
|
||||
|
||||
tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens)
|
||||
apiAuthenticator = authenticatorunion.New(apiAuthenticator, tokenAuthenticator)
|
||||
apiAuthenticator = authenticatorunion.New(tokenAuthenticator, apiAuthenticator)
|
||||
|
||||
tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters")
|
||||
apiAuthorizer = authorizerunion.New(apiAuthorizer, tokenAuthorizer)
|
||||
apiAuthorizer = authorizerunion.New(tokenAuthorizer, apiAuthorizer)
|
||||
}
|
||||
|
||||
sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)
|
||||
|
@ -187,10 +187,10 @@ func Run(s *options.ServerRunOptions) error {
|
||||
}
|
||||
|
||||
tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens)
|
||||
apiAuthenticator = authenticatorunion.New(apiAuthenticator, tokenAuthenticator)
|
||||
apiAuthenticator = authenticatorunion.New(tokenAuthenticator, apiAuthenticator)
|
||||
|
||||
tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters")
|
||||
apiAuthorizer = authorizerunion.New(apiAuthorizer, tokenAuthorizer)
|
||||
apiAuthorizer = authorizerunion.New(tokenAuthorizer, apiAuthorizer)
|
||||
}
|
||||
|
||||
sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)
|
||||
|
Loading…
Reference in New Issue
Block a user