From 2550b31beb18e986aa89834302187288b3a6c96e Mon Sep 17 00:00:00 2001 From: Amir Ghassemi Date: Sun, 1 Sep 2019 17:51:39 +0430 Subject: [PATCH] hack/local-up-cluster.sh: ability to configure auth webhooks AUTHORIZATION_WEBHOOK_CONFIG_FILE and AUTHENTICATION_WEBHOOK_CONFIG_FILE if set, will pass webhook configuration paths to API server --- hack/local-up-cluster.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh index 08d38c0134f..1d8059e2fe7 100755 --- a/hack/local-up-cluster.sh +++ b/hack/local-up-cluster.sh @@ -90,6 +90,10 @@ AUTHORIZATION_MODE=${AUTHORIZATION_MODE:-"Node,RBAC"} KUBECONFIG_TOKEN=${KUBECONFIG_TOKEN:-""} AUTH_ARGS=${AUTH_ARGS:-""} +# WebHook Authentication and Authorization +AUTHORIZATION_WEBHOOK_CONFIG_FILE=${AUTHORIZATION_WEBHOOK_CONFIG_FILE:-""} +AUTHENTICATION_WEBHOOK_CONFIG_FILE=${AUTHENTICATION_WEBHOOK_CONFIG_FILE:-""} + # Install a default storage class (enabled by default) DEFAULT_STORAGE_CLASS=${KUBE_DEFAULT_STORAGE_CLASS:-true} @@ -549,6 +553,8 @@ EOF --vmodule="${LOG_SPEC}" \ --audit-policy-file="${AUDIT_POLICY_FILE}" \ --audit-log-path="${LOG_DIR}/kube-apiserver-audit.log" \ + --authorization-webhook-config-file="${AUTHORIZATION_WEBHOOK_CONFIG_FILE}" \ + --authentication-token-webhook-config-file="${AUTHENTICATION_WEBHOOK_CONFIG_FILE}" \ --cert-dir="${CERT_DIR}" \ --client-ca-file="${CERT_DIR}/client-ca.crt" \ --kubelet-client-certificate="${CERT_DIR}/client-kube-apiserver.crt" \