github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-15 22:20:51 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1529 from smarterclayton/add_auth_interfaces

Browse Source 
Add simple Bearer authenticator filter for Kube
This commit is contained in:
erictune
2014-10-07 11:23:41 -07:00
parent 897c59a713 c8ef4b8230
commit 5503e95c1d
10 changed files with 643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/apiserver/apiserver.go
View File

@@ -29,6 +29,9 @@ import (
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/tokenfile"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/handlers"
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider"
@@ -51,6 +54,7 @@ var (
minionPort = flag.Uint("minion_port", 10250, "The port at which kubelet will be listening on the minions.")
healthCheckMinions = flag.Bool("health_check_minions", true, "If true, health check minions and filter unhealthy ones. Default true")
minionCacheTTL = flag.Duration("minion_cache_ttl", 30*time.Second, "Duration of time to cache minion information. Default 30 seconds")
tokenAuthFile = flag.String("token_auth_file", "", "If set, the file that will be used to secure the API server via token authentication")
etcdServerList util.StringList
machineList util.StringList
corsAllowedOriginList util.StringList
@@ -172,6 +176,7 @@ func main() {
ui.InstallSupport(mux)
handler := http.Handler(mux)
if len(corsAllowedOriginList) > 0 {
allowedOriginRegexps, err := util.CompileRegexps(corsAllowedOriginList)
if err != nil {
@@ -179,6 +184,16 @@ func main() {
}
handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true")
}
if len(*tokenAuthFile) != 0 {
auth, err := tokenfile.New(*tokenAuthFile)
if err != nil {
glog.Fatalf("Unable to load the token authentication file '%s': %v", *tokenAuthFile, err)
}
userContexts := handlers.NewUserRequestContext()
handler = handlers.NewRequestAuthenticator(userContexts, bearertoken.New(auth), handlers.Unauthorized, handler)
}
handler = apiserver.RecoverPanics(handler)
s := &http.Server{