diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go index 47476422b20..2128c66b066 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go @@ -21,8 +21,6 @@ import ( "strings" "time" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - "github.com/spf13/pflag" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -30,9 +28,11 @@ import ( "k8s.io/apiserver/pkg/authentication/authenticatorfactory" "k8s.io/apiserver/pkg/authentication/request/headerrequest" "k8s.io/apiserver/pkg/server" + "k8s.io/apiserver/pkg/server/dynamiccertificates" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + "k8s.io/client-go/transport" "k8s.io/klog/v2" openapicommon "k8s.io/kube-openapi/pkg/common" ) @@ -198,6 +198,9 @@ type DelegatingAuthenticationOptions struct { // ClientTimeout specifies a time limit for requests made by the authorization webhook client. // The default value is set to 10 seconds. ClientTimeout time.Duration + + // CustomRoundTripperFn allows for specifying a middleware function for custom HTTP behaviour for the authentication webhook client. + CustomRoundTripperFn transport.WrapperFunc } func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions { @@ -225,6 +228,11 @@ func (s *DelegatingAuthenticationOptions) WithClientTimeout(timeout time.Duratio s.ClientTimeout = timeout } +// WithCustomRoundTripper allows for specifying a middleware function for custom HTTP behaviour for the authentication webhook client. +func (s *DelegatingAuthenticationOptions) WithCustomRoundTripper(rt transport.WrapperFunc) { + s.CustomRoundTripperFn = rt +} + func (s *DelegatingAuthenticationOptions) Validate() []error { if s == nil { return nil @@ -420,6 +428,9 @@ func (s *DelegatingAuthenticationOptions) getClient() (kubernetes.Interface, err clientConfig.QPS = 200 clientConfig.Burst = 400 clientConfig.Timeout = s.ClientTimeout + if s.CustomRoundTripperFn != nil { + clientConfig.Wrap(s.CustomRoundTripperFn) + } return kubernetes.NewForConfig(clientConfig) } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go index 796514e9106..ad7ce4b3ca0 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go @@ -21,7 +21,6 @@ import ( "time" "github.com/spf13/pflag" - "k8s.io/klog/v2" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apiserver/pkg/authorization/authorizer" @@ -32,6 +31,8 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + "k8s.io/client-go/transport" + "k8s.io/klog/v2" ) // DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to @@ -69,6 +70,9 @@ type DelegatingAuthorizationOptions struct { // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. WebhookRetryBackoff *wait.Backoff + + // CustomRoundTripperFn allows for specifying a middleware function for custom HTTP behaviour for the authorization webhook client. + CustomRoundTripperFn transport.WrapperFunc } func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions { @@ -111,6 +115,11 @@ func (s *DelegatingAuthorizationOptions) WithCustomRetryBackoff(backoff wait.Bac s.WebhookRetryBackoff = &backoff } +// WithCustomRoundTripper allows for specifying a middleware function for custom HTTP behaviour for the authorization webhook client. +func (s *DelegatingAuthorizationOptions) WithCustomRoundTripper(rt transport.WrapperFunc) { + s.CustomRoundTripperFn = rt +} + func (s *DelegatingAuthorizationOptions) Validate() []error { if s == nil { return nil @@ -226,6 +235,9 @@ func (s *DelegatingAuthorizationOptions) getClient() (kubernetes.Interface, erro clientConfig.QPS = 200 clientConfig.Burst = 400 clientConfig.Timeout = s.ClientTimeout + if s.CustomRoundTripperFn != nil { + clientConfig.Wrap(s.CustomRoundTripperFn) + } return kubernetes.NewForConfig(clientConfig) }