github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 12:43:23 +00:00
Code Issues Projects Releases Wiki Activity

auth: standalone kubelets shouldn't start a token manager

Browse Source
This commit is contained in:
Mike Danese 2018-06-05 15:55:02 -07:00
parent f1bfde4900
commit 90ba15ee74
4 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/kubelet/kubelet.go
View File

@ -780,7 +780,7 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
containerRefManager, containerRefManager,
kubeDeps.Recorder) kubeDeps.Recorder)
tokenManager := token.NewManager(kubeDeps.KubeClient.CoreV1()) tokenManager := token.NewManager(kubeDeps.KubeClient)
klet.volumePluginMgr, err = klet.volumePluginMgr, err =
NewInitializedVolumePluginMgr(klet, secretManager, configMapManager, tokenManager, kubeDeps.VolumePlugins, kubeDeps.DynamicPluginProber) NewInitializedVolumePluginMgr(klet, secretManager, configMapManager, tokenManager, kubeDeps.VolumePlugins, kubeDeps.DynamicPluginProber)

2
pkg/kubelet/kubelet_test.go
View File

@ -326,7 +326,7 @@ func newTestKubeletWithImageList(
var prober volume.DynamicPluginProber = nil // TODO (#51147) inject mock var prober volume.DynamicPluginProber = nil // TODO (#51147) inject mock
kubelet.volumePluginMgr, err = kubelet.volumePluginMgr, err =
NewInitializedVolumePluginMgr(kubelet, kubelet.secretManager, kubelet.configMapManager, token.NewManager(kubelet.kubeClient.CoreV1()), allPlugins, prober) NewInitializedVolumePluginMgr(kubelet, kubelet.secretManager, kubelet.configMapManager, token.NewManager(kubelet.kubeClient), allPlugins, prober)
require.NoError(t, err, "Failed to initialize VolumePluginMgr") require.NoError(t, err, "Failed to initialize VolumePluginMgr")
kubelet.mounter = &mount.FakeMounter{} kubelet.mounter = &mount.FakeMounter{}

2
pkg/kubelet/token/BUILD
View File

@ -24,7 +24,7 @@ go_library(
"//vendor/k8s.io/api/authentication/v1:go_default_library", "//vendor/k8s.io/api/authentication/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/clock:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//vendor/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library",
], ],
) )

10
pkg/kubelet/token/token_manager.go
View File

@ -19,6 +19,7 @@ limitations under the License.
package token package token
import ( import (
"errors"
"fmt" "fmt"
"sync" "sync"
"time" "time"
@ -27,7 +28,7 @@ import (
authenticationv1 "k8s.io/api/authentication/v1" authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/util/clock" "k8s.io/apimachinery/pkg/util/clock"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
corev1 "k8s.io/client-go/kubernetes/typed/core/v1" clientset "k8s.io/client-go/kubernetes"
) )
const ( const (
@ -36,10 +37,13 @@ const (
) )
// NewManager returns a new token manager. // NewManager returns a new token manager.
func NewManager(c corev1.CoreV1Interface) *Manager { func NewManager(c clientset.Interface) *Manager {
m := &Manager{ m := &Manager{
getToken: func(name, namespace string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) { getToken: func(name, namespace string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) {
return c.ServiceAccounts(namespace).CreateToken(name, tr) if c == nil {
return nil, errors.New("cannot use TokenManager when kubelet is in standalone mode")
}
return c.CoreV1().ServiceAccounts(namespace).CreateToken(name, tr)
}, },
cache: make(map[string]*authenticationv1.TokenRequest), cache: make(map[string]*authenticationv1.TokenRequest),
clock: clock.RealClock{}, clock: clock.RealClock{},