Add dynamic reload support for authentication configuration

Signed-off-by: Monis Khan <mok@microsoft.com>
2026-01-29 21:29:24 +00:00 · 2024-01-10 12:36:55 -05:00
parent 28c4d00c7d
commit b4935d910d
9 changed files with 855 additions and 105 deletions
--- a/pkg/controlplane/apiserver/config.go
+++ b/pkg/controlplane/apiserver/config.go
@@ -144,14 +144,16 @@ func BuildGenericConfig(
 		return
 	}

+	ctx := wait.ContextForChannel(genericConfig.DrainedNotify())
+
 	// Authentication.ApplyTo requires already applied OpenAPIConfig and EgressSelector if present
-	if lastErr = s.Authentication.ApplyTo(&genericConfig.Authentication, genericConfig.SecureServing, genericConfig.EgressSelector, genericConfig.OpenAPIConfig, genericConfig.OpenAPIV3Config, clientgoExternalClient, versionedInformers); lastErr != nil {
+	if lastErr = s.Authentication.ApplyTo(ctx, &genericConfig.Authentication, genericConfig.SecureServing, genericConfig.EgressSelector, genericConfig.OpenAPIConfig, genericConfig.OpenAPIV3Config, clientgoExternalClient, versionedInformers); lastErr != nil {
 		return
 	}

 	var enablesRBAC bool
 	genericConfig.Authorization.Authorizer, genericConfig.RuleResolver, enablesRBAC, err = BuildAuthorizer(
-		wait.ContextForChannel(genericConfig.ShutdownInitiatedNotify()),
+		ctx,
 		s,
 		genericConfig.EgressSelector,
 		genericConfig.APIServerID,