github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

oidc authenticator: attempt to immediately initialize verifier

Browse Source 
This change updates the OIDC authenticator to not wait 10 seconds
before attempting to fetch the /.well-known/openid-configuration
metadata from the OIDC issuer.  In most situations this results in
the API server being able to verify ID tokens sooner.

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-01-04 14:59:56 -05:00
parent 453994e9b4
commit be99f37a68
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go
View File

@ -218,7 +218,7 @@ func New(opts Options) (*Authenticator, error) {
return newAuthenticator(opts, func(ctx context.Context, a *Authenticator, config *oidc.Config) {
// Asynchronously attempt to initialize the authenticator. This enables
// self-hosted providers, providers that run on top of Kubernetes itself.
go wait.PollUntil(time.Second*10, func() (done bool, err error) {
go wait.PollImmediateUntil(time.Second*10, func() (done bool, err error) {
provider, err := oidc.NewProvider(ctx, a.issuerURL)
if err != nil {
klog.Errorf("oidc authenticator: initializing plugin: %v", err)