github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-04 23:17:50 +00:00
Code Issues Projects Releases Wiki Activity

Add simple Bearer authenticator filter for Kube

Browse Source 
* Default file based implementation
* Define some simple interfaces
* Add -token_auth_file to apiserver that will start the apiserver
  with a request filter for tokens
This commit is contained in:
Clayton Coleman
2014-10-01 17:54:11 -04:00
parent 11c2b1ea93
commit c8ef4b8230
10 changed files with 643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/apiserver/apiserver.go
View File

@@ -29,6 +29,9 @@ import (
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/tokenfile"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/handlers"
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider"
@@ -50,6 +53,7 @@ var (
minionPort = flag.Uint("minion_port", 10250, "The port at which kubelet will be listening on the minions.")
healthCheckMinions = flag.Bool("health_check_minions", true, "If true, health check minions and filter unhealthy ones. Default true")
minionCacheTTL = flag.Duration("minion_cache_ttl", 30*time.Second, "Duration of time to cache minion information. Default 30 seconds")
tokenAuthFile = flag.String("token_auth_file", "", "If set, the file that will be used to secure the API server via token authentication")
etcdServerList util.StringList
machineList util.StringList
corsAllowedOriginList util.StringList
@@ -170,6 +174,7 @@ func main() {
apiserver.InstallSupport(mux)
handler := http.Handler(mux)
if len(corsAllowedOriginList) > 0 {
allowedOriginRegexps, err := util.CompileRegexps(corsAllowedOriginList)
if err != nil {
@@ -177,6 +182,16 @@ func main() {
}
handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true")
}
if len(*tokenAuthFile) != 0 {
auth, err := tokenfile.New(*tokenAuthFile)
if err != nil {
glog.Fatalf("Unable to load the token authentication file '%s': %v", *tokenAuthFile, err)
}
userContexts := handlers.NewUserRequestContext()
handler = handlers.NewRequestAuthenticator(userContexts, bearertoken.New(auth), handlers.Unauthorized, handler)
}
handler = apiserver.RecoverPanics(handler)
s := &http.Server{