github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 15:37:24 +00:00
Code Issues Projects Releases Wiki Activity

controller-manager: add authz/n to options, nil by default

Browse Source
This commit is contained in:
Dr. Stefan Schimanski
2018-02-08 14:19:02 +01:00
parent f4564ea0b8
commit cecd663c21
4 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cmd/controller-manager/app/serve.go
View File

@@ -24,7 +24,11 @@ import (
"github.com/prometheus/client_golang/prometheus"
genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
apirequest "k8s.io/apiserver/pkg/endpoints/request"
genericfilters "k8s.io/apiserver/pkg/server/filters"
"k8s.io/apiserver/pkg/server/healthz"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/util/configz"
)
@@ -47,5 +51,15 @@ func Serve(c *CompletedConfig, serveFunc serveFunc, stopCh <-chan struct{}) erro
configz.InstallHandler(mux)
mux.Handle("/metrics", prometheus.Handler())
return serveFunc(mux, 0, stopCh)
requestContextMapper := apirequest.NewRequestContextMapper()
requestInfoResolver := &apirequest.RequestInfoFactory{}
failedHandler := genericapifilters.Unauthorized(requestContextMapper, legacyscheme.Codecs, false)
handler := genericapifilters.WithAuthorization(mux, requestContextMapper, c.Authorization.Authorizer, legacyscheme.Codecs)
handler = genericapifilters.WithAuthentication(handler, requestContextMapper, c.Authentication.Authenticator, failedHandler)
handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver, requestContextMapper)
handler = apirequest.WithRequestContext(handler, requestContextMapper)
handler = genericfilters.WithPanicRecovery(handler)
return serveFunc(handler, 0, stopCh)
}