From be99f37a6861f885c263a447656b9470ba4f720f Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Mon, 4 Jan 2021 14:59:56 -0500 Subject: [PATCH] oidc authenticator: attempt to immediately initialize verifier This change updates the OIDC authenticator to not wait 10 seconds before attempting to fetch the /.well-known/openid-configuration metadata from the OIDC issuer. In most situations this results in the API server being able to verify ID tokens sooner. Signed-off-by: Monis Khan --- .../apiserver/plugin/pkg/authenticator/token/oidc/oidc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go index 2c4563aae21..8840b65f733 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go @@ -218,7 +218,7 @@ func New(opts Options) (*Authenticator, error) { return newAuthenticator(opts, func(ctx context.Context, a *Authenticator, config *oidc.Config) { // Asynchronously attempt to initialize the authenticator. This enables // self-hosted providers, providers that run on top of Kubernetes itself. - go wait.PollUntil(time.Second*10, func() (done bool, err error) { + go wait.PollImmediateUntil(time.Second*10, func() (done bool, err error) { provider, err := oidc.NewProvider(ctx, a.issuerURL) if err != nil { klog.Errorf("oidc authenticator: initializing plugin: %v", err)