Merge pull request #65099 from sttts/sttts-apiserver-auth-error-context

Automatic merge from submit-queue (batch tested with PRs 65116, 61718, 65140, 65128, 65099). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. apiserver: add context to authn/authz kubeconfig errors Before this the user only saw messages about in-cluster config, but didn't know which.
2025-07-23 11:50:44 +00:00 · 2018-06-21 13:59:19 -07:00 · 2018-06-21 13:59:19 -07:00 · d7db405b30
commit d7db405b30
parent 570760dbe2 99eda24de0
2 changed files with 3 additions and 2 deletions
--- a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
@ -266,7 +266,7 @@ func (s *DelegatingAuthenticationOptions) getRequestHeader() (*RequestHeaderAuth
 func (s *DelegatingAuthenticationOptions) lookupInClusterClientCA() (*ClientCertAuthenticationOptions, error) {
 	clientConfig, err := s.getClientConfig()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get delegated authentication kubeconfig: %v", err)
 	}
 	client, err := coreclient.NewForConfig(clientConfig)
 	if err != nil {
--- a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
@ -17,6 +17,7 @@ limitations under the License.
 package options

 import (
+	"fmt"
 	"time"

 	"github.com/spf13/pflag"
@ -125,7 +126,7 @@ func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorization
 		clientConfig, err = rest.InClusterConfig()
 	}
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get delegated authorization kubeconfig: %v", err)
 	}

 	// set high qps/burst limits since this will effectively limit API server responsiveness