github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-02 16:29:21 +00:00
Code Issues Projects Releases Wiki Activity

kube-apiserver: create always configmap/extension-apiserver-authentication

Browse Source 
Other components read the configmap and fail if it does not exist. Possibly not
every cluster has a client-ca or a request-header-ca.
This commit is contained in:
Dr. Stefan Schimanski 2018-08-22 12:30:24 +02:00
parent 4c5e615652
commit d8bf802b66
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/master/client_ca_hook.go
View File

@ -41,11 +41,6 @@ type ClientCARegistrationHook struct {
} }
func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.PostStartHookContext) error { func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.PostStartHookContext) error {
// no work to do
if len(h.ClientCA) == 0 && len(h.RequestHeaderCA) == 0 {
return nil
}
// initializing CAs is important so that aggregated API servers can come up with "normal" config. // initializing CAs is important so that aggregated API servers can come up with "normal" config.
// We've seen lagging etcd before, so we want to retry this a few times before we decide to crashloop // We've seen lagging etcd before, so we want to retry this a few times before we decide to crashloop
// the API server on it. // the API server on it.
@ -68,7 +63,6 @@ func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.Pos
} }
return nil return nil
} }
// tryToWriteClientCAs is here for unit testing with a fake client. This is a wait.ConditionFunc so the bool // tryToWriteClientCAs is here for unit testing with a fake client. This is a wait.ConditionFunc so the bool