Prevent auth recursion for service account tokens

2025-09-08 20:50:24 +00:00 · 2015-05-16 23:29:18 -04:00
parent d51e131726
commit d90e7409e4
6 changed files with 105 additions and 15 deletions
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@@ -300,7 +300,7 @@ func (s *APIServer) Run(_ []string) error {
 	if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" {
 		s.ServiceAccountKeyFile = s.TLSPrivateKeyFile
 	}
-	authenticator, err := apiserver.NewAuthenticator(s.BasicAuthFile, s.ClientCAFile, s.TokenAuthFile, s.ServiceAccountKeyFile, s.ServiceAccountLookup, client)
+	authenticator, err := apiserver.NewAuthenticator(s.BasicAuthFile, s.ClientCAFile, s.TokenAuthFile, s.ServiceAccountKeyFile, s.ServiceAccountLookup, helper)
 	if err != nil {
 		glog.Fatalf("Invalid Authentication Config: %v", err)
 	}