github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-21 09:57:52 +00:00
Code Issues Projects Releases Wiki Activity

Clear front proxy headers after authentication is complete

Browse Source 
This matches the logic we have for the Authorization header as well
as the impersonation headers.

Signed-off-by: Monis Khan <mok@microsoft.com>
This commit is contained in:
Monis Khan
2023-03-20 13:11:38 -04:00
parent 15894cfc85
commit e9866d2794
11 changed files with 335 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/kubeapiserver/options/authentication.go
View File

@@ -237,6 +237,10 @@ func (o *BuiltInAuthenticationOptions) Validate() []error {
}
}
if o.RequestHeader != nil {
allErrors = append(allErrors, o.RequestHeader.Validate()...)
}
return allErrors
}
@@ -472,6 +476,7 @@ func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.Authen
}
}
authInfo.RequestHeaderConfig = authenticatorConfig.RequestHeaderConfig
authInfo.APIAudiences = o.APIAudiences
if o.ServiceAccounts != nil && len(o.ServiceAccounts.Issuers) != 0 && len(o.APIAudiences) == 0 {
authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers)