Merge pull request #64795 from mikedanese/fixgke

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

auth: standalone kubelets shouldn't start a token manager

fixes https://github.com/kubernetes/kubernetes/issues/64789
This commit is contained in:
Kubernetes Submit Queue 2018-06-06 06:58:28 -07:00 committed by GitHub
commit f54593b740
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 6 deletions

View File

@ -781,7 +781,7 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
containerRefManager,
kubeDeps.Recorder)
tokenManager := token.NewManager(kubeDeps.KubeClient.CoreV1())
tokenManager := token.NewManager(kubeDeps.KubeClient)
klet.volumePluginMgr, err =
NewInitializedVolumePluginMgr(klet, secretManager, configMapManager, tokenManager, kubeDeps.VolumePlugins, kubeDeps.DynamicPluginProber)

View File

@ -326,7 +326,7 @@ func newTestKubeletWithImageList(
var prober volume.DynamicPluginProber = nil // TODO (#51147) inject mock
kubelet.volumePluginMgr, err =
NewInitializedVolumePluginMgr(kubelet, kubelet.secretManager, kubelet.configMapManager, token.NewManager(kubelet.kubeClient.CoreV1()), allPlugins, prober)
NewInitializedVolumePluginMgr(kubelet, kubelet.secretManager, kubelet.configMapManager, token.NewManager(kubelet.kubeClient), allPlugins, prober)
require.NoError(t, err, "Failed to initialize VolumePluginMgr")
kubelet.mounter = &mount.FakeMounter{}

View File

@ -24,7 +24,7 @@ go_library(
"//vendor/k8s.io/api/authentication/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//vendor/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
"//vendor/k8s.io/client-go/kubernetes:go_default_library",
],
)

View File

@ -19,6 +19,7 @@ limitations under the License.
package token
import (
"errors"
"fmt"
"sync"
"time"
@ -27,7 +28,7 @@ import (
authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/util/clock"
"k8s.io/apimachinery/pkg/util/wait"
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
clientset "k8s.io/client-go/kubernetes"
)
const (
@ -36,10 +37,13 @@ const (
)
// NewManager returns a new token manager.
func NewManager(c corev1.CoreV1Interface) *Manager {
func NewManager(c clientset.Interface) *Manager {
m := &Manager{
getToken: func(name, namespace string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) {
return c.ServiceAccounts(namespace).CreateToken(name, tr)
if c == nil {
return nil, errors.New("cannot use TokenManager when kubelet is in standalone mode")
}
return c.CoreV1().ServiceAccounts(namespace).CreateToken(name, tr)
},
cache: make(map[string]*authenticationv1.TokenRequest),
clock: clock.RealClock{},