mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-24 00:31:24 +00:00
This is the old behaviour and we did not intent to change it due to enabled authn/z in general. As the kube-apiserver this sets the "system:unsecured" user info.
70 lines
2.4 KiB
Go
70 lines
2.4 KiB
Go
/*
|
|
Copyright 2018 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package app
|
|
|
|
import (
|
|
"net/http"
|
|
goruntime "runtime"
|
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
|
|
apiserverconfig "k8s.io/apiserver/pkg/apis/config"
|
|
genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
|
|
apirequest "k8s.io/apiserver/pkg/endpoints/request"
|
|
apiserver "k8s.io/apiserver/pkg/server"
|
|
genericfilters "k8s.io/apiserver/pkg/server/filters"
|
|
"k8s.io/apiserver/pkg/server/healthz"
|
|
"k8s.io/apiserver/pkg/server/mux"
|
|
"k8s.io/apiserver/pkg/server/routes"
|
|
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
|
"k8s.io/kubernetes/pkg/util/configz"
|
|
)
|
|
|
|
// BuildHandlerChain builds a handler chain with a base handler and CompletedConfig.
|
|
func BuildHandlerChain(apiHandler http.Handler, authorizationInfo *apiserver.AuthorizationInfo, authenticationInfo *apiserver.AuthenticationInfo) http.Handler {
|
|
requestInfoResolver := &apirequest.RequestInfoFactory{}
|
|
failedHandler := genericapifilters.Unauthorized(legacyscheme.Codecs, false)
|
|
|
|
handler := apiHandler
|
|
if authorizationInfo != nil {
|
|
handler = genericapifilters.WithAuthorization(apiHandler, authorizationInfo.Authorizer, legacyscheme.Codecs)
|
|
}
|
|
if authenticationInfo != nil {
|
|
handler = genericapifilters.WithAuthentication(handler, authenticationInfo.Authenticator, failedHandler)
|
|
}
|
|
handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver)
|
|
handler = genericfilters.WithPanicRecovery(handler)
|
|
|
|
return handler
|
|
}
|
|
|
|
// NewBaseHandler takes in CompletedConfig and returns a handler.
|
|
func NewBaseHandler(c *apiserverconfig.DebuggingConfiguration) *mux.PathRecorderMux {
|
|
mux := mux.NewPathRecorderMux("controller-manager")
|
|
healthz.InstallHandler(mux)
|
|
if c.EnableProfiling {
|
|
routes.Profiling{}.Install(mux)
|
|
if c.EnableContentionProfiling {
|
|
goruntime.SetBlockProfileRate(1)
|
|
}
|
|
}
|
|
configz.InstallHandler(mux)
|
|
mux.Handle("/metrics", prometheus.Handler())
|
|
|
|
return mux
|
|
}
|