msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

Fix kubeconfig loading for TokenReview.

Browse Source
pull/2012/head
tamal 9 years ago committed by sauman
parent 6f06945db4
commit ba83a84167
1 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File

40
pkg/tiller/server.go
Unescape View File

@ -23,8 +23,10 @@ import (
"errors" "errors"
"fmt" "fmt"
"log" "log"
"os"
"strings" "strings"
"github.com/spf13/pflag"
"golang.org/x/net/context" "golang.org/x/net/context"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/metadata" "google.golang.org/grpc/metadata"
@ -35,6 +37,7 @@ import (
rest "k8s.io/kubernetes/pkg/client/restclient" rest "k8s.io/kubernetes/pkg/client/restclient"
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
utilflag "k8s.io/kubernetes/pkg/util/flag"
) )
// maxMsgSize use 10MB as the default message size limit. // maxMsgSize use 10MB as the default message size limit.
@ -157,18 +160,35 @@ func checkBearerAuth(ctx context.Context) (*authenticationapi.UserInfo, *rest.Co
} }
caCert, _ := getCertificateAuthority(md) caCert, _ := getCertificateAuthority(md)
// TODO: Should be InClusterConfig() ? // ref: k8s.io/helm/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/util#NewFactory()
kubeConfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( flags := pflag.NewFlagSet("", pflag.ContinueOnError)
&clientcmd.ClientConfigLoadingRules{DefaultClientConfig: &clientcmd.DefaultClientConfig}, flags.SetNormalizeFunc(utilflag.WarnWordSepNormalizeFunc) // Warn for "_" flags
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
// use the standard defaults for this client command
// DEPRECATED: remove and replace with something more accurate
loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig
flags.StringVar(&loadingRules.ExplicitPath, "kubeconfig", "", "Path to the kubeconfig file to use for CLI requests.")
overrides := &clientcmd.ConfigOverrides{
ClusterDefaults: clientcmd.ClusterDefaults,
ClusterInfo: clientcmdapi.Cluster{
Server: apiServer, Server: apiServer,
CertificateAuthorityData: caCert, CertificateAuthorityData: caCert,
}}).ClientConfig() },
}
flagNames := clientcmd.RecommendedConfigOverrideFlags("")
// short flagnames are disabled by default. These are here for compatibility with existing scripts
flagNames.ClusterOverrideFlags.APIServer.ShortName = "s"
clientcmd.BindOverrideFlags(overrides, flags, flagNames)
tokenConfig, err := clientcmd.NewInteractiveDeferredLoadingClientConfig(loadingRules, overrides, os.Stdin).ClientConfig()
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
client, err := clientset.NewForConfig(kubeConfig) client, err := clientset.NewForConfig(tokenConfig)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@ -186,7 +206,13 @@ func checkBearerAuth(ctx context.Context) (*authenticationapi.UserInfo, *rest.Co
if !result.Status.Authenticated { if !result.Status.Authenticated {
return nil, nil, errors.New("Not authenticated") return nil, nil, errors.New("Not authenticated")
} }
kubeConfig.BearerToken = token kubeConfig := &rest.Config{
Host: apiServer,
BearerToken: token,
TLSClientConfig: rest.TLSClientConfig{
CAData: caCert,
},
}
return &result.Status.User, kubeConfig, nil return &result.Status.User, kubeConfig, nil
} }

Write Preview
Loading…
Cancel
Save