Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Ensure webhook service routing resolves kubernetes.default.svc correctly #62649
Going through the normal endpoint resolve path isn't correct in multi-master scenarios
The auth wrapper is pulling from LoopbackClientConfig, the service resolver should do the same
Apr 16, 2018
referenced this pull request
Apr 16, 2018
the only service the apiserver can make authentication assumptions about is the kubernetes/default service, and only because it is serving it and controls authentication for it.
that's why this is only used in kube-apiserver. aggregated api servers running on top of the kube control plane use default dns resolution and in-cluster auth without incident.
test added (verified it failed on master with an unresolveable address timeout), three additional bugs fixed. most integration tests do not actually use the real apiserver construction methods, so wouldn't have exercised the code that was fixed.
The closest integration test to reality I found was this one:
In the test commit in this PR, I started to extract the test setup to something that:
[APPROVALNOTIFIER] This PR is APPROVED
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing
Apr 20, 2018
7 of 15 checks passed
@liggitt: The following tests failed, say