-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Populate ClientCA in delegating auth setup #69430
Populate ClientCA in delegating auth setup #69430
Conversation
kubernetes#67768 accidentally removed population of the the ClientCA in the delegating auth setup code. This restores it.
cc @sttts @kubernetes/sig-api-machinery-bugs I'm not missing some other change here, right? I discovered this when I updated the deps to the custom-metrics-apiserver boilerplate and could no longer use my admin certs to connect to it directly when debugging a couple of things. |
/assign @cheftako |
@jennybuckley: GitHub didn't allow me to request PR reviews from the following users: wenjiaswe. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
please add a test to prevent it from happening again? |
/lgtm |
@DirectXMan12 can you backport to 1.12? |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: DirectXMan12, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
That would be appreciated. |
+1 please add a test. @sttts I think it's acceptable to ask for a test (or an explanation of why it's not a reasonable thing to test) before merging. |
@lavalamp +100 @DirectXMan12 to get you started with a test, maybe a look at https://github.com/kubernetes/kubernetes/blob/master/test/integration/controllermanager/serving_test.go#L68 helps. It already integration tests a lot of the delegated authn/z code paths. Maybe you can add a case for the fixed issue. |
Apologies for not responding. I've been away for the past few weeks. I'll try and take a look at this soon. |
…9430-origin-release-1.12 Automated cherry pick of #69430: Populate ClientCA in delegating auth setup
#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code. This appears to have broken the ability to talk directly
to aggregated API servers with client certs (e.g. admin certs).
/kind bug