Skip to content

Commit

Permalink
UPSTREAM: <carry>: use hardcoded metrics scraping authorizer for dele…
Browse files Browse the repository at this point in the history 
…gated apiservers
  • Loading branch information
@deads2k
deads2k committed Feb 23, 2021
1 parent 69d7e87 commit cecf9da
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
3 changes: 3 additions & 0 deletions openshift-kube-apiserver/openshiftkubeapiserver/patch.go
View file
Expand Up @@ -31,6 +31,9 @@ import (
"k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers"
"k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/usercache"
"k8s.io/kubernetes/openshift-kube-apiserver/admission/scheduler/nodeenv"

// magnet to get authorizer package in hack/update-vendor.sh
_ "github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer"
)

func OpenShiftKubeAPIServerConfigPatch(genericConfig *genericapiserver.Config, kubeInformers clientgoinformers.SharedInformerFactory, pluginInitializers *[]admission.PluginInitializer) error {
Expand Down
4 changes: 4 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
View file
Expand Up @@ -23,6 +23,7 @@ import (
"github.com/spf13/pflag"
"k8s.io/klog/v2"

"github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/authorization/authorizer"
"k8s.io/apiserver/pkg/authorization/authorizerfactory"
Expand Down Expand Up @@ -161,6 +162,9 @@ func (s *DelegatingAuthorizationOptions) toAuthorizer(client kubernetes.Interfac
authorizers = append(authorizers, authorizerfactory.NewPrivilegedGroups(s.AlwaysAllowGroups...))
}

// add an authorizer to always approver the openshift metrics scraper.
authorizers = append(authorizers, hardcodedauthorizer.NewHardCodedMetricsAuthorizer())

if len(s.AlwaysAllowPaths) > 0 {
a, err := path.NewAuthorizer(s.AlwaysAllowPaths)
if err != nil {
Expand Down

0 comments on commit cecf9da

Please sign in to comment.