mirror of https://github.com/kubernetes/kops.git
Merge pull request #5508 from ihoegen/master
Add authentication-token-webhook-cache-ttl flag to kubelet config
This commit is contained in:
k8s-ci-robot
GitHub
commit
b36c67f81c
|
|
@ -172,6 +172,10 @@ type KubeletConfigSpec struct {
|
|||
DockerDisableSharedPID *bool `json:"dockerDisableSharedPID,omitempty" flag:"docker-disable-shared-pid"`
|
||||
// RootDir is the directory path for managing kubelet files (volume mounts,etc)
|
||||
RootDir string `json:"rootDir,omitempty" flag:"root-dir"`
|
||||
// AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens.
|
||||
AuthenticationTokenWebhook *bool `json:"authenticationTokenWebhook,omitempty" flag:"authentication-token-webhook"`
|
||||
// AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s)
|
||||
AuthenticationTokenWebhookCacheTTL *metav1.Duration `json:"authenticationTokenWebhookCacheTtl,omitempty" flag:"authentication-token-webhook-cache-ttl"`
|
||||
}
|
||||
|
||||
// KubeProxyConfig defines the configuration for a proxy
|
||||
|
|
@ -316,8 +320,6 @@ type KubeAPIServerConfig struct {
|
|||
AuditLogMaxSize *int32 `json:"auditLogMaxSize,omitempty" flag:"audit-log-maxsize"`
|
||||
// AuditPolicyFile is the full path to a advanced audit configuration file a.g. /srv/kubernetes/audit.conf
|
||||
AuditPolicyFile string `json:"auditPolicyFile,omitempty" flag:"audit-policy-file"`
|
||||
// AuthenticationTokenWebhook enables bearer token authentication on kubelet.
|
||||
AuthenticationTokenWebhook *bool `json:"authenticationTokenWebhook,omitempty" flag:"authentication-token-webhook"`
|
||||
// File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens.
|
||||
AuthenticationTokenWebhookConfigFile *string `json:"authenticationTokenWebhookConfigFile,omitempty" flag:"authentication-token-webhook-config-file"`
|
||||
// The duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s)
|
||||
|
|
|
|||
|
|
@ -172,6 +172,10 @@ type KubeletConfigSpec struct {
|
|||
DockerDisableSharedPID *bool `json:"dockerDisableSharedPID,omitempty" flag:"docker-disable-shared-pid"`
|
||||
// RootDir is the directory path for managing kubelet files (volume mounts,etc)
|
||||
RootDir string `json:"rootDir,omitempty" flag:"root-dir"`
|
||||
// AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens.
|
||||
AuthenticationTokenWebhook *bool `json:"authenticationTokenWebhook,omitempty" flag:"authentication-token-webhook"`
|
||||
// AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s)
|
||||
AuthenticationTokenWebhookCacheTTL *metav1.Duration `json:"authenticationTokenWebhookCacheTtl,omitempty" flag:"authentication-token-webhook-cache-ttl"`
|
||||
}
|
||||
|
||||
// KubeProxyConfig defines the configuration for a proxy
|
||||
|
|
@ -316,8 +320,6 @@ type KubeAPIServerConfig struct {
|
|||
AuditLogMaxSize *int32 `json:"auditLogMaxSize,omitempty" flag:"audit-log-maxsize"`
|
||||
// AuditPolicyFile is the full path to a advanced audit configuration file a.g. /srv/kubernetes/audit.conf
|
||||
AuditPolicyFile string `json:"auditPolicyFile,omitempty" flag:"audit-policy-file"`
|
||||
// AuthenticationTokenWebhook enables bearer token authentication on kubelet.
|
||||
AuthenticationTokenWebhook *bool `json:"authenticationTokenWebhook,omitempty" flag:"authentication-token-webhook"`
|
||||
// File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens.
|
||||
AuthenticationTokenWebhookConfigFile *string `json:"authenticationTokenWebhookConfigFile,omitempty" flag:"authentication-token-webhook-config-file"`
|
||||
// The duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s)
|
||||
|
|
|
|||
|
|
@ -2200,7 +2200,6 @@ func autoConvert_v1alpha1_KubeAPIServerConfig_To_kops_KubeAPIServerConfig(in *Ku
|
|||
out.AuditLogMaxBackups = in.AuditLogMaxBackups
|
||||
out.AuditLogMaxSize = in.AuditLogMaxSize
|
||||
out.AuditPolicyFile = in.AuditPolicyFile
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookConfigFile = in.AuthenticationTokenWebhookConfigFile
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
out.AuthorizationMode = in.AuthorizationMode
|
||||
|
|
@ -2272,7 +2271,6 @@ func autoConvert_kops_KubeAPIServerConfig_To_v1alpha1_KubeAPIServerConfig(in *ko
|
|||
out.AuditLogMaxBackups = in.AuditLogMaxBackups
|
||||
out.AuditLogMaxSize = in.AuditLogMaxSize
|
||||
out.AuditPolicyFile = in.AuditPolicyFile
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookConfigFile = in.AuthenticationTokenWebhookConfigFile
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
out.AuthorizationMode = in.AuthorizationMode
|
||||
|
|
@ -2571,6 +2569,8 @@ func autoConvert_v1alpha1_KubeletConfigSpec_To_kops_KubeletConfigSpec(in *Kubele
|
|||
out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
|
||||
out.DockerDisableSharedPID = in.DockerDisableSharedPID
|
||||
out.RootDir = in.RootDir
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -2645,6 +2645,8 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha1_KubeletConfigSpec(in *kops.K
|
|||
out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
|
||||
out.DockerDisableSharedPID = in.DockerDisableSharedPID
|
||||
out.RootDir = in.RootDir
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2064,15 +2064,6 @@ func (in *KubeAPIServerConfig) DeepCopyInto(out *KubeAPIServerConfig) {
|
|||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhook != nil {
|
||||
in, out := &in.AuthenticationTokenWebhook, &out.AuthenticationTokenWebhook
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhookConfigFile != nil {
|
||||
in, out := &in.AuthenticationTokenWebhookConfigFile, &out.AuthenticationTokenWebhookConfigFile
|
||||
if *in == nil {
|
||||
|
|
@ -2742,6 +2733,24 @@ func (in *KubeletConfigSpec) DeepCopyInto(out *KubeletConfigSpec) {
|
|||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhook != nil {
|
||||
in, out := &in.AuthenticationTokenWebhook, &out.AuthenticationTokenWebhook
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhookCacheTTL != nil {
|
||||
in, out := &in.AuthenticationTokenWebhookCacheTTL, &out.AuthenticationTokenWebhookCacheTTL
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(v1.Duration)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -172,6 +172,10 @@ type KubeletConfigSpec struct {
|
|||
DockerDisableSharedPID *bool `json:"dockerDisableSharedPID,omitempty" flag:"docker-disable-shared-pid"`
|
||||
// RootDir is the directory path for managing kubelet files (volume mounts,etc)
|
||||
RootDir string `json:"rootDir,omitempty" flag:"root-dir"`
|
||||
// AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens.
|
||||
AuthenticationTokenWebhook *bool `json:"authenticationTokenWebhook,omitempty" flag:"authentication-token-webhook"`
|
||||
// AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s)
|
||||
AuthenticationTokenWebhookCacheTTL *metav1.Duration `json:"authenticationTokenWebhookCacheTtl,omitempty" flag:"authentication-token-webhook-cache-ttl"`
|
||||
}
|
||||
|
||||
// KubeProxyConfig defines the configuration for a proxy
|
||||
|
|
@ -316,8 +320,6 @@ type KubeAPIServerConfig struct {
|
|||
AuditLogMaxSize *int32 `json:"auditLogMaxSize,omitempty" flag:"audit-log-maxsize"`
|
||||
// AuditPolicyFile is the full path to a advanced audit configuration file a.g. /srv/kubernetes/audit.conf
|
||||
AuditPolicyFile string `json:"auditPolicyFile,omitempty" flag:"audit-policy-file"`
|
||||
// AuthenticationTokenWebhook enables bearer token authentication on kubelet.
|
||||
AuthenticationTokenWebhook *bool `json:"authenticationTokenWebhook,omitempty" flag:"authentication-token-webhook"`
|
||||
// File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens.
|
||||
AuthenticationTokenWebhookConfigFile *string `json:"authenticationTokenWebhookConfigFile,omitempty" flag:"authentication-token-webhook-config-file"`
|
||||
// The duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s)
|
||||
|
|
|
|||
|
|
@ -2464,7 +2464,6 @@ func autoConvert_v1alpha2_KubeAPIServerConfig_To_kops_KubeAPIServerConfig(in *Ku
|
|||
out.AuditLogMaxBackups = in.AuditLogMaxBackups
|
||||
out.AuditLogMaxSize = in.AuditLogMaxSize
|
||||
out.AuditPolicyFile = in.AuditPolicyFile
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookConfigFile = in.AuthenticationTokenWebhookConfigFile
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
out.AuthorizationMode = in.AuthorizationMode
|
||||
|
|
@ -2536,7 +2535,6 @@ func autoConvert_kops_KubeAPIServerConfig_To_v1alpha2_KubeAPIServerConfig(in *ko
|
|||
out.AuditLogMaxBackups = in.AuditLogMaxBackups
|
||||
out.AuditLogMaxSize = in.AuditLogMaxSize
|
||||
out.AuditPolicyFile = in.AuditPolicyFile
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookConfigFile = in.AuthenticationTokenWebhookConfigFile
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
out.AuthorizationMode = in.AuthorizationMode
|
||||
|
|
@ -2835,6 +2833,8 @@ func autoConvert_v1alpha2_KubeletConfigSpec_To_kops_KubeletConfigSpec(in *Kubele
|
|||
out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
|
||||
out.DockerDisableSharedPID = in.DockerDisableSharedPID
|
||||
out.RootDir = in.RootDir
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -2909,6 +2909,8 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha2_KubeletConfigSpec(in *kops.K
|
|||
out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
|
||||
out.DockerDisableSharedPID = in.DockerDisableSharedPID
|
||||
out.RootDir = in.RootDir
|
||||
out.AuthenticationTokenWebhook = in.AuthenticationTokenWebhook
|
||||
out.AuthenticationTokenWebhookCacheTTL = in.AuthenticationTokenWebhookCacheTTL
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2145,15 +2145,6 @@ func (in *KubeAPIServerConfig) DeepCopyInto(out *KubeAPIServerConfig) {
|
|||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhook != nil {
|
||||
in, out := &in.AuthenticationTokenWebhook, &out.AuthenticationTokenWebhook
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhookConfigFile != nil {
|
||||
in, out := &in.AuthenticationTokenWebhookConfigFile, &out.AuthenticationTokenWebhookConfigFile
|
||||
if *in == nil {
|
||||
|
|
@ -2823,6 +2814,24 @@ func (in *KubeletConfigSpec) DeepCopyInto(out *KubeletConfigSpec) {
|
|||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhook != nil {
|
||||
in, out := &in.AuthenticationTokenWebhook, &out.AuthenticationTokenWebhook
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhookCacheTTL != nil {
|
||||
in, out := &in.AuthenticationTokenWebhookCacheTTL, &out.AuthenticationTokenWebhookCacheTTL
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(v1.Duration)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2333,15 +2333,6 @@ func (in *KubeAPIServerConfig) DeepCopyInto(out *KubeAPIServerConfig) {
|
|||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhook != nil {
|
||||
in, out := &in.AuthenticationTokenWebhook, &out.AuthenticationTokenWebhook
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhookConfigFile != nil {
|
||||
in, out := &in.AuthenticationTokenWebhookConfigFile, &out.AuthenticationTokenWebhookConfigFile
|
||||
if *in == nil {
|
||||
|
|
@ -3011,6 +3002,24 @@ func (in *KubeletConfigSpec) DeepCopyInto(out *KubeletConfigSpec) {
|
|||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhook != nil {
|
||||
in, out := &in.AuthenticationTokenWebhook, &out.AuthenticationTokenWebhook
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
if in.AuthenticationTokenWebhookCacheTTL != nil {
|
||||
in, out := &in.AuthenticationTokenWebhookCacheTTL, &out.AuthenticationTokenWebhookCacheTTL
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(v1.Duration)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue