mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 14:05:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Impersonation controller updates CredentialIssuer on every call to Sync

Browse Source 
- This commit does not include the updates that we plan to make to
  the `status.strategies[].frontend` field of the CredentialIssuer.
  That will come in a future commit.
This commit is contained in:
Ryan Richard
2021-03-02 14:48:58 -08:00
parent 84cc42b2ca
commit 1ad2c38509
3 changed files with 354 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/controllermanager/prepare_controllers.go
View File

@@ -277,12 +277,14 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
singletonWorker,
).
// The impersonation proxy configuration controllers dynamically configure the impersonation proxy feature.
// The impersonator configuration controller dynamically configures the impersonation proxy feature.
WithController(
impersonatorconfig.NewImpersonatorConfigController(
c.ServerInstallationInfo.Namespace,
c.NamesConfig.ImpersonationConfigMap,
c.NamesConfig.CredentialIssuer,
client.Kubernetes,
client.PinnipedConcierge,
informers.installationNamespaceK8s.Core().V1().ConfigMaps(),
informers.installationNamespaceK8s.Core().V1().Services(),
informers.installationNamespaceK8s.Core().V1().Secrets(),
@@ -292,6 +294,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
c.NamesConfig.ImpersonationTLSCertificateSecret,
c.NamesConfig.ImpersonationCACertificateSecret,
c.Labels,
clock.RealClock{},
tls.Listen,
func() (http.Handler, error) {
impersonationProxyHandler, err := impersonator.New(