mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 14:05:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement the OIDCClientSecretRequest API

Browse Source 
This commit is a WIP commit because it doesn't include many tests
for the new feature.

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
This commit is contained in:
Ryan Richard
2022-08-26 10:57:45 -07:00
parent 7c247e9000
commit 1c296e5c4c
26 changed files with 676 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/supervisor/server/server.go
View File

@@ -31,6 +31,7 @@ import (
genericoptions "k8s.io/apiserver/pkg/server/options"
kubeinformers "k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/pkg/version"
"k8s.io/client-go/rest"
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
@@ -38,6 +39,7 @@ import (
configv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
pinnipedclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
"go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/typed/config/v1alpha1"
pinnipedinformers "go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions"
"go.pinniped.dev/internal/apiserviceref"
"go.pinniped.dev/internal/config/supervisor"
@@ -475,6 +477,9 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
*cfg.AggregatedAPIServerPort,
scheme,
clientSecretGV,
clientWithoutLeaderElection.Kubernetes.CoreV1().Secrets(serverInstallationNamespace),
client.PinnipedSupervisor.ConfigV1alpha1().OIDCClients(serverInstallationNamespace),
serverInstallationNamespace,
)
if err != nil {
return fmt.Errorf("could not configure aggregated API server: %w", err)
@@ -568,7 +573,6 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
return nil
}
// Create a configuration for the aggregated API server.
func getAggregatedAPIServerConfig(
dynamicCertProvider dynamiccert.Private,
buildControllers controllerinit.RunnerBuilder,
@@ -576,6 +580,9 @@ func getAggregatedAPIServerConfig(
aggregatedAPIServerPort int64,
scheme *runtime.Scheme,
clientSecretSupervisorGroupVersion schema.GroupVersion,
secrets corev1client.SecretInterface,
oidcClients v1alpha1.OIDCClientInterface,
serverInstallationNamespace string,
) (*apiserver.Config, error) {
codecs := serializer.NewCodecFactory(scheme)
@@ -620,6 +627,9 @@ func getAggregatedAPIServerConfig(
Scheme: scheme,
NegotiatedSerializer: codecs,
ClientSecretSupervisorGroupVersion: clientSecretSupervisorGroupVersion,
Secrets: secrets,
OIDCClients: oidcClients,
Namespace: serverInstallationNamespace,
},
}
return apiServerConfig, nil