mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 14:05:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into github_identity_provider

Browse Source
This commit is contained in:
Benjamin A. Petersen
2024-05-01 12:15:08 -04:00
parent 0896e7164a 56d7dee25d
commit c43193a0c8
700 changed files with 29057 additions and 66052 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/supervisor/server/server.go
View File

@@ -43,6 +43,7 @@ import (
"go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/typed/config/v1alpha1"
supervisorinformers "go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions"
supervisoropenapi "go.pinniped.dev/generated/latest/client/supervisor/openapi"
"go.pinniped.dev/internal/admissionpluginconfig"
"go.pinniped.dev/internal/apiserviceref"
"go.pinniped.dev/internal/config/featuregates"
"go.pinniped.dev/internal/config/supervisor"
@@ -636,6 +637,11 @@ func getAggregatedAPIServerConfig(
// This port is configurable. It should be safe to cast because the config reader already validated it.
recommendedOptions.SecureServing.BindPort = int(aggregatedAPIServerPort)
err := admissionpluginconfig.ConfigureAdmissionPlugins(recommendedOptions)
if err != nil {
return nil, fmt.Errorf("failed to configure admission plugins on recommended options: %w", err)
}
// secure TLS for connections coming from and going to the Kube API server
// this is best effort because not all options provide the right hooks to override TLS config
// since our only client is the Kube API server, this uses the most secure TLS config