func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorizationclient.SubjectAccessReviewInterface, error) { var clientConfig *rest.Config var err error if len(s.RemoteKubeConfigFile) > 0 { loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile} loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err = loader.ClientConfig() } else { // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will // use this path clientConfig, err = rest.InClusterConfig() } if err != nil { return nil, err } // set high qps/burst limits since this will effectively limit API server responsiveness clientConfig.QPS = 200 clientConfig.Burst = 400 client, err := authorizationclient.NewForConfig(clientConfig) if err != nil { return nil, err } return client.SubjectAccessReviews(), nil }