func kubeconfigClientGoConfig(s *options.KubeletServer) (*rest.Config, error) { if s.RequireKubeConfig { // Ignores the values of s.APIServerList return clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.KubeConfig.Value()}, &clientcmd.ConfigOverrides{}, ).ClientConfig() } return clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.KubeConfig.Value()}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.APIServerList[0]}}, ).ClientConfig() }
func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorizationclient.SubjectAccessReviewInterface, error) { var clientConfig *rest.Config var err error if len(s.RemoteKubeConfigFile) > 0 { loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile} loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err = loader.ClientConfig() } else { // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will // use this path clientConfig, err = rest.InClusterConfig() } if err != nil { return nil, err } // set high qps/burst limits since this will effectively limit API server responsiveness clientConfig.QPS = 200 clientConfig.Burst = 400 client, err := authorizationclient.NewForConfig(clientConfig) if err != nil { return nil, err } return client.SubjectAccessReviews(), nil }
// NewGenericWebhook creates a new GenericWebhook from the provided kubeconfig file. func NewGenericWebhook(kubeConfigFile string, groupVersions []schema.GroupVersion, initialBackoff time.Duration) (*GenericWebhook, error) { for _, groupVersion := range groupVersions { if !api.Registry.IsEnabledVersion(groupVersion) { return nil, fmt.Errorf("webhook plugin requires enabling extension resource: %s", groupVersion) } } loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = kubeConfigFile loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } codec := api.Codecs.LegacyCodec(groupVersions...) clientConfig.ContentConfig.NegotiatedSerializer = runtimeserializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{Serializer: codec}) restClient, err := rest.UnversionedRESTClientFor(clientConfig) if err != nil { return nil, err } // TODO(ericchiang): Can we ensure remote service is reachable? return &GenericWebhook{restClient, initialBackoff}, nil }
func newK8sClient(conf utils.NetConf, logger *log.Entry) (*kubernetes.Clientset, error) { // Some config can be passed in a kubeconfig file kubeconfig := conf.Kubernetes.Kubeconfig // Config can be overridden by config passed in explicitly in the network config. configOverrides := &clientcmd.ConfigOverrides{} // If an API root is given, make sure we're using using the name / port rather than // the full URL. Earlier versions of the config required the full `/api/v1/` extension, // so split that off to ensure compatibility. conf.Policy.K8sAPIRoot = strings.Split(conf.Policy.K8sAPIRoot, "/api/")[0] var overridesMap = []struct { variable *string value string }{ {&configOverrides.ClusterInfo.Server, conf.Policy.K8sAPIRoot}, {&configOverrides.AuthInfo.ClientCertificate, conf.Policy.K8sClientCertificate}, {&configOverrides.AuthInfo.ClientKey, conf.Policy.K8sClientKey}, {&configOverrides.ClusterInfo.CertificateAuthority, conf.Policy.K8sCertificateAuthority}, {&configOverrides.AuthInfo.Token, conf.Policy.K8sAuthToken}, } // Using the override map above, populate any non-empty values. for _, override := range overridesMap { if override.value != "" { *override.variable = override.value } } // Also allow the K8sAPIRoot to appear under the "kubernetes" block in the network config. if conf.Kubernetes.K8sAPIRoot != "" { configOverrides.ClusterInfo.Server = conf.Kubernetes.K8sAPIRoot } // Use the kubernetes client code to load the kubeconfig file and combine it with the overrides. config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, configOverrides).ClientConfig() if err != nil { return nil, err } logger.Debugf("Kubernetes config %v", config) // Create the clientset return kubernetes.NewForConfig(config) }