Skip to content

Commit

Permalink
UPSTREAM: <carry>: use hardcoded metrics scraping authorizer for dele…
Browse files Browse the repository at this point in the history 
…gated apiservers

OpenShift-Rebase-Source: d8adc09
  • Loading branch information
@deads2k @bertinatto
deads2k authored and bertinatto committed Nov 29, 2024
1 parent 6ab56c9 commit 6cc36ce
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (

"github.com/spf13/pflag"

"github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/authorization/authorizer"
"k8s.io/apiserver/pkg/authorization/authorizerfactory"
Expand Down Expand Up @@ -181,6 +182,9 @@ func (s *DelegatingAuthorizationOptions) toAuthorizer(client kubernetes.Interfac
authorizers = append(authorizers, authorizerfactory.NewPrivilegedGroups(s.AlwaysAllowGroups...))
}

// add an authorizer to always approver the openshift metrics scraper.
authorizers = append(authorizers, hardcodedauthorizer.NewHardCodedMetricsAuthorizer())

if len(s.AlwaysAllowPaths) > 0 {
a, err := path.NewAuthorizer(s.AlwaysAllowPaths)
if err != nil {
Expand Down

0 comments on commit 6cc36ce

Please sign in to comment.