Skip to content

Commit

Permalink
Added OIDC extender for update scenario
Browse files Browse the repository at this point in the history
  • Loading branch information
@akgalwas
akgalwas committed Nov 28, 2024
1 parent 86436ce commit a03a67a
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
3 changes: 2 additions & 1 deletion pkg/gardener/shoot/converter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ func baseExtenders(cfg config.ConverterConfig) []Extend {
extender2.ExtendWithAnnotations,
extender2.ExtendWithLabels,
extender2.ExtendWithSeedSelector,
extender2.NewOidcExtender(cfg.Kubernetes.DefaultOperatorOidc),
extender2.ExtendWithCloudProfile,
extender2.ExtendWithNetworkFilter,
extender2.ExtendWithCertConfig,
Expand Down Expand Up @@ -67,6 +66,7 @@ func NewConverterCreate(opts CreateOpts) Converter {

baseExtenders = append(baseExtenders,
extender2.NewDNSExtender(opts.DNS.SecretName, opts.DNS.DomainPrefix, opts.DNS.ProviderType),
extender2.NewOidcExtender(opts.Kubernetes.DefaultOperatorOidc),
)

baseExtenders = append(baseExtenders,
Expand Down Expand Up @@ -97,6 +97,7 @@ func NewConverterPatch(opts PatchOpts) Converter {

baseExtenders = append(baseExtenders,
extender2.NewDNSExtenderFromShoot(opts.Extensions),
extender2.NewOidcExtenderFromShoot(opts.Kubernetes.DefaultOperatorOidc, opts.Extensions),
)

baseExtenders = append(baseExtenders,
Expand Down
32 changes: 32 additions & 0 deletions pkg/gardener/shoot/extender/oidc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,38 @@ func shouldDefaultOidcConfig(config gardener.OIDCConfig) bool {
return config.ClientID == nil && config.IssuerURL == nil
}

func NewOidcExtenderFromShoot(oidcProvider config.OidcProvider, extensions []gardener.Extension) func(runtime imv1.Runtime, shoot *gardener.Shoot) error {
return func(runtime imv1.Runtime, shoot *gardener.Shoot) error {
oidcExtension := func() *gardener.Extension {
for _, extension := range extensions {
if extension.Type == "shoot-oidc-service" {
return &extension
}
}
return nil
}()

if oidcExtension != nil {
shoot.Spec.Extensions = append(shoot.Spec.Extensions, *oidcExtension)
}

oidcConfig := runtime.Spec.Shoot.Kubernetes.KubeAPIServer.OidcConfig
if shouldDefaultOidcConfig(oidcConfig) {
oidcConfig = gardener.OIDCConfig{
ClientID: &oidcProvider.ClientID,
GroupsClaim: &oidcProvider.GroupsClaim,
IssuerURL: &oidcProvider.IssuerURL,
SigningAlgs: oidcProvider.SigningAlgs,
UsernameClaim: &oidcProvider.UsernameClaim,
UsernamePrefix: &oidcProvider.UsernamePrefix,
}
}
setKubeAPIServerOIDCConfig(shoot, oidcConfig)

return nil
}
}

func NewOidcExtender(oidcProvider config.OidcProvider) func(runtime imv1.Runtime, shoot *gardener.Shoot) error {
return func(runtime imv1.Runtime, shoot *gardener.Shoot) error {
if CanEnableExtension(runtime) {
Expand Down

0 comments on commit a03a67a

Please sign in to comment.