// If there aren't any addresses specified, default to the first advertised address which can be user-provided or the default network interface's IP address
// If the request is unauthorized, the cluster admin has not granted access to the cluster info configmap for unauthenicated users
// In that case, trust the cluster admin and do not refresh the cluster-info credentials
fmt.Printf("[discovery] Could not access the %s ConfigMap for refreshing the cluster-info information, but the TLS cert is valid so proceeding...\n",bootstrapapi.ConfigMapClusterInfo)
returntrue,nil
}else{
fmt.Printf("[discovery] Failed to validate the API Server's identity, will try again: [%v]\n",err)
returnfalse,nil
}
}
returntrue,nil
})
// If we couldn't fetch the cluster-info ConfigMap, just return the cluster-info object the user provided
ifclusterinfoCM==nil{
returndefaultCluster,nil
}
// We somehow got hold of the ConfigMap, try to read some data from it. If we can't, fallback on the user-provided file
fmt.Printf("[discovery] The %s ConfigMap isn't set up properly (%v), but the TLS cert is valid so proceeding...\n",bootstrapapi.ConfigMapClusterInfo,err)
returndefaultCluster,nil
}
fmt.Println("[discovery] Synced cluster-info information from the API Server so we have got the latest information")
// In an HA world in the future, this will make more sense, because now we've got new information, possibly about new API Servers to talk to
returnnil,fmt.Errorf("there is no %s key in the %s ConfigMap. This API Server isn't set up for token bootstrapping, can't connect",bootstrapapi.KubeConfigKey,bootstrapapi.ConfigMapClusterInfo)
returnnil,fmt.Errorf("there is no JWS signed token in the %s ConfigMap. This token id %q is invalid for this cluster, can't connect",bootstrapapi.ConfigMapClusterInfo,tokenId)