// if there are no authentication credentials (nor in the config returned from discovery, nor in the TLSBootstrapToken), fail
clusterinfo.Server,
returnnil,errors.New("couldn't find authentication credentials for the TLS boostrap process. Please use Token discovery, a discovery file with embedded authentication credentials or a discovery file without authentication credentials and the TLSBootstrapToken flag")
kubeadmapiv1beta2.DefaultClusterName,
TokenUser,
clusterinfo.CertificateAuthorityData,
cfg.Discovery.TLSBootstrapToken,
),nil
}
}
// DiscoverValidatedKubeConfig returns a validated Config object that specifies where the cluster is and the CA cert to trust
// DiscoverValidatedKubeConfig returns a validated Config object that specifies where the cluster is and the CA cert to trust
// If the request is unauthorized, the cluster admin has not granted access to the cluster info configmap for unauthenticated users
// If the request is unauthorized, the cluster admin has not granted access to the cluster info configmap for unauthenticated users
// In that case, trust the cluster admin and do not refresh the cluster-info credentials
// In that case, trust the cluster admin and do not refresh the cluster-info data
klog.Warningf("[discovery] Could not access the %s ConfigMap for refreshing the cluster-info information, but the TLS cert is valid so proceeding...\n",bootstrapapi.ConfigMapClusterInfo)
klog.Warningf("[discovery] Could not access the %s ConfigMap for refreshing the cluster-info information, but the TLS cert is valid so proceeding...\n",bootstrapapi.ConfigMapClusterInfo)
returntrue,nil
returntrue,nil
}
}
klog.V(1).Infof("[discovery] Failed to validate the API Server's identity, will try again: [%v]\n",err)
klog.V(1).Infof("[discovery] Error reading the %s ConfigMap, will try again: [%v]\n",bootstrapapi.ConfigMapClusterInfo,err)