Remove in-cluster-config flag in favour of fall back behaviour

JoshVanL · JoshVanL · commit be1fa46cc226 · 2019-11-06T14:15:49.000Z
Signed-off-by: JoshVanL &lt;vleeuwenjoshua@gmail.com&gt;
diff --git a/cmd/options/client.go b/cmd/options/client.go
@@ -2,50 +2,26 @@
 package options
 
 import (
-	"errors"
-	"fmt"
-
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 )
 
-const (
-	flagInClusterConfig = "in-cluster-config"
-)
-
-type ClientExtraOptions struct {
-	InClusterConfig bool
+type ClientOptions struct {
 	*genericclioptions.ConfigFlags
 }
 
-func NewClientExtraFlags() *ClientExtraOptions {
-	return &ClientExtraOptions{
-		InClusterConfig: false,
-		ConfigFlags:     genericclioptions.NewConfigFlags(true),
+func NewClientFlags() *ClientOptions {
+	return &ClientOptions{
+		ConfigFlags: genericclioptions.NewConfigFlags(true),
 	}
 }
 
-func (c *ClientExtraOptions) AddFlags(flags *pflag.FlagSet) {
-	flags.BoolVar(&c.InClusterConfig, flagInClusterConfig, c.InClusterConfig, "Use in-cluster configuration to authenticate and connect to a Kubernetes API server")
+func (c *ClientOptions) AddFlags(flags *pflag.FlagSet) {
 	c.ConfigFlags.AddFlags(flags)
 }
 
-func (c *ClientExtraOptions) Validate(cmd *cobra.Command) error {
-	clientFCh := c.clientFlagsChanged(cmd)
-
-	if clientFCh && c.InClusterConfig {
-		return fmt.Errorf("if --%s is enabled, no other client flag options my be specified", flagInClusterConfig)
-	}
-
-	if !clientFCh && !c.InClusterConfig {
-		return errors.New("no client flag options specified")
-	}
-
-	return nil
-}
-
-func (c *ClientExtraOptions) clientFlagsChanged(cmd *cobra.Command) bool {
+func (c *ClientOptions) ClientFlagsChanged(cmd *cobra.Command) bool {
 	for _, f := range clientOptionFlags() {
 		if ff := cmd.Flag(f); ff != nil && ff.Changed {
 			return true
diff --git a/cmd/options/client_test.go b/cmd/options/client_test.go
diff --git a/cmd/run.go b/cmd/run.go
@@ -46,7 +46,7 @@ func NewRunCommand(stopCh <-chan struct{}) *cobra.Command {
 
 	kopOptions := new(options.KubeOIDCProxyOptions)
 
-	clientConfigOptions := options.NewClientExtraFlags()
+	clientConfigOptions := options.NewClientFlags()
 
 	healthCheck := probe.New(strconv.Itoa(readinessProbePort))
 
@@ -65,26 +65,22 @@ func NewRunCommand(stopCh <-chan struct{}) *cobra.Command {
 				return err
 			}
 
-			if err := clientConfigOptions.Validate(cmd); err != nil {
-				return err
-			}
-
 			if ssoptionsWithLB.SecureServingOptions.BindPort == readinessProbePort {
 				return errors.New("unable to securely serve on port 8080, used by readiness prob")
 			}
 
 			var restConfig *rest.Config
-			if clientConfigOptions.InClusterConfig {
-				// In cluster config
-				restConfig, err = rest.InClusterConfig()
+
+			if clientConfigOptions.ClientFlagsChanged(cmd) {
+				// one or more client flags have been set to use client flag built
+				// config
+				restConfig, err = clientConfigOptions.ToRESTConfig()
 				if err != nil {
 					return err
 				}
-
 			} else {
-
-				// CLI flags not using in-cluster config
-				restConfig, err = clientConfigOptions.ToRESTConfig()
+				// no client flags have been set so default to in-cluster config
+				restConfig, err = rest.InClusterConfig()
 				if err != nil {
 					return err
 				}
@@ -156,15 +152,15 @@ func NewRunCommand(stopCh <-chan struct{}) *cobra.Command {
 	oidcfs := namedFlagSets.FlagSet("OIDC")
 	oidcOptions.AddFlags(oidcfs)
 
-	ssoptionsWithLB.AddFlags(namedFlagSets.FlagSet("secure serving"))
+	ssoptionsWithLB.AddFlags(namedFlagSets.FlagSet("Secure Serving"))
 
 	clientConfigOptions.CacheDir = nil
 	clientConfigOptions.Impersonate = nil
 	clientConfigOptions.ImpersonateGroup = nil
-	clientConfigOptions.AddFlags(namedFlagSets.FlagSet("client"))
+	clientConfigOptions.AddFlags(namedFlagSets.FlagSet("Client"))
 
-	globalflag.AddGlobalFlags(namedFlagSets.FlagSet("misc"), cmd.Name())
-	namedFlagSets.FlagSet("misc").Bool("version",
+	globalflag.AddGlobalFlags(namedFlagSets.FlagSet("Misc"), cmd.Name())
+	namedFlagSets.FlagSet("Misc").Bool("version",
 		false, "Print version information and quit")
 
 	for _, f := range namedFlagSets.FlagSets {
diff --git a/demo/manifests/components/kube-oidc-proxy.jsonnet b/demo/manifests/components/kube-oidc-proxy.jsonnet
@@ -111,7 +111,6 @@ local READINESS_PORT = 8080;
               command: [
                 'kube-oidc-proxy',
                 '--secure-port=' + $.config.secureServing.port,
-                '--in-cluster-config',
                 '--tls-cert-file=' + $.config.secureServing.tlsCertFile,
                 '--tls-private-key-file=' + $.config.secureServing.tlsKeyFile,
                 '--oidc-groups-prefix=' + $.config.oidc.groupsPrefix,
diff --git a/demo/yaml/kube-oidc-proxy.yaml b/demo/yaml/kube-oidc-proxy.yaml
@@ -43,7 +43,6 @@ spec:
         command: ["kube-oidc-proxy"]
         args:
           - "--secure-port=443"
-          - "--in-cluster-config"
           - "--tls-cert-file=/etc/oidc/tls/crt.pem"
           - "--tls-private-key-file=/etc/oidc/tls/key.pem"
           - "--oidc-client-id=$(OIDC_CLIENT_ID)"
diff --git a/deploy/charts/kube-oidc-proxy/templates/deployment.yaml b/deploy/charts/kube-oidc-proxy/templates/deployment.yaml
@@ -35,7 +35,6 @@ spec:
           periodSeconds: 10
         command: ["kube-oidc-proxy"]
         args:
-          - "--in-cluster-config"
           - "--secure-port=443"
           - "--tls-cert-file=/etc/oidc/tls/crt.pem"
           - "--tls-private-key-file=/etc/oidc/tls/key.pem"
