From 2ca0edcf92029d8843f69f9939247ca8d0e78057 Mon Sep 17 00:00:00 2001 From: Brian Atkinson Date: Mon, 25 Jan 2021 15:07:48 -0800 Subject: [PATCH] impersonation: Clear config.BearerTokenFile when setting BearerToken. When running in a cluster, the BearerTokenFile is set to point to `/var/run/secrets/kubernetes.io/serviceaccount/token` where the service account's token is auto-mounted. If this value is not cleared, the setting of the BearerToken field will have no effect. Relevant documentation: https://pkg.go.dev/k8s.io/client-go@v0.20.2/rest#Config.BearerTokenFile Signed-off-by: Brian Atkinson --- controllers/kustomization_impersonation.go | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/kustomization_impersonation.go b/controllers/kustomization_impersonation.go index 63fc2018..c013951b 100644 --- a/controllers/kustomization_impersonation.go +++ b/controllers/kustomization_impersonation.go @@ -119,6 +119,7 @@ func (ki *KustomizeImpersonation) clientForServiceAccount(ctx context.Context) ( return nil, nil, err } restConfig.BearerToken = token + restConfig.BearerTokenFile = "" // Clear, as it overrides BearerToken restMapper, err := apiutil.NewDynamicRESTMapper(restConfig) if err != nil {