Merge bf9a220dd0 into a27727f8d0

2025-12-12 20:01:09 +01:00 · 2025-12-12 20:01:09 +01:00 · 14e90dabae
parent a27727f8d0 bf9a220dd0
commit 14e90dabae
2 changed files with 13 additions and 14 deletions
--- a/ui/operator_ui/cluster_discovery.py
+++ b/ui/operator_ui/cluster_discovery.py
@ -24,14 +24,16 @@ def generate_cluster_id(url: str):
    return CLUSTER_ID_INVALID_CHARS.sub('-', url.lower()).strip('-')


-class StaticAuthorizationHeaderAuth(AuthBase):
-    '''Static authentication with given "Authorization" header'''
+class KubernetesConfigAuth(AuthBase):
+    '''Dynamic authentication using the Kubernetes configuration to load the service account token'''

-    def __init__(self, authorization):
-        self.authorization = authorization
+    def __init__(self, config):
+        self.config = config

    def __call__(self, request):
-        request.headers['Authorization'] = self.authorization
+        authorization = self.config.get_api_key_with_prefix('authorization')
+        if authorization:
+            request.headers['Authorization'] = authorization
        return request


@ -66,19 +68,20 @@ class StaticClusterDiscoverer:

        if not api_server_urls:
            try:
-                kubernetes.config.load_incluster_config()
+                config = kubernetes.client.Configuration()
+                kubernetes.config.load_incluster_config(config)
            except kubernetes.config.ConfigException:
                # we are not running inside a cluster
                # => assume default kubectl proxy URL
                cluster = Cluster(generate_cluster_id(DEFAULT_CLUSTERS), DEFAULT_CLUSTERS)
            else:
                logger.info("in cluster configuration failed")
-                config = kubernetes.client.Configuration()
+                auth = KubernetesConfigAuth(config)
                cluster = Cluster(
                    generate_cluster_id(config.host),
                    config.host,
                    ssl_ca_cert=config.ssl_ca_cert,
-                    auth=StaticAuthorizationHeaderAuth(config.api_key['authorization']))
+                    auth=auth)
            self._clusters.append(cluster)
        else:
            for api_server_url in api_server_urls:
@ -110,11 +113,7 @@ class KubeconfigDiscoverer:
                continue
            config = kubernetes.client.ConfigurationObject()
            kubernetes.config.load_kube_config(config_file, context=context['name'], client_configuration=config)
-            authorization = config.api_key.get('authorization')
-            if authorization:
-                auth = StaticAuthorizationHeaderAuth(authorization)
-            else:
-                auth = None
+            auth = KubernetesConfigAuth(config)
            cluster = Cluster(
                context['name'],
                config.host,
--- a/ui/requirements.txt
+++ b/ui/requirements.txt
@ -7,7 +7,7 @@ furl==2.1.3
 gevent==24.2.1
 jq==1.7.0
 json_delta>=2.0.2
-kubernetes==11.0.0
+kubernetes==34.1.0
 python-json-logger==2.0.7
 requests==2.32.4
 stups-tokens>=1.1.19