From a82d834459e9b9c80ca238402219715b546f719b Mon Sep 17 00:00:00 2001
From: Giuseppe Attardi <giuseppe.attardi@garr.it>
Date: Fri, 29 Jun 2018 17:44:45 +0200
Subject: [PATCH] Fixed bug.

---
 reactive/kubernetes_master.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/reactive/kubernetes_master.py b/reactive/kubernetes_master.py
index a5a631e..e84ea3c 100644
--- a/reactive/kubernetes_master.py
+++ b/reactive/kubernetes_master.py
@@ -287,6 +287,9 @@ def configure_cni(cni):
     cni.set_config(is_master=True, kubeconfig_path='')
 
 
+# Webhook configuration file
+webhook_config_path = '/root/cdk/webhook.kubeconfig'
+
 @when('leadership.is_leader')
 @when_not('authentication.setup')
 def setup_leader_authentication():
@@ -328,13 +331,11 @@ def setup_leader_authentication():
     leader_set(leader_data)
 
     # configure webhook authentication
-    webhook_config_path = '/root/cdk/webhook.kubeconfig'
     auth_mode = hookenv.config('authorization-mode')
     if 'Webhook' in re.split('[,\s]+', auth_mode):
         # Render the webhook configuration from the webhook.kubeconfig template
         webhook_context = {} # template parameters
         render('webhook.kubeconfig', webhook_config_path, webhook_context)
-        api_opts['authentication-token-webhook-config-file'] = webhook_config_path
     else:
         remove_if_exists(webhook_config_path)
                     
@@ -1315,6 +1316,11 @@ def configure_apiserver(etcd_connection_string):
     else:
         remove_if_exists(audit_webhook_config_path)
 
+    # Webhook config
+    auth_mode = hookenv.config('authorization-mode')
+    if 'Webhook' in re.split('[,\s]+', auth_mode):
+        api_opts['authentication-token-webhook-config-file'] = webhook_config_path
+
     configure_kubernetes_service('kube-apiserver', api_opts, 'api-extra-args')
     restart_apiserver()
 
-- 
GitLab