cmd/{k8s-operator,k8s-proxy},kube: use consistent type for auth mode config (#16626)

Updates k8s-proxy's config so its auth mode config matches that we set in kube-apiserver ProxyGroups for consistency. Updates #13358 Change-Id: I95e29cec6ded2dc7c6d2d03f968a25c822bc0e01 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-07-22 14:46:38 +01:00
parent 6f7e78b10f
commit 22a8e0ac50
10 changed files with 99 additions and 48 deletions
@@ -805,6 +805,10 @@ func (r *ProxyGroupReconciler) ensureConfigSecretsCreated(ctx context.Context, p
 				}
 			}

+			mode := kubetypes.APIServerProxyModeAuth
+			if !isAuthAPIServerProxy(pg) {
+				mode = kubetypes.APIServerProxyModeNoAuth
+			}
 			cfg := conf.VersionedConfig{
 				Version: "v1alpha1",
 				ConfigV1Alpha1: &conf.ConfigV1Alpha1{
@@ -816,8 +820,8 @@ func (r *ProxyGroupReconciler) ensureConfigSecretsCreated(ctx context.Context, p
 					// Reloadable fields.
 					Hostname: &hostname,
 					APIServerProxy: &conf.APIServerProxyConfig{
-						Enabled:  opt.NewBool(true),
-						AuthMode: opt.NewBool(isAuthAPIServerProxy(pg)),
+						Enabled: opt.NewBool(true),
+						Mode:    &mode,
 						// The first replica is elected as the cert issuer, same
 						// as containerboot does for ingress-pg-reconciler.
 						IssueCerts: opt.NewBool(i == 0),