vendored changes

vendor/k8s.io/apiserver/pkg/util/webhook/authentication.go

@@ -171,6 +171,7 @@ func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Conf
 	// blindly overwrite existing values based on precedence
 	if len(configAuthInfo.Token) > 0 {
 		config.BearerToken = configAuthInfo.Token
+		config.BearerTokenFile = configAuthInfo.TokenFile
 	} else if len(configAuthInfo.TokenFile) > 0 {
 		tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
 		if err != nil {
@@ -196,6 +197,9 @@ func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Conf
 		config.Username = configAuthInfo.Username
 		config.Password = configAuthInfo.Password
 	}
+	if configAuthInfo.Exec != nil {
+		config.ExecProvider = configAuthInfo.Exec.DeepCopy()
+	}
 	if configAuthInfo.AuthProvider != nil {
 		return nil, fmt.Errorf("auth provider not supported")
 	}

vendor/k8s.io/apiserver/pkg/util/webhook/client.go

@@ -49,6 +49,7 @@ type ClientConfigService struct {
 	Name      string
 	Namespace string
 	Path      string
+	Port      int32
 }
 
 // ClientManager builds REST clients to talk to webhooks. It caches the clients
@@ -164,7 +165,11 @@ func (cm *ClientManager) HookClient(cc ClientConfig) (*rest.RESTClient, error) {
 		}
 		cfg.Dial = func(ctx context.Context, network, addr string) (net.Conn, error) {
 			if addr == host {
-				u, err := cm.serviceResolver.ResolveEndpoint(cc.Service.Namespace, cc.Service.Name)
+				port := cc.Service.Port
+				if port == 0 {
+					port = 443
+				}
+				u, err := cm.serviceResolver.ResolveEndpoint(cc.Service.Namespace, cc.Service.Name, port)
 				if err != nil {
 					return nil, err
 				}

vendor/k8s.io/apiserver/pkg/util/webhook/serviceresolver.go

@@ -24,7 +24,7 @@ import (
 
 // ServiceResolver knows how to convert a service reference into an actual location.
 type ServiceResolver interface {
-	ResolveEndpoint(namespace, name string) (*url.URL, error)
+	ResolveEndpoint(namespace, name string, port int32) (*url.URL, error)
 }
 
 type defaultServiceResolver struct{}
@@ -35,12 +35,13 @@ func NewDefaultServiceResolver() ServiceResolver {
 }
 
 // ResolveEndpoint constructs a service URL from a given namespace and name
-// note that the name and namespace are required and by default all created addresses use HTTPS scheme.
+// note that the name, namespace, and port are required and by default all
+// created addresses use HTTPS scheme.
 // for example:
 //  name=ross namespace=andromeda resolves to https://ross.andromeda.svc:443
-func (sr defaultServiceResolver) ResolveEndpoint(namespace, name string) (*url.URL, error) {
-	if len(name) == 0 || len(namespace) == 0 {
-		return nil, errors.New("cannot resolve an empty service name or namespace")
+func (sr defaultServiceResolver) ResolveEndpoint(namespace, name string, port int32) (*url.URL, error) {
+	if len(name) == 0 || len(namespace) == 0 || port == 0 {
+		return nil, errors.New("cannot resolve an empty service name or namespace or port")
 	}
-	return &url.URL{Scheme: "https", Host: fmt.Sprintf("%s.%s.svc:443", name, namespace)}, nil
+	return &url.URL{Scheme: "https", Host: fmt.Sprintf("%s.%s.svc:%d", name, namespace, port)}, nil
 }

vendor/k8s.io/apiserver/pkg/util/webhook/validation.go

@@ -51,7 +51,7 @@ func ValidateWebhookURL(fldPath *field.Path, URL string, forceHttps bool) field.
 	return allErrors
 }
 
-func ValidateWebhookService(fldPath *field.Path, namespace, name string, path *string) field.ErrorList {
+func ValidateWebhookService(fldPath *field.Path, namespace, name string, path *string, port int32) field.ErrorList {
 	var allErrors field.ErrorList
 
 	if len(name) == 0 {
@@ -62,6 +62,10 @@ func ValidateWebhookService(fldPath *field.Path, namespace, name string, path *s
 		allErrors = append(allErrors, field.Required(fldPath.Child("namespace"), "service namespace is required"))
 	}
 
+	if errs := validation.IsValidPortNum(int(port)); errs != nil {
+		allErrors = append(allErrors, field.Invalid(fldPath.Child("port"), port, "port is not valid: "+strings.Join(errs, ", ")))
+	}
+
 	if path == nil {
 		return allErrors
 	}