877 allow controller to use token

cmd/function-controller/function-controller.go

@@ -31,7 +31,6 @@ import (
 	"github.com/kubeless/kubeless/pkg/version"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"k8s.io/client-go/rest"
 )
 
 const (
@@ -53,7 +52,7 @@ var rootCmd = &cobra.Command{
 			FunctionClient: kubelessClient,
 		}
 
-		restCfg, err := rest.InClusterConfig()
+		restCfg, err := utils.GetOverriddenClientConfig()
 		if err != nil {
 			logrus.Fatalf("Cannot get REST client: %v", err)
 		}

pkg/utils/k8sutil.go

@@ -56,7 +56,7 @@ const (
 
 // GetClient returns a k8s clientset to the request from inside of cluster
 func GetClient() kubernetes.Interface {
-	config, err := rest.InClusterConfig()
+	config, err := GetOverriddenClientConfig()
 	if err != nil {
 		logrus.Fatalf("Can not get kubernetes config: %v", err)
 	}
@@ -123,7 +123,11 @@ func GetAPIExtensionsClientOutOfCluster() clientsetAPIExtensions.Interface {
 
 // GetAPIExtensionsClientInCluster returns a k8s clientset to access APIExtensions from inside of cluster
 func GetAPIExtensionsClientInCluster() clientsetAPIExtensions.Interface {
-	config, err := rest.InClusterConfig()
+	config, err := GetOverriddenClientConfig()
+	if err != nil {
+		config, err = rest.InClusterConfig()
+	}
+
 	if err != nil {
 		logrus.Fatalf("Can not get kubernetes config: %v", err)
 	}
@@ -136,10 +140,14 @@ func GetAPIExtensionsClientInCluster() clientsetAPIExtensions.Interface {
 
 // GetFunctionClientInCluster returns function clientset to the request from inside of cluster
 func GetFunctionClientInCluster() (versioned.Interface, error) {
-	config, err := rest.InClusterConfig()
+	config, err := GetOverriddenClientConfig()
+	if err != nil {
+		config, err = rest.InClusterConfig()
+	}
 	if err != nil {
 		return nil, err
 	}
+
 	kubelessClient, err := versioned.NewForConfig(config)
 	if err != nil {
 		return nil, err

pkg/utils/kubelessutil.go

@@ -31,6 +31,7 @@ import (
 	kubelessApi "github.com/kubeless/kubeless/pkg/apis/kubeless/v1beta1"
 	"github.com/kubeless/kubeless/pkg/langruntime"
 	"github.com/sirupsen/logrus"
+	"io/ioutil"
 	batchv1 "k8s.io/api/batch/v1"
 	"k8s.io/api/core/v1"
 	"k8s.io/api/extensions/v1beta1"
@@ -40,6 +41,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 )
 
 // GetFunctionPort returns the port for a function service
@@ -760,6 +762,23 @@ func GetOwnerReference(kind, apiVersion, name string, uid types.UID) ([]metav1.O
 	}, nil
 }
 
+// GetControllerRestClientConfig returns necessary Config object to authenticate k8s clients if env variable is set
+func GetOverriddenClientConfig() (*rest.Config, error) {
+	config, err := rest.InClusterConfig()
+
+	tokenFile := os.Getenv("KUBELESS_TOKEN_FILE_PATH")
+	if len(tokenFile) == 0 {
+		return config, err
+	}
+	tokenBytes, err := ioutil.ReadFile(tokenFile)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read file containing oauth token: %s", err)
+	}
+	config.BearerToken = string(tokenBytes)
+
+	return config, nil
+}
+
 func getConfigLocation(apiExtensionsClientset clientsetAPIExtensions.Interface) (ConfigLocation, error) {
 	configLocation := ConfigLocation{}
 	controllerNamespace := os.Getenv("KUBELESS_NAMESPACE")