Documentation
¶
Index ¶
- Constants
- func AllowBootstrapTokensToPostCSRs(client clientset.Interface) error
- func AutoApproveNodeBootstrapTokens(client clientset.Interface) error
- func AutoApproveNodeCertificateRotation(client clientset.Interface) error
- func CreateNewToken(client clientset.Interface, token string, tokenDuration time.Duration, ...) error
- func UpdateOrCreateToken(client clientset.Interface, token string, failIfExists bool, ...) error
Constants ¶
View Source
const (
// NodeBootstrapperClusterRoleName defines the name of the auto-bootstrapped ClusterRole for letting someone post a CSR
// TODO: This value should be defined in an other, generic authz package instead of here
NodeBootstrapperClusterRoleName = "system:node-bootstrapper"
// NodeKubeletBootstrap defines the name of the ClusterRoleBinding that lets kubelets post CSRs
NodeKubeletBootstrap = "kubeadm:kubelet-bootstrap"
// CSRAutoApprovalClusterRoleName defines the name of the auto-bootstrapped ClusterRole for making the csrapprover controller auto-approve the CSR
// TODO: This value should be defined in an other, generic authz package instead of here
// Starting from v1.8, CSRAutoApprovalClusterRoleName is automatically created by the API server on startup
CSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:nodeclient"
// NodeSelfCSRAutoApprovalClusterRoleName is a role defined in default 1.8 RBAC policies for automatic CSR approvals for automatically rotated node certificates
NodeSelfCSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient"
// NodeAutoApproveBootstrapClusterRoleBinding defines the name of the ClusterRoleBinding that makes the csrapprover approve node CSRs
NodeAutoApproveBootstrapClusterRoleBinding = "kubeadm:node-autoapprove-bootstrap"
// NodeAutoApproveCertificateRotationClusterRoleBinding defines name of the ClusterRoleBinding that makes the csrapprover approve node auto rotated CSRs
NodeAutoApproveCertificateRotationClusterRoleBinding = "kubeadm:node-autoapprove-certificate-rotation"
)
Variables ¶
This section is empty.
Functions ¶
func AllowBootstrapTokensToPostCSRs ¶
func AllowBootstrapTokensToPostCSRs(client clientset.Interface) error
AllowBootstrapTokensToPostCSRs creates RBAC rules in a way the makes Node Bootstrap Tokens able to post CSRs
func AutoApproveNodeBootstrapTokens ¶
func AutoApproveNodeBootstrapTokens(client clientset.Interface) error
AutoApproveNodeBootstrapTokens creates RBAC rules in a way that makes Node Bootstrap Tokens' CSR auto-approved by the csrapprover controller
func AutoApproveNodeCertificateRotation ¶ added in v1.8.1
func AutoApproveNodeCertificateRotation(client clientset.Interface) error
AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller
func CreateNewToken ¶
func CreateNewToken(client clientset.Interface, token string, tokenDuration time.Duration, usages []string, extraGroups []string, description string) error
CreateNewToken tries to create a token and fails if one with the same ID already exists
func UpdateOrCreateToken ¶
func UpdateOrCreateToken(client clientset.Interface, token string, failIfExists bool, tokenDuration time.Duration, usages []string, extraGroups []string, description string) error
UpdateOrCreateToken attempts to update a token with the given ID, or create if it does not already exist.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.