README
¶
kubetoken is no longer maintained.
Synopsis
kubetoken issues temporary certificates for access to Kubernetes clusters.
Installation
Installation is covered in a seperate document.
Deployment
Deploying kubetoken involves two steps.
- deploying kubetokend as a kubernetes service
- distributing the kubetoken cli tool.
Contributing
Pull requests, issues and comments welcome. For pull requests:
- Do not submit a pull request without an accompanying issue. All pull requests must include an
UpdatesorFixesline. - Add tests for new features and bug fixes.
- Follow the existing style.
- Separate unrelated changes into multiple pull requests.
See the existing issues for things to start contributing.
For bigger changes, make sure you start a discussion first by creating an issue and explaining the intended change.
Atlassian requires contributors to sign a Contributor License Agreement, known as a CLA. This serves as a record stating that the contributor is entitled to contribute the code/documentation/translation to the project and is willing to have it used in distributions and derivative works (or is willing to transfer ownership).
Prior to accepting your contributions we ask that you please follow the appropriate link below to digitally sign the CLA. The Corporate CLA is for those who are contributing as a member of an organization and the individual CLA is for those contributing as an individual.
License
Copyright (c) 2017 Atlassian and others. MIT licensed, see LICENSE file.
Documentation
¶
Overview ¶
kubetoken provides time limited access tokens to Kubernetes clusters.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var BotOU string = "OU=bots,OU=people"
BotOU
var GroupOU string = "OU=access,OU=groups"
GroupOU
var NamespaceRegex string = `^kube-(?P<customer>\w+)-(?P<ns>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?)-(?P<env>\w+)-dl-`
NamespaceRegex is used to extract customer, namespace, and env from ldap queries
var SearchBase string = "DC=example,DC=com"
SearchBase is the LDAP search base.
var SearchGroups string = "kube"
Group prefix to use in ldap search
var UserOU string = "OU=people"
UserOU
var Version string = "unknown"
Version is populated by the release process.
Functions ¶
This section is empty.
Types ¶
type ADRoleProvider ¶
type ADRoleProvider struct {
LDAPCreds
}
ADRoleProvider speaks Active Directory flavoured LDAP to retrieve the roles available to a specific user.
func (*ADRoleProvider) FetchRolesForUser ¶
func (r *ADRoleProvider) FetchRolesForUser(user string) ([]string, error)
type ADRoleValidater ¶
ADRoleValidater validates a user is permitted to assume a role as specified in Active Directory flavoured LDAP.
func (*ADRoleValidater) ValidateRoleForUser ¶
func (r *ADRoleValidater) ValidateRoleForUser(user, role string) error
type CertificateResponse ¶
type CertificateResponse struct {
Username string `json:"username"`
Role string `json:"role"`
Files map[string][]byte `json:"files"`
Addresses []string `json:"addresses"`
Customer string `json:"customer"`
Environment string `json:"environment"`
Namespace string `json:"namespace"`
Contexts []Context `json:"contexts"`
}
type LDAPConn ¶
type LDAPConn interface {
// Search performs a given search request.
Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
// Close closes the connection and frees any associated requets.
Close() // yes, ldap.v2 gets this wrong
}
LDAPConn represents a LDAP connection that can handle search requests.
type Signer ¶
type Signer struct {
Cert *x509.Certificate
PrivKey *rsa.PrivateKey
}
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
kubetokend
kubetokend handles requests for kubeconfig cert/key pairs.
|
kubetokend handles requests for kubeconfig cert/key pairs. |
|
internal
|
|
|
cert
Cert automates the generation of certificate and certificate authorities.
|
Cert automates the generation of certificate and certificate authorities. |