Documentation
¶
Overview ¶
Package k8s provides functions to create Kubernetes RBAC roles objects based on discovered API resources. It also provides utility functions to setup a discovery client for a provided kubeconfig and obtain the list of discovered resources for use in this package.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateGranularRole ¶
func CreateGranularRole(apiResourceList []*metav1.APIResourceList, name string, verbose bool) *rbacv1.ClusterRole
CreateGranularRole creates a ClusterRole where each rules entry contains only the specific combination of API group and supported verbs for each resource. Resources with matching verbs are grouped together in a single PolicyRule. This differs from other implementations such as `kubectl create clusterrole` which will group together resources with verbs that are not applicable or supported.
All PolicyRules in the ClusterRole this function returns represents a "matrix" of all resources available on the API and contains only the list of the supported verbs that resource handles.
func SetupDiscoveryClient ¶
func SetupDiscoveryClient(kubeconfig string) (*discovery.DiscoveryClient, error)
SetupDiscoveryClient will create a new DiscoveryClient. When the kubeconfig arg is unset, the client setup uses the usual default behaviour to load either from KUBECONFIG environment variable or the default location (usually $HOME/.kube/config). This is provided via client-go package via clientcmd.NewDefaultClientConfigLoadingRules.
If kubeconfig string is non-empty, the client will attempt to load the configuration using this value by setting the ExplicitPath field on clientcmd.ClientConfigLoadingRules to override the default loading rules.
Types ¶
This section is empty.
Source Files