kapprover

module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2017 License: Apache-2.0

README

kapprover

kapprover is a tool meant to be deployed in Kubernetes clusters that uses the TLS client certificate bootstrapping flow for kubelets. It will then monitor and automatically approves Certificate Signing Requests submitted by kubelets, based on the the policy selected at startup.

As of today, a single approval policy, called always exists, and approves any pending CSRs without making any kind of validation besides checking that the requester's user/group are respectively kubelet-bootstrap / system:kubelet-bootstrap. Long term, we hope to support advanced policies, such as validating that the requester is part of a given AWS's AutoScalingGroup.

The easiest way to deploy kapprover is to use the provided deployment.yaml resource.

Directories

Path Synopsis
cmd
kapprover
pkg
approvers
approvers/always

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.