bootstrap

package

v1.0.9 Latest Latest Go to latest Published: Jan 4, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/criticalstack/crit

Links

Open Source Insights

Documentation ¶

Overview ¶

Package bootstrap contains functions for bootstrapping Kubernetes nodes.

Index ¶

Constants
Variables
func ApplyCSRApproverRBAC(client *clientset.Clientset, ctx context.Context) error
func GetBootstrapKubeletKubeconfig(cfg *config.WorkerConfiguration) (*clientcmdapi.Config, error)
type AuthorizationType
type Request
type Response

Constants ¶

View Source

const (
	// DefaultClusterName defines the default cluster name
	DefaultClusterName = "crit"

	// TokenUser defines token user
	TokenUser = "tls-bootstrap-token-user"
)

Variables ¶

View Source

var NodeBootstrapTokenRBAC = []*rbacv1.ClusterRoleBinding{

	{
		ObjectMeta: metav1.ObjectMeta{
			Name: "crit:kubelet-bootstrap",
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: rbacv1.GroupName,
			Kind:     "ClusterRole",
			Name:     "system:node-bootstrapper",
		},
		Subjects: []rbacv1.Subject{
			{
				Kind: rbacv1.GroupKind,
				Name: "system:bootstrappers:crit:default-node-token",
			},
		},
	},

	{
		ObjectMeta: metav1.ObjectMeta{
			Name: "crit:node-autoapprove-bootstrap",
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: rbacv1.GroupName,
			Kind:     "ClusterRole",
			Name:     "system:certificates.k8s.io:certificatesigningrequests:nodeclient",
		},
		Subjects: []rbacv1.Subject{
			{
				Kind: "Group",
				Name: "system:bootstrappers:crit:default-node-token",
			},
		},
	},

	{
		ObjectMeta: metav1.ObjectMeta{
			Name: "crit:node-autoapprove-certificate-rotation",
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: rbacv1.GroupName,
			Kind:     "ClusterRole",
			Name:     "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient",
		},
		Subjects: []rbacv1.Subject{
			{
				Kind: "Group",
				Name: "system:nodes",
			},
		},
	},
}

Functions ¶

func ApplyCSRApproverRBAC ¶

func ApplyCSRApproverRBAC(client *clientset.Clientset, ctx context.Context) error

func GetBootstrapKubeletKubeconfig ¶

func GetBootstrapKubeletKubeconfig(cfg *config.WorkerConfiguration) (*clientcmdapi.Config, error)

Types ¶

type AuthorizationType ¶

type AuthorizationType int

const (
	UnknownAuthorizationType AuthorizationType = iota
	AmazonIdentityDocumentAndSignature
)

func (AuthorizationType) MarshalText ¶

func (at AuthorizationType) MarshalText() ([]byte, error)

func (AuthorizationType) String ¶

func (at AuthorizationType) String() string

func (*AuthorizationType) UnmarshalText ¶

func (at *AuthorizationType) UnmarshalText(data []byte) error

type Request ¶

type Request struct {
	Type AuthorizationType `json:"type"`
	Body json.RawMessage   `json:"body"`
}

type Response ¶

type Response struct {
	Error          string `json:"error"`
	BootstrapToken string `json:"bootstrapToken"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authorizers
ec2metadata

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL