clusterauth

package
v1.1.0-rc4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ArgoCDManagerServiceAccount     = "argocd-manager"
	ArgoCDManagerClusterRole        = "argocd-manager-role"
	ArgoCDManagerClusterRoleBinding = "argocd-manager-role-binding"
)

ArgoCDManagerServiceAccount is the name of the service account for managing a cluster

Variables

View Source
var ArgoCDManagerPolicyRules = []rbacv1.PolicyRule{
	{
		APIGroups: []string{"*"},
		Resources: []string{"*"},
		Verbs:     []string{"*"},
	},
	{
		NonResourceURLs: []string{"*"},
		Verbs:           []string{"*"},
	},
}

ArgoCDManagerPolicyRules are the policies to give argocd-manager

Functions

func CreateClusterRole

func CreateClusterRole(
	clientset kubernetes.Interface,
	clusterRoleName string,
	rules []rbacv1.PolicyRule,
) error

CreateClusterRole creates a cluster role

func CreateClusterRoleBinding

func CreateClusterRoleBinding(
	clientset kubernetes.Interface,
	clusterBindingRoleName,
	serviceAccountName,
	clusterRoleName string,
	namespace string,
) error

CreateClusterRoleBinding create a ClusterRoleBinding

func CreateServiceAccount

func CreateServiceAccount(
	clientset kubernetes.Interface,
	serviceAccountName string,
	namespace string,
) error

CreateServiceAccount creates a service account in a given namespace

func GenerateNewClusterManagerSecret

func GenerateNewClusterManagerSecret(clientset kubernetes.Interface, claims *ServiceAccountClaims) (*corev1.Secret, error)

GenerateNewClusterManagerSecret creates a new secret derived with same metadata as existing one and waits until the secret is populated with a bearer token

func InstallClusterManagerRBAC

func InstallClusterManagerRBAC(clientset kubernetes.Interface, ns string) (string, error)

InstallClusterManagerRBAC installs RBAC resources for a cluster manager to operate a cluster. Returns a token

func RotateServiceAccountSecrets

func RotateServiceAccountSecrets(clientset kubernetes.Interface, claims *ServiceAccountClaims, newSecret *corev1.Secret) error

RotateServiceAccountSecrets rotates the entries in the service accounts secrets list

func UninstallClusterManagerRBAC

func UninstallClusterManagerRBAC(clientset kubernetes.Interface) error

UninstallClusterManagerRBAC removes RBAC resources for a cluster manager to operate a cluster

func UninstallRBAC

func UninstallRBAC(clientset kubernetes.Interface, namespace, bindingName, roleName, serviceAccount string) error

UninstallRBAC uninstalls RBAC related resources for a binding, role, and service account

Types

type ServiceAccountClaims

type ServiceAccountClaims struct {
	Sub                string `json:"sub"`
	Iss                string `json:"iss"`
	Namespace          string `json:"kubernetes.io/serviceaccount/namespace"`
	SecretName         string `json:"kubernetes.io/serviceaccount/secret.name"`
	ServiceAccountName string `json:"kubernetes.io/serviceaccount/service-account.name"`
	ServiceAccountUID  string `json:"kubernetes.io/serviceaccount/service-account.uid"`
}

func ParseServiceAccountToken

func ParseServiceAccountToken(token string) (*ServiceAccountClaims, error)

ParseServiceAccountToken parses a Kubernetes service account token

func (*ServiceAccountClaims) Valid

func (sac *ServiceAccountClaims) Valid() error

Valid satisfies the jwt.Claims interface to enable JWT parsing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL