Documentation
¶
Index ¶
- Constants
- Variables
- func CreateClusterRole(clientset kubernetes.Interface, clusterRoleName string, ...) error
- func CreateClusterRoleBinding(clientset kubernetes.Interface, ...) error
- func CreateServiceAccount(clientset kubernetes.Interface, serviceAccountName string, namespace string) error
- func GenerateNewClusterManagerSecret(clientset kubernetes.Interface, claims *ServiceAccountClaims) (*corev1.Secret, error)
- func InstallClusterManagerRBAC(clientset kubernetes.Interface, ns string) (string, error)
- func RotateServiceAccountSecrets(clientset kubernetes.Interface, claims *ServiceAccountClaims, ...) error
- func UninstallClusterManagerRBAC(clientset kubernetes.Interface) error
- func UninstallRBAC(clientset kubernetes.Interface, ...) error
- type ServiceAccountClaims
Constants ¶
const ( ArgoCDManagerServiceAccount = "argocd-manager" ArgoCDManagerClusterRole = "argocd-manager-role" ArgoCDManagerClusterRoleBinding = "argocd-manager-role-binding" )
ArgoCDManagerServiceAccount is the name of the service account for managing a cluster
Variables ¶
var ArgoCDManagerPolicyRules = []rbacv1.PolicyRule{ { APIGroups: []string{"*"}, Resources: []string{"*"}, Verbs: []string{"*"}, }, { NonResourceURLs: []string{"*"}, Verbs: []string{"*"}, }, }
ArgoCDManagerPolicyRules are the policies to give argocd-manager
Functions ¶
func CreateClusterRole ¶
func CreateClusterRole( clientset kubernetes.Interface, clusterRoleName string, rules []rbacv1.PolicyRule, ) error
CreateClusterRole creates a cluster role
func CreateClusterRoleBinding ¶
func CreateClusterRoleBinding( clientset kubernetes.Interface, clusterBindingRoleName, serviceAccountName, clusterRoleName string, namespace string, ) error
CreateClusterRoleBinding create a ClusterRoleBinding
func CreateServiceAccount ¶
func CreateServiceAccount( clientset kubernetes.Interface, serviceAccountName string, namespace string, ) error
CreateServiceAccount creates a service account in a given namespace
func GenerateNewClusterManagerSecret ¶
func GenerateNewClusterManagerSecret(clientset kubernetes.Interface, claims *ServiceAccountClaims) (*corev1.Secret, error)
GenerateNewClusterManagerSecret creates a new secret derived with same metadata as existing one and waits until the secret is populated with a bearer token
func InstallClusterManagerRBAC ¶
func InstallClusterManagerRBAC(clientset kubernetes.Interface, ns string) (string, error)
InstallClusterManagerRBAC installs RBAC resources for a cluster manager to operate a cluster. Returns a token
func RotateServiceAccountSecrets ¶
func RotateServiceAccountSecrets(clientset kubernetes.Interface, claims *ServiceAccountClaims, newSecret *corev1.Secret) error
RotateServiceAccountSecrets rotates the entries in the service accounts secrets list
func UninstallClusterManagerRBAC ¶
func UninstallClusterManagerRBAC(clientset kubernetes.Interface) error
UninstallClusterManagerRBAC removes RBAC resources for a cluster manager to operate a cluster
func UninstallRBAC ¶
func UninstallRBAC(clientset kubernetes.Interface, namespace, bindingName, roleName, serviceAccount string) error
UninstallRBAC uninstalls RBAC related resources for a binding, role, and service account
Types ¶
type ServiceAccountClaims ¶
type ServiceAccountClaims struct {
Sub string `json:"sub"`
Iss string `json:"iss"`
Namespace string `json:"kubernetes.io/serviceaccount/namespace"`
SecretName string `json:"kubernetes.io/serviceaccount/secret.name"`
ServiceAccountName string `json:"kubernetes.io/serviceaccount/service-account.name"`
ServiceAccountUID string `json:"kubernetes.io/serviceaccount/service-account.uid"`
}
func ParseServiceAccountToken ¶
func ParseServiceAccountToken(token string) (*ServiceAccountClaims, error)
ParseServiceAccountToken parses a Kubernetes service account token
func (*ServiceAccountClaims) Valid ¶
func (sac *ServiceAccountClaims) Valid() error
Valid satisfies the jwt.Claims interface to enable JWT parsing
Source Files