api

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2015 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Scheme = runtime.NewScheme()
View Source 
var ValidGrantHandlerTypes = util.NewStringSet(string(GrantHandlerAuto), string(GrantHandlerPrompt), string(GrantHandlerDeny))

Functions

func GetAPIClientCertCAPool 

func GetAPIClientCertCAPool(options MasterConfig) (*x509.CertPool, error)

GetAPIClientCertCAPool returns the cert pool used to validate client certificates to the API server

func GetAPIServerCertCAPool 

func GetAPIServerCertCAPool(options MasterConfig) (*x509.CertPool, error)

GetAPIServerCertCAPool returns the cert pool containing the roots for the API server cert

func GetClientCertCAPool 

func GetClientCertCAPool(options MasterConfig) (*x509.CertPool, error)

GetClientCertCAPool returns a cert pool containing all client CAs that could be presented (union of API and OAuth)

func GetKubeClient 

func GetKubeClient(kubeConfigFile string) (*kclient.Client, *kclient.Config, error)

func GetKubeletClientConfig added in v0.4.3 

func GetKubeletClientConfig(options MasterConfig) *kclient.KubeletConfig

func GetMasterFileReferences 

func GetMasterFileReferences(config *MasterConfig) []*string

func GetNodeFileReferences 

func GetNodeFileReferences(config *NodeConfig) []*string

func GetOpenShiftClient 

func GetOpenShiftClient(kubeConfigFile string) (*client.Client, *kclient.Config, error)

func IsIdentityProviderType added in v0.4.3 

func IsIdentityProviderType(provider runtime.EmbeddedObject) bool

func IsOAuthProviderType added in v0.4.3 

func IsOAuthProviderType(provider runtime.EmbeddedObject) bool

func IsPasswordAuthenticator added in v0.4.3 

func IsPasswordAuthenticator(provider IdentityProvider) bool

func IsPasswordAuthenticatorProviderType added in v0.4.3 

func IsPasswordAuthenticatorProviderType(provider runtime.EmbeddedObject) bool

func RelativizeMasterConfigPaths 

func RelativizeMasterConfigPaths(config *MasterConfig, base string) error

func RelativizeNodeConfigPaths 

func RelativizeNodeConfigPaths(config *NodeConfig, base string) error

func ResolveMasterConfigPaths 

func ResolveMasterConfigPaths(config *MasterConfig, base string) error

func ResolveNodeConfigPaths 

func ResolveNodeConfigPaths(config *NodeConfig, base string) error

func UseTLS 

func UseTLS(servingInfo ServingInfo) bool

Types

type AllowAllPasswordIdentityProvider added in v0.4.3 

type AllowAllPasswordIdentityProvider struct {
	api.TypeMeta
}

func (*AllowAllPasswordIdentityProvider) IsAnAPIObject added in v0.4.3 

func (*AllowAllPasswordIdentityProvider) IsAnAPIObject()

type AssetConfig 

type AssetConfig struct {
	ServingInfo ServingInfo

	// PublicURL is where you can find the asset server (TODO do we really need this?)
	PublicURL string

	// LogoutURL is an optional, absolute URL to redirect web browsers to after logging out of the web console.
	// If not specified, the built-in logout page is shown.
	LogoutURL string

	// MasterPublicURL is how the web console can access the OpenShift api server
	MasterPublicURL string
}

type BasicAuthPasswordIdentityProvider added in v0.4.3 

type BasicAuthPasswordIdentityProvider struct {
	api.TypeMeta

	// RemoteConnectionInfo contains information about how to connect to the external basic auth server
	RemoteConnectionInfo RemoteConnectionInfo
}

func (*BasicAuthPasswordIdentityProvider) IsAnAPIObject added in v0.4.3 

func (*BasicAuthPasswordIdentityProvider) IsAnAPIObject()

type CertInfo 

type CertInfo struct {
	// CertFile is a file containing a PEM-encoded certificate
	CertFile string
	// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
	KeyFile string
}

type DNSConfig 

type DNSConfig struct {
	// BindAddress is the ip:port to serve DNS on
	BindAddress string
}

type DenyAllPasswordIdentityProvider added in v0.4.3 

type DenyAllPasswordIdentityProvider struct {
	api.TypeMeta
}

func (*DenyAllPasswordIdentityProvider) IsAnAPIObject added in v0.4.3 

func (*DenyAllPasswordIdentityProvider) IsAnAPIObject()

type EtcdConfig 

type EtcdConfig struct {
	// ServingInfo describes how to start serving the etcd master
	ServingInfo ServingInfo
	// Address is the advertised host:port for client connections to etcd
	Address string
	// PeerServingInfo describes how to start serving the etcd peer
	PeerServingInfo ServingInfo
	// PeerAddress is the advertised host:port for peer connections to etcd
	PeerAddress string
	// StorageDir indicates where to save the etcd data
	StorageDir string
}

type EtcdConnectionInfo added in v0.4.3 

type EtcdConnectionInfo struct {
	// URLs are the URLs for etcd
	URLs []string
	// CA is a file containing trusted roots for the etcd server certificates
	CA string
	// ClientCert is the TLS client cert information for securing communication to etcd
	ClientCert CertInfo
}

type GitHubOAuthProvider added in v0.4.3 

type GitHubOAuthProvider struct {
	api.TypeMeta
}

func (*GitHubOAuthProvider) IsAnAPIObject added in v0.4.3 

func (*GitHubOAuthProvider) IsAnAPIObject()

type GoogleOAuthProvider added in v0.4.3 

type GoogleOAuthProvider struct {
	api.TypeMeta
}

func (*GoogleOAuthProvider) IsAnAPIObject added in v0.4.3 

func (*GoogleOAuthProvider) IsAnAPIObject()

type GrantConfig added in v0.4.3 

type GrantConfig struct {
	// Method: allow, deny, prompt
	Method GrantHandlerType
}

func (*GrantConfig) IsAnAPIObject added in v0.4.3 

func (*GrantConfig) IsAnAPIObject()

type GrantHandlerType added in v0.4.3 

type GrantHandlerType string
const (
	// GrantHandlerAuto auto-approves client authorization grant requests
	GrantHandlerAuto GrantHandlerType = "auto"
	// GrantHandlerPrompt prompts the user to approve new client authorization grant requests
	GrantHandlerPrompt GrantHandlerType = "prompt"
	// GrantHandlerDeny auto-denies client authorization grant requests
	GrantHandlerDeny GrantHandlerType = "deny"
)

type HTPasswdPasswordIdentityProvider added in v0.4.3 

type HTPasswdPasswordIdentityProvider struct {
	api.TypeMeta

	// File is a reference to your htpasswd file
	File string
}

func (*HTPasswdPasswordIdentityProvider) IsAnAPIObject added in v0.4.3 

func (*HTPasswdPasswordIdentityProvider) IsAnAPIObject()

type IdentityProvider added in v0.4.3 

type IdentityProvider struct {
	// Name is used to qualify the identities returned by this provider
	Name string
	// UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider
	UseAsChallenger bool
	// UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against
	UseAsLogin bool
	// Provider contains the information about how to set up a specific identity provider
	Provider runtime.EmbeddedObject
}

func (*IdentityProvider) IsAnAPIObject added in v0.4.3 

func (*IdentityProvider) IsAnAPIObject()

type ImageConfig 

type ImageConfig struct {
	// Format describes how to determine image names for system components
	Format string
	// Latest indicates whether to attempt to use the latest system component images as opposed to latest release
	Latest bool
}

type KubeletConnectionInfo added in v0.4.3 

type KubeletConnectionInfo struct {
	// Port is the port to connect to kubelets on
	Port uint
	// CA is the CA for verifying TLS connections to kubelets
	CA string
	// CertInfo is the TLS client cert information for securing communication to kubelets
	ClientCert CertInfo
}

type KubernetesMasterConfig 

type KubernetesMasterConfig struct {
	// MasterIP is the public IP address of kubernetes stuff.  If empty, the first result from net.InterfaceAddrs will be used.
	MasterIP string
	// ServicesSubnet is the subnet to use for assigning service IPs
	ServicesSubnet string
	// StaticNodeNames is the list of nodes that are statically known
	StaticNodeNames []string
	// SchedulerConfigFile points to a file that describes how to set up the scheduler.  If empty, you get the default scheduling rules.
	SchedulerConfigFile string
}

type MasterClients 

type MasterClients struct {
	// DeployerKubeConfig is a .kubeconfig filename for depoyment pods to use
	DeployerKubeConfig string
	// OpenShiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master
	OpenShiftLoopbackKubeConfig string
	// KubernetesKubeConfig is a .kubeconfig filename for system components to communicate to kubernetes for building the proxy
	KubernetesKubeConfig string
}

type MasterConfig 

type MasterConfig struct {
	api.TypeMeta

	// ServingInfo describes how to start serving
	ServingInfo ServingInfo

	// CORSAllowedOrigins
	CORSAllowedOrigins []string

	// EtcdClientInfo contains information about how to connect to etcd
	EtcdClientInfo EtcdConnectionInfo
	// KubeletClientInfo contains information about how to connect to kubelets
	KubeletClientInfo KubeletConnectionInfo

	// KubernetesMasterConfig, if present start the kubernetes master in this process
	KubernetesMasterConfig *KubernetesMasterConfig
	// EtcdConfig, if present start etcd in this process
	EtcdConfig *EtcdConfig
	// OAuthConfig, if present start the /oauth endpoint in this process
	OAuthConfig *OAuthConfig
	// AssetConfig, if present start the asset serverin this process
	AssetConfig *AssetConfig
	// DNSConfig, if present start the DNS server in this process
	DNSConfig *DNSConfig

	// MasterClients holds all the client connection information for controllers and other system components
	MasterClients MasterClients

	// ImageConfig holds options that describe how to build image names for system components
	ImageConfig ImageConfig

	// PolicyConfig holds information about where to locate critical pieces of bootstrapping policy
	PolicyConfig PolicyConfig
}

func (*MasterConfig) IsAnAPIObject 

func (*MasterConfig) IsAnAPIObject()

type NodeConfig 

type NodeConfig struct {
	api.TypeMeta

	// NodeName is the value used to identify this particular node in the cluster.  If possible, this should be your fully qualified hostname.
	// If you're describing a set of static nodes to the master, this value must match one of the values in the list
	NodeName string

	// ServingInfo describes how to start serving
	ServingInfo ServingInfo

	// MasterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master
	MasterKubeConfig string

	// domain suffix
	DNSDomain string
	// ip
	DNSIP string

	// VolumeDir is the directory that volumes will be stored under
	VolumeDirectory string

	// ImageConfig holds options that describe how to build image names for system components
	ImageConfig ImageConfig

	// AllowDisabledDocker if true, the Kubelet will ignore errors from Docker.  This means that a node can start on a machine that doesn't have docker started.
	AllowDisabledDocker bool

	// RecordEvents indicates whether or not to record events from the master
	RecordEvents bool
}

NodeConfig is the fully specified config starting an OpenShift node

func (*NodeConfig) IsAnAPIObject 

func (*NodeConfig) IsAnAPIObject()

type OAuthConfig 

type OAuthConfig struct {
	// MasterURL is used for building valid client redirect URLs for internal access
	MasterURL string

	// MasterPublicURL is used for building valid client redirect URLs for external access
	MasterPublicURL string

	// AssetPublicURL is used for building valid client redirect URLs for external access
	AssetPublicURL string

	//IdentityProviders is an ordered list of ways for a user to identify themselves
	IdentityProviders []IdentityProvider

	// GrantConfig describes how to handle grants
	GrantConfig GrantConfig

	// SessionConfig hold information about configuring sessions.
	SessionConfig *SessionConfig

	TokenConfig TokenConfig
}

type OAuthRedirectingIdentityProvider added in v0.4.3 

type OAuthRedirectingIdentityProvider struct {
	api.TypeMeta

	// ClientID is the oauth client ID
	ClientID string
	// ClientSecret is the oauth client secret
	ClientSecret string

	// Provider contains the information about exactly which kind of oauth you're identifying with
	Provider runtime.EmbeddedObject
}

func (*OAuthRedirectingIdentityProvider) IsAnAPIObject added in v0.4.3 

func (*OAuthRedirectingIdentityProvider) IsAnAPIObject()

type PolicyConfig 

type PolicyConfig struct {
	// BootstrapPolicyFile points to a template that contains roles and rolebindings that will be created if no policy object exists in the master namespace
	BootstrapPolicyFile string

	// MasterAuthorizationNamespace is the global namespace for Policy
	MasterAuthorizationNamespace string
	// OpenShiftSharedResourcesNamespace is the namespace where shared OpenShift resources live (like shared templates)
	OpenShiftSharedResourcesNamespace string
}

type RemoteConnectionInfo 

type RemoteConnectionInfo struct {
	// URL is the remote URL to connect to
	URL string
	// CA is the CA for verifying TLS connections
	CA string
	// CertInfo is the TLS client cert information to present
	ClientCert CertInfo
}

type RequestHeaderIdentityProvider added in v0.4.3 

type RequestHeaderIdentityProvider struct {
	api.TypeMeta

	// ClientCA is a file with the trusted signer certs.  If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.
	ClientCA string
	// Headers is the set of headers to check for identity information
	Headers []string
}

func (*RequestHeaderIdentityProvider) IsAnAPIObject added in v0.4.3 

func (*RequestHeaderIdentityProvider) IsAnAPIObject()

type ServingInfo 

type ServingInfo struct {
	// BindAddress is the ip:port to serve on
	BindAddress string
	// ServerCert is the TLS cert info for serving secure traffic
	ServerCert CertInfo
	// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
	ClientCA string
}

type SessionConfig added in v0.4.3 

type SessionConfig struct {
	// SessionSecretsFile is a reference to a file containing a serialized SessionSecrets object
	// If no file is specified, a random signing and encryption key are generated at each server start
	SessionSecretsFile string
	// SessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession
	SessionMaxAgeSeconds int32
	// SessionName is the cookie name used to store the session
	SessionName string
}

SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession

type SessionSecret added in v0.4.3 

type SessionSecret struct {
	// Signing secret, used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.
	Authentication string
	// Encrypting secret, used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-192, or AES-256.
	Encryption string
}

type SessionSecrets added in v0.4.3 

type SessionSecrets struct {
	api.TypeMeta

	// New sessions are signed and encrypted using the first secret.
	// Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.
	Secrets []SessionSecret
}

SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.

func (*SessionSecrets) IsAnAPIObject added in v0.4.3 

func (*SessionSecrets) IsAnAPIObject()

type TokenConfig added in v0.4.3 

type TokenConfig struct {
	// Max age of authorize tokens
	AuthorizeTokenMaxAgeSeconds int32
	// Max age of access tokens
	AccessTokenMaxAgeSeconds int32
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.