bootstrappolicy

package

v1.0.7 Latest Latest Go to latest Published: Oct 29, 2015 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jupierce/origin

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetBootstrapClusterRoleBindings() []authorizationapi.ClusterRoleBinding
func GetBootstrapClusterRoles() []authorizationapi.ClusterRole
func GetBootstrapOpenshiftRoleBindings(openshiftNamespace string) []authorizationapi.RoleBinding
func GetBootstrapOpenshiftRoles(openshiftNamespace string) []authorizationapi.Role
func GetBootstrapSecurityContextConstraints(buildControllerUsername string) []kapi.SecurityContextConstraints
func GetBootstrapServiceAccountProjectRoleBindings(namespace string) []authorizationapi.RoleBinding

Constants ¶

View Source

const (
	DefaultOpenShiftSharedResourcesNamespace = "openshift"
	DefaultOpenShiftInfraNamespace           = "openshift-infra"
)

known namespaces

View Source

const (
	DefaultServiceAccountName  = "default"
	BuilderServiceAccountName  = "builder"
	DeployerServiceAccountName = "deployer"

	InfraBuildControllerServiceAccountName       = "build-controller"
	InfraReplicationControllerServiceAccountName = "replication-controller"
	InfraDeploymentControllerServiceAccountName  = "deployment-controller"
	InfraJobControllerServiceAccountName         = "job-controller"
	InfraHPAControllerServiceAccountName         = "hpa-controller"

	MasterUnqualifiedUsername   = "openshift-master"
	RouterUnqualifiedUsername   = "openshift-router"
	RegistryUnqualifiedUsername = "openshift-registry"

	MasterUsername   = "system:" + MasterUnqualifiedUsername
	RouterUsername   = "system:" + RouterUnqualifiedUsername
	RegistryUsername = "system:" + RegistryUnqualifiedUsername

	// Not granted any API permissions, just an identity for a client certificate for the API proxy to use
	// Should not be changed without considering impact to pods that may be verifying this identity by default
	MasterProxyUnqualifiedUsername = "master-proxy"
	MasterProxyUsername            = "system:" + MasterProxyUnqualifiedUsername

	// Previous versions used this as the username for the master to connect to the kubelet
	// This should remain in the default role bindings for the NodeAdmin role
	LegacyMasterKubeletAdminClientUsername = "system:master"
	MasterKubeletAdminClientUsername       = "system:openshift-node-admin"
)

users

View Source

const (
	UnauthenticatedUsername = "system:anonymous"

	AuthenticatedGroup   = "system:authenticated"
	UnauthenticatedGroup = "system:unauthenticated"
	ClusterAdminGroup    = "system:cluster-admins"
	ClusterReaderGroup   = "system:cluster-readers"
	MastersGroup         = "system:masters"
	NodesGroup           = "system:nodes"
	NodeAdminsGroup      = "system:node-admins"
	NodeReadersGroup     = "system:node-readers"
	RouterGroup          = "system:routers"
	RegistryGroup        = "system:registries"
)

groups

View Source

const (
	ClusterAdminRoleName    = "cluster-admin"
	ClusterReaderRoleName   = "cluster-reader"
	AdminRoleName           = "admin"
	EditRoleName            = "edit"
	ViewRoleName            = "view"
	SelfProvisionerRoleName = "self-provisioner"
	BasicUserRoleName       = "basic-user"
	StatusCheckerRoleName   = "cluster-status"

	BuildControllerRoleName       = "system:build-controller"
	ReplicationControllerRoleName = "system:replication-controller"
	DeploymentControllerRoleName  = "system:deployment-controller"
	JobControllerRoleName         = "system:job-controller"
	HPAControllerRoleName         = "system:hpa-controller"

	ImagePullerRoleName       = "system:image-puller"
	ImageBuilderRoleName      = "system:image-builder"
	ImagePrunerRoleName       = "system:image-pruner"
	DeployerRoleName          = "system:deployer"
	RouterRoleName            = "system:router"
	RegistryRoleName          = "system:registry"
	MasterRoleName            = "system:master"
	NodeRoleName              = "system:node"
	NodeProxierRoleName       = "system:node-proxier"
	SDNReaderRoleName         = "system:sdn-reader"
	SDNManagerRoleName        = "system:sdn-manager"
	OAuthTokenDeleterRoleName = "system:oauth-token-deleter"
	WebHooksRoleName          = "system:webhook"

	// NodeAdmin has full access to the API provided by the kubelet
	NodeAdminRoleName = "system:node-admin"
	// NodeReader has read access to the metrics and stats provided by the kubelet
	NodeReaderRoleName = "system:node-reader"

	OpenshiftSharedResourceViewRoleName = "shared-resource-viewer"
)

Roles

View Source

const (
	SelfProvisionerRoleBindingName   = SelfProvisionerRoleName + "s"
	DeployerRoleBindingName          = DeployerRoleName + "s"
	ClusterAdminRoleBindingName      = ClusterAdminRoleName + "s"
	ClusterReaderRoleBindingName     = ClusterReaderRoleName + "s"
	BasicUserRoleBindingName         = BasicUserRoleName + "s"
	OAuthTokenDeleterRoleBindingName = OAuthTokenDeleterRoleName + "s"
	StatusCheckerRoleBindingName     = StatusCheckerRoleName + "-binding"
	ImagePullerRoleBindingName       = ImagePullerRoleName + "s"
	ImageBuilderRoleBindingName      = ImageBuilderRoleName + "s"
	RouterRoleBindingName            = RouterRoleName + "s"
	RegistryRoleBindingName          = RegistryRoleName + "s"
	MasterRoleBindingName            = MasterRoleName + "s"
	NodeRoleBindingName              = NodeRoleName + "s"
	NodeProxierRoleBindingName       = NodeProxierRoleName + "s"
	NodeAdminRoleBindingName         = NodeAdminRoleName + "s"
	NodeReaderRoleBindingName        = NodeReaderRoleName + "s"
	SDNReaderRoleBindingName         = SDNReaderRoleName + "s"
	SDNManagerRoleBindingName        = SDNManagerRoleName + "s"
	WebHooksRoleBindingName          = WebHooksRoleName + "s"

	OpenshiftSharedResourceViewRoleBindingName = OpenshiftSharedResourceViewRoleName + "s"
)

RoleBindings

View Source

const (
	// SecurityContextConstraintPrivileged is used as the name for the system default privileged scc.
	SecurityContextConstraintPrivileged = "privileged"
	// SecurityContextConstraintRestricted is used as the name for the system default restricted scc.
	SecurityContextConstraintRestricted = "restricted"
)

Variables ¶

This section is empty.

Functions ¶

func GetBootstrapClusterRoleBindings ¶ added in v0.5.1

func GetBootstrapClusterRoleBindings() []authorizationapi.ClusterRoleBinding

func GetBootstrapClusterRoles ¶ added in v0.5.1

func GetBootstrapClusterRoles() []authorizationapi.ClusterRole

func GetBootstrapOpenshiftRoleBindings ¶

func GetBootstrapOpenshiftRoleBindings(openshiftNamespace string) []authorizationapi.RoleBinding

func GetBootstrapOpenshiftRoles ¶

func GetBootstrapOpenshiftRoles(openshiftNamespace string) []authorizationapi.Role

func GetBootstrapSecurityContextConstraints ¶ added in v0.6.1

func GetBootstrapSecurityContextConstraints(buildControllerUsername string) []kapi.SecurityContextConstraints

GetBootstrapSecurityContextConstraints returns the slice of default SecurityContextConstraints for system bootstrapping.

func GetBootstrapServiceAccountProjectRoleBindings ¶ added in v0.5.4

func GetBootstrapServiceAccountProjectRoleBindings(namespace string) []authorizationapi.RoleBinding

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL