kubeconfig

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

Package kubeconfig manages teleport entries in a local kubeconfig file.

Package kubeconfig manages teleport entries in a local kubeconfig file.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckContextOverrideTemplate 

func CheckContextOverrideTemplate(temp string) error

CheckContextOverrideTemplate tests if the given template is valid and can be used to generate different context names for different clusters.

func ContextName 

func ContextName(teleportCluster, kubeCluster string) string

ContextName returns a kubeconfig context name generated by this package.

func CreateLocalProxyConfig 

func CreateLocalProxyConfig(originalKubeConfig *clientcmdapi.Config, localProxyValues *LocalProxyValues) (*clientcmdapi.Config, error)

CreateLocalProxyConfig creates a kubeconfig for local proxy.

func KubeClusterFromContext 

func KubeClusterFromContext(contextName string, ctx *clientcmdapi.Context, teleportCluster string) string

KubeClusterFromContext extracts the kubernetes cluster name from context name generated by this package.

func Load 

func Load(path string) (*clientcmdapi.Config, error)

Load tries to read a kubeconfig file and if it can't, returns an error. One exception, missing files result in empty configs, not an error.

func LoadConfig 

func LoadConfig(path string, fs ConfigFS) (*clientcmdapi.Config, error)

LoadConfig tries to read a kubeconfig file and if it can't, returns an error. One exception, missing files result in empty configs, not an error.

func PathFromEnv 

func PathFromEnv() string

PathFromEnv extracts location of kubeconfig from the environment.

func RemoveByClusterName 

func RemoveByClusterName(path, clusterName string) error

RemoveByClusterName removes Teleport configuration from kubeconfig.

If `path` is empty, RemoveByClusterName will try to guess it based on the environment or known defaults.

func RemoveByServerAddr 

func RemoveByServerAddr(path, wantServer string) error

RemoveByServerAddr removes all clusters with the provided server address from kubeconfig

If `path` is empty, RemoveByServerAddr will try to guess it based on the environment or known defaults.

func Save 

func Save(path string, config clientcmdapi.Config) error

Save saves updated config to location specified by environment variable or default location

func SaveConfig 

func SaveConfig(path string, config clientcmdapi.Config, fs ConfigFS) error

Save saves updated config to location specified by environment variable or default location.

func SelectContext 

func SelectContext(teleportCluster, kubeCluster string) error

SelectContext switches the active kubeconfig context to point to the provided kubeCluster in teleportCluster.

func SelectedKubeCluster 

func SelectedKubeCluster(path, teleportCluster string) (string, error)

SelectedKubeCluster returns the Kubernetes cluster name of the default context if it belongs to the Teleport cluster provided.

func Update 

func Update(path string, v Values, storeAllCAs bool) error

Update adds Teleport configuration to kubeconfig.

If `path` is empty, Update will try to guess it based on the environment or known defaults.

func UpdateConfig 

func UpdateConfig(path string, v Values, storeAllCAs bool, fs ConfigFS) error

UpdateConfig adds Teleport configuration to kubeconfig, reading and writing from the supplied ConfigFS

If `path` is empty, Update will try to guess it based on the environment or known defaults.

Types

type ConfigFS 

type ConfigFS interface {
	// WriteFile writes the given data to path `name`, using the specified
	// permissions if the file is new.
	WriteFile(name string, data []byte, perm os.FileMode) error

	ReadFile(name string) ([]byte, error)
}

ConfigFS is a simple filesystem abstraction to allow alternative file writing options when generating kube config files.

type ExecValues 

type ExecValues struct {
	// TshBinaryPath is a path to the tsh binary for use as exec plugin.
	TshBinaryPath string
	// TshBinaryInsecure defines whether to set the --insecure flag in the tsh
	// exec plugin arguments. This is used when the proxy doesn't have a
	// trusted TLS cert during login.
	TshBinaryInsecure bool
	// Env is a map of environment variables to forward.
	Env map[string]string
}

ExecValues contain values for configuring tsh as an exec auth plugin in kubeconfig.

type LocalProxyCluster 

type LocalProxyCluster struct {
	// TeleportCluster is the Teleport cluster name.
	TeleportCluster string
	// KubeCluster is the Kubernetes cluster name.
	KubeCluster string
	// Impersonate allows to define the default impersonated user.
	// Must be a subset of kubernetes_users or the Teleport username
	// otherwise Teleport will deny the request.
	Impersonate string
	// ImpersonateGroups allows to define the default values for impersonated groups.
	// Must be a subset of kubernetes_groups otherwise Teleport will deny
	// the request.
	ImpersonateGroups []string
	// Namespace allows to define the default namespace value.
	Namespace string
}

LocalProxyCluster contains values for a kube cluster for generating local proxy kubeconfig.

func FindTeleportClusterForLocalProxy 

func FindTeleportClusterForLocalProxy(defaultConfig *clientcmdapi.Config, clusterAddr, contextName string) (LocalProxyCluster, bool)

FindTeleportClusterForLocalProxy finds the Teleport kube cluster based on provided cluster address and context name, and prepares a LocalProxyCluster.

When the cluster has a ProxyURL set, it means the provided kubeconfig is already pointing to a local proxy through this ProxyURL and thus can be skipped as there is no need to create a new local proxy.

func (LocalProxyCluster) String 

func (v LocalProxyCluster) String() string

String implements Stringer interface.

type LocalProxyClusters 

type LocalProxyClusters []LocalProxyCluster

LocalProxyClusters is a list of LocalProxyCluster.

func LocalProxyClustersFromDefaultConfig 

func LocalProxyClustersFromDefaultConfig(defaultConfig *clientcmdapi.Config, clusterAddr string) (clusters LocalProxyClusters)

LocalProxyClustersFromDefaultConfig loads Teleport kube clusters data saved by `tsh kube login` in the default kubeconfig.

func (LocalProxyClusters) TeleportClusters 

func (s LocalProxyClusters) TeleportClusters() []string

TeleportClusters returns a list of unique Teleport clusters

type LocalProxyValues 

type LocalProxyValues struct {
	// TeleportKubeClusterAddr is the Teleport Kubernetes access address.
	TeleportKubeClusterAddr string
	// LocalProxyURL is the local forward proxy's URL.
	LocalProxyURL string
	// LocalProxyCAs are the local proxy's self-signed CAs PEM encoded data, by Teleport cluster name.
	LocalProxyCAs map[string][]byte
	// ClientKeyData is self generated private key data used by kubectl and linked to proxy self-signed CA
	ClientKeyData []byte
	// Clusters is a list of Teleport kube clusters to include.
	Clusters LocalProxyClusters
	// OverrideContext is the name of the context or template used when adding a new cluster.
	// If empty, the context name will be generated from the {teleport-cluster}-{kube-cluster}.
	OverrideContext string
}

LocalProxyValues contains values for generating local proxy kubeconfig

func (*LocalProxyValues) TeleportClusterNames 

func (v *LocalProxyValues) TeleportClusterNames() []string

TeleportClusterNames returns all Teleport cluster names.

type Values 

type Values struct {
	// TeleportClusterName is used to name kubeconfig sections ("context", "cluster" and
	// "user"). Should match Teleport cluster name.
	TeleportClusterName string
	// ClusterAddr is the public address the Kubernetes client will talk to,
	// usually a proxy.
	ClusterAddr string
	// Credentials are user credentials to use for authentication the
	// ClusterAddr. Only TLS fields (key/cert/CA) from Credentials are used.
	Credentials *client.Key
	// Exec contains optional values to use, when configuring tsh as an exec
	// auth plugin in kubeconfig.
	//
	// If not set, static key/cert from Credentials are written to kubeconfig
	// instead.
	Exec *ExecValues
	// ProxyAddr is the host:port address provided when running tsh kube login.
	// This value is empty if a proxy was not specified.
	ProxyAddr string

	// TLSServerName is SNI host value passed to the server.
	TLSServerName string

	// Impersonate allows to define the default impersonated user.
	// Must be a subset of kubernetes_users or the Teleport username
	// otherwise Teleport will deny the request.
	Impersonate string
	// ImpersonateGroups allows to define the default values for impersonated groups.
	// Must be a subset of kubernetes_groups otherwise Teleport will deny
	// the request.
	ImpersonateGroups []string
	// Namespace allows to define the default namespace value.
	Namespace string
	// KubeClusters is a list of kubernetes clusters to generate contexts for.
	KubeClusters []string
	// SelectCluster is the name of the kubernetes cluster to set in
	// current-context.
	SelectCluster string
	// OverrideContext is the name of the context or template used when adding a new cluster.
	// If empty, the context name will be generated from the {teleport-cluster}-{kube-cluster}.
	OverrideContext string
}

Values are Teleport user data needed to generate kubeconfig entries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.