Documentation
¶
Index ¶
- Constants
- Variables
- func ConvertBootstrapTokenToSecret(bt *BootstrapToken) *corev1.Secret
- func CreateNewToken(client kubeclient.Interface, token *BootstrapToken) error
- func GenerateRegisterCommand(kubeConfig, parentCommand, token string, karmadaContext string) (string, error)
- func GetClusterFromKubeConfig(config *clientcmdapi.Config, karmadaContext string) *clientcmdapi.Cluster
- func TryRunCommand(f func() error, failureThreshold int) error
- func UpdateOrCreateToken(client kubeclient.Interface, failIfExists bool, token *BootstrapToken) error
- type BootstrapToken
- type Token
Constants ¶
const ( // DefaultTokenDuration specifies the default amount of time that a bootstrap token will be valid // Default behaviour is 24 hours DefaultTokenDuration = 24 * time.Hour )
Variables ¶
var ( // DefaultUsages is the default usages of bootstrap token DefaultUsages = bootstrapapi.KnownTokenUsages // DefaultGroups is the default groups of bootstrap token DefaultGroups = []string{"system:bootstrappers:karmada:default-cluster-token"} )
Functions ¶
func ConvertBootstrapTokenToSecret ¶
func ConvertBootstrapTokenToSecret(bt *BootstrapToken) *corev1.Secret
ConvertBootstrapTokenToSecret converts the given BootstrapToken object to its Secret representation that may be submitted to the API Server in order to be stored.
func CreateNewToken ¶
func CreateNewToken(client kubeclient.Interface, token *BootstrapToken) error
CreateNewToken tries to create a token and fails if one with the same ID already exists
func GenerateRegisterCommand ¶
func GenerateRegisterCommand(kubeConfig, parentCommand, token string, karmadaContext string) (string, error)
GenerateRegisterCommand generate register command that will be printed
func GetClusterFromKubeConfig ¶
func GetClusterFromKubeConfig(config *clientcmdapi.Config, karmadaContext string) *clientcmdapi.Cluster
GetClusterFromKubeConfig returns the Cluster of the specified KubeConfig, if karmada-context unset, it will use the current-context
func TryRunCommand ¶
TryRunCommand runs a function a maximum of failureThreshold times, and retries on error. If failureThreshold is hit; the last error is returned
func UpdateOrCreateToken ¶
func UpdateOrCreateToken(client kubeclient.Interface, failIfExists bool, token *BootstrapToken) error
UpdateOrCreateToken attempts to update a token with the given ID, or create if it does not already exist.
Types ¶
type BootstrapToken ¶
type BootstrapToken struct {
// Token is used for establishing bidirectional trust between clusters and karmada-control-plane.
// Used for joining clusters to the karmada-control-plane.
Token *Token
// Description sets a human-friendly message why this token exists and what it's used
// for, so other administrators can know its purpose.
// +optional
Description string
// TTL defines the time to live for this token. Defaults to 24h.
// Expires and TTL are mutually exclusive.
// +optional
TTL *metav1.Duration
// Expires specifies the timestamp when this token expires. Defaults to being set
// dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
// +optional
Expires *metav1.Time
// Usages describes the ways in which this token can be used. Can by default be used
// for establishing bidirectional trust, but that can be changed here.
// +optional
Usages []string
// Groups specifies the extra groups that this token will authenticate as when/if
// used for authentication
// +optional
Groups []string
}
BootstrapToken describes one bootstrap token, stored as a Secret in the cluster
func GenerateRandomBootstrapToken ¶
func GenerateRandomBootstrapToken(ttl *metav1.Duration, description string, groups, usages []string) (*BootstrapToken, error)
GenerateRandomBootstrapToken generate random bootstrap token
func GetBootstrapTokenFromSecret ¶
func GetBootstrapTokenFromSecret(secret *corev1.Secret) (*BootstrapToken, error)
GetBootstrapTokenFromSecret returns a BootstrapToken object from the given Secret
type Token ¶
Token is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining cluster's point of view and as an authentication method for the cluster in the bootstrap phase of "karmadactl join". This token is and should be short-lived
func NewToken ¶
NewToken converts the given Bootstrap Token as a string to the Token object used for serialization/deserialization and internal usage. It also automatically validates that the given token is of the right format
func NewTokenFromIDAndSecret ¶
NewTokenFromIDAndSecret is a wrapper around NewToken that allows the caller to specify the ID and Secret separately
Source Files