bootstraptoken

package
v1.9.0-preview2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// DefaultTokenDuration specifies the default amount of time that a bootstrap token will be valid
	// Default behaviour is 24 hours
	DefaultTokenDuration = 24 * time.Hour
)

Variables

View Source
var (
	// DefaultUsages is the default usages of bootstrap token
	DefaultUsages = bootstrapapi.KnownTokenUsages
	// DefaultGroups is the default groups of bootstrap token
	DefaultGroups = []string{"system:bootstrappers:karmada:default-cluster-token"}
)

Functions

func ConvertBootstrapTokenToSecret

func ConvertBootstrapTokenToSecret(bt *BootstrapToken) *corev1.Secret

ConvertBootstrapTokenToSecret converts the given BootstrapToken object to its Secret representation that may be submitted to the API Server in order to be stored.

func CreateNewToken

func CreateNewToken(client kubeclient.Interface, token *BootstrapToken) error

CreateNewToken tries to create a token and fails if one with the same ID already exists

func GenerateRegisterCommand

func GenerateRegisterCommand(kubeConfig, parentCommand, token string, karmadaContext string) (string, error)

GenerateRegisterCommand generate register command that will be printed

func GetClusterFromKubeConfig

func GetClusterFromKubeConfig(config *clientcmdapi.Config, karmadaContext string) *clientcmdapi.Cluster

GetClusterFromKubeConfig returns the Cluster of the specified KubeConfig, if karmada-context unset, it will use the current-context

func TryRunCommand

func TryRunCommand(f func() error, failureThreshold int) error

TryRunCommand runs a function a maximum of failureThreshold times, and retries on error. If failureThreshold is hit; the last error is returned

func UpdateOrCreateToken

func UpdateOrCreateToken(client kubeclient.Interface, failIfExists bool, token *BootstrapToken) error

UpdateOrCreateToken attempts to update a token with the given ID, or create if it does not already exist.

Types

type BootstrapToken

type BootstrapToken struct {
	// Token is used for establishing bidirectional trust between clusters and karmada-control-plane.
	// Used for joining clusters to the karmada-control-plane.
	Token *Token
	// Description sets a human-friendly message why this token exists and what it's used
	// for, so other administrators can know its purpose.
	// +optional
	Description string
	// TTL defines the time to live for this token. Defaults to 24h.
	// Expires and TTL are mutually exclusive.
	// +optional
	TTL *metav1.Duration
	// Expires specifies the timestamp when this token expires. Defaults to being set
	// dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
	// +optional
	Expires *metav1.Time
	// Usages describes the ways in which this token can be used. Can by default be used
	// for establishing bidirectional trust, but that can be changed here.
	// +optional
	Usages []string
	// Groups specifies the extra groups that this token will authenticate as when/if
	// used for authentication
	// +optional
	Groups []string
}

BootstrapToken describes one bootstrap token, stored as a Secret in the cluster

func GenerateRandomBootstrapToken

func GenerateRandomBootstrapToken(ttl *metav1.Duration, description string, groups, usages []string) (*BootstrapToken, error)

GenerateRandomBootstrapToken generate random bootstrap token

func GetBootstrapTokenFromSecret

func GetBootstrapTokenFromSecret(secret *corev1.Secret) (*BootstrapToken, error)

GetBootstrapTokenFromSecret returns a BootstrapToken object from the given Secret

type Token

type Token struct {
	ID     string
	Secret string
}

Token is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining cluster's point of view and as an authentication method for the cluster in the bootstrap phase of "karmadactl join". This token is and should be short-lived

func NewToken

func NewToken(token string) (*Token, error)

NewToken converts the given Bootstrap Token as a string to the Token object used for serialization/deserialization and internal usage. It also automatically validates that the given token is of the right format

func NewTokenFromIDAndSecret

func NewTokenFromIDAndSecret(id, secret string) (*Token, error)

NewTokenFromIDAndSecret is a wrapper around NewToken that allows the caller to specify the ID and Secret separately

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL