Documentation
¶
Index ¶
- func GetRoles(f fs.ReadFileFS, clusterType configuration.ClusterType) ([]runtimeclient.Object, error)
- func ParseTemplate(f fs.ReadFileFS, fileName string) ([]runtimeclient.Object, error)
- type ClusterConfig
- type ClusterRoleBindings
- type Clusters
- type DefaultServiceAccountsNamespace
- type FS
- type FilenameMatcher
- type KubeSawAdmins
- type MemberCluster
- type PermissionBindings
- type PermissionsPerClusterType
- type RoleBindings
- type Selector
- type ServiceAccount
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetRoles ¶
func GetRoles(f fs.ReadFileFS, clusterType configuration.ClusterType) ([]runtimeclient.Object, error)
func ParseTemplate ¶
func ParseTemplate(f fs.ReadFileFS, fileName string) ([]runtimeclient.Object, error)
Types ¶
type ClusterConfig ¶
type ClusterConfig struct {
API string `yaml:"api"`
}
type ClusterRoleBindings ¶
type ClusterRoleBindings struct {
ClusterRoles []string `yaml:"clusterRoles,omitempty"`
}
type Clusters ¶
type Clusters struct {
Host ClusterConfig `yaml:"host"`
Members []MemberCluster `yaml:"members"`
}
type DefaultServiceAccountsNamespace ¶
type DefaultServiceAccountsNamespace struct {
Host string `yaml:"host"`
Member string `yaml:"member"`
}
DefaultServiceAccountsNamespace defines the names of the default namespaces where the ksctl SAs should be created. If not specified, then the names kubesaw-admins-host and kubesaw-admins-member are used.
type FilenameMatcher ¶
type KubeSawAdmins ¶
type KubeSawAdmins struct {
Clusters Clusters `yaml:"clusters"`
ServiceAccounts []ServiceAccount `yaml:"serviceAccounts"`
Users []User `yaml:"users"`
DefaultServiceAccountsNamespace DefaultServiceAccountsNamespace `yaml:"defaultServiceAccountsNamespace"`
}
func GetKubeSawAdminsConfig ¶
func GetKubeSawAdminsConfig(kubeSawAdminsFile string) (*KubeSawAdmins, error)
type MemberCluster ¶
type MemberCluster struct {
Name string `yaml:"name"`
ClusterConfig `yaml:",inline"`
// SeparateKustomizeComponent when set to true, then the manifests for the member cluster will be generated in a separate
// Kustomize component (a directory structure that will contain all the generated manifests including the kustomization.yaml files).
// The name of the root folder will have the same name as the name of the member cluster.
SeparateKustomizeComponent bool `yaml:"separateKustomizeComponent"`
}
type PermissionBindings ¶
type PermissionBindings struct {
RoleBindings []RoleBindings `yaml:"roleBindings"`
ClusterRoleBindings ClusterRoleBindings `yaml:"clusterRoleBindings"`
}
type PermissionsPerClusterType ¶
type PermissionsPerClusterType map[string]PermissionBindings
type RoleBindings ¶
type Selector ¶
type Selector struct {
// SkipMembers can contain a list of member cluster names the entity shouldn't be applied for
SkipMembers []string `yaml:"skipMembers,omitempty"`
// MemberClusters defines a list of member cluster names the entity should be applied for
MemberClusters []string `yaml:"memberClusters,omitempty"`
}
Selector contains fields to select clusters the entity should (not) be applied for
func (Selector) ShouldBeSkippedForMember ¶
type ServiceAccount ¶
type ServiceAccount struct {
Name string `yaml:"name"`
Namespace string `yaml:"namespace,omitempty"`
Selector Selector `yaml:"selector"`
PermissionsPerClusterType `yaml:",inline"`
}
type User ¶
type User struct {
Name string `yaml:"name"`
ID []string `yaml:"id"`
AllClusters bool `yaml:"allClusters,omitempty"` // force user and identity manifest generation on all clusters, even if no permissions are specified
Groups []string `yaml:"groups"`
Selector Selector `yaml:"selector"`
PermissionsPerClusterType `yaml:",inline,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.