Documentation
¶
Index ¶
- Constants
- Variables
- func GetK8sClient() (kubernetes.Interface, error)
- func GetK8sConfig() (*restclient.Config, error)
- func GetRawConfig(runtimeID string) ([]byte, error)
- func SetupConfigMap() error
- type JsonPatchType
- type RollbackE
- type RuntimeClient
- func (rtc *RuntimeClient) Cleaner() error
- func (rtc *RuntimeClient) DeployConfigMap(runtimeID string, L2L3OperatorRole string, startTime time.Time) error
- func (rtc *RuntimeClient) RetryDeleteClusterRoleBinding(wg *sync.WaitGroup, errorCh chan error)
- func (rtc *RuntimeClient) RetryDeleteClusterRoles(wg *sync.WaitGroup, errorCh chan error)
- func (rtc *RuntimeClient) RetryDeleteServiceAccount(wg *sync.WaitGroup, errorCh chan error)
- func (rtc *RuntimeClient) Run() (string, error)
- func (rtc *RuntimeClient) SetupTimer(startTime time.Time, runtimeID string)
- func (rtc *RuntimeClient) UpdateConfigMap(runtimeID string) error
- type SAInfo
Constants ¶
View Source
const ClusterRole = "ClusterRole"
View Source
const ClusterRoleBinding = "ClusterRoleBinding"
View Source
const ExpireTime time.Duration = 24 * time.Hour
View Source
const KcpNamespace string = "kcp-system"
View Source
const Namespace = "kube-system"
View Source
const RUNTIME_ADMIN = "runtimeAdmin"
View Source
const RUNTIME_OPERATOR = "runtimeOperator"
View Source
const SA = "SA"
View Source
const ServiceAccount = "ServiceAccount"
View Source
const Token = "token"
Variables ¶
View Source
var L2L3OperatorAggregationRule = map[string][]metav1.LabelSelector{ RUNTIME_ADMIN: { { MatchLabels: map[string]string{ "rbac.authorization.k8s.io/aggregate-to-admin": "true", }, }, }, RUNTIME_OPERATOR: { { MatchLabels: map[string]string{ "rbac.authorization.k8s.io/aggregate-to-edit": "true", }, }, }, }
View Source
var L2L3OperatorPolicyRule = map[string][]rbacv1.PolicyRule{ RUNTIME_ADMIN: { rbacv1helpers.NewRule("*").Groups("*").Resources("*").RuleOrDie(), rbacv1helpers.NewRule("*").URLs("*").RuleOrDie(), }, RUNTIME_OPERATOR: { rbacv1helpers.NewRule("*").Groups("*").Resources("pods/ephemeralcontainers").RuleOrDie(), rbacv1helpers.NewRule("get", "list", "watch").Groups("*").Resources("*").RuleOrDie(), rbacv1helpers.NewRule("get", "list", "watch").URLs("*").RuleOrDie(), }, }
Functions ¶
func GetK8sClient ¶
func GetK8sClient() (kubernetes.Interface, error)
func GetK8sConfig ¶
func GetK8sConfig() (*restclient.Config, error)
func GetRawConfig ¶
func SetupConfigMap ¶
func SetupConfigMap() error
Types ¶
type JsonPatchType ¶
type RuntimeClient ¶
type RuntimeClient struct {
K8s kubernetes.Interface
KcpK8s kubernetes.Interface
User SAInfo
L2L3OperatiorRole string
RollbackE RollbackE
}
func NewRuntimeClient ¶
func (*RuntimeClient) Cleaner ¶
func (rtc *RuntimeClient) Cleaner() error
Clean service account and cluster role
func (*RuntimeClient) DeployConfigMap ¶
func (*RuntimeClient) RetryDeleteClusterRoleBinding ¶
func (rtc *RuntimeClient) RetryDeleteClusterRoleBinding(wg *sync.WaitGroup, errorCh chan error)
func (*RuntimeClient) RetryDeleteClusterRoles ¶
func (rtc *RuntimeClient) RetryDeleteClusterRoles(wg *sync.WaitGroup, errorCh chan error)
func (*RuntimeClient) RetryDeleteServiceAccount ¶
func (rtc *RuntimeClient) RetryDeleteServiceAccount(wg *sync.WaitGroup, errorCh chan error)
func (*RuntimeClient) Run ¶
func (rtc *RuntimeClient) Run() (string, error)
kubeconfig access runtime, create sa and clusterrole and clusterrolebinding according to userID and l2L3OperatiorRole
func (*RuntimeClient) SetupTimer ¶
func (rtc *RuntimeClient) SetupTimer(startTime time.Time, runtimeID string)
func (*RuntimeClient) UpdateConfigMap ¶
func (rtc *RuntimeClient) UpdateConfigMap(runtimeID string) error
Source Files
Click to show internal directories.
Click to hide internal directories.