Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewDelegatingAuthenticator ¶
func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error)
NewDelegatingAuthenticator creates an authenticator compatible with the kubelet's needs
Types ¶
type AuthnConfig ¶
type AuthnConfig struct { X509 *X509Config Header *AuthnHeaderConfig OIDC *OIDCConfig }
AuthnConfig holds all configurations related to authentication options
type AuthnHeaderConfig ¶
type AuthnHeaderConfig struct { // When set to true, kube-rbac-proxy adds auth-related fields to the headers of http requests sent to the upstream Enabled bool // Corresponds to the name of the field inside a http(2) request header // to tell the upstream server about the user's name UserFieldName string // Corresponds to the name of the field inside a http(2) request header // to tell the upstream server about the user's groups GroupsFieldName string // The separator string used for concatenating multiple group names in a groups header field's value GroupSeparator string }
AuthnHeaderConfig contains authentication header settings which enable more information about the user identity to be sent to the upstream
type CancelableAuthRequest ¶
type CancelableAuthRequest interface { authenticator.Request Cancel() //Cancels (stops) the underlying instance }
Extends authenticator.Request interface with Cancel() function used to stop underlying authenticator instance once it's not needed anymore
func NewOIDCAuthenticator ¶
func NewOIDCAuthenticator(config *OIDCConfig) (CancelableAuthRequest, error)
NewOIDCAuthenticator returns OIDC authenticator wrapped as a CancelableAuthRequest instance. CancelableAuthRequest allows users to cancel the authenticator once it's not used anymore.
type OIDCConfig ¶
type OIDCConfig struct { IssuerURL string ClientID string CAFile string UsernameClaim string UsernamePrefix string GroupsClaim string GroupsPrefix string SupportedSigningAlgs []string }
OIDCConfig represents configuration used for JWT request authentication
type X509Config ¶
type X509Config struct {
ClientCAFile string
}
X509Config holds public client certificate used for authentication requests if specified