bootstrappolicy

package
v1.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 3, 2017 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ReadWrite = []string{"get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"}
	Read      = []string{"get", "list", "watch"}

	Label      = map[string]string{"kubernetes.io/bootstrapping": "rbac-defaults"}
	Annotation = map[string]string{rbac.AutoUpdateAnnotationKey: "true"}
)
View Source
var OmitNodesGroupBinding = ClusterRoleBindingFilter(func(binding *rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding {
	if binding.RoleRef.Name == systemNodeRoleName {
		subjects := []rbac.Subject{}
		for _, subject := range binding.Subjects {
			if subject.Kind == rbac.GroupKind && subject.Name == user.NodesGroup {
				continue
			}
			subjects = append(subjects, subject)
		}
		binding.Subjects = subjects
	}
	return binding
})

OmitNodesGroupBinding is a filter that omits the deprecated binding for the system:nodes group to the system:node role.

Functions

func AddClusterRoleBindingFilter added in v1.7.0

func AddClusterRoleBindingFilter(filter ClusterRoleBindingFilter)

AddClusterRoleBindingFilter adds the given filter to the list that is invoked when determing bootstrap roles to reconcile.

func ClearClusterRoleBindingFilters added in v1.7.0

func ClearClusterRoleBindingFilters()

ClearClusterRoleBindingFilters removes any filters added using AddClusterRoleBindingFilter

func ClusterRoleBindings

func ClusterRoleBindings() []rbac.ClusterRoleBinding

ClusterRoleBindings return default rolebindings to the default roles

func ClusterRoles

func ClusterRoles() []rbac.ClusterRole

ClusterRoles returns the cluster roles to bootstrap an API server with

func ControllerRoleBindings

func ControllerRoleBindings() []rbac.ClusterRoleBinding

ControllerRoleBindings returns the role bindings used by controllers

func ControllerRoles

func ControllerRoles() []rbac.ClusterRole

ControllerRoles returns the cluster roles used by controllers

func NamespaceRoleBindings added in v1.6.0

func NamespaceRoleBindings() map[string][]rbac.RoleBinding

NamespaceRoleBindings returns a map of namespace to slice of roles to create

func NamespaceRoles added in v1.6.0

func NamespaceRoles() map[string][]rbac.Role

NamespaceRoles returns a map of namespace to slice of roles to create

func NodeRules added in v1.7.0

func NodeRules() []rbac.PolicyRule

Types

type ClusterRoleBindingFilter added in v1.7.0

type ClusterRoleBindingFilter func(*rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding

ClusterRoleBindingFilter can modify and return or omit (by returning nil) a role binding

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL