auth

package

v0.0.0-...-5e166b1 Latest Latest Go to latest Published: Feb 3, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openshift/cluster-logging-operator

Documentation ¶

Index ¶

Variables
func NewMetaDataReaderClusterRoleBinding(saNamespace, saName string, owner metav1.OwnerReference) *rbacv1.ClusterRoleBinding
func NewSCC() *security.SecurityContextConstraints
func NewServiceAccountSCCRole(namespace, name string, owner metav1.OwnerReference) *rbacv1.Role
func NewServiceAccountSCCRoleBinding(namespace, name, roleName, saName string, owner metav1.OwnerReference) *rbacv1.RoleBinding
func ReconcileRBAC(k8sClient client.Client, rbacName, saNamespace, saName string, ...) error
func ReconcileServiceAccount(k8sClient client.Client, namespace string, ...) (err error)
func ReconcileServiceAccountTokenSecret(sa *corev1.ServiceAccount, k8sClient client.Client, namespace, name string, ...) (desired *corev1.Secret, err error)
func RemoveSecurityContextConstraint(k8sClient client.Client, sccName string) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	RequiredDropCapabilities = []corev1.Capability{
		"CHOWN",
		"DAC_OVERRIDE",
		"FSETID",
		"FOWNER",
		"SETGID",
		"SETUID",
		"SETPCAP",
		"NET_BIND_SERVICE",
		"KILL",
	}

	DesiredSCCVolumes = []security.FSType{"configMap", "secret", "emptyDir", "projected"}
)

Functions ¶

func NewMetaDataReaderClusterRoleBinding ¶

func NewMetaDataReaderClusterRoleBinding(saNamespace, saName string, owner metav1.OwnerReference) *rbacv1.ClusterRoleBinding

NewMetaDataReaderClusterRoleBinding stubs a clusterrolebinding to allow reading of pod metadata (i.e. labels)

func NewSCC ¶

func NewSCC() *security.SecurityContextConstraints

func NewServiceAccountSCCRole ¶

func NewServiceAccountSCCRole(namespace, name string, owner metav1.OwnerReference) *rbacv1.Role

func NewServiceAccountSCCRoleBinding ¶

func NewServiceAccountSCCRoleBinding(namespace, name, roleName, saName string, owner metav1.OwnerReference) *rbacv1.RoleBinding

func ReconcileRBAC ¶

func ReconcileRBAC(k8sClient client.Client, rbacName, saNamespace, saName string, owner metav1.OwnerReference) error

ReconcileRBAC reconciles the RBAC specifically for the service account and SCC

func ReconcileServiceAccount ¶

func ReconcileServiceAccount(k8sClient client.Client, namespace string, resNames *factory.ForwarderResourceNames, owner metav1.OwnerReference) (err error)

ReconcileServiceAccount reconciles the serviceAccount for a workload

func ReconcileServiceAccountTokenSecret ¶

func ReconcileServiceAccountTokenSecret(sa *corev1.ServiceAccount, k8sClient client.Client, namespace, name string, owner metav1.OwnerReference) (desired *corev1.Secret, err error)

func RemoveSecurityContextConstraint ¶

func RemoveSecurityContextConstraint(k8sClient client.Client, sccName string) error

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL