impersonation

Documentation

Overview

Package impersonation contains an interface for impersonating different kubernetes clients based on the spec of a custom resource.

Index

• type Client
• type Impersonation
  • func NewImpersonation(imp Impersonator, kubeClient client.Client) Impersonation
• type Impersonator

Types

type Client

type Client interface {
	client.Client

	// StatusPoller returns a polling.StatusPoller using the config from
	// this client instance.
	StatusPoller() *polling.StatusPoller
}

Client is an extension of the controller-runtime Client with the ability to retrieve a status poller using the same credentials.

type Impersonation

type Impersonation interface {
	// GetClient creates a controller-runtime client for talking to a Kubernetes API server.
	// If KubeConfig is set, will use the kubeconfig bytes from the Kubernetes secret.
	// If ServiceAccountName is set, will use the cluster provided kubeconfig impersonating the SA.
	// Otherwise will assume running in cluster and use the cluster provided kubeconfig.
	GetClient(ctx context.Context) (Client, error)
}

Impersonation provides methods for retrieving kubernetes clients and status pollers during a CR's reconciliation.

func NewImpersonation

func NewImpersonation(imp Impersonator, kubeClient client.Client) Impersonation

NewImpersonation creates a new Impersonation using the given CR and client.

type Impersonator

type Impersonator interface {
	client.Object

	// GetKubeConfigSecretName should return the name of the secret in the object's namespace
	// containing a Kubeconfig. If no kubeconfig is configured, it should return an
	// empty string.
	GetKubeConfigSecretName() string
	// GetServiceAccountName should return the name of the service account to impersonate
	// in the object's namespace. If none is configured, it should return an empty string.
	GetServiceAccountName() string
}

Impersonator is an interface to be implemented by CRs that need to assume the credentials of other Kubernetes entities during reconciliation.