Documentation ¶
Overview ¶
Example (EmptyConfig) ¶
defaultConfig := NewConfig() output, err := yaml.Marshal(defaultConfig) if err != nil { fmt.Printf("Unexpected error: %v", err) } fmt.Printf("%v", string(output))
Output: clusters: {} contexts: {} current-context: "" preferences: {} users: {}
Example (MinifyAndShorten) ¶
certFile, _ := ioutil.TempFile("", "") defer os.Remove(certFile.Name()) keyFile, _ := ioutil.TempFile("", "") defer os.Remove(keyFile.Name()) caFile, _ := ioutil.TempFile("", "") defer os.Remove(caFile.Name()) certData := "cert" keyData := "key" caData := "ca" config := newMergedConfig(certFile.Name(), certData, keyFile.Name(), keyData, caFile.Name(), caData, nil) MinifyConfig(&config) ShortenConfig(&config) output, _ := yaml.Marshal(config) fmt.Printf("%s", string(output))
Output: clusters: cow-cluster: LocationOfOrigin: "" certificate-authority-data: DATA+OMITTED server: http://cow.org:8080 contexts: federal-context: LocationOfOrigin: "" cluster: cow-cluster user: red-user current-context: federal-context preferences: {} users: red-user: LocationOfOrigin: "" client-certificate-data: REDACTED client-key-data: REDACTED token: REDACTED
Example (OfOptionsConfig) ¶
defaultConfig := NewConfig() defaultConfig.Preferences.Colors = true defaultConfig.Clusters["alfa"] = &Cluster{ Server: "https://alfa.org:8080", InsecureSkipTLSVerify: true, CertificateAuthority: "path/to/my/cert-ca-filename", } defaultConfig.Clusters["bravo"] = &Cluster{ Server: "https://bravo.org:8080", InsecureSkipTLSVerify: false, } defaultConfig.AuthInfos["white-mage-via-cert"] = &AuthInfo{ ClientCertificate: "path/to/my/client-cert-filename", ClientKey: "path/to/my/client-key-filename", } defaultConfig.AuthInfos["red-mage-via-token"] = &AuthInfo{ Token: "my-secret-token", } defaultConfig.AuthInfos["black-mage-via-auth-provider"] = &AuthInfo{ AuthProvider: &AuthProviderConfig{ Name: "gcp", Config: map[string]string{ "foo": "bar", "token": "s3cr3t-t0k3n", }, }, } defaultConfig.Contexts["bravo-as-black-mage"] = &Context{ Cluster: "bravo", AuthInfo: "black-mage-via-auth-provider", Namespace: "yankee", } defaultConfig.Contexts["alfa-as-black-mage"] = &Context{ Cluster: "alfa", AuthInfo: "black-mage-via-auth-provider", Namespace: "zulu", } defaultConfig.Contexts["alfa-as-white-mage"] = &Context{ Cluster: "alfa", AuthInfo: "white-mage-via-cert", } defaultConfig.CurrentContext = "alfa-as-white-mage" output, err := yaml.Marshal(defaultConfig) if err != nil { fmt.Printf("Unexpected error: %v", err) } fmt.Printf("%v", string(output))
Output: clusters: alfa: LocationOfOrigin: "" certificate-authority: path/to/my/cert-ca-filename insecure-skip-tls-verify: true server: https://alfa.org:8080 bravo: LocationOfOrigin: "" server: https://bravo.org:8080 contexts: alfa-as-black-mage: LocationOfOrigin: "" cluster: alfa namespace: zulu user: black-mage-via-auth-provider alfa-as-white-mage: LocationOfOrigin: "" cluster: alfa user: white-mage-via-cert bravo-as-black-mage: LocationOfOrigin: "" cluster: bravo namespace: yankee user: black-mage-via-auth-provider current-context: alfa-as-white-mage preferences: colors: true users: black-mage-via-auth-provider: LocationOfOrigin: "" auth-provider: config: foo: bar token: s3cr3t-t0k3n name: gcp red-mage-via-token: LocationOfOrigin: "" token: my-secret-token white-mage-via-cert: LocationOfOrigin: "" client-certificate: path/to/my/client-cert-filename client-key: path/to/my/client-key-filename
Index ¶
- Variables
- func FlattenConfig(config *Config) error
- func FlattenContent(path *string, contents *[]byte, baseDir string) error
- func IsConfigEmpty(config *Config) bool
- func MakeAbs(path, base string) (string, error)
- func MinifyConfig(config *Config) error
- func ResolvePath(path string, base string) string
- func ShortenConfig(config *Config)
- type AuthInfo
- type AuthProviderConfig
- type Cluster
- type Config
- func (in *Config) DeepCopy() *Config
- func (in *Config) DeepCopyInto(out *Config)
- func (in *Config) DeepCopyObject() runtime.Object
- func (obj *Config) GetObjectKind() schema.ObjectKind
- func (obj *Config) GroupVersionKind() schema.GroupVersionKind
- func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind)
- type Context
- type ExecConfig
- type ExecEnvVar
- type ExecInteractiveMode
- type Preferences
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects TODO this should be in the "kubeconfig" group
Functions ¶
func FlattenConfig ¶
Flatten changes the config object into a self contained config (useful for making secrets)
func IsConfigEmpty ¶
IsConfigEmpty returns true if the config is empty.
func MinifyConfig ¶
MinifyConfig read the current context and uses that to keep only the relevant pieces of config This is useful for making secrets based on kubeconfig files
func ResolvePath ¶
ResolvePath returns the path as an absolute paths, relative to the given base directory
func ShortenConfig ¶
func ShortenConfig(config *Config)
Flatten redacts raw data entries from the config object for a human-readable view.
Types ¶
type AuthInfo ¶
type AuthInfo struct { // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. // +k8s:conversion-gen=false LocationOfOrigin string // ClientCertificate is the path to a client cert file for TLS. // +optional ClientCertificate string `json:"client-certificate,omitempty"` // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate // +optional ClientCertificateData []byte `json:"client-certificate-data,omitempty"` // ClientKey is the path to a client key file for TLS. // +optional ClientKey string `json:"client-key,omitempty"` // ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey // +optional ClientKeyData []byte `json:"client-key-data,omitempty" datapolicy:"security-key"` // Token is the bearer token for authentication to the kubernetes cluster. // +optional Token string `json:"token,omitempty" datapolicy:"token"` // TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence. // +optional TokenFile string `json:"tokenFile,omitempty"` // Impersonate is the username to act-as. // +optional Impersonate string `json:"act-as,omitempty"` // ImpersonateGroups is the groups to imperonate. // +optional ImpersonateGroups []string `json:"act-as-groups,omitempty"` // ImpersonateUserExtra contains additional information for impersonated user. // +optional ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"` // Username is the username for basic authentication to the kubernetes cluster. // +optional Username string `json:"username,omitempty"` // Password is the password for basic authentication to the kubernetes cluster. // +optional Password string `json:"password,omitempty" datapolicy:"password"` // AuthProvider specifies a custom authentication plugin for the kubernetes cluster. // +optional AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"` // Exec specifies a custom exec-based authentication plugin for the kubernetes cluster. // +optional Exec *ExecConfig `json:"exec,omitempty"` // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields // +optional Extensions map[string]runtime.Object `json:"extensions,omitempty"` }
AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
func NewAuthInfo ¶
func NewAuthInfo() *AuthInfo
NewAuthInfo is a convenience function that returns a new AuthInfo object with non-nil maps
func (*AuthInfo) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthInfo.
func (*AuthInfo) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthProviderConfig ¶
type AuthProviderConfig struct { Name string `json:"name"` // +optional Config map[string]string `json:"config,omitempty"` }
AuthProviderConfig holds the configuration for a specified auth provider.
func (*AuthProviderConfig) DeepCopy ¶
func (in *AuthProviderConfig) DeepCopy() *AuthProviderConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProviderConfig.
func (*AuthProviderConfig) DeepCopyInto ¶
func (in *AuthProviderConfig) DeepCopyInto(out *AuthProviderConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AuthProviderConfig) GoString ¶
func (c AuthProviderConfig) GoString() string
GoString implements fmt.GoStringer and sanitizes sensitive fields of AuthProviderConfig to prevent accidental leaking via logs.
func (AuthProviderConfig) String ¶
func (c AuthProviderConfig) String() string
String implements fmt.Stringer and sanitizes sensitive fields of AuthProviderConfig to prevent accidental leaking via logs.
type Cluster ¶
type Cluster struct { // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. // +k8s:conversion-gen=false LocationOfOrigin string // Server is the address of the kubernetes cluster (https://hostname:port). Server string `json:"server"` // TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. // +optional TLSServerName string `json:"tls-server-name,omitempty"` // InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. // +optional InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"` // CertificateAuthority is the path to a cert file for the certificate authority. // +optional CertificateAuthority string `json:"certificate-authority,omitempty"` // CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority // +optional CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"` // ProxyURL is the URL to the proxy to be used for all requests made by this // client. URLs with "http", "https", and "socks5" schemes are supported. If // this configuration is not provided or the empty string, the client // attempts to construct a proxy configuration from http_proxy and // https_proxy environment variables. If these environment variables are not // set, the client does not attempt to proxy requests. // // socks5 proxying does not currently support spdy streaming endpoints (exec, // attach, port forward). // +optional ProxyURL string `json:"proxy-url,omitempty"` // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields // +optional Extensions map[string]runtime.Object `json:"extensions,omitempty"` }
Cluster contains information about how to communicate with a kubernetes cluster
func NewCluster ¶
func NewCluster() *Cluster
NewCluster is a convenience function that returns a new Cluster object with non-nil maps
func (*Cluster) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster.
func (*Cluster) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Config ¶
type Config struct { // Legacy field from pkg/api/types.go TypeMeta. // TODO(jlowdermilk): remove this after eliminating downstream dependencies. // +k8s:conversion-gen=false // +optional Kind string `json:"kind,omitempty"` // Legacy field from pkg/api/types.go TypeMeta. // TODO(jlowdermilk): remove this after eliminating downstream dependencies. // +k8s:conversion-gen=false // +optional APIVersion string `json:"apiVersion,omitempty"` // Preferences holds general information to be use for cli interactions Preferences Preferences `json:"preferences"` // Clusters is a map of referencable names to cluster configs Clusters map[string]*Cluster `json:"clusters"` // AuthInfos is a map of referencable names to user configs AuthInfos map[string]*AuthInfo `json:"users"` // Contexts is a map of referencable names to context configs Contexts map[string]*Context `json:"contexts"` // CurrentContext is the name of the context that you would like to use by default CurrentContext string `json:"current-context"` // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields // +optional Extensions map[string]runtime.Object `json:"extensions,omitempty"` }
Config holds the information needed to build connect to remote kubernetes clusters as a given user IMPORTANT if you add fields to this struct, please update IsConfigEmpty() +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func NewConfig ¶
func NewConfig() *Config
NewConfig is a convenience function that returns a new Config object with non-nil maps
func (*Config) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config.
func (*Config) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Config) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Config) GetObjectKind ¶
func (obj *Config) GetObjectKind() schema.ObjectKind
func (*Config) GroupVersionKind ¶
func (obj *Config) GroupVersionKind() schema.GroupVersionKind
func (*Config) SetGroupVersionKind ¶
func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind)
type Context ¶
type Context struct { // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. // +k8s:conversion-gen=false LocationOfOrigin string // Cluster is the name of the cluster for this context Cluster string `json:"cluster"` // AuthInfo is the name of the authInfo for this context AuthInfo string `json:"user"` // Namespace is the default namespace to use on unspecified requests // +optional Namespace string `json:"namespace,omitempty"` // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields // +optional Extensions map[string]runtime.Object `json:"extensions,omitempty"` }
Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
func NewContext ¶
func NewContext() *Context
NewContext is a convenience function that returns a new Context object with non-nil maps
func (*Context) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Context.
func (*Context) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecConfig ¶
type ExecConfig struct { // Command to execute. Command string `json:"command"` // Arguments to pass to the command when executing it. // +optional Args []string `json:"args"` // Env defines additional environment variables to expose to the process. These // are unioned with the host's environment, as well as variables client-go uses // to pass argument to the plugin. // +optional Env []ExecEnvVar `json:"env"` // Preferred input version of the ExecInfo. The returned ExecCredentials MUST use // the same encoding version as the input. APIVersion string `json:"apiVersion,omitempty"` // This text is shown to the user when the executable doesn't seem to be // present. For example, `brew install foo-cli` might be a good InstallHint for // foo-cli on Mac OS systems. InstallHint string `json:"installHint,omitempty"` // ProvideClusterInfo determines whether or not to provide cluster information, // which could potentially contain very large CA data, to this exec plugin as a // part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set // to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for // reading this environment variable. ProvideClusterInfo bool `json:"provideClusterInfo"` // Config holds additional config data that is specific to the exec // plugin with regards to the cluster being authenticated to. // // This data is sourced from the clientcmd Cluster object's extensions[exec] field: // // clusters: // - name: my-cluster // cluster: // ... // extensions: // - name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config // extension: // audience: 06e3fbd18de8 # arbitrary config // // In some environments, the user config may be exactly the same across many clusters // (i.e. call this exec plugin) minus some details that are specific to each cluster // such as the audience. This field allows the per cluster config to be directly // specified with the cluster info. Using this field to store secret data is not // recommended as one of the prime benefits of exec plugins is that no secrets need // to be stored directly in the kubeconfig. // +k8s:conversion-gen=false Config runtime.Object // InteractiveMode determines this plugin's relationship with standard input. Valid // values are "Never" (this exec plugin never uses standard input), "IfAvailable" (this // exec plugin wants to use standard input if it is available), or "Always" (this exec // plugin requires standard input to function). See ExecInteractiveMode values for more // details. // // If APIVersion is client.authentication.k8s.io/v1alpha1 or // client.authentication.k8s.io/v1beta1, then this field is optional and defaults // to "IfAvailable" when unset. Otherwise, this field is required. // +optional InteractiveMode ExecInteractiveMode // input through to this exec plugin. For example, a higher level entity might be using // standard input for something else and therefore it would not be safe for the exec // plugin to use standard input. This is kept here in order to keep all of the exec configuration // together, but it is never serialized. // +k8s:conversion-gen=false StdinUnavailable bool // cannot successfully run this exec plugin because it needs to use standard input and // StdinUnavailable is true. For example, a process that is already using standard input to // read user instructions might set this to "used by my-program to read user instructions". // +k8s:conversion-gen=false StdinUnavailableMessage string }
ExecConfig specifies a command to provide client credentials. The command is exec'd and outputs structured stdout holding credentials.
See the client.authentication.k8s.io API group for specifications of the exact input and output format
func (*ExecConfig) DeepCopy ¶
func (in *ExecConfig) DeepCopy() *ExecConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecConfig.
func (*ExecConfig) DeepCopyInto ¶
func (in *ExecConfig) DeepCopyInto(out *ExecConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ExecConfig) GoString ¶
func (c ExecConfig) GoString() string
GoString implements fmt.GoStringer and sanitizes sensitive fields of ExecConfig to prevent accidental leaking via logs.
func (ExecConfig) String ¶
func (c ExecConfig) String() string
String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig to prevent accidental leaking via logs.
type ExecEnvVar ¶
ExecEnvVar is used for setting environment variables when executing an exec-based credential plugin.
func (*ExecEnvVar) DeepCopy ¶
func (in *ExecEnvVar) DeepCopy() *ExecEnvVar
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar.
func (*ExecEnvVar) DeepCopyInto ¶
func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecInteractiveMode ¶
type ExecInteractiveMode string
ExecInteractiveMode is a string that describes an exec plugin's relationship with standard input.
const ( // NeverExecInteractiveMode declares that this exec plugin never needs to use standard // input, and therefore the exec plugin will be run regardless of whether standard input is // available for user input. NeverExecInteractiveMode ExecInteractiveMode = "Never" // IfAvailableExecInteractiveMode declares that this exec plugin would like to use standard input // if it is available, but can still operate if standard input is not available. Therefore, the // exec plugin will be run regardless of whether stdin is available for user input. If standard // input is available for user input, then it will be provided to this exec plugin. IfAvailableExecInteractiveMode ExecInteractiveMode = "IfAvailable" // AlwaysExecInteractiveMode declares that this exec plugin requires standard input in order to // run, and therefore the exec plugin will only be run if standard input is available for user // input. If standard input is not available for user input, then the exec plugin will not be run // and an error will be returned by the exec plugin runner. AlwaysExecInteractiveMode ExecInteractiveMode = "Always" )
type Preferences ¶
type Preferences struct { // +optional Colors bool `json:"colors,omitempty"` // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields // +optional Extensions map[string]runtime.Object `json:"extensions,omitempty"` }
IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
func NewPreferences ¶
func NewPreferences() *Preferences
NewPreferences is a convenience function that returns a new Preferences object with non-nil maps
func (*Preferences) DeepCopy ¶
func (in *Preferences) DeepCopy() *Preferences
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Preferences.
func (*Preferences) DeepCopyInto ¶
func (in *Preferences) DeepCopyInto(out *Preferences)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.