Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewDelegatingAuthenticator ¶
func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error)
NewDelegatingAuthenticator creates an authenticator compatible with the kubelet's needs
func NewOIDCAuthenticator ¶
func NewOIDCAuthenticator(config *OIDCConfig) (authenticator.Request, error)
NewOIDCAuthenticator returns OIDC authenticator
Types ¶
type AuthnConfig ¶
type AuthnConfig struct {
X509 *X509Config
Header *AuthnHeaderConfig
OIDC *OIDCConfig
}
AuthnConfig holds all configurations related to authentication options
type AuthnHeaderConfig ¶
type AuthnHeaderConfig struct {
// When set to true, kube-rbac-proxy adds auth-related fields to the headers of http requests sent to the upstream
Enabled bool
// Corresponds to the name of the field inside a http(2) request header
// to tell the upstream server about the user's name
UserFieldName string
// Corresponds to the name of the field inside a http(2) request header
// to tell the upstream server about the user's groups
GroupsFieldName string
// The separator string used for concatenating multiple group names in a groups header field's value
GroupSeparator string
}
AuthnHeaderConfig contains authentication header settings which enable more information about the user identity to be sent to the upstream
type OIDCConfig ¶
type OIDCConfig struct {
IssuerURL string
ClientID string
CAFile string
UsernameClaim string
UsernamePrefix string
GroupsClaim string
GroupsPrefix string
SupportedSigningAlgs []string
}
OIDCConfig represents configuration used for JWT request authentication
type X509Config ¶
type X509Config struct {
ClientCAFile string
}
X509Config holds public client certificate used for authentication requests if specified
Source Files
Click to show internal directories.
Click to hide internal directories.