Documentation ¶
Index ¶
- Constants
- func AllowBootstrapTokensToPostCSRs(client clientset.Interface, k8sVersion *version.Version) error
- func AutoApproveNodeBootstrapTokens(client clientset.Interface, k8sVersion *version.Version) error
- func CreateNewToken(client clientset.Interface, token string, tokenDuration time.Duration, ...) error
- func UpdateOrCreateToken(client clientset.Interface, token string, failIfExists bool, ...) error
Constants ¶
View Source
const ( // NodeBootstrapperClusterRoleName defines the name of the auto-bootstrapped ClusterRole for letting someone post a CSR // TODO: This value should be defined in an other, generic authz package instead of here NodeBootstrapperClusterRoleName = "system:node-bootstrapper" // NodeKubeletBootstrap defines the name of the ClusterRoleBinding that lets kubelets post CSRs NodeKubeletBootstrap = "kubeadm:kubelet-bootstrap" // CSRAutoApprovalClusterRoleName defines the name of the auto-bootstrapped ClusterRole for making the csrapprover controller auto-approve the CSR // TODO: This value should be defined in an other, generic authz package instead of here // Starting from v1.8, CSRAutoApprovalClusterRoleName is automatically created by the API server on startup CSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:nodeclient" // NodeAutoApproveBootstrapClusterRoleBinding defines the name of the ClusterRoleBinding that makes the csrapprover approve node CSRs NodeAutoApproveBootstrapClusterRoleBinding = "kubeadm:node-autoapprove-bootstrap" )
Variables ¶
This section is empty.
Functions ¶
func AllowBootstrapTokensToPostCSRs ¶
AllowBootstrapTokensToPostCSRs creates RBAC rules in a way the makes Node Bootstrap Tokens able to post CSRs
func AutoApproveNodeBootstrapTokens ¶
AutoApproveNodeBootstrapTokens creates RBAC rules in a way that makes Node Bootstrap Tokens' CSR auto-approved by the csrapprover controller
func CreateNewToken ¶
func CreateNewToken(client clientset.Interface, token string, tokenDuration time.Duration, usages []string, extraGroups []string, description string) error
CreateNewToken tries to create a token and fails if one with the same ID already exists
func UpdateOrCreateToken ¶
func UpdateOrCreateToken(client clientset.Interface, token string, failIfExists bool, tokenDuration time.Duration, usages []string, extraGroups []string, description string) error
UpdateOrCreateToken attempts to update a token with the given ID, or create if it does not already exist.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.