Documentation ¶
Overview ¶
Package kubeconfig manages teleport entries in a local kubeconfig file.
Index ¶
- func ContextName(teleportCluster, kubeCluster string) string
- func KubeClusterFromContext(contextName, teleportCluster string) string
- func Load(path string) (*clientcmdapi.Config, error)
- func PathFromEnv() string
- func Remove(path, name string) error
- func Save(path string, config clientcmdapi.Config) error
- func SelectContext(teleportCluster, kubeCluster string) error
- func Update(path string, v Values, storeAllCAs bool) error
- type ExecValues
- type Values
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ContextName ¶
ContextName returns a kubeconfig context name generated by this package.
func KubeClusterFromContext ¶
KubeClusterFromContext extracts the kubernetes cluster name from context name generated by this package.
func Load ¶
func Load(path string) (*clientcmdapi.Config, error)
Load tries to read a kubeconfig file and if it can't, returns an error. One exception, missing files result in empty configs, not an error.
func PathFromEnv ¶
func PathFromEnv() string
PathFromEnv extracts location of kubeconfig from the environment.
func Remove ¶
Remove removes Teleport configuration from kubeconfig.
If `path` is empty, Remove will try to guess it based on the environment or known defaults.
func Save ¶
func Save(path string, config clientcmdapi.Config) error
Save saves updated config to location specified by environment variable or default location
func SelectContext ¶
SelectContext switches the active kubeconfig context to point to the provided kubeCluster in teleportCluster.
Types ¶
type ExecValues ¶
type ExecValues struct { // TshBinaryPath is a path to the tsh binary for use as exec plugin. TshBinaryPath string // TshBinaryInsecure defines whether to set the --insecure flag in the tsh // exec plugin arguments. This is used when the proxy doesn't have a // trusted TLS cert during login. TshBinaryInsecure bool // Env is a map of environment variables to forward. Env map[string]string }
ExecValues contain values for configuring tsh as an exec auth plugin in kubeconfig.
type Values ¶
type Values struct { // TeleportClusterName is used to name kubeconfig sections ("context", "cluster" and // "user"). Should match Teleport cluster name. TeleportClusterName string // ClusterAddr is the public address the Kubernetes client will talk to, // usually a proxy. ClusterAddr string // Credentials are user credentials to use for authentication the // ClusterAddr. Only TLS fields (key/cert/CA) from Credentials are used. Credentials *client.Key // Exec contains optional values to use, when configuring tsh as an exec // auth plugin in kubeconfig. // // If not set, static key/cert from Credentials are written to kubeconfig // instead. Exec *ExecValues // ProxyAddr is the host:port address provided when running tsh kube login. // This value is empty if a proxy was not specified. ProxyAddr string // TLSServerName is SNI host value passed to the server. TLSServerName string // Impersonate allows to define the default impersonated user. // Must be a subset of kubernetes_users or the Teleport username // otherwise Teleport will deny the request. Impersonate string // ImpersonateGroups allows to define the default values for impersonated groups. // Must be a subset of kubernetes_groups otherwise Teleport will deny // the request. ImpersonateGroups []string // Namespace allows to define the default namespace value. Namespace string // KubeClusters is a list of kubernetes clusters to generate contexts for. KubeClusters []string // SelectCluster is the name of the kubernetes cluster to set in // current-context. SelectCluster string }
Values are Teleport user data needed to generate kubeconfig entries.