bootstrappolicy

package
v1.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2015 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultOpenShiftSharedResourcesNamespace = "openshift"
	DefaultOpenShiftInfraNamespace           = "openshift-infra"
)

known namespaces

View Source
const (
	DefaultServiceAccountName  = "default"
	BuilderServiceAccountName  = "builder"
	DeployerServiceAccountName = "deployer"

	InfraBuildControllerServiceAccountName       = "build-controller"
	InfraReplicationControllerServiceAccountName = "replication-controller"
	InfraDeploymentControllerServiceAccountName  = "deployment-controller"

	MasterUnqualifiedUsername   = "openshift-master"
	RouterUnqualifiedUsername   = "openshift-router"
	RegistryUnqualifiedUsername = "openshift-registry"

	MasterUsername   = "system:" + MasterUnqualifiedUsername
	RouterUsername   = "system:" + RouterUnqualifiedUsername
	RegistryUsername = "system:" + RegistryUnqualifiedUsername
)

users

View Source
const (
	UnauthenticatedUsername = "system:anonymous"

	AuthenticatedGroup   = "system:authenticated"
	UnauthenticatedGroup = "system:unauthenticated"
	ClusterAdminGroup    = "system:cluster-admins"
	ClusterReaderGroup   = "system:cluster-readers"
	MastersGroup         = "system:masters"
	NodesGroup           = "system:nodes"
	RouterGroup          = "system:routers"
	RegistryGroup        = "system:registries"
)

groups

View Source
const (
	ClusterAdminRoleName    = "cluster-admin"
	ClusterReaderRoleName   = "cluster-reader"
	AdminRoleName           = "admin"
	EditRoleName            = "edit"
	ViewRoleName            = "view"
	SelfProvisionerRoleName = "self-provisioner"
	BasicUserRoleName       = "basic-user"
	StatusCheckerRoleName   = "cluster-status"

	BuildControllerRoleName       = "system:build-controller"
	ReplicationControllerRoleName = "system:replication-controller"
	DeploymentControllerRoleName  = "system:deployment-controller"

	ImagePullerRoleName       = "system:image-puller"
	ImageBuilderRoleName      = "system:image-builder"
	ImagePrunerRoleName       = "system:image-pruner"
	DeployerRoleName          = "system:deployer"
	RouterRoleName            = "system:router"
	RegistryRoleName          = "system:registry"
	MasterRoleName            = "system:master"
	NodeRoleName              = "system:node"
	NodeProxierRoleName       = "system:node-proxier"
	SDNReaderRoleName         = "system:sdn-reader"
	SDNManagerRoleName        = "system:sdn-manager"
	OAuthTokenDeleterRoleName = "system:oauth-token-deleter"
	WebHooksRoleName          = "system:webhook"

	OpenshiftSharedResourceViewRoleName = "shared-resource-viewer"
)

Roles

View Source
const (
	SelfProvisionerRoleBindingName   = SelfProvisionerRoleName + "s"
	DeployerRoleBindingName          = DeployerRoleName + "s"
	ClusterAdminRoleBindingName      = ClusterAdminRoleName + "s"
	ClusterReaderRoleBindingName     = ClusterReaderRoleName + "s"
	BasicUserRoleBindingName         = BasicUserRoleName + "s"
	OAuthTokenDeleterRoleBindingName = OAuthTokenDeleterRoleName + "s"
	StatusCheckerRoleBindingName     = StatusCheckerRoleName + "-binding"
	ImagePullerRoleBindingName       = ImagePullerRoleName + "s"
	ImageBuilderRoleBindingName      = ImageBuilderRoleName + "s"
	RouterRoleBindingName            = RouterRoleName + "s"
	RegistryRoleBindingName          = RegistryRoleName + "s"
	MasterRoleBindingName            = MasterRoleName + "s"
	NodeRoleBindingName              = NodeRoleName + "s"
	NodeProxierRoleBindingName       = NodeProxierRoleName + "s"
	SDNReaderRoleBindingName         = SDNReaderRoleName + "s"
	SDNManagerRoleBindingName        = SDNManagerRoleName + "s"
	WebHooksRoleBindingName          = WebHooksRoleName + "s"

	OpenshiftSharedResourceViewRoleBindingName = OpenshiftSharedResourceViewRoleName + "s"
)

RoleBindings

View Source
const (
	// SecurityContextConstraintPrivileged is used as the name for the system default privileged scc.
	SecurityContextConstraintPrivileged = "privileged"
	// SecurityContextConstraintRestricted is used as the name for the system default restricted scc.
	SecurityContextConstraintRestricted = "restricted"
)

Variables

This section is empty.

Functions

func GetBootstrapClusterRoleBindings

func GetBootstrapClusterRoleBindings() []authorizationapi.ClusterRoleBinding

func GetBootstrapClusterRoles

func GetBootstrapClusterRoles() []authorizationapi.ClusterRole

func GetBootstrapOpenshiftRoleBindings

func GetBootstrapOpenshiftRoleBindings(openshiftNamespace string) []authorizationapi.RoleBinding

func GetBootstrapOpenshiftRoles

func GetBootstrapOpenshiftRoles(openshiftNamespace string) []authorizationapi.Role

func GetBootstrapSecurityContextConstraints

func GetBootstrapSecurityContextConstraints(buildControllerUsername string) []kapi.SecurityContextConstraints

GetBootstrapSecurityContextConstraints returns the slice of default SecurityContextConstraints for system bootstrapping.

func GetBootstrapServiceAccountProjectRoleBindings

func GetBootstrapServiceAccountProjectRoleBindings(namespace string) []authorizationapi.RoleBinding

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL