rbac

package
v2.26.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2025 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package rbac contains a controller that is responsible for setting up RBAC to allow users to access the clusters they should be able to access.

Index

Constants

View Source
const (
	// OwnerGroupNamePrefix represents owners group prefix.
	OwnerGroupNamePrefix = "owners"

	// EditorGroupNamePrefix represents editors group prefix.
	EditorGroupNamePrefix = "editors"

	// ViewerGroupNamePrefix represents viewers group prefix.
	ViewerGroupNamePrefix = "viewers"

	// ProjectManagerGroupNamePrefix represents project managers group prefix.
	// Can create, update and delete projects and add/remove members & service accounts.
	ProjectManagerGroupNamePrefix = "projectmanagers"

	// RBACResourcesNamePrefix represents kubermatic group prefix.
	RBACResourcesNamePrefix = "kubermatic"
)
View Source
const (
	CleanupFinalizerName = "kubermatic.k8c.io/controller-manager-rbac-cleanup"
)
View Source
const (
	EtcdLauncherServiceAccountName = "etcd-launcher"
)

Variables

AllGroupsPrefixes holds a list of groups with prefixes that we will generate RBAC Roles/Binding for.

Note: adding a new group also requires updating generateVerbsForNamedResource method. the actual names of groups are different see generateActualGroupNameFor function.

Functions

func ExtractGroupPrefix

func ExtractGroupPrefix(groupName string) string

ExtractGroupPrefix extracts only group prefix from the given group name.

func GenerateActualGroupNameFor

func GenerateActualGroupNameFor(projectName, groupName string) string

GenerateActualGroupNameFor generates a group name for the given project and group prefix.

Types

type ControllerAggregator

type ControllerAggregator struct {
	// contains filtered or unexported fields
}

ControllerAggregator type holds controllers for managing RBAC for projects and theirs resources.

func New

func New(ctx context.Context, metrics *Metrics, mgr manager.Manager, seedManagerMap map[string]manager.Manager, log *zap.SugaredLogger, labelSelectorFunc func(*metav1.ListOptions), workerPredicate predicate.Predicate, workerCount int) (*ControllerAggregator, error)

New creates a new controller aggregator for managing RBAC for resources.

type InformerProvider

type InformerProvider interface {
	// KubeInformerFactoryFor registers a shared informer factory for the given namespace
	KubeInformerFactoryFor(namespace string) kubeinformers.SharedInformerFactory
	// StartInformers starts all registered factories
	StartInformers(stopCh <-chan struct{})
	// WaitForCachesToSync waits until caches from all factories are synced
	WaitForCachesToSync(stopCh <-chan struct{}) error
}

InformerProvider allows for storing shared informer factories for the given namespaces additionally it provides method for starting and waiting for all registered factories.

type InformerProviderImpl

type InformerProviderImpl struct {
	// contains filtered or unexported fields
}

InformerProviderImpl simply holds namespaced factories.

func NewInformerProvider

func NewInformerProvider(kubeClient kubernetes.Interface, resync time.Duration) *InformerProviderImpl

NewInformerProvider creates a new provider that.

func (*InformerProviderImpl) KubeInformerFactoryFor

func (p *InformerProviderImpl) KubeInformerFactoryFor(namespace string) kubeinformers.SharedInformerFactory

KubeInformerFactoryFor registers a shared informer factory for the given namespace.

func (*InformerProviderImpl) StartInformers

func (p *InformerProviderImpl) StartInformers(stopCh <-chan struct{})

StartInformers starts all registered factories.

func (*InformerProviderImpl) WaitForCachesToSync

func (p *InformerProviderImpl) WaitForCachesToSync(stopCh <-chan struct{}) error

WaitForCachesToSync waits until caches from all factories are synced.

type Metrics

type Metrics struct {
	Workers prometheus.Gauge
}

Metrics contains metrics that this controller will collect and expose.

func NewMetrics

func NewMetrics() *Metrics

NewMetrics creates RBACGeneratorControllerMetrics with default values initialized, so metrics always show up.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL