kubernetes

package
v2.18.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2021 License: Apache-2.0 Imports: 57 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	ClusterTemplateLabelKey         = "template-id"
	ClusterTemplateInstanceLabelKey = "template-instance-id"
)
View Source 
const (
	ServiceAccountLabelGroup      = "initialGroup"
	ServiceAccountAnnotationOwner = "owner"
)
View Source 
const (
	// NamespacePrefix is the prefix for the cluster namespace
	NamespacePrefix = "cluster-"
)

Variables

This section is empty.

Functions

func AddonProviderFactory 

func AddonProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter, accessibleAddons sets.String) provider.AddonProviderGetter

func AlertmanagerProviderFactory added in v2.18.0 

func AlertmanagerProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.AlertmanagerProviderGetter

func BackupCredentialsProviderFactory added in v2.18.0 

func BackupCredentialsProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.BackupCredentialsProviderGetter

func ClusterTemplateInstanceProviderFactory added in v2.18.0 

func ClusterTemplateInstanceProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.ClusterTemplateInstanceProviderGetter

func ConstraintProviderFactory added in v2.17.1 

func ConstraintProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.ConstraintProviderGetter

func CreateOrUpdateCredentialSecretForCluster 

func CreateOrUpdateCredentialSecretForCluster(ctx context.Context, seedClient ctrlruntimeclient.Client, cluster *kubermaticv1.Cluster) error

CreateOrUpdateCredentialSecretForCluster creates a new secret for a credential.

func EtcdBackupConfigProjectProviderFactory added in v2.18.0 

func EtcdBackupConfigProjectProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.EtcdBackupConfigProjectProviderGetter

func EtcdBackupConfigProviderFactory added in v2.18.0 

func EtcdBackupConfigProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.EtcdBackupConfigProviderGetter

func EtcdRestoreProjectProviderFactory added in v2.18.0 

func EtcdRestoreProjectProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.EtcdRestoreProjectProviderGetter

func EtcdRestoreProviderFactory added in v2.18.0 

func EtcdRestoreProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.EtcdRestoreProviderGetter

func GetClusterTemplateInstanceName added in v2.18.0 

func GetClusterTemplateInstanceName(projectID, templateID string) string

func IsProjectServiceAccount added in v2.17.0 

func IsProjectServiceAccount(email string) bool

IsProjectServiceAccount determines whether the given email address belongs to a project service account

func LoadPresets 

func LoadPresets(yamlContent []byte) (*kubermaticv1.PresetList, error)

LoadPresets loads the custom presets for supported providers

func LoadPresetsFromFile 

func LoadPresetsFromFile(path string) (*kubermaticv1.PresetList, error)

LoadPresetsFromFile loads the custom presets for supported providers

func NamespaceName 

func NamespaceName(clusterName string) string

NamespaceName returns the namespace name for a cluster

func PrivilegedMLAAdminSettingProviderFactory added in v2.18.0 

func PrivilegedMLAAdminSettingProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.PrivilegedMLAAdminSettingProviderGetter

func RuleGroupProviderFactory added in v2.18.0 

func RuleGroupProviderFactory(mapper meta.RESTMapper, seedKubeconfigGetter provider.SeedKubeconfigGetter) provider.RuleGroupProviderGetter

Types

type AddonConfigProvider 

type AddonConfigProvider struct {
	// contains filtered or unexported fields
}

AddonConfigProvider struct that holds required components of the AddonConfigProvider

func NewAddonConfigProvider 

func NewAddonConfigProvider(client ctrlruntimeclient.Client) *AddonConfigProvider

NewAddonConfigProvider returns a new AddonConfigProvider

func (*AddonConfigProvider) Get 

func (p *AddonConfigProvider) Get(addonName string) (*kubermaticv1.AddonConfig, error)

Get addon configuration

func (*AddonConfigProvider) List 

func (p *AddonConfigProvider) List() (*kubermaticv1.AddonConfigList, error)

List available addon configurations

type AddonProvider 

type AddonProvider struct {
	// contains filtered or unexported fields
}

AddonProvider struct that holds required components of the AddonProvider implementation

func NewAddonProvider 

func NewAddonProvider(
	clientPrivileged ctrlruntimeclient.Client,
	createSeedImpersonatedClient ImpersonationClient,
	accessibleAddons sets.String) *AddonProvider

NewAddonProvider returns a new addon provider that respects RBAC policies it uses createSeedImpersonatedClient to create a connection that uses user impersonation

func (*AddonProvider) Delete 

func (p *AddonProvider) Delete(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, addonName string) error

Delete deletes the given addon

func (*AddonProvider) DeleteUnsecured 

func (p *AddonProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster, addonName string) error

DeleteUnsecured deletes the given addon

Note that this function: is unsafe in a sense that it uses privileged account to delete the resource

func (*AddonProvider) Get 

func (p *AddonProvider) Get(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, addonName string) (*kubermaticv1.Addon, error)

Get returns the given addon, it uses the projectInternalName to determine the group the user belongs to

func (*AddonProvider) GetUnsecured 

func (p *AddonProvider) GetUnsecured(cluster *kubermaticv1.Cluster, addonName string) (*kubermaticv1.Addon, error)

GetUnsecured returns the given addon

Note that this function: is unsafe in a sense that it uses privileged account to get the resource

func (*AddonProvider) List 

func (p *AddonProvider) List(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster) ([]*kubermaticv1.Addon, error)

List returns all addons in the given cluster

func (*AddonProvider) ListUnsecured 

func (p *AddonProvider) ListUnsecured(cluster *kubermaticv1.Cluster) ([]*kubermaticv1.Addon, error)

func (*AddonProvider) New 

func (p *AddonProvider) New(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, addonName string, variables *runtime.RawExtension, labels map[string]string) (*kubermaticv1.Addon, error)

New creates a new addon in the given cluster

func (*AddonProvider) NewUnsecured 

func (p *AddonProvider) NewUnsecured(cluster *kubermaticv1.Cluster, addonName string, variables *runtime.RawExtension, labels map[string]string) (*kubermaticv1.Addon, error)

NewUnsecured creates a new addon in the given cluster

Note that this function: is unsafe in a sense that it uses privileged account to create the resource

func (*AddonProvider) Update 

func (p *AddonProvider) Update(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, addon *kubermaticv1.Addon) (*kubermaticv1.Addon, error)

Update updates an addon

func (*AddonProvider) UpdateUnsecured 

func (p *AddonProvider) UpdateUnsecured(cluster *kubermaticv1.Cluster, addon *kubermaticv1.Addon) (*kubermaticv1.Addon, error)

UpdateUnsecured updates an addon

Note that this function: is unsafe in a sense that it uses privileged account to update the resource

type AdminProvider 

type AdminProvider struct {
	// contains filtered or unexported fields
}

AdminProvider manages admin resources

func NewAdminProvider 

func NewAdminProvider(client ctrlruntimeclient.Client) *AdminProvider

NewAdminProvider returns a admin provider

func (*AdminProvider) GetAdmins 

func (a *AdminProvider) GetAdmins(userInfo *provider.UserInfo) ([]kubermaticv1.User, error)

GetAdmins return all users with admin rights

func (*AdminProvider) SetAdmin 

func (a *AdminProvider) SetAdmin(userInfo *provider.UserInfo, email string, isAdmin bool) (*kubermaticv1.User, error)

SetAdmin set/clear admin rights

type AdmissionPluginsProvider 

type AdmissionPluginsProvider struct {
	// contains filtered or unexported fields
}

AdmissionPluginsProvider is a object to handle admission plugins

func NewAdmissionPluginsProvider 

func NewAdmissionPluginsProvider(ctx context.Context, client ctrlruntimeclient.Client) *AdmissionPluginsProvider

func (*AdmissionPluginsProvider) Delete 

func (p *AdmissionPluginsProvider) Delete(userInfo *provider.UserInfo, name string) error

func (*AdmissionPluginsProvider) Get 

func (p *AdmissionPluginsProvider) Get(userInfo *provider.UserInfo, name string) (*kubermaticv1.AdmissionPlugin, error)

func (*AdmissionPluginsProvider) List 

func (p *AdmissionPluginsProvider) List(userInfo *provider.UserInfo) ([]kubermaticv1.AdmissionPlugin, error)

func (*AdmissionPluginsProvider) ListPluginNamesFromVersion 

func (p *AdmissionPluginsProvider) ListPluginNamesFromVersion(fromVersion string) ([]string, error)

func (*AdmissionPluginsProvider) Update 

func (p *AdmissionPluginsProvider) Update(userInfo *provider.UserInfo, admissionPlugin *kubermaticv1.AdmissionPlugin) (*kubermaticv1.AdmissionPlugin, error)

type AlertmanagerProvider added in v2.18.0 

type AlertmanagerProvider struct {
	// contains filtered or unexported fields
}

AlertmanagerProvider struct that holds required components in order to manage alertmanager objects.

func NewAlertmanagerProvider added in v2.18.0 

func NewAlertmanagerProvider(createSeedImpersonatedClient ImpersonationClient, privilegedClient ctrlruntimeclient.Client) *AlertmanagerProvider

NewAlertmanagerProvider returns an alertmanager provider

func (*AlertmanagerProvider) Get added in v2.18.0 

func (p *AlertmanagerProvider) Get(cluster *kubermaticv1.Cluster, userInfo *provider.UserInfo) (*kubermaticv1.Alertmanager, *corev1.Secret, error)

Get gets an Alertmanager object and Secret which contains the configuration of this Alertmanager.

func (*AlertmanagerProvider) GetUnsecured added in v2.18.0 

func (p *AlertmanagerProvider) GetUnsecured(cluster *kubermaticv1.Cluster) (*kubermaticv1.Alertmanager, *corev1.Secret, error)

GetUnsecured gets an Alertmanager object and Secret which contains the configuration of this Alertmanager by using a privileged client.

func (*AlertmanagerProvider) Reset added in v2.18.0 

func (p *AlertmanagerProvider) Reset(cluster *kubermaticv1.Cluster, userInfo *provider.UserInfo) error

Reset resets corresponding config Secret of Alertmanager object to the default config. This will not remove Alertmanager object, it will only delete the config secret, and alertmanager controller will create default config secret.

func (*AlertmanagerProvider) ResetUnsecured added in v2.18.0 

func (p *AlertmanagerProvider) ResetUnsecured(cluster *kubermaticv1.Cluster) error

ResetUnsecured resets corresponding config Secret of Alertmanager object to the default config by using a privileged client.

func (*AlertmanagerProvider) Update added in v2.18.0 

func (p *AlertmanagerProvider) Update(expectedAlertmanager *kubermaticv1.Alertmanager, expectedSecret *corev1.Secret, userInfo *provider.UserInfo) (*kubermaticv1.Alertmanager, *corev1.Secret, error)

Update updates an Alertmanager object and corresponding config Secret since Alertmanager and Secret will be created by alertmanager configuration controller.

func (*AlertmanagerProvider) UpdateUnsecured added in v2.18.0 

func (p *AlertmanagerProvider) UpdateUnsecured(expectedAlertmanager *kubermaticv1.Alertmanager, expectedSecret *corev1.Secret) (*kubermaticv1.Alertmanager, *corev1.Secret, error)

UpdateUnsecured updates an Alertmanager object and corresponding config Secret by using a privileged client.

type BackupCredentialsProvider added in v2.18.0 

type BackupCredentialsProvider struct {
	// contains filtered or unexported fields
}

BackupCredentialsProvider struct that holds required components in order manage backup credentials

func NewBackupCredentialsProvider added in v2.18.0 

func NewBackupCredentialsProvider(client ctrlruntimeclient.Client) *BackupCredentialsProvider

NewBackupCredentialsProvider returns a backup credential provider

func (*BackupCredentialsProvider) CreateUnsecured added in v2.18.0 

func (p *BackupCredentialsProvider) CreateUnsecured(credentials *corev1.Secret) (*corev1.Secret, error)

func (*BackupCredentialsProvider) GetUnsecured added in v2.18.0 

func (p *BackupCredentialsProvider) GetUnsecured() (*corev1.Secret, error)

func (*BackupCredentialsProvider) UpdateUnsecured added in v2.18.0 

func (p *BackupCredentialsProvider) UpdateUnsecured(new *corev1.Secret) (*corev1.Secret, error)

type ClusterProvider 

type ClusterProvider struct {
	// contains filtered or unexported fields
}

ClusterProvider struct that holds required components in order to provide cluster provided that is RBAC compliant

func NewClusterProvider 

func NewClusterProvider(
	cfg *restclient.Config,
	createSeedImpersonatedClient ImpersonationClient,
	userClusterConnProvider UserClusterConnectionProvider,
	workerName string,
	extractGroupPrefix extractGroupPrefixFunc,
	client ctrlruntimeclient.Client,
	k8sClient kubernetes.Interface,
	oidcKubeConfEndpoint bool,
	versions kubermatic.Versions) *ClusterProvider

NewClusterProvider returns a new cluster provider that respects RBAC policies it uses createSeedImpersonatedClient to create a connection that uses user impersonation

func (*ClusterProvider) Delete 

func (p *ClusterProvider) Delete(userInfo *provider.UserInfo, clusterName string) error

Delete deletes the given cluster

func (*ClusterProvider) DeleteUnsecured 

func (p *ClusterProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster) error

DeleteUnsecured deletes a cluster.

Note that the admin privileges are used to delete cluster

func (*ClusterProvider) Get 

func (p *ClusterProvider) Get(userInfo *provider.UserInfo, clusterName string, options *provider.ClusterGetOptions) (*kubermaticv1.Cluster, error)

Get returns the given cluster, it uses the projectInternalName to determine the group the user belongs to

func (*ClusterProvider) GetAdminClientForCustomerCluster 

func (p *ClusterProvider) GetAdminClientForCustomerCluster(ctx context.Context, c *kubermaticv1.Cluster) (ctrlruntimeclient.Client, error)

GetAdminClientForCustomerCluster returns a client to interact with all resources in the given cluster

Note that the client you will get has admin privileges

func (*ClusterProvider) GetAdminKubeconfigForCustomerCluster 

func (p *ClusterProvider) GetAdminKubeconfigForCustomerCluster(c *kubermaticv1.Cluster) (*clientcmdapi.Config, error)

GetAdminKubeconfigForCustomerCluster returns the admin kubeconfig for the given cluster

func (*ClusterProvider) GetClientForCustomerCluster 

func (p *ClusterProvider) GetClientForCustomerCluster(ctx context.Context, userInfo *provider.UserInfo, c *kubermaticv1.Cluster) (ctrlruntimeclient.Client, error)

GetClientForCustomerCluster returns a client to interact with all resources in the given cluster

Note that the client doesn't use admin account instead it authn/authz as userInfo(email, group) This implies that you have to make sure the user has the appropriate permissions inside the user cluster

func (*ClusterProvider) GetSeedClusterAdminClient 

func (p *ClusterProvider) GetSeedClusterAdminClient() kubernetes.Interface

GetSeedClusterAdminClient returns a kubernetes client to interact with the seed cluster resources.

Note that this client has admin privileges in the seed cluster.

func (*ClusterProvider) GetSeedClusterAdminRuntimeClient 

func (p *ClusterProvider) GetSeedClusterAdminRuntimeClient() ctrlruntimeclient.Client

GetSeedClusterAdminRuntimeClient returns a runtime client to interact with the seed cluster resources.

Note that this client has admin privileges in the seed cluster.

func (*ClusterProvider) GetTokenForCustomerCluster 

func (p *ClusterProvider) GetTokenForCustomerCluster(ctx context.Context, userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster) (string, error)

func (*ClusterProvider) GetUnsecured 

func (p *ClusterProvider) GetUnsecured(project *kubermaticv1.Project, clusterName string, options *provider.ClusterGetOptions) (*kubermaticv1.Cluster, error)

GetUnsecured returns a cluster for the project and given name.

Note that the admin privileges are used to get cluster

func (*ClusterProvider) GetViewerKubeconfigForCustomerCluster 

func (p *ClusterProvider) GetViewerKubeconfigForCustomerCluster(c *kubermaticv1.Cluster) (*clientcmdapi.Config, error)

GetViewerKubeconfigForCustomerCluster returns the viewer kubeconfig for the given cluster

func (*ClusterProvider) IsCluster added in v2.16.3 

func (p *ClusterProvider) IsCluster(clusterName string) bool

IsCluster checks if cluster exist with the given name

func (*ClusterProvider) List 

func (p *ClusterProvider) List(project *kubermaticv1.Project, options *provider.ClusterListOptions) (*kubermaticv1.ClusterList, error)

List gets all clusters that belong to the given project If you want to filter the result please take a look at ClusterListOptions

Note: After we get the list of clusters we could try to get each cluster individually using unprivileged account to see if the user have read access, We don't do this because we assume that if the user was able to get the project (argument) it has to have at least read access.

func (*ClusterProvider) ListAll 

func (p *ClusterProvider) ListAll() (*kubermaticv1.ClusterList, error)

ListAll gets all clusters

Note that the admin privileges are used to list all clusters

func (*ClusterProvider) New 

func (p *ClusterProvider) New(project *kubermaticv1.Project, userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster) (*kubermaticv1.Cluster, error)

New creates a brand new cluster that is bound to the given project

func (*ClusterProvider) NewUnsecured 

func (p *ClusterProvider) NewUnsecured(project *kubermaticv1.Project, cluster *kubermaticv1.Cluster, userEmail string) (*kubermaticv1.Cluster, error)

NewUnsecured creates a brand new cluster that is bound to the given project.

Note that the admin privileges are used to create cluster

func (*ClusterProvider) RevokeAdminKubeconfig 

func (p *ClusterProvider) RevokeAdminKubeconfig(c *kubermaticv1.Cluster) error

RevokeAdminKubeconfig revokes the viewer token and kubeconfig

func (*ClusterProvider) RevokeViewerKubeconfig 

func (p *ClusterProvider) RevokeViewerKubeconfig(c *kubermaticv1.Cluster) error

RevokeViewerKubeconfig revokes the viewer token and kubeconfig

func (*ClusterProvider) SeedAdminConfig 

func (p *ClusterProvider) SeedAdminConfig() *restclient.Config

SeedAdminConfig return an admin kubeconfig for the seed. This function does not perform any kind of access control. Try to not use it.

func (*ClusterProvider) Update 

func (p *ClusterProvider) Update(project *kubermaticv1.Project, userInfo *provider.UserInfo, newCluster *kubermaticv1.Cluster) (*kubermaticv1.Cluster, error)

Update updates a cluster

func (*ClusterProvider) UpdateUnsecured 

func (p *ClusterProvider) UpdateUnsecured(project *kubermaticv1.Project, cluster *kubermaticv1.Cluster) (*kubermaticv1.Cluster, error)

UpdateUnsecured updates a cluster.

Note that the admin privileges are used to update cluster

type ClusterTemplateInstanceProvider added in v2.18.0 

type ClusterTemplateInstanceProvider struct {
	// contains filtered or unexported fields
}

AlertmanagerProvider struct that holds required components in order to manage alertmanager objects.

func NewClusterTemplateInstanceProvider added in v2.18.0 

func NewClusterTemplateInstanceProvider(createSeedImpersonatedClient ImpersonationClient, privilegedClient ctrlruntimeclient.Client) *ClusterTemplateInstanceProvider

ClusterTemplateInstanceProvider returns provider

func (ClusterTemplateInstanceProvider) Create added in v2.18.0 

func (r ClusterTemplateInstanceProvider) Create(userInfo *provider.UserInfo, template *kubermaticv1.ClusterTemplate, project *kubermaticv1.Project, replicas int64) (*kubermaticv1.ClusterTemplateInstance, error)

func (ClusterTemplateInstanceProvider) CreateUnsecured added in v2.18.0 

func (r ClusterTemplateInstanceProvider) CreateUnsecured(template *kubermaticv1.ClusterTemplate, project *kubermaticv1.Project, replicas int64) (*kubermaticv1.ClusterTemplateInstance, error)

func (ClusterTemplateInstanceProvider) Get added in v2.18.0 

func (r ClusterTemplateInstanceProvider) Get(userInfo *provider.UserInfo, name string) (*kubermaticv1.ClusterTemplateInstance, error)

func (ClusterTemplateInstanceProvider) GetUnsecured added in v2.18.0 

func (r ClusterTemplateInstanceProvider) GetUnsecured(name string) (*kubermaticv1.ClusterTemplateInstance, error)

func (ClusterTemplateInstanceProvider) List added in v2.18.0 

func (r ClusterTemplateInstanceProvider) List(userInfo *provider.UserInfo, options provider.ClusterTemplateInstanceListOptions) (*kubermaticv1.ClusterTemplateInstanceList, error)

func (ClusterTemplateInstanceProvider) ListUnsecured added in v2.18.0 

func (r ClusterTemplateInstanceProvider) ListUnsecured(options provider.ClusterTemplateInstanceListOptions) (*kubermaticv1.ClusterTemplateInstanceList, error)

func (ClusterTemplateInstanceProvider) Patch added in v2.18.0 

func (r ClusterTemplateInstanceProvider) Patch(userInfo *provider.UserInfo, instance *kubermaticv1.ClusterTemplateInstance) (*kubermaticv1.ClusterTemplateInstance, error)

func (ClusterTemplateInstanceProvider) PatchUnsecured added in v2.18.0 

func (r ClusterTemplateInstanceProvider) PatchUnsecured(instance *kubermaticv1.ClusterTemplateInstance) (*kubermaticv1.ClusterTemplateInstance, error)

type ClusterTemplateProvider added in v2.18.0 

type ClusterTemplateProvider struct {
	// contains filtered or unexported fields
}

ClusterTemplateProvider struct that holds required components in order manage cluster templates

func NewClusterTemplateProvider added in v2.18.0 

func NewClusterTemplateProvider(createMasterImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) (*ClusterTemplateProvider, error)

NewClusterTemplateProvider returns a cluster template provider

func (*ClusterTemplateProvider) Delete added in v2.18.0 

func (p *ClusterTemplateProvider) Delete(userInfo *provider.UserInfo, projectID, templateID string) error

func (*ClusterTemplateProvider) Get added in v2.18.0 

func (p *ClusterTemplateProvider) Get(userInfo *provider.UserInfo, projectID, templateID string) (*kubermaticv1.ClusterTemplate, error)

func (*ClusterTemplateProvider) List added in v2.18.0 

func (p *ClusterTemplateProvider) List(userInfo *provider.UserInfo, projectID string) ([]kubermaticv1.ClusterTemplate, error)

func (*ClusterTemplateProvider) New added in v2.18.0 

func (p *ClusterTemplateProvider) New(userInfo *provider.UserInfo, newClusterTemplate *kubermaticv1.ClusterTemplate, scope, projectID string) (*kubermaticv1.ClusterTemplate, error)

type ConstraintProvider added in v2.16.3 

type ConstraintProvider struct {
	// contains filtered or unexported fields
}

ConstraintProvider struct that holds required components in order manage constraints

func NewConstraintProvider added in v2.16.3 

func NewConstraintProvider(createSeedImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) (*ConstraintProvider, error)

NewConstraintProvider returns a constraint provider

func (*ConstraintProvider) Create added in v2.16.3 

func (p *ConstraintProvider) Create(userInfo *provider.UserInfo, constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

func (*ConstraintProvider) CreateUnsecured added in v2.16.3 

func (p *ConstraintProvider) CreateUnsecured(constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

func (*ConstraintProvider) Delete added in v2.16.3 

func (p *ConstraintProvider) Delete(cluster *kubermaticv1.Cluster, userInfo *provider.UserInfo, name string) error

Delete deletes a constraint

func (*ConstraintProvider) DeleteUnsecured added in v2.16.3 

func (p *ConstraintProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster, name string) error

DeleteUnsecured deletes a constraint using a privileged client

func (*ConstraintProvider) Get added in v2.16.3 

func (p *ConstraintProvider) Get(cluster *kubermaticv1.Cluster, name string) (*kubermaticv1.Constraint, error)

Get gets a constraint using a privileged client

func (*ConstraintProvider) List added in v2.16.3 

func (p *ConstraintProvider) List(cluster *kubermaticv1.Cluster) (*kubermaticv1.ConstraintList, error)

List gets all constraints

func (*ConstraintProvider) Update added in v2.16.3 

func (p *ConstraintProvider) Update(userInfo *provider.UserInfo, constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

func (*ConstraintProvider) UpdateUnsecured added in v2.16.3 

func (p *ConstraintProvider) UpdateUnsecured(constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

type ConstraintTemplateProvider added in v2.16.3 

type ConstraintTemplateProvider struct {
	// contains filtered or unexported fields
}

ConstraintTemplateProvider struct that holds required components in order manage constraint templates

func NewConstraintTemplateProvider added in v2.16.3 

func NewConstraintTemplateProvider(createMasterImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) (*ConstraintTemplateProvider, error)

NewConstraintTemplateProvider returns a constraint template provider

func (*ConstraintTemplateProvider) Create added in v2.16.3 

func (p *ConstraintTemplateProvider) Create(ct *kubermaticv1.ConstraintTemplate) (*kubermaticv1.ConstraintTemplate, error)

Create creates a constraint template

func (*ConstraintTemplateProvider) Delete added in v2.16.3 

func (p *ConstraintTemplateProvider) Delete(ct *kubermaticv1.ConstraintTemplate) error

Delete deletes a constraint template

func (*ConstraintTemplateProvider) Get added in v2.16.3 

func (p *ConstraintTemplateProvider) Get(name string) (*kubermaticv1.ConstraintTemplate, error)

Get gets a constraint template

func (*ConstraintTemplateProvider) List added in v2.16.3 

func (p *ConstraintTemplateProvider) List() (*kubermaticv1.ConstraintTemplateList, error)

List gets all constraint templates

func (*ConstraintTemplateProvider) Update added in v2.16.3 

func (p *ConstraintTemplateProvider) Update(ct *kubermaticv1.ConstraintTemplate) (*kubermaticv1.ConstraintTemplate, error)

Update updates a constraint template

type DefaultConstraintProvider added in v2.18.0 

type DefaultConstraintProvider struct {
	// contains filtered or unexported fields
}

DefaultConstraintProvider struct that holds required components in order manage constraints

func NewDefaultConstraintProvider added in v2.18.0 

func NewDefaultConstraintProvider(createMasterImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client, namespace string) (*DefaultConstraintProvider, error)

NewDefaultConstraintProvider returns a default constraint provider

func (*DefaultConstraintProvider) Create added in v2.18.0 

func (p *DefaultConstraintProvider) Create(constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

func (*DefaultConstraintProvider) Delete added in v2.18.0 

func (p *DefaultConstraintProvider) Delete(name string) error

func (*DefaultConstraintProvider) Get added in v2.18.0 

func (p *DefaultConstraintProvider) Get(name string) (*kubermaticv1.Constraint, error)

func (*DefaultConstraintProvider) List added in v2.18.0 

func (p *DefaultConstraintProvider) List() (*kubermaticv1.ConstraintList, error)

func (*DefaultConstraintProvider) Update added in v2.18.0 

func (p *DefaultConstraintProvider) Update(constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

type DefaultImpersonationClient 

type DefaultImpersonationClient struct {
	// contains filtered or unexported fields
}

DefaultImpersonationClient knows how to create impersonated client set

func NewImpersonationClient 

func NewImpersonationClient(cfg *restclient.Config, restMapper meta.RESTMapper) *DefaultImpersonationClient

NewImpersonationClient creates a new default impersonation client that knows how to create Interface client for a impersonated user

func (*DefaultImpersonationClient) CreateImpersonatedClient 

func (d *DefaultImpersonationClient) CreateImpersonatedClient(impCfg restclient.ImpersonationConfig) (ctrlruntimeclient.Client, error)

CreateImpersonatedClient actually creates impersonated client set for the given user.

type DefaultKubermaticImpersonationClient 

type DefaultKubermaticImpersonationClient struct {
	// contains filtered or unexported fields
}

DefaultKubermaticImpersonationClient knows how to create impersonated client set

func (*DefaultKubermaticImpersonationClient) CreateImpersonatedKubermaticClientSet 

func (d *DefaultKubermaticImpersonationClient) CreateImpersonatedKubermaticClientSet(impCfg restclient.ImpersonationConfig) (kubermaticclientv1.KubermaticV1Interface, error)

CreateImpersonatedKubermaticClientSet actually creates impersonated kubermatic client set for the given user.

type EtcdBackupConfigProjectProvider added in v2.18.0 

type EtcdBackupConfigProjectProvider struct {
	// contains filtered or unexported fields
}

EtcdBackupConfigProjectProvider struct that holds required components in order manage etcd backup backupConfigs across projects

func NewEtcdBackupConfigProjectProvider added in v2.18.0 

func NewEtcdBackupConfigProjectProvider(createSeedImpersonatedClients map[string]ImpersonationClient, clients map[string]ctrlruntimeclient.Client) *EtcdBackupConfigProjectProvider

NewEtcdBackupConfigProjectProvider returns an etcd backupConfig global provider

func (*EtcdBackupConfigProjectProvider) List added in v2.18.0 

func (p *EtcdBackupConfigProjectProvider) List(userInfo *provider.UserInfo, projectID string) ([]*kubermaticv1.EtcdBackupConfigList, error)

func (*EtcdBackupConfigProjectProvider) ListUnsecured added in v2.18.0 

func (p *EtcdBackupConfigProjectProvider) ListUnsecured(projectID string) ([]*kubermaticv1.EtcdBackupConfigList, error)

type EtcdBackupConfigProvider added in v2.18.0 

type EtcdBackupConfigProvider struct {
	// contains filtered or unexported fields
}

EtcdBackupConfigProvider struct that holds required components in order manage etcd backup configs

func NewEtcdBackupConfigProvider added in v2.18.0 

func NewEtcdBackupConfigProvider(createSeedImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) *EtcdBackupConfigProvider

NewEtcdBackupConfigProvider returns a constraint provider

func (*EtcdBackupConfigProvider) Create added in v2.18.0 

func (p *EtcdBackupConfigProvider) Create(userInfo *provider.UserInfo, etcdBackupConfig *kubermaticv1.EtcdBackupConfig) (*kubermaticv1.EtcdBackupConfig, error)

func (*EtcdBackupConfigProvider) CreateUnsecured added in v2.18.0 

func (p *EtcdBackupConfigProvider) CreateUnsecured(etcdBackupConfig *kubermaticv1.EtcdBackupConfig) (*kubermaticv1.EtcdBackupConfig, error)

func (*EtcdBackupConfigProvider) Delete added in v2.18.0 

func (p *EtcdBackupConfigProvider) Delete(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, name string) error

func (*EtcdBackupConfigProvider) DeleteUnsecured added in v2.18.0 

func (p *EtcdBackupConfigProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster, name string) error

func (*EtcdBackupConfigProvider) Get added in v2.18.0 

func (p *EtcdBackupConfigProvider) Get(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, name string) (*kubermaticv1.EtcdBackupConfig, error)

func (*EtcdBackupConfigProvider) GetUnsecured added in v2.18.0 

func (p *EtcdBackupConfigProvider) GetUnsecured(cluster *kubermaticv1.Cluster, name string) (*kubermaticv1.EtcdBackupConfig, error)

func (*EtcdBackupConfigProvider) List added in v2.18.0 

func (p *EtcdBackupConfigProvider) List(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster) (*kubermaticv1.EtcdBackupConfigList, error)

func (*EtcdBackupConfigProvider) ListUnsecured added in v2.18.0 

func (p *EtcdBackupConfigProvider) ListUnsecured(cluster *kubermaticv1.Cluster) (*kubermaticv1.EtcdBackupConfigList, error)

func (*EtcdBackupConfigProvider) Patch added in v2.18.0 

func (p *EtcdBackupConfigProvider) Patch(userInfo *provider.UserInfo, old, new *kubermaticv1.EtcdBackupConfig) (*kubermaticv1.EtcdBackupConfig, error)

func (*EtcdBackupConfigProvider) PatchUnsecured added in v2.18.0 

func (p *EtcdBackupConfigProvider) PatchUnsecured(old, new *kubermaticv1.EtcdBackupConfig) (*kubermaticv1.EtcdBackupConfig, error)

type EtcdRestoreProjectProvider added in v2.18.0 

type EtcdRestoreProjectProvider struct {
	// contains filtered or unexported fields
}

EtcdRestoreProjectProvider struct that holds required components in order manage etcd backup restores across projects

func NewEtcdRestoreProjectProvider added in v2.18.0 

func NewEtcdRestoreProjectProvider(createSeedImpersonatedClients map[string]ImpersonationClient, clients map[string]ctrlruntimeclient.Client) *EtcdRestoreProjectProvider

NewEtcdRestoreProjectProvider returns an etcd restore global provider

func (*EtcdRestoreProjectProvider) List added in v2.18.0 

func (p *EtcdRestoreProjectProvider) List(userInfo *provider.UserInfo, projectID string) ([]*kubermaticv1.EtcdRestoreList, error)

func (*EtcdRestoreProjectProvider) ListUnsecured added in v2.18.0 

func (p *EtcdRestoreProjectProvider) ListUnsecured(projectID string) ([]*kubermaticv1.EtcdRestoreList, error)

type EtcdRestoreProvider added in v2.18.0 

type EtcdRestoreProvider struct {
	// contains filtered or unexported fields
}

EtcdRestoreProvider struct that holds required components in order manage etcd backup configs

func NewEtcdRestoreProvider added in v2.18.0 

func NewEtcdRestoreProvider(createSeedImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) *EtcdRestoreProvider

NewEtcdRestoreProvider returns a etcd restore provider

func (*EtcdRestoreProvider) Create added in v2.18.0 

func (p *EtcdRestoreProvider) Create(userInfo *provider.UserInfo, etcdRestore *kubermaticv1.EtcdRestore) (*kubermaticv1.EtcdRestore, error)

func (*EtcdRestoreProvider) CreateUnsecured added in v2.18.0 

func (p *EtcdRestoreProvider) CreateUnsecured(etcdRestore *kubermaticv1.EtcdRestore) (*kubermaticv1.EtcdRestore, error)

func (*EtcdRestoreProvider) Delete added in v2.18.0 

func (p *EtcdRestoreProvider) Delete(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, name string) error

func (*EtcdRestoreProvider) DeleteUnsecured added in v2.18.0 

func (p *EtcdRestoreProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster, name string) error

func (*EtcdRestoreProvider) Get added in v2.18.0 

func (p *EtcdRestoreProvider) Get(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, name string) (*kubermaticv1.EtcdRestore, error)

func (*EtcdRestoreProvider) GetUnsecured added in v2.18.0 

func (p *EtcdRestoreProvider) GetUnsecured(cluster *kubermaticv1.Cluster, name string) (*kubermaticv1.EtcdRestore, error)

func (*EtcdRestoreProvider) List added in v2.18.0 

func (p *EtcdRestoreProvider) List(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster) (*kubermaticv1.EtcdRestoreList, error)

func (*EtcdRestoreProvider) ListUnsecured added in v2.18.0 

func (p *EtcdRestoreProvider) ListUnsecured(cluster *kubermaticv1.Cluster) (*kubermaticv1.EtcdRestoreList, error)

type EventRecorder 

type EventRecorder struct {
	// contains filtered or unexported fields
}

EventRecorder gives option to record events for objects. They can be then read from them using K8S API.

func NewEventRecorder 

func NewEventRecorder() *EventRecorder

NewEventRecorder returns a new event recorder provider object. See EventRecorder for more information.

func (*EventRecorder) ClusterRecorderFor 

func (e *EventRecorder) ClusterRecorderFor(client kubernetes.Interface) record.EventRecorder

ClusterRecorderFor returns an event recorder that will be able to record events for objects in the cluster accessible using provided client.

type ExternalClusterProvider 

type ExternalClusterProvider struct {
	// contains filtered or unexported fields
}

ExternalClusterProvider struct that holds required components in order to provide connection to the cluster

func NewExternalClusterProvider 

func NewExternalClusterProvider(createMasterImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) (*ExternalClusterProvider, error)

NewExternalClusterProvider returns an external cluster provider

func (*ExternalClusterProvider) CreateOrUpdateKubeconfigSecretForCluster 

func (p *ExternalClusterProvider) CreateOrUpdateKubeconfigSecretForCluster(ctx context.Context, cluster *kubermaticapiv1.ExternalCluster, kubeconfig string) error

func (*ExternalClusterProvider) Delete 

func (p *ExternalClusterProvider) Delete(userInfo *provider.UserInfo, cluster *kubermaticapiv1.ExternalCluster) error

Delete deletes the given cluster

func (*ExternalClusterProvider) DeleteUnsecured 

func (p *ExternalClusterProvider) DeleteUnsecured(cluster *kubermaticapiv1.ExternalCluster) error

DeleteUnsecured deletes an external cluster.

Note that the admin privileges are used to delete cluster

func (*ExternalClusterProvider) GenerateClient 

func (p *ExternalClusterProvider) GenerateClient(cfg *clientcmdapi.Config) (ctrlruntimeclient.Client, error)

func (*ExternalClusterProvider) Get 

func (p *ExternalClusterProvider) Get(userInfo *provider.UserInfo, clusterName string) (*kubermaticapiv1.ExternalCluster, error)

Get returns the given cluster

func (*ExternalClusterProvider) GetClient 

func (p *ExternalClusterProvider) GetClient(cluster *kubermaticapiv1.ExternalCluster) (ctrlruntimeclient.Client, error)

func (*ExternalClusterProvider) GetNode 

func (p *ExternalClusterProvider) GetNode(cluster *kubermaticapiv1.ExternalCluster, nodeName string) (*corev1.Node, error)

func (*ExternalClusterProvider) GetUnsecured 

func (p *ExternalClusterProvider) GetUnsecured(clusterName string) (*kubermaticapiv1.ExternalCluster, error)

GetUnsecured returns an external cluster for the project and given name.

Note that the admin privileges are used to get cluster

func (*ExternalClusterProvider) GetVersion 

func (p *ExternalClusterProvider) GetVersion(cluster *kubermaticapiv1.ExternalCluster) (*ksemver.Semver, error)

func (*ExternalClusterProvider) IsMetricServerAvailable 

func (p *ExternalClusterProvider) IsMetricServerAvailable(cluster *kubermaticapiv1.ExternalCluster) (bool, error)

func (*ExternalClusterProvider) List 

func (p *ExternalClusterProvider) List(project *kubermaticapiv1.Project) (*kubermaticapiv1.ExternalClusterList, error)

List gets all external clusters that belong to the given project

func (*ExternalClusterProvider) ListNodes 

func (p *ExternalClusterProvider) ListNodes(cluster *kubermaticapiv1.ExternalCluster) (*corev1.NodeList, error)

func (*ExternalClusterProvider) New 

func (p *ExternalClusterProvider) New(userInfo *provider.UserInfo, project *kubermaticapiv1.Project, cluster *kubermaticapiv1.ExternalCluster) (*kubermaticapiv1.ExternalCluster, error)

New creates a brand new external cluster in the system with the given name

func (*ExternalClusterProvider) NewUnsecured 

func (p *ExternalClusterProvider) NewUnsecured(project *kubermaticapiv1.Project, cluster *kubermaticapiv1.ExternalCluster) (*kubermaticapiv1.ExternalCluster, error)

NewUnsecured creates a brand new external cluster in the system with the given name

Note that this function: is unsafe in a sense that it uses privileged account to create the resource

func (*ExternalClusterProvider) Update 

func (p *ExternalClusterProvider) Update(userInfo *provider.UserInfo, cluster *kubermaticapiv1.ExternalCluster) (*kubermaticapiv1.ExternalCluster, error)

Update updates the given cluster

func (*ExternalClusterProvider) UpdateUnsecured 

func (p *ExternalClusterProvider) UpdateUnsecured(cluster *kubermaticapiv1.ExternalCluster) (*kubermaticapiv1.ExternalCluster, error)

Update updates the given cluster

type ImpersonationClient added in v2.18.0 

type ImpersonationClient func(impCfg restclient.ImpersonationConfig) (ctrlruntimeclient.Client, error)

ImpersonationClient gives runtime controller client that uses user impersonation

type PresetsProvider 

type PresetsProvider struct {
	// contains filtered or unexported fields
}

PresetsProvider is a object to handle presets from a predefined config

func NewPresetsProvider 

func NewPresetsProvider(ctx context.Context, client ctrlruntimeclient.Client, presetsFile string, dynamicPresets bool) (*PresetsProvider, error)

func (*PresetsProvider) CreatePreset added in v2.16.3 

func (m *PresetsProvider) CreatePreset(preset *kubermaticv1.Preset) (*kubermaticv1.Preset, error)

func (*PresetsProvider) GetPreset 

func (m *PresetsProvider) GetPreset(userInfo *provider.UserInfo, name string) (*kubermaticv1.Preset, error)

GetPreset returns preset with the name which belong to the specific email group

func (*PresetsProvider) GetPresets 

func (m *PresetsProvider) GetPresets(userInfo *provider.UserInfo) ([]kubermaticv1.Preset, error)

GetPresets returns presets which belong to the specific email group and for all users

func (*PresetsProvider) SetCloudCredentials 

func (m *PresetsProvider) SetCloudCredentials(userInfo *provider.UserInfo, presetName string, cloud kubermaticv1.CloudSpec, dc *kubermaticv1.Datacenter) (*kubermaticv1.CloudSpec, error)

func (*PresetsProvider) UpdatePreset added in v2.16.3 

func (m *PresetsProvider) UpdatePreset(preset *kubermaticv1.Preset) (*kubermaticv1.Preset, error)

type PrivilegedAllowedRegistryProvider added in v2.18.0 

type PrivilegedAllowedRegistryProvider struct {
	// contains filtered or unexported fields
}

PrivilegedAllowedRegistryProvider struct that holds required components in order manage allowed registries

func NewAllowedRegistryPrivilegedProvider added in v2.18.0 

func NewAllowedRegistryPrivilegedProvider(client ctrlruntimeclient.Client) (*PrivilegedAllowedRegistryProvider, error)

NewAllowedRegistryProvider returns a allowed registry provider

func (*PrivilegedAllowedRegistryProvider) CreateUnsecured added in v2.18.0 

func (p *PrivilegedAllowedRegistryProvider) CreateUnsecured(wr *kubermaticv1.AllowedRegistry) (*kubermaticv1.AllowedRegistry, error)

CreateUnsecured creates a allowed registry

func (*PrivilegedAllowedRegistryProvider) DeleteUnsecured added in v2.18.0 

func (p *PrivilegedAllowedRegistryProvider) DeleteUnsecured(name string) error

DeleteUnsecured deletes a allowed registry

func (*PrivilegedAllowedRegistryProvider) GetUnsecured added in v2.18.0 

func (p *PrivilegedAllowedRegistryProvider) GetUnsecured(name string) (*kubermaticv1.AllowedRegistry, error)

GetUnsecured gets a allowed registry

func (*PrivilegedAllowedRegistryProvider) ListUnsecured added in v2.18.0 

func (p *PrivilegedAllowedRegistryProvider) ListUnsecured() (*kubermaticv1.AllowedRegistryList, error)

ListUnsecured lists a allowed registries

func (*PrivilegedAllowedRegistryProvider) PatchUnsecured 

func (p *PrivilegedAllowedRegistryProvider) PatchUnsecured(wr *kubermaticv1.AllowedRegistry) (*kubermaticv1.AllowedRegistry, error)

PatchUnsecured patches a allowed registry

type PrivilegedMLAAdminSettingProvider added in v2.18.0 

type PrivilegedMLAAdminSettingProvider struct {
	// contains filtered or unexported fields
}

PrivilegedMLAAdminSettingProvider struct that holds required components in order to manage MLAAdminSetting objects.

func NewPrivilegedMLAAdminSettingProvider added in v2.18.0 

func NewPrivilegedMLAAdminSettingProvider(privilegedClient ctrlruntimeclient.Client) *PrivilegedMLAAdminSettingProvider

NewPrivilegedMLAAdminSettingProvider returns a MLAAdminSetting provider

func (*PrivilegedMLAAdminSettingProvider) CreateUnsecured added in v2.18.0 

func (p *PrivilegedMLAAdminSettingProvider) CreateUnsecured(mlaAdminSetting *kubermaticv1.MLAAdminSetting) (*kubermaticv1.MLAAdminSetting, error)

func (*PrivilegedMLAAdminSettingProvider) DeleteUnsecured added in v2.18.0 

func (p *PrivilegedMLAAdminSettingProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster) error

func (*PrivilegedMLAAdminSettingProvider) GetUnsecured added in v2.18.0 

func (p *PrivilegedMLAAdminSettingProvider) GetUnsecured(cluster *kubermaticv1.Cluster) (*kubermaticv1.MLAAdminSetting, error)

func (*PrivilegedMLAAdminSettingProvider) UpdateUnsecured added in v2.18.0 

func (p *PrivilegedMLAAdminSettingProvider) UpdateUnsecured(newMLAAdminSetting *kubermaticv1.MLAAdminSetting) (*kubermaticv1.MLAAdminSetting, error)

type PrivilegedProjectProvider 

type PrivilegedProjectProvider struct {
	// contains filtered or unexported fields
}

PrivilegedProjectProvider represents a data structure that knows how to manage projects in a privileged way

func NewPrivilegedProjectProvider 

func NewPrivilegedProjectProvider(client ctrlruntimeclient.Client) (*PrivilegedProjectProvider, error)

NewPrivilegedProjectProvider returns a privileged project provider

func (*PrivilegedProjectProvider) DeleteUnsecured 

func (p *PrivilegedProjectProvider) DeleteUnsecured(projectInternalName string) error

DeleteUnsecured deletes any given project This function is unsafe in a sense that it uses privileged account to delete project with the given name

Note: Before deletion project's status.phase is set to ProjectTerminating

func (*PrivilegedProjectProvider) GetUnsecured 

func (p *PrivilegedProjectProvider) GetUnsecured(projectInternalName string, options *provider.ProjectGetOptions) (*kubermaticapiv1.Project, error)

GetUnsecured returns the project with the given name This function is unsafe in a sense that it uses privileged account to get project with the given name

func (*PrivilegedProjectProvider) UpdateUnsecured 

func (p *PrivilegedProjectProvider) UpdateUnsecured(project *kubermaticapiv1.Project) (*kubermaticapiv1.Project, error)

UpdateUnsecured update a specific project and returns the updated project This function is unsafe in a sense that it uses privileged account to update the project

type PrivilegedSSHKeyProvider 

type PrivilegedSSHKeyProvider struct {
	// contains filtered or unexported fields
}

PrivilegedSSHKeyProvider represents a data structure that knows how to manage ssh keys in a privileged way

func NewPrivilegedSSHKeyProvider 

func NewPrivilegedSSHKeyProvider(client ctrlruntimeclient.Client) (*PrivilegedSSHKeyProvider, error)

NewPrivilegedSSHKeyProvider returns a privileged ssh key provider

func (*PrivilegedSSHKeyProvider) CreateUnsecured 

func (p *PrivilegedSSHKeyProvider) CreateUnsecured(project *kubermaticapiv1.Project, keyName, pubKey string) (*kubermaticapiv1.UserSSHKey, error)

Create creates a ssh key that belongs to the given project This function is unsafe in a sense that it uses privileged account to create the ssh key

func (*PrivilegedSSHKeyProvider) DeleteUnsecured 

func (p *PrivilegedSSHKeyProvider) DeleteUnsecured(keyName string) error

Delete deletes the given ssh key This function is unsafe in a sense that it uses privileged account to delete the ssh key

func (*PrivilegedSSHKeyProvider) GetUnsecured 

func (p *PrivilegedSSHKeyProvider) GetUnsecured(keyName string) (*kubermaticapiv1.UserSSHKey, error)

GetUnsecured returns a key with the given name This function is unsafe in a sense that it uses privileged account to get the ssh key

func (*PrivilegedSSHKeyProvider) UpdateUnsecured 

func (p *PrivilegedSSHKeyProvider) UpdateUnsecured(sshKey *kubermaticapiv1.UserSSHKey) (*kubermaticapiv1.UserSSHKey, error)

UpdateUnsecured update a specific ssh key and returns the updated ssh key This function is unsafe in a sense that it uses privileged account to update the ssh key

type ProjectMemberProvider 

type ProjectMemberProvider struct {
	// contains filtered or unexported fields
}

ProjectMemberProvider binds users with projects

func NewProjectMemberProvider 

func NewProjectMemberProvider(createMasterImpersonatedClient ImpersonationClient, clientPrivileged ctrlruntimeclient.Client, isServiceAccountFunc func(string) bool) *ProjectMemberProvider

NewProjectMemberProvider returns a project members provider

func (*ProjectMemberProvider) Create 

func (p *ProjectMemberProvider) Create(userInfo *provider.UserInfo, project *kubermaticapiv1.Project, memberEmail, group string) (*kubermaticapiv1.UserProjectBinding, error)

Create creates a binding for the given member and the given project

func (*ProjectMemberProvider) CreateUnsecured 

func (p *ProjectMemberProvider) CreateUnsecured(project *kubermaticapiv1.Project, memberEmail, group string) (*kubermaticapiv1.UserProjectBinding, error)

CreateUnsecured creates a binding for the given member and the given project This function is unsafe in a sense that it uses privileged account to create the resource

func (*ProjectMemberProvider) CreateUnsecuredForServiceAccount added in v2.17.2 

func (p *ProjectMemberProvider) CreateUnsecuredForServiceAccount(project *kubermaticapiv1.Project, memberEmail, group string) (*kubermaticapiv1.UserProjectBinding, error)

CreateUnsecuredForServiceAccount creates a binding for the given service account and the given project This function is unsafe in a sense that it uses privileged account to create the resource

func (*ProjectMemberProvider) Delete 

func (p *ProjectMemberProvider) Delete(userInfo *provider.UserInfo, bindingName string) error

Delete deletes the given binding Note: Use List to get binding for the specific member of the given project

func (*ProjectMemberProvider) DeleteUnsecured 

func (p *ProjectMemberProvider) DeleteUnsecured(bindingName string) error

DeleteUnsecured deletes the given binding Note: Use List to get binding for the specific member of the given project This function is unsafe in a sense that it uses privileged account to delete the resource

func (*ProjectMemberProvider) List 

func (p *ProjectMemberProvider) List(userInfo *provider.UserInfo, project *kubermaticapiv1.Project, options *provider.ProjectMemberListOptions) ([]*kubermaticapiv1.UserProjectBinding, error)

List gets all members of the given project

func (*ProjectMemberProvider) MapUserToGroup 

func (p *ProjectMemberProvider) MapUserToGroup(userEmail string, projectID string) (string, error)

MapUserToGroup maps the given user to a specific group of the given project This function is unsafe in a sense that it uses privileged account to list all members in the system

func (*ProjectMemberProvider) MappingsFor 

func (p *ProjectMemberProvider) MappingsFor(userEmail string) ([]*kubermaticapiv1.UserProjectBinding, error)

MappingsFor returns the list of projects (bindings) for the given user This function is unsafe in a sense that it uses privileged account to list all members in the system

func (*ProjectMemberProvider) Update 

func (p *ProjectMemberProvider) Update(userInfo *provider.UserInfo, binding *kubermaticapiv1.UserProjectBinding) (*kubermaticapiv1.UserProjectBinding, error)

Update updates the given binding

func (*ProjectMemberProvider) UpdateUnsecured 

func (p *ProjectMemberProvider) UpdateUnsecured(binding *kubermaticapiv1.UserProjectBinding) (*kubermaticapiv1.UserProjectBinding, error)

UpdateUnsecured updates the given binding This function is unsafe in a sense that it uses privileged account to update the resource

type ProjectProvider 

type ProjectProvider struct {
	// contains filtered or unexported fields
}

ProjectProvider represents a data structure that knows how to manage projects

func NewProjectProvider 

func NewProjectProvider(createMasterImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) (*ProjectProvider, error)

NewProjectProvider returns a project provider

func (*ProjectProvider) Delete 

func (p *ProjectProvider) Delete(userInfo *provider.UserInfo, projectInternalName string) error

Delete deletes the given project as the given user

Note: Before deletion project's status.phase is set to ProjectTerminating

func (*ProjectProvider) Get 

func (p *ProjectProvider) Get(userInfo *provider.UserInfo, projectInternalName string, options *provider.ProjectGetOptions) (*kubermaticapiv1.Project, error)

Get returns the project with the given name

func (*ProjectProvider) List 

func (p *ProjectProvider) List(options *provider.ProjectListOptions) ([]*kubermaticapiv1.Project, error)

List gets a list of projects, by default it returns all resources. If you want to filter the result please set ProjectListOptions

Note that the list is taken from the cache

func (*ProjectProvider) New 

func (p *ProjectProvider) New(users []*kubermaticapiv1.User, projectName string, labels map[string]string) (*kubermaticapiv1.Project, error)

New creates a brand new project in the system with the given name

Note: a user cannot own more than one project with the given name since we get the list of the current projects from a cache (lister) there is a small time window during which a user can create more that one project with the given name.

func (*ProjectProvider) Update 

func (p *ProjectProvider) Update(userInfo *provider.UserInfo, newProject *kubermaticapiv1.Project) (*kubermaticapiv1.Project, error)

Update update a specific project for a specific user and returns the updated project

type RuleGroupProvider added in v2.18.0 

type RuleGroupProvider struct {
	// contains filtered or unexported fields
}

RuleGroupProvider struct that holds required components in order to manage RuleGroup objects.

func NewRuleGroupProvider added in v2.18.0 

func NewRuleGroupProvider(createSeedImpersonatedClient ImpersonationClient, privilegedClient ctrlruntimeclient.Client) *RuleGroupProvider

NewRuleGroupProvider returns a ruleGroup provider

func (RuleGroupProvider) Create added in v2.18.0 

func (r RuleGroupProvider) Create(userInfo *provider.UserInfo, ruleGroup *kubermaticv1.RuleGroup) (*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) CreateUnsecured added in v2.18.0 

func (r RuleGroupProvider) CreateUnsecured(ruleGroup *kubermaticv1.RuleGroup) (*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) Delete added in v2.18.0 

func (r RuleGroupProvider) Delete(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, ruleGroupName string) error

func (RuleGroupProvider) DeleteUnsecured added in v2.18.0 

func (r RuleGroupProvider) DeleteUnsecured(cluster *kubermaticv1.Cluster, ruleGroupName string) error

func (RuleGroupProvider) Get added in v2.18.0 

func (r RuleGroupProvider) Get(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, ruleGroupName string) (*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) GetUnsecured added in v2.18.0 

func (r RuleGroupProvider) GetUnsecured(cluster *kubermaticv1.Cluster, ruleGroupName string) (*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) List added in v2.18.0 

func (r RuleGroupProvider) List(userInfo *provider.UserInfo, cluster *kubermaticv1.Cluster, options *provider.RuleGroupListOptions) ([]*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) ListUnsecured added in v2.18.0 

func (r RuleGroupProvider) ListUnsecured(cluster *kubermaticv1.Cluster, options *provider.RuleGroupListOptions) ([]*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) Update added in v2.18.0 

func (r RuleGroupProvider) Update(userInfo *provider.UserInfo, newRuleGroup *kubermaticv1.RuleGroup) (*kubermaticv1.RuleGroup, error)

func (RuleGroupProvider) UpdateUnsecured added in v2.18.0 

func (r RuleGroupProvider) UpdateUnsecured(newRuleGroup *kubermaticv1.RuleGroup) (*kubermaticv1.RuleGroup, error)

type SSHKeyProvider 

type SSHKeyProvider struct {
	// contains filtered or unexported fields
}

SSHKeyProvider struct that holds required components in order to provide ssh key provider that is RBAC compliant

func NewSSHKeyProvider 

func NewSSHKeyProvider(createMasterImpersonatedClient ImpersonationClient, client ctrlruntimeclient.Client) *SSHKeyProvider

NewSSHKeyProvider returns a new ssh key provider that respects RBAC policies it uses createMasterImpersonatedClient to create a connection that uses User Impersonation

func (*SSHKeyProvider) Create 

func (p *SSHKeyProvider) Create(userInfo *provider.UserInfo, project *kubermaticapiv1.Project, keyName, pubKey string) (*kubermaticapiv1.UserSSHKey, error)

Create creates a ssh key that will belong to the given project

func (*SSHKeyProvider) Delete 

func (p *SSHKeyProvider) Delete(userInfo *provider.UserInfo, keyName string) error

Delete simply deletes the given key

func (*SSHKeyProvider) Get 

func (p *SSHKeyProvider) Get(userInfo *provider.UserInfo, keyName string) (*kubermaticapiv1.UserSSHKey, error)

Get returns a key with the given name

func (*SSHKeyProvider) List 

func (p *SSHKeyProvider) List(project *kubermaticapiv1.Project, options *provider.SSHKeyListOptions) ([]*kubermaticapiv1.UserSSHKey, error)

List gets a list of ssh keys, by default it will get all the keys that belong to the given project. If you want to filter the result please take a look at SSHKeyListOptions

Note: After we get the list of the keys we could try to get each individually using unprivileged account to see if the user have read access, We don't do this because we assume that if the user was able to get the project (argument) it has to have at least read access.

func (*SSHKeyProvider) Update 

func (p *SSHKeyProvider) Update(userInfo *provider.UserInfo, newKey *kubermaticapiv1.UserSSHKey) (*kubermaticapiv1.UserSSHKey, error)

Update simply updates the given key

type ServiceAccountProvider 

type ServiceAccountProvider struct {
	// contains filtered or unexported fields
}

ServiceAccountProvider manages service account resources

func NewServiceAccountProvider 

func NewServiceAccountProvider(createMasterImpersonatedClient ImpersonationClient, clientPrivileged ctrlruntimeclient.Client, domain string) *ServiceAccountProvider

NewServiceAccountProvider returns a service account provider

func (*ServiceAccountProvider) CreateProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) CreateProjectServiceAccount(userInfo *provider.UserInfo, project *kubermaticv1.Project, name, group string) (*kubermaticv1.User, error)

CreateProjectServiceAccount creates a new service account for the project

func (*ServiceAccountProvider) CreateUnsecuredProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) CreateUnsecuredProjectServiceAccount(project *kubermaticv1.Project, name, group string) (*kubermaticv1.User, error)

CreateUnsecuredProjectServiceAccount creates a new service accounts

Note that this function: is unsafe in a sense that it uses privileged account to create the resources

func (*ServiceAccountProvider) DeleteProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) DeleteProjectServiceAccount(userInfo *provider.UserInfo, name string) error

DeleteProjectServiceAccount simply deletes the given project service account

func (*ServiceAccountProvider) DeleteUnsecuredProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) DeleteUnsecuredProjectServiceAccount(name string) error

DeleteUnsecuredProjectServiceAccount deletes project service account

Note that this function: is unsafe in a sense that it uses privileged account to delete the resource

func (*ServiceAccountProvider) GetProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) GetProjectServiceAccount(userInfo *provider.UserInfo, name string, options *provider.ServiceAccountGetOptions) (*kubermaticv1.User, error)

GetProjectServiceAccount method returns project service account with given name

func (*ServiceAccountProvider) GetUnsecuredProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) GetUnsecuredProjectServiceAccount(name string, options *provider.ServiceAccountGetOptions) (*kubermaticv1.User, error)

GetUnsecuredProjectServiceAccount gets the project service account

Note that this function: is unsafe in a sense that it uses privileged account to get the resource

func (*ServiceAccountProvider) ListProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) ListProjectServiceAccount(userInfo *provider.UserInfo, project *kubermaticv1.Project, options *provider.ServiceAccountListOptions) ([]*kubermaticv1.User, error)

ListProjectServiceAccount gets service accounts for the project

func (*ServiceAccountProvider) ListUnsecuredProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) ListUnsecuredProjectServiceAccount(project *kubermaticv1.Project, options *provider.ServiceAccountListOptions) ([]*kubermaticv1.User, error)

ListUnsecuredProjectServiceAccount gets all service accounts for the project If you want to filter the result please take a look at ServiceAccountListOptions

Note that this function: is unsafe in a sense that it uses privileged account to get the resources

func (*ServiceAccountProvider) UpdateProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) UpdateProjectServiceAccount(userInfo *provider.UserInfo, serviceAccount *kubermaticv1.User) (*kubermaticv1.User, error)

UpdateProjectServiceAccount simply updates the given project service account

func (*ServiceAccountProvider) UpdateUnsecuredProjectServiceAccount added in v2.17.0 

func (p *ServiceAccountProvider) UpdateUnsecuredProjectServiceAccount(serviceAccount *kubermaticv1.User) (*kubermaticv1.User, error)

UpdateUnsecuredProjectServiceAccount updated the project service account

Note that this function: is unsafe in a sense that it uses privileged account to update the resource

type ServiceAccountTokenProvider 

type ServiceAccountTokenProvider struct {
	// contains filtered or unexported fields
}

ServiceAccountProvider manages service account resources

func NewServiceAccountTokenProvider 

func NewServiceAccountTokenProvider(impersonationClient ImpersonationClient, clientPrivileged ctrlruntimeclient.Client) (*ServiceAccountTokenProvider, error)

NewServiceAccountProvider returns a service account provider

func (*ServiceAccountTokenProvider) Create 

func (p *ServiceAccountTokenProvider) Create(userInfo *provider.UserInfo, sa *kubermaticv1.User, projectID, tokenName, tokenID, token string) (*v1.Secret, error)

Create creates a new token for service account

func (*ServiceAccountTokenProvider) CreateUnsecured 

func (p *ServiceAccountTokenProvider) CreateUnsecured(sa *kubermaticv1.User, projectID, tokenName, tokenID, token string) (*v1.Secret, error)

CreateUnsecured creates a new token

Note that this function: is unsafe in a sense that it uses privileged account to create the resource

func (*ServiceAccountTokenProvider) Delete 

func (p *ServiceAccountTokenProvider) Delete(userInfo *provider.UserInfo, name string) error

Delete method deletes given token

func (*ServiceAccountTokenProvider) DeleteUnsecured 

func (p *ServiceAccountTokenProvider) DeleteUnsecured(name string) error

DeleteUnsecured deletes the token

Note that this function: is unsafe in a sense that it uses privileged account to delete the resource

func (*ServiceAccountTokenProvider) Get 

func (p *ServiceAccountTokenProvider) Get(userInfo *provider.UserInfo, name string) (*v1.Secret, error)

Get method returns token by name

func (*ServiceAccountTokenProvider) GetUnsecured 

func (p *ServiceAccountTokenProvider) GetUnsecured(name string) (*v1.Secret, error)

GetUnsecured gets the token by name

Note that this function: is unsafe in a sense that it uses privileged account to get the resource

func (*ServiceAccountTokenProvider) List 

func (p *ServiceAccountTokenProvider) List(userInfo *provider.UserInfo, project *kubermaticv1.Project, sa *kubermaticv1.User, options *provider.ServiceAccountTokenListOptions) ([]*v1.Secret, error)

List gets tokens for the given service account and project

func (*ServiceAccountTokenProvider) ListUnsecured 

func (p *ServiceAccountTokenProvider) ListUnsecured(options *provider.ServiceAccountTokenListOptions) ([]*v1.Secret, error)

ListUnsecured returns all tokens in kubermatic namespace

Note that this function: is unsafe in a sense that it uses privileged account to get the resource gets resources from the cache

func (*ServiceAccountTokenProvider) Update 

func (p *ServiceAccountTokenProvider) Update(userInfo *provider.UserInfo, secret *v1.Secret) (*v1.Secret, error)

Update method updates given token

func (*ServiceAccountTokenProvider) UpdateUnsecured 

func (p *ServiceAccountTokenProvider) UpdateUnsecured(secret *v1.Secret) (*v1.Secret, error)

UpdateUnsecured updates the token

Note that this function: is unsafe in a sense that it uses privileged account to get the resource

type SettingsProvider 

type SettingsProvider struct {
	// contains filtered or unexported fields
}

UserProvider manages user resources

func NewSettingsProvider 

func NewSettingsProvider(ctx context.Context, client kubermaticclientset.Interface, runtimeClient ctrlruntimeclient.Client) *SettingsProvider

NewUserProvider returns a user provider

func (*SettingsProvider) GetGlobalSettings 

func (s *SettingsProvider) GetGlobalSettings() (*kubermaticv1.KubermaticSetting, error)

func (*SettingsProvider) UpdateGlobalSettings 

func (s *SettingsProvider) UpdateGlobalSettings(userInfo *provider.UserInfo, settings *kubermaticv1.KubermaticSetting) (*kubermaticv1.KubermaticSetting, error)

func (*SettingsProvider) WatchGlobalSettings 

func (s *SettingsProvider) WatchGlobalSettings() (watch.Interface, error)

type UserClusterConnectionProvider 

type UserClusterConnectionProvider interface {
	GetClient(context.Context, *kubermaticv1.Cluster, ...k8cuserclusterclient.ConfigOption) (ctrlruntimeclient.Client, error)
}

UserClusterConnectionProvider offers functions to interact with an user cluster

type UserProvider 

type UserProvider struct {
	// contains filtered or unexported fields
}

UserProvider manages user resources

func NewUserProvider 

func NewUserProvider(runtimeClient ctrlruntimeclient.Client, isServiceAccountFunc func(email string) bool,
	client kubermaticclientset.Interface) *UserProvider

NewUserProvider returns a user provider

func (*UserProvider) AddUserTokenToBlacklist 

func (p *UserProvider) AddUserTokenToBlacklist(user *kubermaticv1.User, token string, expiry apiv1.Time) error

func (*UserProvider) CreateUser 

func (p *UserProvider) CreateUser(id, name, email string) (*kubermaticv1.User, error)

CreateUser creates a new user.

Note that: The name of the newly created resource will be unique and it is derived from the user's email address (sha256(email) This prevents creating multiple resources for the same user with the same email address.

In the beginning I was considering to hex-encode the email address as it will produce a unique output because the email address in unique. The only issue I have found with this approach is that the length can get quite long quite fast. Thus decided to use sha256 as it produces fixed output and the hash collisions are very, very, very, very rare.

func (*UserProvider) GetUserBlacklistTokens 

func (p *UserProvider) GetUserBlacklistTokens(user *kubermaticv1.User) ([]string, error)

func (*UserProvider) UpdateUser 

func (p *UserProvider) UpdateUser(user *kubermaticv1.User) (*kubermaticv1.User, error)

UpdateUser updates user.

func (*UserProvider) UserByEmail 

func (p *UserProvider) UserByEmail(email string) (*kubermaticv1.User, error)

UserByEmail returns a user by the given email

func (*UserProvider) UserByID 

func (p *UserProvider) UserByID(id string) (*kubermaticv1.User, error)

UserByID returns a user by the given ID

func (*UserProvider) WatchUser 

func (p *UserProvider) WatchUser() (watch.Interface, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.