Documentation
¶
Overview ¶
Package rbac contains a controller that is responsible for setting up RBAC to allow users to access the clusters they should be able to access.
Index ¶
Constants ¶
const ( // OwnerGroupNamePrefix represents owners group prefix. OwnerGroupNamePrefix = "owners" // EditorGroupNamePrefix represents editors group prefix. EditorGroupNamePrefix = "editors" // ViewerGroupNamePrefix represents viewers group prefix. ViewerGroupNamePrefix = "viewers" // ProjectManagerGroupNamePrefix represents project managers group prefix. // Can create, update and delete projects and add/remove members & service accounts. ProjectManagerGroupNamePrefix = "projectmanagers" // RBACResourcesNamePrefix represents kubermatic group prefix. RBACResourcesNamePrefix = "kubermatic" )
const (
CleanupFinalizerName = "kubermatic.k8c.io/controller-manager-rbac-cleanup"
)
const (
EtcdLauncherServiceAccountName = "etcd-launcher"
)
Variables ¶
var AllGroupsPrefixes = []string{ OwnerGroupNamePrefix, EditorGroupNamePrefix, ViewerGroupNamePrefix, ProjectManagerGroupNamePrefix, }
AllGroupsPrefixes holds a list of groups with prefixes that we will generate RBAC Roles/Binding for.
Note: adding a new group also requires updating generateVerbsForNamedResource method. the actual names of groups are different see generateActualGroupNameFor function.
Functions ¶
func ExtractGroupPrefix ¶
ExtractGroupPrefix extracts only group prefix from the given group name.
func GenerateActualGroupNameFor ¶
GenerateActualGroupNameFor generates a group name for the given project and group prefix.
Types ¶
type ControllerAggregator ¶
type ControllerAggregator struct {
// contains filtered or unexported fields
}
ControllerAggregator type holds controllers for managing RBAC for projects and theirs resources.
func New ¶
func New(ctx context.Context, metrics *Metrics, mgr manager.Manager, seedManagerMap map[string]manager.Manager, log *zap.SugaredLogger, labelSelectorFunc func(*metav1.ListOptions), workerPredicate predicate.Predicate, workerCount int) (*ControllerAggregator, error)
New creates a new controller aggregator for managing RBAC for resources.
type InformerProvider ¶
type InformerProvider interface {
// KubeInformerFactoryFor registers a shared informer factory for the given namespace
KubeInformerFactoryFor(namespace string) kubeinformers.SharedInformerFactory
// StartInformers starts all registered factories
StartInformers(stopCh <-chan struct{})
// WaitForCachesToSync waits until caches from all factories are synced
WaitForCachesToSync(stopCh <-chan struct{}) error
}
InformerProvider allows for storing shared informer factories for the given namespaces additionally it provides method for starting and waiting for all registered factories.
type InformerProviderImpl ¶
type InformerProviderImpl struct {
// contains filtered or unexported fields
}
InformerProviderImpl simply holds namespaced factories.
func NewInformerProvider ¶
func NewInformerProvider(kubeClient kubernetes.Interface, resync time.Duration) *InformerProviderImpl
NewInformerProvider creates a new provider that.
func (*InformerProviderImpl) KubeInformerFactoryFor ¶
func (p *InformerProviderImpl) KubeInformerFactoryFor(namespace string) kubeinformers.SharedInformerFactory
KubeInformerFactoryFor registers a shared informer factory for the given namespace.
func (*InformerProviderImpl) StartInformers ¶
func (p *InformerProviderImpl) StartInformers(stopCh <-chan struct{})
StartInformers starts all registered factories.
func (*InformerProviderImpl) WaitForCachesToSync ¶
func (p *InformerProviderImpl) WaitForCachesToSync(stopCh <-chan struct{}) error
WaitForCachesToSync waits until caches from all factories are synced.
type Metrics ¶
type Metrics struct {
Workers prometheus.Gauge
}
Metrics contains metrics that this controller will collect and expose.
func NewMetrics ¶
func NewMetrics() *Metrics
NewMetrics creates RBACGeneratorControllerMetrics with default values initialized, so metrics always show up.
Source Files
Directories