Documentation
¶
Overview ¶
Example (EmptyConfig) ¶
defaultConfig := NewConfig()
output, err := yaml.Marshal(defaultConfig)
if err != nil {
fmt.Printf("Unexpected error: %v", err)
}
fmt.Printf("%v", string(output))
Output: clusters: {} contexts: {} current-context: "" preferences: {} users: {}
Example (MinifyAndShorten) ¶
certFile, _ := os.CreateTemp("", "")
keyFile, _ := os.CreateTemp("", "")
caFile, _ := os.CreateTemp("", "")
defer utiltesting.CloseAndRemove(&testing.T{}, certFile, keyFile, caFile)
certData := "cert"
keyData := "key"
caData := "ca"
config := newMergedConfig(certFile.Name(), certData, keyFile.Name(), keyData, caFile.Name(), caData, nil)
MinifyConfig(&config)
ShortenConfig(&config)
output, _ := yaml.Marshal(config)
fmt.Printf("%s", string(output))
Output: clusters: cow-cluster: certificate-authority-data: DATA+OMITTED server: http://cow.org:8080 contexts: federal-context: cluster: cow-cluster user: red-user current-context: federal-context preferences: {} users: red-user: client-certificate-data: DATA+OMITTED client-key-data: DATA+OMITTED token: REDACTED
Example (OfOptionsConfig) ¶
defaultConfig := NewConfig()
defaultConfig.Preferences.Colors = true
defaultConfig.Clusters["alfa"] = &Cluster{
Server: "https://alfa.org:8080",
InsecureSkipTLSVerify: true,
CertificateAuthority: "path/to/my/cert-ca-filename",
DisableCompression: true,
}
defaultConfig.Clusters["bravo"] = &Cluster{
Server: "https://bravo.org:8080",
InsecureSkipTLSVerify: false,
DisableCompression: false,
}
defaultConfig.AuthInfos["white-mage-via-cert"] = &AuthInfo{
ClientCertificate: "path/to/my/client-cert-filename",
ClientKey: "path/to/my/client-key-filename",
}
defaultConfig.AuthInfos["red-mage-via-token"] = &AuthInfo{
Token: "my-secret-token",
}
defaultConfig.AuthInfos["black-mage-via-auth-provider"] = &AuthInfo{
AuthProvider: &AuthProviderConfig{
Name: "gcp",
Config: map[string]string{
"foo": "bar",
"token": "s3cr3t-t0k3n",
},
},
}
defaultConfig.Contexts["bravo-as-black-mage"] = &Context{
Cluster: "bravo",
AuthInfo: "black-mage-via-auth-provider",
Namespace: "yankee",
}
defaultConfig.Contexts["alfa-as-black-mage"] = &Context{
Cluster: "alfa",
AuthInfo: "black-mage-via-auth-provider",
Namespace: "zulu",
}
defaultConfig.Contexts["alfa-as-white-mage"] = &Context{
Cluster: "alfa",
AuthInfo: "white-mage-via-cert",
}
defaultConfig.CurrentContext = "alfa-as-white-mage"
output, err := yaml.Marshal(defaultConfig)
if err != nil {
fmt.Printf("Unexpected error: %v", err)
}
fmt.Printf("%v", string(output))
Output: clusters: alfa: certificate-authority: path/to/my/cert-ca-filename disable-compression: true insecure-skip-tls-verify: true server: https://alfa.org:8080 bravo: server: https://bravo.org:8080 contexts: alfa-as-black-mage: cluster: alfa namespace: zulu user: black-mage-via-auth-provider alfa-as-white-mage: cluster: alfa user: white-mage-via-cert bravo-as-black-mage: cluster: bravo namespace: yankee user: black-mage-via-auth-provider current-context: alfa-as-white-mage preferences: colors: true users: black-mage-via-auth-provider: auth-provider: config: foo: bar token: s3cr3t-t0k3n name: gcp red-mage-via-token: token: my-secret-token white-mage-via-cert: client-certificate: path/to/my/client-cert-filename client-key: path/to/my/client-key-filename
Index ¶
- Variables
- func FlattenConfig(config *Config) error
- func FlattenContent(path *string, contents *[]byte, baseDir string) error
- func IsConfigEmpty(config *Config) bool
- func MakeAbs(path, base string) (string, error)
- func MinifyConfig(config *Config) error
- func RedactSecrets(config *Config) error
- func ResolvePath(path string, base string) string
- func ShortenConfig(config *Config)
- type AuthInfo
- type AuthProviderConfig
- type Cluster
- type Config
- func (in *Config) DeepCopy() *Config
- func (in *Config) DeepCopyInto(out *Config)
- func (in *Config) DeepCopyObject() runtime.Object
- func (obj *Config) GetObjectKind() schema.ObjectKind
- func (obj *Config) GroupVersionKind() schema.GroupVersionKind
- func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind)
- type Context
- type ExecConfig
- type ExecEnvVar
- type ExecInteractiveMode
- type Preferences
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects TODO this should be in the "kubeconfig" group
Functions ¶
func FlattenConfig ¶
FlattenConfig changes the config object into a self-contained config (useful for making secrets)
func IsConfigEmpty ¶
IsConfigEmpty returns true if the config is empty.
func MinifyConfig ¶
MinifyConfig read the current context and uses that to keep only the relevant pieces of config This is useful for making secrets based on kubeconfig files
func RedactSecrets ¶ added in v0.26.0
RedactSecrets replaces any sensitive values with REDACTED
func ResolvePath ¶
ResolvePath returns the path as an absolute paths, relative to the given base directory
func ShortenConfig ¶
func ShortenConfig(config *Config)
ShortenConfig redacts raw data entries from the config object for a human-readable view.
Types ¶
type AuthInfo ¶
type AuthInfo struct {
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
// +k8s:conversion-gen=false
LocationOfOrigin string `json:"-"`
// ClientCertificate is the path to a client cert file for TLS.
// +optional
ClientCertificate string `json:"client-certificate,omitempty"`
// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
// +optional
ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
// ClientKey is the path to a client key file for TLS.
// +optional
ClientKey string `json:"client-key,omitempty"`
// ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
// +optional
ClientKeyData []byte `json:"client-key-data,omitempty" datapolicy:"security-key"`
// Token is the bearer token for authentication to the kubernetes cluster.
// +optional
Token string `json:"token,omitempty" datapolicy:"token"`
// TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence.
// +optional
TokenFile string `json:"tokenFile,omitempty"`
// Impersonate is the username to act-as.
// +optional
Impersonate string `json:"act-as,omitempty"`
// ImpersonateUID is the uid to impersonate.
// +optional
ImpersonateUID string `json:"act-as-uid,omitempty"`
// ImpersonateGroups is the groups to impersonate.
// +optional
ImpersonateGroups []string `json:"act-as-groups,omitempty"`
// ImpersonateUserExtra contains additional information for impersonated user.
// +optional
ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"`
// Username is the username for basic authentication to the kubernetes cluster.
// +optional
Username string `json:"username,omitempty"`
// Password is the password for basic authentication to the kubernetes cluster.
// +optional
Password string `json:"password,omitempty" datapolicy:"password"`
// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
// +optional
AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
// Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
// +optional
Exec *ExecConfig `json:"exec,omitempty"`
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
}
AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
func NewAuthInfo ¶
func NewAuthInfo() *AuthInfo
NewAuthInfo is a convenience function that returns a new AuthInfo object with non-nil maps
func (*AuthInfo) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthInfo.
func (*AuthInfo) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthProviderConfig ¶
type AuthProviderConfig struct {
Name string `json:"name"`
// +optional
Config map[string]string `json:"config,omitempty"`
}
AuthProviderConfig holds the configuration for a specified auth provider.
func (*AuthProviderConfig) DeepCopy ¶
func (in *AuthProviderConfig) DeepCopy() *AuthProviderConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProviderConfig.
func (*AuthProviderConfig) DeepCopyInto ¶
func (in *AuthProviderConfig) DeepCopyInto(out *AuthProviderConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AuthProviderConfig) GoString ¶
func (c AuthProviderConfig) GoString() string
GoString implements fmt.GoStringer and sanitizes sensitive fields of AuthProviderConfig to prevent accidental leaking via logs.
func (AuthProviderConfig) String ¶
func (c AuthProviderConfig) String() string
String implements fmt.Stringer and sanitizes sensitive fields of AuthProviderConfig to prevent accidental leaking via logs.
type Cluster ¶
type Cluster struct {
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
// +k8s:conversion-gen=false
LocationOfOrigin string `json:"-"`
// Server is the address of the kubernetes cluster (https://hostname:port).
Server string `json:"server"`
// TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.
// +optional
TLSServerName string `json:"tls-server-name,omitempty"`
// InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
// +optional
InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
// CertificateAuthority is the path to a cert file for the certificate authority.
// +optional
CertificateAuthority string `json:"certificate-authority,omitempty"`
// CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
// +optional
CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
// ProxyURL is the URL to the proxy to be used for all requests made by this
// client. URLs with "http", "https", and "socks5" schemes are supported. If
// this configuration is not provided or the empty string, the client
// attempts to construct a proxy configuration from http_proxy and
// https_proxy environment variables. If these environment variables are not
// set, the client does not attempt to proxy requests.
//
// socks5 proxying does not currently support spdy streaming endpoints (exec,
// attach, port forward).
// +optional
ProxyURL string `json:"proxy-url,omitempty"`
// DisableCompression allows client to opt-out of response compression for all requests to the server. This is useful
// to speed up requests (specifically lists) when client-server network bandwidth is ample, by saving time on
// compression (server-side) and decompression (client-side): https://github.com/kubernetes/kubernetes/issues/112296.
// +optional
DisableCompression bool `json:"disable-compression,omitempty"`
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
}
Cluster contains information about how to communicate with a kubernetes cluster
func NewCluster ¶
func NewCluster() *Cluster
NewCluster is a convenience function that returns a new Cluster object with non-nil maps
func (*Cluster) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster.
func (*Cluster) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Config ¶
type Config struct {
// Legacy field from pkg/api/types.go TypeMeta.
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
// +k8s:conversion-gen=false
// +optional
Kind string `json:"kind,omitempty"`
// Legacy field from pkg/api/types.go TypeMeta.
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
// +k8s:conversion-gen=false
// +optional
APIVersion string `json:"apiVersion,omitempty"`
// Preferences holds general information to be use for cli interactions
Preferences Preferences `json:"preferences"`
// Clusters is a map of referencable names to cluster configs
Clusters map[string]*Cluster `json:"clusters"`
// AuthInfos is a map of referencable names to user configs
AuthInfos map[string]*AuthInfo `json:"users"`
// Contexts is a map of referencable names to context configs
Contexts map[string]*Context `json:"contexts"`
// CurrentContext is the name of the context that you would like to use by default
CurrentContext string `json:"current-context"`
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
}
Config holds the information needed to build connect to remote kubernetes clusters as a given user IMPORTANT if you add fields to this struct, please update IsConfigEmpty() +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func NewConfig ¶
func NewConfig() *Config
NewConfig is a convenience function that returns a new Config object with non-nil maps
func (*Config) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config.
func (*Config) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Config) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Config) GetObjectKind ¶
func (obj *Config) GetObjectKind() schema.ObjectKind
func (*Config) GroupVersionKind ¶
func (obj *Config) GroupVersionKind() schema.GroupVersionKind
func (*Config) SetGroupVersionKind ¶
func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind)
type Context ¶
type Context struct {
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
// +k8s:conversion-gen=false
LocationOfOrigin string `json:"-"`
// Cluster is the name of the cluster for this context
Cluster string `json:"cluster"`
// AuthInfo is the name of the authInfo for this context
AuthInfo string `json:"user"`
// Namespace is the default namespace to use on unspecified requests
// +optional
Namespace string `json:"namespace,omitempty"`
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
}
Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
func NewContext ¶
func NewContext() *Context
NewContext is a convenience function that returns a new Context object with non-nil maps
func (*Context) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Context.
func (*Context) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecConfig ¶
type ExecConfig struct {
// Command to execute.
Command string `json:"command"`
// Arguments to pass to the command when executing it.
// +optional
Args []string `json:"args"`
// Env defines additional environment variables to expose to the process. These
// are unioned with the host's environment, as well as variables client-go uses
// to pass argument to the plugin.
// +optional
Env []ExecEnvVar `json:"env"`
// Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
// the same encoding version as the input.
APIVersion string `json:"apiVersion,omitempty"`
// This text is shown to the user when the executable doesn't seem to be
// present. For example, `brew install foo-cli` might be a good InstallHint for
// foo-cli on Mac OS systems.
InstallHint string `json:"installHint,omitempty"`
// ProvideClusterInfo determines whether or not to provide cluster information,
// which could potentially contain very large CA data, to this exec plugin as a
// part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
// to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
// reading this environment variable.
ProvideClusterInfo bool `json:"provideClusterInfo"`
// Config holds additional config data that is specific to the exec
// plugin with regards to the cluster being authenticated to.
//
// This data is sourced from the clientcmd Cluster object's extensions[exec] field:
//
// clusters:
// - name: my-cluster
// cluster:
// ...
// extensions:
// - name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config
// extension:
// audience: 06e3fbd18de8 # arbitrary config
//
// In some environments, the user config may be exactly the same across many clusters
// (i.e. call this exec plugin) minus some details that are specific to each cluster
// such as the audience. This field allows the per cluster config to be directly
// specified with the cluster info. Using this field to store secret data is not
// recommended as one of the prime benefits of exec plugins is that no secrets need
// to be stored directly in the kubeconfig.
// +k8s:conversion-gen=false
Config runtime.Object `json:"-"`
// InteractiveMode determines this plugin's relationship with standard input. Valid
// values are "Never" (this exec plugin never uses standard input), "IfAvailable" (this
// exec plugin wants to use standard input if it is available), or "Always" (this exec
// plugin requires standard input to function). See ExecInteractiveMode values for more
// details.
//
// If APIVersion is client.authentication.k8s.io/v1alpha1 or
// client.authentication.k8s.io/v1beta1, then this field is optional and defaults
// to "IfAvailable" when unset. Otherwise, this field is required.
// +optional
InteractiveMode ExecInteractiveMode `json:"interactiveMode,omitempty"`
// input through to this exec plugin. For example, a higher level entity might be using
// standard input for something else and therefore it would not be safe for the exec
// plugin to use standard input. This is kept here in order to keep all of the exec configuration
// together, but it is never serialized.
// +k8s:conversion-gen=false
StdinUnavailable bool `json:"-"`
// cannot successfully run this exec plugin because it needs to use standard input and
// StdinUnavailable is true. For example, a process that is already using standard input to
// read user instructions might set this to "used by my-program to read user instructions".
// +k8s:conversion-gen=false
StdinUnavailableMessage string `json:"-"`
}
ExecConfig specifies a command to provide client credentials. The command is exec'd and outputs structured stdout holding credentials.
See the client.authentication.k8s.io API group for specifications of the exact input and output format
func (*ExecConfig) DeepCopy ¶
func (in *ExecConfig) DeepCopy() *ExecConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecConfig.
func (*ExecConfig) DeepCopyInto ¶
func (in *ExecConfig) DeepCopyInto(out *ExecConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ExecConfig) GoString ¶
func (c ExecConfig) GoString() string
GoString implements fmt.GoStringer and sanitizes sensitive fields of ExecConfig to prevent accidental leaking via logs.
func (ExecConfig) String ¶
func (c ExecConfig) String() string
String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig to prevent accidental leaking via logs.
type ExecEnvVar ¶
ExecEnvVar is used for setting environment variables when executing an exec-based credential plugin.
func (*ExecEnvVar) DeepCopy ¶
func (in *ExecEnvVar) DeepCopy() *ExecEnvVar
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar.
func (*ExecEnvVar) DeepCopyInto ¶
func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecInteractiveMode ¶ added in v0.22.0
type ExecInteractiveMode string
ExecInteractiveMode is a string that describes an exec plugin's relationship with standard input.
const ( // NeverExecInteractiveMode declares that this exec plugin never needs to use standard // input, and therefore the exec plugin will be run regardless of whether standard input is // available for user input. NeverExecInteractiveMode ExecInteractiveMode = "Never" // IfAvailableExecInteractiveMode declares that this exec plugin would like to use standard input // if it is available, but can still operate if standard input is not available. Therefore, the // exec plugin will be run regardless of whether stdin is available for user input. If standard // input is available for user input, then it will be provided to this exec plugin. IfAvailableExecInteractiveMode ExecInteractiveMode = "IfAvailable" // AlwaysExecInteractiveMode declares that this exec plugin requires standard input in order to // run, and therefore the exec plugin will only be run if standard input is available for user // input. If standard input is not available for user input, then the exec plugin will not be run // and an error will be returned by the exec plugin runner. AlwaysExecInteractiveMode ExecInteractiveMode = "Always" )
type Preferences ¶
type Preferences struct {
// +optional
Colors bool `json:"colors,omitempty"`
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
}
IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
func NewPreferences ¶
func NewPreferences() *Preferences
NewPreferences is a convenience function that returns a new Preferences object with non-nil maps
func (*Preferences) DeepCopy ¶
func (in *Preferences) DeepCopy() *Preferences
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Preferences.
func (*Preferences) DeepCopyInto ¶
func (in *Preferences) DeepCopyInto(out *Preferences)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.