Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsValidServiceAccountKeyFile ¶
IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
Types ¶
type Config ¶ added in v1.13.0
type Config struct { Anonymous bool BasicAuthFile string BootstrapToken bool TokenAuthFile string OIDCIssuerURL string OIDCClientID string OIDCCAFile string OIDCUsernameClaim string OIDCUsernamePrefix string OIDCGroupsClaim string OIDCGroupsPrefix string OIDCSigningAlgs []string OIDCRequiredClaims map[string]string ServiceAccountKeyFiles []string ServiceAccountLookup bool ServiceAccountIssuer string APIAudiences authenticator.Audiences WebhookTokenAuthnConfigFile string WebhookTokenAuthnCacheTTL time.Duration TokenSuccessCacheTTL time.Duration TokenFailureCacheTTL time.Duration RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig // TODO, this is the only non-serializable part of the entire config. Factor it out into a clientconfig ServiceAccountTokenGetter serviceaccount.ServiceAccountTokenGetter BootstrapTokenAuthenticator authenticator.Token // ClientVerifyOptionFn are the options for verifying incoming connections using mTLS and directly assigning to users. // Generally this is the CA bundle file used to authenticate client certificates // If this value is nil, then mutual TLS is disabled. ClientVerifyOptionFn x509.VerifyOptionFunc }
Config contains the data on how to authenticate a request to the Kube API Server
func (Config) New ¶ added in v1.13.0
func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error)
New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.
Click to show internal directories.
Click to hide internal directories.