Documentation ¶
Index ¶
- Constants
- func AllowBoostrapTokensToGetNodes(client clientset.Interface) error
- func AllowBootstrapTokensToPostCSRs(client clientset.Interface) error
- func AutoApproveNodeBootstrapTokens(client clientset.Interface) error
- func AutoApproveNodeCertificateRotation(client clientset.Interface) error
- func CreateNewTokens(client clientset.Interface, tokens []bootstraptokenv1.BootstrapToken) error
- func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, ...) error
Constants ¶
const ( // NodeBootstrapperClusterRoleName defines the name of the auto-bootstrapped ClusterRole for letting someone post a CSR // TODO: This value should be defined in an other, generic authz package instead of here NodeBootstrapperClusterRoleName = "system:node-bootstrapper" // NodeKubeletBootstrap defines the name of the ClusterRoleBinding that lets kubelets post CSRs NodeKubeletBootstrap = "kubeadm:kubelet-bootstrap" // GetNodesClusterRoleName defines the name of the ClusterRole and ClusterRoleBinding to get nodes GetNodesClusterRoleName = "kubeadm:get-nodes" // CSRAutoApprovalClusterRoleName defines the name of the auto-bootstrapped ClusterRole for making the csrapprover controller auto-approve the CSR // TODO: This value should be defined in an other, generic authz package instead of here // Starting from v1.8, CSRAutoApprovalClusterRoleName is automatically created by the API server on startup CSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:nodeclient" // NodeSelfCSRAutoApprovalClusterRoleName is a role defined in default 1.8 RBAC policies for automatic CSR approvals for automatically rotated node certificates NodeSelfCSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient" // NodeAutoApproveBootstrapClusterRoleBinding defines the name of the ClusterRoleBinding that makes the csrapprover approve node CSRs NodeAutoApproveBootstrapClusterRoleBinding = "kubeadm:node-autoapprove-bootstrap" // NodeAutoApproveCertificateRotationClusterRoleBinding defines name of the ClusterRoleBinding that makes the csrapprover approve node auto rotated CSRs NodeAutoApproveCertificateRotationClusterRoleBinding = "kubeadm:node-autoapprove-certificate-rotation" )
Variables ¶
This section is empty.
Functions ¶
func AllowBoostrapTokensToGetNodes ¶ added in v1.18.0
AllowBoostrapTokensToGetNodes creates RBAC rules to allow Node Bootstrap Tokens to list nodes
func AllowBootstrapTokensToPostCSRs ¶
AllowBootstrapTokensToPostCSRs creates RBAC rules in a way the makes Node Bootstrap Tokens able to post CSRs
func AutoApproveNodeBootstrapTokens ¶
AutoApproveNodeBootstrapTokens creates RBAC rules in a way that makes Node Bootstrap Tokens' CSR auto-approved by the csrapprover controller
func AutoApproveNodeCertificateRotation ¶ added in v1.8.1
AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller
func CreateNewTokens ¶ added in v1.11.0
func CreateNewTokens(client clientset.Interface, tokens []bootstraptokenv1.BootstrapToken) error
CreateNewTokens tries to create a token and fails if one with the same ID already exists
func UpdateOrCreateTokens ¶ added in v1.11.0
func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, tokens []bootstraptokenv1.BootstrapToken) error
UpdateOrCreateTokens attempts to update a token with the given ID, or create if it does not already exist.
Types ¶
This section is empty.