GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

v1

package

v1.30.5 Latest Latest Go to latest Published: Sep 12, 2024 License: Apache-2.0 Imports: 10 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func BootstrapTokenToSecret(bt *BootstrapToken) *v1.Secret
func SetDefaults_BootstrapToken(bt *BootstrapToken)
type BootstrapToken
- func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error)
- func (in *BootstrapToken) DeepCopy() *BootstrapToken
- func (in *BootstrapToken) DeepCopyInto(out *BootstrapToken)
type BootstrapTokenString
- func NewBootstrapTokenString(token string) (*BootstrapTokenString, error)
- func NewBootstrapTokenStringFromIDAndSecret(id, secret string) (*BootstrapTokenString, error)

Constants ¶

View Source

const (
	// DefaultTokenDuration specifies the default amount of time that a bootstrap token will be valid
	// Default behaviour is 24 hours
	DefaultTokenDuration = 24 * time.Hour
)

Variables ¶

View Source

var (
	// DefaultTokenUsages specifies the default functions a token will get
	DefaultTokenUsages = bootstrapapi.KnownTokenUsages

	// DefaultTokenGroups specifies the default groups that this token will authenticate as when used for authentication
	DefaultTokenGroups = []string{"system:bootstrappers:kubeadm:default-node-token"}
)

Functions ¶

func BootstrapTokenToSecret ¶

func BootstrapTokenToSecret(bt *BootstrapToken) *v1.Secret

BootstrapTokenToSecret converts the given BootstrapToken object to its Secret representation that may be submitted to the API Server in order to be stored.

func SetDefaults_BootstrapToken ¶ added in v1.28.0

func SetDefaults_BootstrapToken(bt *BootstrapToken)

SetDefaults_BootstrapToken sets the defaults for an individual Bootstrap Token

Types ¶

type BootstrapToken ¶

type BootstrapToken struct {
	// Token is used for establishing bidirectional trust between nodes and control-planes.
	// Used for joining nodes in the cluster.
	Token *BootstrapTokenString `json:"token" datapolicy:"token"`
	// Description sets a human-friendly message why this token exists and what it's used
	// for, so other administrators can know its purpose.
	// +optional
	Description string `json:"description,omitempty"`
	// TTL defines the time to live for this token. Defaults to 24h.
	// Expires and TTL are mutually exclusive.
	// +optional
	TTL *metav1.Duration `json:"ttl,omitempty"`
	// Expires specifies the timestamp when this token expires. Defaults to being set
	// dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
	// +optional
	Expires *metav1.Time `json:"expires,omitempty"`
	// Usages describes the ways in which this token can be used. Can by default be used
	// for establishing bidirectional trust, but that can be changed here.
	// +optional
	Usages []string `json:"usages,omitempty"`
	// Groups specifies the extra groups that this token will authenticate as when/if
	// used for authentication
	// +optional
	Groups []string `json:"groups,omitempty"`
}

BootstrapToken describes one bootstrap token, stored as a Secret in the cluster +k8s:deepcopy-gen=true

func BootstrapTokenFromSecret ¶

func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error)

BootstrapTokenFromSecret returns a BootstrapToken object from the given Secret

func (*BootstrapToken) DeepCopy ¶

func (in *BootstrapToken) DeepCopy() *BootstrapToken

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapToken.

func (*BootstrapToken) DeepCopyInto ¶

func (in *BootstrapToken) DeepCopyInto(out *BootstrapToken)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BootstrapTokenString ¶

type BootstrapTokenString struct {
	ID     string `json:"-"`
	Secret string `json:"-" datapolicy:"token"`
}

BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived

func NewBootstrapTokenString ¶

func NewBootstrapTokenString(token string) (*BootstrapTokenString, error)

NewBootstrapTokenString converts the given Bootstrap Token as a string to the BootstrapTokenString object used for serialization/deserialization and internal usage. It also automatically validates that the given token is of the right format

func NewBootstrapTokenStringFromIDAndSecret ¶

func NewBootstrapTokenStringFromIDAndSecret(id, secret string) (*BootstrapTokenString, error)

NewBootstrapTokenStringFromIDAndSecret is a wrapper around NewBootstrapTokenString that allows the caller to specify the ID and Secret separately

func (BootstrapTokenString) MarshalJSON ¶

func (bts BootstrapTokenString) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (BootstrapTokenString) String ¶

func (bts BootstrapTokenString) String() string

String returns the string representation of the BootstrapTokenString

func (*BootstrapTokenString) UnmarshalJSON ¶

func (bts *BootstrapTokenString) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaller interface.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL