Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsValidServiceAccountKeyFile ¶
IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
Types ¶
type Config ¶ added in v1.13.0
type Config struct { // Anonymous holds the effective anonymous config, specified either via config file // (hoisted out of AuthenticationConfig) or via flags (constructed from flag-specified values). Anonymous apiserver.AnonymousAuthConfig BootstrapToken bool TokenAuthFile string AuthenticationConfig *apiserver.AuthenticationConfiguration AuthenticationConfigData string OIDCSigningAlgs []string ServiceAccountLookup bool ServiceAccountIssuers []string APIAudiences authenticator.Audiences WebhookTokenAuthnConfigFile string WebhookTokenAuthnVersion string WebhookTokenAuthnCacheTTL time.Duration // WebhookRetryBackoff specifies the backoff parameters for the authentication webhook retry logic. // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. WebhookRetryBackoff *wait.Backoff TokenSuccessCacheTTL time.Duration TokenFailureCacheTTL time.Duration RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig // ServiceAccountPublicKeysGetter returns public keys for verifying service account tokens. ServiceAccountPublicKeysGetter serviceaccount.PublicKeysGetter // ServiceAccountTokenGetter fetches API objects used to verify bound objects in service account token claims. ServiceAccountTokenGetter serviceaccount.ServiceAccountTokenGetter SecretsWriter typedv1core.SecretsGetter BootstrapTokenAuthenticator authenticator.Token // ClientCAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. // Generally this is the CA bundle file used to authenticate client certificates // If this value is nil, then mutual TLS is disabled. ClientCAContentProvider dynamiccertificates.CAContentProvider // Optional field, custom dial function used to connect to webhook CustomDial utilnet.DialFunc }
Config contains the data on how to authenticate a request to the Kube API Server
func (Config) New ¶ added in v1.13.0
func (config Config) New(serverLifecycle context.Context) (authenticator.Request, func(context.Context, *apiserver.AuthenticationConfiguration) error, *spec.SecurityDefinitions, spec3.SecuritySchemes, error)
New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.
Click to show internal directories.
Click to hide internal directories.