Documentation ¶
Index ¶
- func GetUsernameAndTenantID(ctx context.Context) (username string, tenantID string)
- func IsAdministrator(ctx context.Context, privilegedUsername string) bool
- func SetupAuthentication(genericAPIServerConfig *genericapiserver.Config, ...) error
- func SetupAuthenticationWithoutAudiences(genericAPIServerConfig *genericapiserver.Config, ...) error
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetUsernameAndTenantID ¶
GetUsernameAndTenantID implementation decomposition in the original kubernetes api server the user name obtained in *Userinfo is the actual username and tenant ID.
func IsAdministrator ¶
IsAdministrator check whether administrator
func SetupAuthentication ¶
func SetupAuthentication(genericAPIServerConfig *genericapiserver.Config, authenticationOpts *options.AuthenticationWithAPIOptions) error
SetupAuthentication config the generic apiserver by authentication options.
func SetupAuthenticationWithoutAudiences ¶
func SetupAuthenticationWithoutAudiences(genericAPIServerConfig *genericapiserver.Config, authenticationOpts *options.AuthenticationOptions, apiAudiences []string) error
SetupAuthenticationWithoutAudiences config the generic apiserver by authentication options.
Types ¶
type Config ¶
type Config struct { ClientCAFile string TokenAuthFile string OIDCIssuerURL string OIDCExternalIssuerURL string OIDCClientID string OIDCCAFile string OIDCUsernameClaim string OIDCUsernamePrefix string OIDCGroupsClaim string OIDCGroupsPrefix string OIDCTenantIDClaim string OIDCTenantIDPrefix string OIDCSigningAlgs []string OIDCRequiredClaims map[string]string APIAudiences authenticator.Audiences TokenSuccessCacheTTL time.Duration TokenFailureCacheTTL time.Duration RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig }
Config contains the data on how to authenticate a request to the Kube API Server
func (Config) New ¶
func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error)
New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.
Click to show internal directories.
Click to hide internal directories.