package node
import "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
Index ¶
- Constants
- func AllowBoostrapTokensToGetNodes(client clientset.Interface) error
- func AllowBootstrapTokensToPostCSRs(client clientset.Interface) error
- func AutoApproveNodeBootstrapTokens(client clientset.Interface) error
- func AutoApproveNodeCertificateRotation(client clientset.Interface) error
- func CreateNewTokens(client clientset.Interface, tokens []bootstraptokenv1.BootstrapToken) error
- func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, tokens []bootstraptokenv1.BootstrapToken) error
Constants ¶
const ( // NodeBootstrapperClusterRoleName defines the name of the auto-bootstrapped ClusterRole for letting someone post a CSR // TODO: This value should be defined in an other, generic authz package instead of here NodeBootstrapperClusterRoleName = "system:node-bootstrapper" // NodeKubeletBootstrap defines the name of the ClusterRoleBinding that lets kubelets post CSRs NodeKubeletBootstrap = "kubeadm:kubelet-bootstrap" // GetNodesClusterRoleName defines the name of the ClusterRole and ClusterRoleBinding to get nodes GetNodesClusterRoleName = "kubeadm:get-nodes" // CSRAutoApprovalClusterRoleName defines the name of the auto-bootstrapped ClusterRole for making the csrapprover controller auto-approve the CSR // TODO: This value should be defined in an other, generic authz package instead of here // Starting from v1.8, CSRAutoApprovalClusterRoleName is automatically created by the API server on startup CSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:nodeclient" // NodeSelfCSRAutoApprovalClusterRoleName is a role defined in default 1.8 RBAC policies for automatic CSR approvals for automatically rotated node certificates NodeSelfCSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient" // NodeAutoApproveBootstrapClusterRoleBinding defines the name of the ClusterRoleBinding that makes the csrapprover approve node CSRs NodeAutoApproveBootstrapClusterRoleBinding = "kubeadm:node-autoapprove-bootstrap" // NodeAutoApproveCertificateRotationClusterRoleBinding defines name of the ClusterRoleBinding that makes the csrapprover approve node auto rotated CSRs NodeAutoApproveCertificateRotationClusterRoleBinding = "kubeadm:node-autoapprove-certificate-rotation" )
Functions ¶
func AllowBoostrapTokensToGetNodes ¶
AllowBoostrapTokensToGetNodes creates RBAC rules to allow Node Bootstrap Tokens to list nodes
func AllowBootstrapTokensToPostCSRs ¶
AllowBootstrapTokensToPostCSRs creates RBAC rules in a way the makes Node Bootstrap Tokens able to post CSRs
func AutoApproveNodeBootstrapTokens ¶
AutoApproveNodeBootstrapTokens creates RBAC rules in a way that makes Node Bootstrap Tokens' CSR auto-approved by the csrapprover controller
func AutoApproveNodeCertificateRotation ¶
AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller
func CreateNewTokens ¶
func CreateNewTokens(client clientset.Interface, tokens []bootstraptokenv1.BootstrapToken) error
CreateNewTokens tries to create a token and fails if one with the same ID already exists
func UpdateOrCreateTokens ¶
func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, tokens []bootstraptokenv1.BootstrapToken) error
UpdateOrCreateTokens attempts to update a token with the given ID, or create if it does not already exist.
Source Files ¶
tlsbootstrap.go token.go
- Version
- v1.22.0
- Published
- Aug 4, 2021
- Platform
- linux/amd64
- Imports
- 10 packages
- Last checked
- 2 minutes ago –
Tools for package owners.