package bootstrap

import "k8s.io/kubernetes/pkg/controller/bootstrap"

Package bootstrap provides automatic processes necessary for bootstraping. This includes managing and expiring tokens along with signing well known configmaps with those tokens.

Index ¶

• func DetachedTokenIsValid(detachedToken, content, tokenID, tokenSecret string) bool
• type BootstrapSigner
• func NewBootstrapSigner(cl clientset.Interface, secrets informers.SecretInformer, configMaps informers.ConfigMapInformer, options BootstrapSignerOptions) (*BootstrapSigner, error)
• func (e *BootstrapSigner) Run(stopCh <-chan struct{})
• type BootstrapSignerOptions
• func DefaultBootstrapSignerOptions() BootstrapSignerOptions
• type TokenCleaner
• func NewTokenCleaner(cl clientset.Interface, secrets coreinformers.SecretInformer, options TokenCleanerOptions) (*TokenCleaner, error)
• func (tc *TokenCleaner) Run(stopCh <-chan struct{})
• type TokenCleanerOptions
• func DefaultTokenCleanerOptions() TokenCleanerOptions

Functions ¶

func DetachedTokenIsValid ¶

func DetachedTokenIsValid(detachedToken, content, tokenID, tokenSecret string) bool

DetachedTokenIsValid checks whether a given detached JWS-encoded token matches JWS output of the given content and token

Types ¶

type BootstrapSigner ¶

type BootstrapSigner struct {
	// contains filtered or unexported fields
}

BootstrapSigner is a controller that signs a ConfigMap with a set of tokens.

func NewBootstrapSigner ¶

func NewBootstrapSigner(cl clientset.Interface, secrets informers.SecretInformer, configMaps informers.ConfigMapInformer, options BootstrapSignerOptions) (*BootstrapSigner, error)

NewBootstrapSigner returns a new *BootstrapSigner.

func (*BootstrapSigner) Run ¶

func (e *BootstrapSigner) Run(stopCh <-chan struct{})

Run runs controller loops and returns when they are done

type BootstrapSignerOptions ¶

type BootstrapSignerOptions struct {
	// ConfigMapNamespace is the namespace of the ConfigMap
	ConfigMapNamespace string

	// ConfigMapName is the name for the ConfigMap
	ConfigMapName string

	// TokenSecretNamespace string is the namespace for token Secrets.
	TokenSecretNamespace string

	// ConfigMapResynce is the time.Duration at which to fully re-list configmaps.
	// If zero, re-list will be delayed as long as possible
	ConfigMapResync time.Duration

	// SecretResync is the time.Duration at which to fully re-list secrets.
	// If zero, re-list will be delayed as long as possible
	SecretResync time.Duration
}

BootstrapSignerOptions contains options for the BootstrapSigner

func DefaultBootstrapSignerOptions ¶

func DefaultBootstrapSignerOptions() BootstrapSignerOptions

DefaultBootstrapSignerOptions returns a set of default options for creating a BootstrapSigner

type TokenCleaner ¶

type TokenCleaner struct {
	// contains filtered or unexported fields
}

TokenCleaner is a controller that deletes expired tokens

func NewTokenCleaner ¶

func NewTokenCleaner(cl clientset.Interface, secrets coreinformers.SecretInformer, options TokenCleanerOptions) (*TokenCleaner, error)

NewTokenCleaner returns a new *NewTokenCleaner.

func (*TokenCleaner) Run ¶

func (tc *TokenCleaner) Run(stopCh <-chan struct{})

Run runs controller loops and returns when they are done

type TokenCleanerOptions ¶

type TokenCleanerOptions struct {
	// TokenSecretNamespace string is the namespace for token Secrets.
	TokenSecretNamespace string

	// SecretResync is the time.Duration at which to fully re-list secrets.
	// If zero, re-list will be delayed as long as possible
	SecretResync time.Duration
}

TokenCleanerOptions contains options for the TokenCleaner

func DefaultTokenCleanerOptions ¶

func DefaultTokenCleanerOptions() TokenCleanerOptions

DefaultTokenCleanerOptions returns a set of default options for creating a TokenCleaner

Source Files ¶

bootstrapsigner.go doc.go jws.go tokencleaner.go util.go