kubernetesk8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy Index | Files

package bootstrappolicy

import "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"

Index

Variables

var (
	ReadWrite = []string{"get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"}
	Read      = []string{"get", "list", "watch"}

	Label      = map[string]string{"kubernetes.io/bootstrapping": "rbac-defaults"}
	Annotation = map[string]string{rbac.AutoUpdateAnnotationKey: "true"}
)
var OmitNodesGroupBinding = ClusterRoleBindingFilter(func(binding *rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding {
	if binding.RoleRef.Name == systemNodeRoleName {
		subjects := []rbac.Subject{}
		for _, subject := range binding.Subjects {
			if subject.Kind == rbac.GroupKind && subject.Name == user.NodesGroup {
				continue
			}
			subjects = append(subjects, subject)
		}
		binding.Subjects = subjects
	}
	return binding
})

OmitNodesGroupBinding is a filter that omits the deprecated binding for the system:nodes group to the system:node role.

Functions

func AddClusterRoleBindingFilter

func AddClusterRoleBindingFilter(filter ClusterRoleBindingFilter)

AddClusterRoleBindingFilter adds the given filter to the list that is invoked when determing bootstrap roles to reconcile.

func ClearClusterRoleBindingFilters

func ClearClusterRoleBindingFilters()

ClearClusterRoleBindingFilters removes any filters added using AddClusterRoleBindingFilter

func ClusterRoleBindings

func ClusterRoleBindings() []rbac.ClusterRoleBinding

ClusterRoleBindings return default rolebindings to the default roles

func ClusterRoles

func ClusterRoles() []rbac.ClusterRole

ClusterRoles returns the cluster roles to bootstrap an API server with

func ControllerRoleBindings

func ControllerRoleBindings() []rbac.ClusterRoleBinding

ControllerRoleBindings returns the role bindings used by controllers

func ControllerRoles

func ControllerRoles() []rbac.ClusterRole

ControllerRoles returns the cluster roles used by controllers

func NamespaceRoleBindings

func NamespaceRoleBindings() map[string][]rbac.RoleBinding

NamespaceRoleBindings returns a map of namespace to slice of roles to create

func NamespaceRoles

func NamespaceRoles() map[string][]rbac.Role

NamespaceRoles returns a map of namespace to slice of roles to create

func NodeRules

func NodeRules() []rbac.PolicyRule

Types

type ClusterRoleBindingFilter

type ClusterRoleBindingFilter func(*rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding

ClusterRoleBindingFilter can modify and return or omit (by returning nil) a role binding

Source Files

controller_policy.go namespace_policy.go policy.go

Version
v1.7.4
Published
Aug 17, 2017
Platform
linux/amd64
Imports
7 packages
Last checked
3 minutes ago

Tools for package owners.