package bootstrappolicy
import "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
Index ¶
- Variables
- func AddClusterRoleBindingFilter(filter ClusterRoleBindingFilter)
- func ClearClusterRoleBindingFilters()
- func ClusterRoleBindings() []rbac.ClusterRoleBinding
- func ClusterRoles() []rbac.ClusterRole
- func ControllerRoleBindings() []rbac.ClusterRoleBinding
- func ControllerRoles() []rbac.ClusterRole
- func NamespaceRoleBindings() map[string][]rbac.RoleBinding
- func NamespaceRoles() map[string][]rbac.Role
- func NodeRules() []rbac.PolicyRule
- type ClusterRoleBindingFilter
Variables ¶
var ( ReadWrite = []string{"get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"} Read = []string{"get", "list", "watch"} Label = map[string]string{"kubernetes.io/bootstrapping": "rbac-defaults"} Annotation = map[string]string{rbac.AutoUpdateAnnotationKey: "true"} )
var OmitNodesGroupBinding = ClusterRoleBindingFilter(func(binding *rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding { if binding.RoleRef.Name == systemNodeRoleName { subjects := []rbac.Subject{} for _, subject := range binding.Subjects { if subject.Kind == rbac.GroupKind && subject.Name == user.NodesGroup { continue } subjects = append(subjects, subject) } binding.Subjects = subjects } return binding })
OmitNodesGroupBinding is a filter that omits the deprecated binding for the system:nodes group to the system:node role.
Functions ¶
func AddClusterRoleBindingFilter ¶
func AddClusterRoleBindingFilter(filter ClusterRoleBindingFilter)
AddClusterRoleBindingFilter adds the given filter to the list that is invoked when determing bootstrap roles to reconcile.
func ClearClusterRoleBindingFilters ¶
func ClearClusterRoleBindingFilters()
ClearClusterRoleBindingFilters removes any filters added using AddClusterRoleBindingFilter
func ClusterRoleBindings ¶
func ClusterRoleBindings() []rbac.ClusterRoleBinding
ClusterRoleBindings return default rolebindings to the default roles
func ClusterRoles ¶
func ClusterRoles() []rbac.ClusterRole
ClusterRoles returns the cluster roles to bootstrap an API server with
func ControllerRoleBindings ¶
func ControllerRoleBindings() []rbac.ClusterRoleBinding
ControllerRoleBindings returns the role bindings used by controllers
func ControllerRoles ¶
func ControllerRoles() []rbac.ClusterRole
ControllerRoles returns the cluster roles used by controllers
func NamespaceRoleBindings ¶
func NamespaceRoleBindings() map[string][]rbac.RoleBinding
NamespaceRoleBindings returns a map of namespace to slice of roles to create
func NamespaceRoles ¶
NamespaceRoles returns a map of namespace to slice of roles to create
func NodeRules ¶
func NodeRules() []rbac.PolicyRule
Types ¶
type ClusterRoleBindingFilter ¶
type ClusterRoleBindingFilter func(*rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding
ClusterRoleBindingFilter can modify and return or omit (by returning nil) a role binding
Source Files ¶
controller_policy.go namespace_policy.go policy.go
- Version
- v1.7.4
- Published
- Aug 17, 2017
- Platform
- linux/amd64
- Imports
- 7 packages
- Last checked
- 3 minutes ago –
Tools for package owners.