Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsValidServiceAccountKeyFile ¶
IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
Types ¶
type Config ¶
type Config struct {
Anonymous bool
BasicAuthFile string
BootstrapToken bool
TokenAuthFile string
OIDCIssuerURL string
OIDCClientID string
OIDCCAFile string
OIDCUsernameClaim string
OIDCUsernamePrefix string
OIDCGroupsClaim string
OIDCGroupsPrefix string
OIDCSigningAlgs []string
OIDCRequiredClaims map[string]string
ServiceAccountKeyFiles []string
ServiceAccountLookup bool
ServiceAccountIssuer string
APIAudiences authenticator.Audiences
WebhookTokenAuthnConfigFile string
WebhookTokenAuthnVersion string
WebhookTokenAuthnCacheTTL time.Duration
TokenSuccessCacheTTL time.Duration
TokenFailureCacheTTL time.Duration
RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig
// TODO, this is the only non-serializable part of the entire config. Factor it out into a clientconfig
ServiceAccountTokenGetter serviceaccount.ServiceAccountTokenGetter
BootstrapTokenAuthenticator authenticator.Token
// ClientCAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users.
// Generally this is the CA bundle file used to authenticate client certificates
// If this value is nil, then mutual TLS is disabled.
ClientCAContentProvider dynamiccertificates.CAContentProvider
// Optional field, custom dial function used to connect to webhook
CustomDial utilnet.DialFunc
}
Config contains the data on how to authenticate a request to the Kube API Server
func (Config) New ¶
func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error)
New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.
Source Files
Click to show internal directories.
Click to hide internal directories.