bootstrappolicy

package

v1.8.0-alpha.1 Latest Latest Go to latest Published: Jun 19, 2017 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BenTheElder/kubernetes

Documentation ¶

Index ¶

Variables
func AddClusterRoleBindingFilter(filter ClusterRoleBindingFilter)
func ClearClusterRoleBindingFilters()
func ClusterRoleBindings() []rbac.ClusterRoleBinding
func ClusterRoles() []rbac.ClusterRole
func ControllerRoleBindings() []rbac.ClusterRoleBinding
func ControllerRoles() []rbac.ClusterRole
func NamespaceRoleBindings() map[string][]rbac.RoleBinding
func NamespaceRoles() map[string][]rbac.Role
func NodeRules() []rbac.PolicyRule
type ClusterRoleBindingFilter

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ReadWrite = []string{"get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"}
	Read      = []string{"get", "list", "watch"}

	Label      = map[string]string{"kubernetes.io/bootstrapping": "rbac-defaults"}
	Annotation = map[string]string{rbac.AutoUpdateAnnotationKey: "true"}
)

View Source

var OmitNodesGroupBinding = ClusterRoleBindingFilter(func(binding *rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding {
	if binding.RoleRef.Name == systemNodeRoleName {
		subjects := []rbac.Subject{}
		for _, subject := range binding.Subjects {
			if subject.Kind == rbac.GroupKind && subject.Name == user.NodesGroup {
				continue
			}
			subjects = append(subjects, subject)
		}
		binding.Subjects = subjects
	}
	return binding
})

OmitNodesGroupBinding is a filter that omits the deprecated binding for the system:nodes group to the system:node role.

Functions ¶

func AddClusterRoleBindingFilter ¶ added in v1.7.0

func AddClusterRoleBindingFilter(filter ClusterRoleBindingFilter)

AddClusterRoleBindingFilter adds the given filter to the list that is invoked when determing bootstrap roles to reconcile.

func ClearClusterRoleBindingFilters ¶ added in v1.7.0

func ClearClusterRoleBindingFilters()

ClearClusterRoleBindingFilters removes any filters added using AddClusterRoleBindingFilter

func ClusterRoleBindings ¶

func ClusterRoleBindings() []rbac.ClusterRoleBinding

ClusterRoleBindings return default rolebindings to the default roles

func ClusterRoles ¶

func ClusterRoles() []rbac.ClusterRole

ClusterRoles returns the cluster roles to bootstrap an API server with

func ControllerRoleBindings ¶

func ControllerRoleBindings() []rbac.ClusterRoleBinding

ControllerRoleBindings returns the role bindings used by controllers

func ControllerRoles ¶

func ControllerRoles() []rbac.ClusterRole

ControllerRoles returns the cluster roles used by controllers

func NamespaceRoleBindings ¶ added in v1.6.0

func NamespaceRoleBindings() map[string][]rbac.RoleBinding

NamespaceRoleBindings returns a map of namespace to slice of roles to create

func NamespaceRoles ¶ added in v1.6.0

func NamespaceRoles() map[string][]rbac.Role

NamespaceRoles returns a map of namespace to slice of roles to create

func NodeRules ¶ added in v1.7.0

func NodeRules() []rbac.PolicyRule

Types ¶

type ClusterRoleBindingFilter ¶ added in v1.7.0

type ClusterRoleBindingFilter func(*rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding

ClusterRoleBindingFilter can modify and return or omit (by returning nil) a role binding

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL