Documentation

Overview

Package bootstrap provides automatic processes necessary for bootstraping. This includes managing and expiring tokens along with signing well known configmaps with those tokens.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DetachedTokenIsValid

func DetachedTokenIsValid(detachedToken, content, tokenID, tokenSecret string) bool

DetachedTokenIsValid checks whether a given detached JWS-encoded token matches JWS output of the given content and token

Types

type BootstrapSigner

type BootstrapSigner struct {
	// contains filtered or unexported fields
}

BootstrapSigner is a controller that signs a ConfigMap with a set of tokens.

func NewBootstrapSigner

NewBootstrapSigner returns a new *BootstrapSigner.

func (*BootstrapSigner) Run

func (e *BootstrapSigner) Run(stopCh <-chan struct{})

Run runs controller loops and returns when they are done

type BootstrapSignerOptions

type BootstrapSignerOptions struct {
	// ConfigMapNamespace is the namespace of the ConfigMap
	ConfigMapNamespace string

	// ConfigMapName is the name for the ConfigMap
	ConfigMapName string

	// TokenSecretNamespace string is the namespace for token Secrets.
	TokenSecretNamespace string

	// ConfigMapResynce is the time.Duration at which to fully re-list configmaps.
	// If zero, re-list will be delayed as long as possible
	ConfigMapResync time.Duration

	// SecretResync is the time.Duration at which to fully re-list secrets.
	// If zero, re-list will be delayed as long as possible
	SecretResync time.Duration
}

BootstrapSignerOptions contains options for the BootstrapSigner

func DefaultBootstrapSignerOptions

func DefaultBootstrapSignerOptions() BootstrapSignerOptions

DefaultBootstrapSignerOptions returns a set of default options for creating a BootstrapSigner

type TokenCleaner

type TokenCleaner struct {
	// contains filtered or unexported fields
}

TokenCleaner is a controller that deletes expired tokens

func NewTokenCleaner

func NewTokenCleaner(cl clientset.Interface, secrets coreinformers.SecretInformer, options TokenCleanerOptions) (*TokenCleaner, error)

NewTokenCleaner returns a new *NewTokenCleaner.

func (*TokenCleaner) Run

func (tc *TokenCleaner) Run(stopCh <-chan struct{})

Run runs controller loops and returns when they are done

type TokenCleanerOptions

type TokenCleanerOptions struct {
	// TokenSecretNamespace string is the namespace for token Secrets.
	TokenSecretNamespace string

	// SecretResync is the time.Duration at which to fully re-list secrets.
	// If zero, re-list will be delayed as long as possible
	SecretResync time.Duration
}

TokenCleanerOptions contains options for the TokenCleaner

func DefaultTokenCleanerOptions

func DefaultTokenCleanerOptions() TokenCleanerOptions

DefaultTokenCleanerOptions returns a set of default options for creating a TokenCleaner