Documentation
¶
Index ¶
- Constants
- Variables
- func ClusterToSecret(c Cluster) (*apiv1.Secret, error)
- func CreateServiceAccount(clientset kubernetes.Interface, serviceAccountName string, namespace string) error
- func GetClusterSecret(clientset kubernetes.Interface, name string) (*apiv1.Secret, error)
- func GetServiceAccountBearerToken(clientset kubernetes.Interface, ns string, sa string) (string, error)
- func InstallClusterManagerRBAC(clientset kubernetes.Interface, ns string, namespaces []string) (string, error)
- type Cluster
- type ClusterConfig
- type TLSClientConfig
Constants ¶
View Source
const ( ArgoManagerServiceAccount = "argo-manager" ArgoManagerClusterRole = "argo-manager-role" ArgoManagerClusterRoleBinding = "argo-manager-role-binding" )
ArgoManagerServiceAccount is the name of the service account for managing a cluster
Variables ¶
View Source
var ArgoManagerClusterPolicyRules = []rbacv1.PolicyRule{ { APIGroups: []string{"*"}, Resources: []string{"*"}, Verbs: []string{"*"}, }, { NonResourceURLs: []string{"*"}, Verbs: []string{"*"}, }, }
ArgoManagerPolicyRules are the policies to give argo-manager
View Source
var ArgoManagerNamespacePolicyRules = []rbacv1.PolicyRule{ { APIGroups: []string{"*"}, Resources: []string{"*"}, Verbs: []string{"*"}, }, }
ArgoManagerNamespacePolicyRules are the namespace level policies to give argo-manager
Functions ¶
func CreateServiceAccount ¶
func CreateServiceAccount( clientset kubernetes.Interface, serviceAccountName string, namespace string, ) error
CreateServiceAccount creates a service account in a given namespace
func GetClusterSecret ¶
func GetServiceAccountBearerToken ¶
func GetServiceAccountBearerToken(clientset kubernetes.Interface, ns string, sa string) (string, error)
GetServiceAccountBearerToken will attempt to get the provided service account until it exists, iterate the secrets associated with it looking for one of type kubernetes.io/service-account-token, and return it's token if found.
func InstallClusterManagerRBAC ¶
func InstallClusterManagerRBAC(clientset kubernetes.Interface, ns string, namespaces []string) (string, error)
InstallClusterManagerRBAC installs RBAC resources for a cluster manager to operate a cluster. Returns a token
Types ¶
type Cluster ¶
type Cluster struct {
// ID is an internal field cluster identifier. Not exposed via API.
ID string `json:"-"`
// Server is the API server URL of the Kubernetes cluster
Server string `json:"server" protobuf:"bytes,1,opt,name=server"`
// Name of the cluster. If omitted, will use the server address
Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
// Config holds cluster information for connecting to a cluster
Config ClusterConfig `json:"config" protobuf:"bytes,3,opt,name=config"`
}
func NewCluster ¶
func (*Cluster) RESTConfig ¶
type ClusterConfig ¶
type ClusterConfig struct {
// Server requires Basic authentication
Username string `json:"username,omitempty" protobuf:"bytes,1,opt,name=username"`
Password string `json:"password,omitempty" protobuf:"bytes,2,opt,name=password"`
// Server requires Bearer authentication. This client will not attempt to use
// refresh tokens for an OAuth2 flow.
// TODO: demonstrate an OAuth2 compatible client.
BearerToken string `json:"bearerToken,omitempty" protobuf:"bytes,3,opt,name=bearerToken"`
// TLSClientConfig contains settings to enable transport layer security
TLSClientConfig `json:"tlsClientConfig" protobuf:"bytes,4,opt,name=tlsClientConfig"`
}
ClusterConfig is the configuration attributes. This structure is subset of the go-client rest.Config with annotations added for marshalling.
type TLSClientConfig ¶
type TLSClientConfig struct {
// Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.
Insecure bool `json:"insecure" protobuf:"bytes,1,opt,name=insecure"`
// ServerName is passed to the server for SNI and is used in the client to check server
// certificates against. If ServerName is empty, the hostname used to contact the
// server is used.
ServerName string `json:"serverName,omitempty" protobuf:"bytes,2,opt,name=serverName"`
// CertData holds PEM-encoded bytes (typically read from a client certificate file).
// CertData takes precedence over CertFile
CertData []byte `json:"certData,omitempty" protobuf:"bytes,3,opt,name=certData"`
// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
// KeyData takes precedence over KeyFile
KeyData []byte `json:"keyData,omitempty" protobuf:"bytes,4,opt,name=keyData"`
// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
// CAData takes precedence over CAFile
CAData []byte `json:"caData,omitempty" protobuf:"bytes,5,opt,name=caData"`
}
TLSClientConfig contains settings to enable transport layer security
Source Files
Click to show internal directories.
Click to hide internal directories.