Documentation
¶
Overview ¶
Package kubeconfig manages teleport entries in a local kubeconfig file.
Index ¶
- func ContextName(teleportCluster, kubeCluster string) string
- func KubeClusterFromContext(contextName, teleportCluster string) string
- func Load(path string) (*clientcmdapi.Config, error)
- func PathFromEnv() string
- func Remove(path, name string) error
- func Save(path string, config clientcmdapi.Config) error
- func SelectContext(teleportCluster, kubeCluster string) error
- func Update(path string, v Values, storeAllCAs bool) error
- type ExecValues
- type Values
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ContextName ¶
ContextName returns a kubeconfig context name generated by this package.
func KubeClusterFromContext ¶
KubeClusterFromContext extracts the kubernetes cluster name from context name generated by this package.
func Load ¶
func Load(path string) (*clientcmdapi.Config, error)
Load tries to read a kubeconfig file and if it can't, returns an error. One exception, missing files result in empty configs, not an error.
func PathFromEnv ¶
func PathFromEnv() string
PathFromEnv extracts location of kubeconfig from the environment.
func Remove ¶
Remove removes Teleport configuration from kubeconfig.
If `path` is empty, Remove will try to guess it based on the environment or known defaults.
func Save ¶
func Save(path string, config clientcmdapi.Config) error
Save saves updated config to location specified by environment variable or default location
func SelectContext ¶
SelectContext switches the active kubeconfig context to point to the provided kubeCluster in teleportCluster.
Types ¶
type ExecValues ¶
type ExecValues struct {
// TshBinaryPath is a path to the tsh binary for use as exec plugin.
TshBinaryPath string
// TshBinaryInsecure defines whether to set the --insecure flag in the tsh
// exec plugin arguments. This is used when the proxy doesn't have a
// trusted TLS cert during login.
TshBinaryInsecure bool
// Env is a map of environment variables to forward.
Env map[string]string
}
ExecValues contain values for configuring tsh as an exec auth plugin in kubeconfig.
type Values ¶
type Values struct {
// TeleportClusterName is used to name kubeconfig sections ("context", "cluster" and
// "user"). Should match Teleport cluster name.
TeleportClusterName string
// ClusterAddr is the public address the Kubernetes client will talk to,
// usually a proxy.
ClusterAddr string
// Credentials are user credentials to use for authentication the
// ClusterAddr. Only TLS fields (key/cert/CA) from Credentials are used.
Credentials *client.Key
// Exec contains optional values to use, when configuring tsh as an exec
// auth plugin in kubeconfig.
//
// If not set, static key/cert from Credentials are written to kubeconfig
// instead.
Exec *ExecValues
// ProxyAddr is the host:port address provided when running tsh kube login.
// This value is empty if a proxy was not specified.
ProxyAddr string
// TLSServerName is SNI host value passed to the server.
TLSServerName string
// Impersonate allows to define the default impersonated user.
// Must be a subset of kubernetes_users or the Teleport username
// otherwise Teleport will deny the request.
Impersonate string
// ImpersonateGroups allows to define the default values for impersonated groups.
// Must be a subset of kubernetes_groups otherwise Teleport will deny
// the request.
ImpersonateGroups []string
// Namespace allows to define the default namespace value.
Namespace string
// KubeClusters is a list of kubernetes clusters to generate contexts for.
KubeClusters []string
// SelectCluster is the name of the kubernetes cluster to set in
// current-context.
SelectCluster string
}
Values are Teleport user data needed to generate kubeconfig entries.
Source Files