kubernetes: k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node Index | Files

package node

import "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"

Index

Package Files

tlsbootstrap.go token.go

Constants

const (
    // NodeBootstrapperClusterRoleName defines the name of the auto-bootstrapped ClusterRole for letting someone post a CSR
    // TODO: This value should be defined in an other, generic authz package instead of here
    NodeBootstrapperClusterRoleName = "system:node-bootstrapper"
    // NodeKubeletBootstrap defines the name of the ClusterRoleBinding that lets kubelets post CSRs
    NodeKubeletBootstrap = "kubeadm:kubelet-bootstrap"
    // GetNodesClusterRoleName defines the name of the ClusterRole and ClusterRoleBinding to get nodes
    GetNodesClusterRoleName = "kubeadm:get-nodes"

    // CSRAutoApprovalClusterRoleName defines the name of the auto-bootstrapped ClusterRole for making the csrapprover controller auto-approve the CSR
    // TODO: This value should be defined in an other, generic authz package instead of here
    // Starting from v1.8, CSRAutoApprovalClusterRoleName is automatically created by the API server on startup
    CSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:nodeclient"
    // NodeSelfCSRAutoApprovalClusterRoleName is a role defined in default 1.8 RBAC policies for automatic CSR approvals for automatically rotated node certificates
    NodeSelfCSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient"
    // NodeAutoApproveBootstrapClusterRoleBinding defines the name of the ClusterRoleBinding that makes the csrapprover approve node CSRs
    NodeAutoApproveBootstrapClusterRoleBinding = "kubeadm:node-autoapprove-bootstrap"
    // NodeAutoApproveCertificateRotationClusterRoleBinding defines name of the ClusterRoleBinding that makes the csrapprover approve node auto rotated CSRs
    NodeAutoApproveCertificateRotationClusterRoleBinding = "kubeadm:node-autoapprove-certificate-rotation"
)

func AllowBoostrapTokensToGetNodes Uses

func AllowBoostrapTokensToGetNodes(client clientset.Interface) error

AllowBoostrapTokensToGetNodes creates RBAC rules to allow Node Bootstrap Tokens to list nodes

func AllowBootstrapTokensToPostCSRs Uses

func AllowBootstrapTokensToPostCSRs(client clientset.Interface) error

AllowBootstrapTokensToPostCSRs creates RBAC rules in a way the makes Node Bootstrap Tokens able to post CSRs

func AutoApproveNodeBootstrapTokens Uses

func AutoApproveNodeBootstrapTokens(client clientset.Interface) error

AutoApproveNodeBootstrapTokens creates RBAC rules in a way that makes Node Bootstrap Tokens' CSR auto-approved by the csrapprover controller

func AutoApproveNodeCertificateRotation Uses

func AutoApproveNodeCertificateRotation(client clientset.Interface) error

AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller

func CreateNewTokens Uses

func CreateNewTokens(client clientset.Interface, tokens []kubeadmapi.BootstrapToken) error

CreateNewTokens tries to create a token and fails if one with the same ID already exists

func UpdateOrCreateTokens Uses

func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, tokens []kubeadmapi.BootstrapToken) error

UpdateOrCreateTokens attempts to update a token with the given ID, or create if it does not already exist.

Package node imports 10 packages (graph) and is imported by 20 packages. Updated 2020-02-23. Refresh now. Tools for package owners.