kubernetes: k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node Index | Files

package node

import "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"

Index

Package Files

tlsbootstrap.go token.go

Constants

const (
    // NodeBootstrapperClusterRoleName defines the name of the auto-bootstrapped ClusterRole for letting someone post a CSR
    // TODO: This value should be defined in an other, generic authz package instead of here
    NodeBootstrapperClusterRoleName = "system:node-bootstrapper"
    // NodeKubeletBootstrap defines the name of the ClusterRoleBinding that lets kubelets post CSRs
    NodeKubeletBootstrap = "kubeadm:kubelet-bootstrap"

    // CSRAutoApprovalClusterRoleName defines the name of the auto-bootstrapped ClusterRole for making the csrapprover controller auto-approve the CSR
    // TODO: This value should be defined in an other, generic authz package instead of here
    // Starting from v1.8, CSRAutoApprovalClusterRoleName is automatically created by the API server on startup
    CSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:nodeclient"
    // NodeSelfCSRAutoApprovalClusterRoleName is a role defined in default 1.8 RBAC policies for automatic CSR approvals for automatically rotated node certificates
    NodeSelfCSRAutoApprovalClusterRoleName = "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient"
    // NodeAutoApproveBootstrapClusterRoleBinding defines the name of the ClusterRoleBinding that makes the csrapprover approve node CSRs
    NodeAutoApproveBootstrapClusterRoleBinding = "kubeadm:node-autoapprove-bootstrap"
    // NodeAutoApproveCertificateRotationClusterRoleBinding defines name of the ClusterRoleBinding that makes the csrapprover approve node auto rotated CSRs
    NodeAutoApproveCertificateRotationClusterRoleBinding = "kubeadm:node-autoapprove-certificate-rotation"
)

func AllowBootstrapTokensToPostCSRs Uses

func AllowBootstrapTokensToPostCSRs(client clientset.Interface) error

AllowBootstrapTokensToPostCSRs creates RBAC rules in a way the makes Node Bootstrap Tokens able to post CSRs

func AutoApproveNodeBootstrapTokens Uses

func AutoApproveNodeBootstrapTokens(client clientset.Interface) error

AutoApproveNodeBootstrapTokens creates RBAC rules in a way that makes Node Bootstrap Tokens' CSR auto-approved by the csrapprover controller

func AutoApproveNodeCertificateRotation Uses

func AutoApproveNodeCertificateRotation(client clientset.Interface) error

AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller

func CreateNewTokens Uses

func CreateNewTokens(client clientset.Interface, tokens []kubeadmapi.BootstrapToken) error

CreateNewTokens tries to create a token and fails if one with the same ID already exists

func UpdateOrCreateTokens Uses

func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, tokens []kubeadmapi.BootstrapToken) error

UpdateOrCreateTokens attempts to update a token with the given ID, or create if it does not already exist.

Package node imports 9 packages (graph) and is imported by 17 packages. Updated 2019-01-27. Refresh now. Tools for package owners.