kubernetes: k8s.io/kubernetes/pkg/kubeapiserver/authenticator Index | Files

package authenticator

import "k8s.io/kubernetes/pkg/kubeapiserver/authenticator"

Index

Package Files

config.go

func IsValidServiceAccountKeyFile Uses

func IsValidServiceAccountKeyFile(file string) bool

IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file

type Config Uses

type Config struct {
    Anonymous      bool
    BasicAuthFile  string
    BootstrapToken bool

    TokenAuthFile               string
    OIDCIssuerURL               string
    OIDCClientID                string
    OIDCCAFile                  string
    OIDCUsernameClaim           string
    OIDCUsernamePrefix          string
    OIDCGroupsClaim             string
    OIDCGroupsPrefix            string
    OIDCSigningAlgs             []string
    OIDCRequiredClaims          map[string]string
    ServiceAccountKeyFiles      []string
    ServiceAccountLookup        bool
    ServiceAccountIssuer        string
    APIAudiences                authenticator.Audiences
    WebhookTokenAuthnConfigFile string
    WebhookTokenAuthnVersion    string
    WebhookTokenAuthnCacheTTL   time.Duration

    TokenSuccessCacheTTL time.Duration
    TokenFailureCacheTTL time.Duration

    RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig

    // TODO, this is the only non-serializable part of the entire config.  Factor it out into a clientconfig
    ServiceAccountTokenGetter   serviceaccount.ServiceAccountTokenGetter
    BootstrapTokenAuthenticator authenticator.Token
    // ClientCAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users.
    // Generally this is the CA bundle file used to authenticate client certificates
    // If this value is nil, then mutual TLS is disabled.
    ClientCAContentProvider dynamiccertificates.CAContentProvider
}

Config contains the data on how to authenticate a request to the Kube API Server

func (Config) New Uses

func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error)

New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.

Package authenticator imports 24 packages (graph) and is imported by 66 packages. Updated 2019-11-17. Refresh now. Tools for package owners.