Documentation
¶
Index ¶
Constants ¶
View Source
const (
// Version is the server version
Version = "v0.0.1"
)
Variables ¶
View Source
var (
// CheckRegistration indicates we should validate the node is not regestered
CheckRegistration = "verify-registration"
)
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer interface {
// Admit is responsible for checking if the request is permitted
Authorize(context.Context, *NodeRegistration) error
// Close provides a signal to close of resources
Close() error
// Name returns the name of the authorizer
Name() string
}
Authorizer is the generic means to authorize the incoming node request
type Config ¶
type Config struct {
// AuthorizationTimeout is the max duration for a authorization
AuthorizationTimeout time.Duration
// ClusterTag is the cloud tag key used to identity the cluster
ClusterTag string
// Features is arbitrary feature set for a authorizer
Features []string
// EnableVerbose indicate verbose logging
EnableVerbose bool
// ClientCommonName is the common name on the client certiicate if mutual tls is enabled
ClientCommonName string
// ClusterName is the name of the kubernetes cluster
ClusterName string
// Listen is the interacted to bind to
Listen string
// TokenDuration is the expiration of a bootstrap token
TokenDuration time.Duration
// TLSCertPath is the path to the server TLS certificate
TLSCertPath string
// TLSClientCAPath is the path to a certificate authority
TLSClientCAPath string
// TLSPrivateKeyPath is the path to the private key
TLSPrivateKeyPath string
}
Config is the configuration for the service
func (*Config) UseFeature ¶
UseFeature indicates a feature is in use
type NodeAuthorizer ¶
type NodeAuthorizer struct {
// contains filtered or unexported fields
}
NodeAuthorizer retains the authorizer state
func New ¶
func New(config *Config, authorizer Authorizer) (*NodeAuthorizer, error)
New creates and returns a node authorizer
func (*NodeAuthorizer) Run ¶
func (n *NodeAuthorizer) Run() error
Run is responsible for starting the node authorizer service
type NodeRegistration ¶
type NodeRegistration struct {
// Spec is the request specification
Spec NodeRegistrationSpec
// Status is the result of a admission
Status NodeRegistrationStatus
}
NodeRegistration is an incomming request
func (*NodeRegistration) Deny ¶
func (n *NodeRegistration) Deny(reason string)
Deny marks the request as denied and adds the reason why
func (*NodeRegistration) IsAllowed ¶
func (n *NodeRegistration) IsAllowed() bool
IsAllowed checks if the request if allowed
type NodeRegistrationSpec ¶
type NodeRegistrationSpec struct {
// NodeName is the name of the node
NodeName string
// RemoteAddr is the address of the requester
RemoteAddr string
// Request is the request body
Request []byte
}
NodeRegistrationSpec is the node request specification
type NodeRegistrationStatus ¶
type NodeRegistrationStatus struct {
// Allowed indicates the request is permitted
Allowed bool
// Token is the bootstrap token
Token string
// Reason is the reason for the error if any
Reason string
}
NodeRegistrationStatus is result of a authorization
Source Files
Click to show internal directories.
Click to hide internal directories.