k8s

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2021 License: Apache-2.0 Imports: 7 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AgentID 

func AgentID(pluginName, trustDomain, cluster, uuid string) string

func GetNamesFromTokenStatus 

func GetNamesFromTokenStatus(tokenStatus *authv1.TokenReviewStatus) (string, string, error)

GetNamesFromTokenStatus parses a fully qualified k8s username like: 'system:serviceaccount:spire:spire-agent' from tokenStatus. The string is split and the last two names are returned: namespace and service account name

func GetPodNameFromTokenStatus 

func GetPodNameFromTokenStatus(tokenStatus *authv1.TokenReviewStatus) (string, error)

GetPodNameFromTokenStatus extracts pod name from a tokenReviewStatus type

func GetPodUIDFromTokenStatus 

func GetPodUIDFromTokenStatus(tokenStatus *authv1.TokenReviewStatus) (string, error)

GetPodUIDFromTokenStatus extracts pod UID from a tokenReviewStatus type

func MakeSelectorValue added in v1.0.0 

func MakeSelectorValue(kind string, values ...string) string

Types

type PSATAttestationData 

type PSATAttestationData struct {
	Cluster string `json:"cluster"`
	Token   string `json:"token"`
}

type PSATClaims 

type PSATClaims struct {
	jwt.Claims
	K8s struct {
		Namespace string `json:"namespace"`

		Pod struct {
			Name string `json:"name"`
			UID  string `json:"uid"`
		} `json:"pod"`

		ServiceAccount struct {
			Name string `json:"name"`
			UID  string `json:"uid"`
		} `json:"serviceaccount"`
	} `json:"kubernetes.io"`
}

PSATClaims represents claims in a projected service account token, for example: 

{
	 "aud": [
	   "spire-server"
	 ],
	 "exp": 1550850854,
	 "iat": 1550843654,
	 "iss": "api",
	 "kubernetes.io": {
	   "namespace": "spire",
	   "pod": {
	 	"name": "spire-agent-5d84p",
	 	"uid": "56857f33-36a9-11e9-860c-080027b25557"
	   },
	   "serviceaccount": {
	 	"name": "spire-agent",
	 	"uid": "ca29bd95-36a8-11e9-b8af-080027b25557"
	   }
	 },
	 "nbf": 1550843654,
	 "sub": "system:serviceaccount:spire:spire-agent"
}

type SATAttestationData 

type SATAttestationData struct {
	Cluster string `json:"cluster"`
	Token   string `json:"token"`
}

type SATClaims 

type SATClaims struct {
	jwt.Claims
	Namespace          string `json:"kubernetes.io/serviceaccount/namespace"`
	ServiceAccountName string `json:"kubernetes.io/serviceaccount/service-account.name"`
}

SATClaims represents claims in a service account token, for example: 

{
  "iss": "kubernetes/serviceaccount",
  "kubernetes.io/serviceaccount/namespace": "spire",
  "kubernetes.io/serviceaccount/secret.name": "spire-agent-token-zjr8v",
  "kubernetes.io/serviceaccount/service-account.name": "spire-agent",
  "kubernetes.io/serviceaccount/service-account.uid": "1881e84f-b612-11e8-a543-0800272c6e42",
  "sub": "system:serviceaccount:spire:spire-agent"
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.