const (
// DefaultTokenDuration specifies the default amount of time that a bootstrap token will be valid
// Default behaviour is 24 hours
DefaultTokenDuration = 24 * time.Hour
)
var (
// DefaultTokenUsages specifies the default functions a token will get
DefaultTokenUsages = bootstrapapi.KnownTokenUsages
// DefaultTokenGroups specifies the default groups that this token will authenticate as when used for authentication
DefaultTokenGroups = []string{"system:bootstrappers:kubeadm:default-node-token"}
)
func BootstrapTokenToSecret(bt *BootstrapToken) *v1.Secret
BootstrapTokenToSecret converts the given BootstrapToken object to its Secret representation that may be submitted to the API Server in order to be stored.
func SetDefaults_BootstrapToken(bt *BootstrapToken)
SetDefaults_BootstrapToken sets the defaults for an individual Bootstrap Token
BootstrapToken describes one bootstrap token, stored as a Secret in the cluster +k8s:deepcopy-gen=true
type BootstrapToken struct {
// Token is used for establishing bidirectional trust between nodes and control-planes.
// Used for joining nodes in the cluster.
Token *BootstrapTokenString `json:"token" datapolicy:"token"`
// Description sets a human-friendly message why this token exists and what it's used
// for, so other administrators can know its purpose.
// +optional
Description string `json:"description,omitempty"`
// TTL defines the time to live for this token. Defaults to 24h.
// Expires and TTL are mutually exclusive.
// +optional
TTL *metav1.Duration `json:"ttl,omitempty"`
// Expires specifies the timestamp when this token expires. Defaults to being set
// dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
// +optional
Expires *metav1.Time `json:"expires,omitempty"`
// Usages describes the ways in which this token can be used. Can by default be used
// for establishing bidirectional trust, but that can be changed here.
// +optional
Usages []string `json:"usages,omitempty"`
// Groups specifies the extra groups that this token will authenticate as when/if
// used for authentication
// +optional
Groups []string `json:"groups,omitempty"`
}
func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error)
BootstrapTokenFromSecret returns a BootstrapToken object from the given Secret
func (in *BootstrapToken) DeepCopy() *BootstrapToken
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapToken.
func (in *BootstrapToken) DeepCopyInto(out *BootstrapToken)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived
type BootstrapTokenString struct {
ID string `json:"-"`
Secret string `json:"-" datapolicy:"token"`
}
func NewBootstrapTokenString(token string) (*BootstrapTokenString, error)
NewBootstrapTokenString converts the given Bootstrap Token as a string to the BootstrapTokenString object used for serialization/deserialization and internal usage. It also automatically validates that the given token is of the right format
func NewBootstrapTokenStringFromIDAndSecret(id, secret string) (*BootstrapTokenString, error)
NewBootstrapTokenStringFromIDAndSecret is a wrapper around NewBootstrapTokenString that allows the caller to specify the ID and Secret separately
func (bts BootstrapTokenString) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (bts BootstrapTokenString) String() string
String returns the string representation of the BootstrapTokenString
func (bts *BootstrapTokenString) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaller interface.