ClusterAuthenticationInfo holds the information that will included in public configmap.
type ClusterAuthenticationInfo struct {
// ClientCA is the CA that can be used to verify the identity of normal clients
ClientCA dynamiccertificates.CAContentProvider
// RequestHeaderUsernameHeaders are the headers used by this kube-apiserver to determine username
RequestHeaderUsernameHeaders headerrequest.StringSliceProvider
// RequestHeaderGroupHeaders are the headers used by this kube-apiserver to determine groups
RequestHeaderGroupHeaders headerrequest.StringSliceProvider
// RequestHeaderExtraHeaderPrefixes are the headers used by this kube-apiserver to determine user.extra
RequestHeaderExtraHeaderPrefixes headerrequest.StringSliceProvider
// RequestHeaderAllowedNames are the sujbects allowed to act as a front proxy
RequestHeaderAllowedNames headerrequest.StringSliceProvider
// RequestHeaderCA is the CA that can be used to verify the front proxy
RequestHeaderCA dynamiccertificates.CAContentProvider
}
Controller holds the running state for the controller
type Controller struct {
// contains filtered or unexported fields
}
func NewClusterAuthenticationTrustController(requiredAuthenticationData ClusterAuthenticationInfo, kubeClient kubernetes.Interface) *Controller
NewClusterAuthenticationTrustController returns a controller that will maintain the kube-system configmap/extension-apiserver-authentication that holds information about how to aggregated apiservers are recommended (but not required) to configure themselves.
func (c *Controller) Enqueue()
Enqueue a method to allow separate control loops to cause the controller to trigger and reconcile content.
func (c *Controller) Run(ctx context.Context, workers int)
Run the controller until stopped.