type KubeletAuth … // NewKubeletAuth returns a kubelet.AuthInterface composed of the given authenticator, attribute getter, and authorizer func NewKubeletAuth(authenticator authenticator.Request, authorizerAttributeGetter NodeRequestAttributesGetter, authorizer authorizer.Authorizer) AuthInterface { … } // NewNodeAuthorizerAttributesGetter creates a new authorizer.RequestAttributesGetter for the node. func NewNodeAuthorizerAttributesGetter(nodeName types.NodeName) NodeRequestAttributesGetter { … } type nodeAuthorizerAttributesGetter … func isSubpath(subpath, path string) bool { … } // GetRequestAttributes populates authorizer attributes for the requests to the kubelet API. // Default attributes are: {apiVersion=v1,verb=<http verb from request>,resource=nodes,name=<node name>,subresource=proxy} // More specific verb/resource is set for the following request patterns: // // /stats/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=stats // /metrics/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=metrics // /logs/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=log // /checkpoint/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=checkpoint // /pods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy // /runningPods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy // /healthz/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=healthz,proxy // /configz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=configz,proxy func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *http.Request) []authorizer.Attributes { … }
Codebase Browser
kubernetes