kubeadm: add datapolicy tags for v1beta3 token fields

This commit is contained in:
SataQiu 2021-05-20 20:50:46 +08:00
parent ff18e391e9
commit 7a3827e8e3
3 changed files with 8 additions and 6 deletions

View File

@ -31,8 +31,8 @@ import (
// of view and as an authentication method for the node in the bootstrap phase of
// "kubeadm join". This token is and should be short-lived
type BootstrapTokenString struct {
ID string `json:"-"`
Secret string `json:"-"`
ID string `json:"-" datapolicy:"token"`
Secret string `json:"-" datapolicy:"token"`
}
// MarshalJSON implements the json.Marshaler interface.

View File

@ -27,6 +27,8 @@ limitations under the License.
// Kubeadm no longer supports the hyperkube image.
// - The "ClusterConfiguration.DNS.Type" field has been removed since CoreDNS is the only supported
// DNS server type by kubeadm.
// - Include "datapolicy" tags on the fields that hold secrets.
// This would result in the field values to be omitted when API structures are printed with klog.
//
// Migration from old kubeadm config versions
//

View File

@ -202,7 +202,7 @@ type Networking struct {
type BootstrapToken struct {
// Token is used for establishing bidirectional trust between nodes and control-planes.
// Used for joining nodes in the cluster.
Token *BootstrapTokenString `json:"token"`
Token *BootstrapTokenString `json:"token" datapolicy:"token"`
// Description sets a human-friendly message why this token exists and what it's used
// for, so other administrators can know its purpose.
Description string `json:"description,omitempty"`
@ -315,7 +315,7 @@ type Discovery struct {
// TLSBootstrapToken is a token used for TLS bootstrapping.
// If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
// If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
TLSBootstrapToken string `json:"tlsBootstrapToken,omitempty"`
TLSBootstrapToken string `json:"tlsBootstrapToken,omitempty" datapolicy:"token"`
// Timeout modifies the discovery timeout
Timeout *metav1.Duration `json:"timeout,omitempty"`
@ -325,7 +325,7 @@ type Discovery struct {
type BootstrapTokenDiscovery struct {
// Token is a token used to validate cluster information
// fetched from the control-plane.
Token string `json:"token"`
Token string `json:"token" datapolicy:"token"`
// APIServerEndpoint is an IP or domain name to the API server from which info will be fetched.
APIServerEndpoint string `json:"apiServerEndpoint,omitempty"`
@ -337,7 +337,7 @@ type BootstrapTokenDiscovery struct {
// where the only currently supported type is "sha256". This is a hex-encoded
// SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
// ASN.1. These hashes can be calculated using, for example, OpenSSL.
CACertHashes []string `json:"caCertHashes,omitempty"`
CACertHashes []string `json:"caCertHashes,omitempty" datapolicy:"security-key"`
// UnsafeSkipCAVerification allows token-based discovery
// without CA verification via CACertHashes. This can weaken