mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
kubeadm: add datapolicy tags for v1beta3 token fields
This commit is contained in:
parent
ff18e391e9
commit
7a3827e8e3
@ -31,8 +31,8 @@ import (
|
||||
// of view and as an authentication method for the node in the bootstrap phase of
|
||||
// "kubeadm join". This token is and should be short-lived
|
||||
type BootstrapTokenString struct {
|
||||
ID string `json:"-"`
|
||||
Secret string `json:"-"`
|
||||
ID string `json:"-" datapolicy:"token"`
|
||||
Secret string `json:"-" datapolicy:"token"`
|
||||
}
|
||||
|
||||
// MarshalJSON implements the json.Marshaler interface.
|
||||
|
@ -27,6 +27,8 @@ limitations under the License.
|
||||
// Kubeadm no longer supports the hyperkube image.
|
||||
// - The "ClusterConfiguration.DNS.Type" field has been removed since CoreDNS is the only supported
|
||||
// DNS server type by kubeadm.
|
||||
// - Include "datapolicy" tags on the fields that hold secrets.
|
||||
// This would result in the field values to be omitted when API structures are printed with klog.
|
||||
//
|
||||
// Migration from old kubeadm config versions
|
||||
//
|
||||
|
@ -202,7 +202,7 @@ type Networking struct {
|
||||
type BootstrapToken struct {
|
||||
// Token is used for establishing bidirectional trust between nodes and control-planes.
|
||||
// Used for joining nodes in the cluster.
|
||||
Token *BootstrapTokenString `json:"token"`
|
||||
Token *BootstrapTokenString `json:"token" datapolicy:"token"`
|
||||
// Description sets a human-friendly message why this token exists and what it's used
|
||||
// for, so other administrators can know its purpose.
|
||||
Description string `json:"description,omitempty"`
|
||||
@ -315,7 +315,7 @@ type Discovery struct {
|
||||
// TLSBootstrapToken is a token used for TLS bootstrapping.
|
||||
// If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
|
||||
// If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
|
||||
TLSBootstrapToken string `json:"tlsBootstrapToken,omitempty"`
|
||||
TLSBootstrapToken string `json:"tlsBootstrapToken,omitempty" datapolicy:"token"`
|
||||
|
||||
// Timeout modifies the discovery timeout
|
||||
Timeout *metav1.Duration `json:"timeout,omitempty"`
|
||||
@ -325,7 +325,7 @@ type Discovery struct {
|
||||
type BootstrapTokenDiscovery struct {
|
||||
// Token is a token used to validate cluster information
|
||||
// fetched from the control-plane.
|
||||
Token string `json:"token"`
|
||||
Token string `json:"token" datapolicy:"token"`
|
||||
|
||||
// APIServerEndpoint is an IP or domain name to the API server from which info will be fetched.
|
||||
APIServerEndpoint string `json:"apiServerEndpoint,omitempty"`
|
||||
@ -337,7 +337,7 @@ type BootstrapTokenDiscovery struct {
|
||||
// where the only currently supported type is "sha256". This is a hex-encoded
|
||||
// SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
|
||||
// ASN.1. These hashes can be calculated using, for example, OpenSSL.
|
||||
CACertHashes []string `json:"caCertHashes,omitempty"`
|
||||
CACertHashes []string `json:"caCertHashes,omitempty" datapolicy:"security-key"`
|
||||
|
||||
// UnsafeSkipCAVerification allows token-based discovery
|
||||
// without CA verification via CACertHashes. This can weaken
|
||||
|
Loading…
Reference in New Issue
Block a user