diff --git a/hack/.golint_failures b/hack/.golint_failures index 13a88b0d7fe..4af9690a61c 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -102,7 +102,6 @@ pkg/features pkg/kubeapiserver pkg/kubeapiserver/options pkg/kubectl/cmd/convert -pkg/kubelet/apis/config pkg/kubelet/apis/config/v1beta1 pkg/kubelet/checkpointmanager/testing/example_checkpoint_formats/v1 pkg/kubelet/cm diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go index ddb8a3e0eba..0e9cedc1353 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -337,6 +337,7 @@ type KubeletConfiguration struct { ReservedSystemCPUs string } +// KubeletAuthorizationMode denotes the authorization mode for the kubelet type KubeletAuthorizationMode string const ( @@ -346,6 +347,7 @@ const ( KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" ) +// KubeletAuthorization holds the state related to the authorization in the kublet. type KubeletAuthorization struct { // mode is the authorization mode to apply to requests to the kubelet server. // Valid values are AlwaysAllow and Webhook. @@ -356,6 +358,8 @@ type KubeletAuthorization struct { Webhook KubeletWebhookAuthorization } +// KubeletWebhookAuthorization holds the state related to the Webhook +// Authorization in the Kubelet. type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. CacheAuthorizedTTL metav1.Duration @@ -363,6 +367,7 @@ type KubeletWebhookAuthorization struct { CacheUnauthorizedTTL metav1.Duration } +// KubeletAuthentication holds the Kubetlet Authentication setttings. type KubeletAuthentication struct { // x509 contains settings related to x509 client certificate authentication X509 KubeletX509Authentication @@ -372,6 +377,7 @@ type KubeletAuthentication struct { Anonymous KubeletAnonymousAuthentication } +// KubeletX509Authentication contains settings related to x509 client certificate authentication type KubeletX509Authentication struct { // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, @@ -379,6 +385,7 @@ type KubeletX509Authentication struct { ClientCAFile string } +// KubeletWebhookAuthentication contains settings related to webhook authentication type KubeletWebhookAuthentication struct { // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API Enabled bool @@ -386,6 +393,7 @@ type KubeletWebhookAuthentication struct { CacheTTL metav1.Duration } +// KubeletAnonymousAuthentication enables anonymous requests to the kubetlet server. type KubeletAnonymousAuthentication struct { // enabled allows anonymous requests to the kubelet server. // Requests that are not rejected by another authentication method are treated as anonymous requests.