From a232971d732809a8b57aba39711a956b3872a54d Mon Sep 17 00:00:00 2001 From: Ian Bull Date: Mon, 18 Nov 2019 15:30:46 -0800 Subject: [PATCH] Add public documentation for kubelet/apis/config The `kubelet/apis/config` package had golint failures. This change-set removes the `kubelet/apis/config` package from the `.golint_failures` and fixes the golint errors. In particular, this change-set adds documentation to the public types in the package. This change-set works towards issue#68026 --- hack/.golint_failures | 1 - pkg/kubelet/apis/config/types.go | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/hack/.golint_failures b/hack/.golint_failures index 2b9265068b8..115fe7f0f74 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -103,7 +103,6 @@ pkg/features pkg/kubeapiserver pkg/kubeapiserver/options pkg/kubectl/cmd/convert -pkg/kubelet/apis/config pkg/kubelet/apis/config/v1beta1 pkg/kubelet/checkpointmanager/testing/example_checkpoint_formats/v1 pkg/kubelet/cm diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go index ddb8a3e0eba..0e9cedc1353 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -337,6 +337,7 @@ type KubeletConfiguration struct { ReservedSystemCPUs string } +// KubeletAuthorizationMode denotes the authorization mode for the kubelet type KubeletAuthorizationMode string const ( @@ -346,6 +347,7 @@ const ( KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" ) +// KubeletAuthorization holds the state related to the authorization in the kublet. type KubeletAuthorization struct { // mode is the authorization mode to apply to requests to the kubelet server. // Valid values are AlwaysAllow and Webhook. @@ -356,6 +358,8 @@ type KubeletAuthorization struct { Webhook KubeletWebhookAuthorization } +// KubeletWebhookAuthorization holds the state related to the Webhook +// Authorization in the Kubelet. type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. CacheAuthorizedTTL metav1.Duration @@ -363,6 +367,7 @@ type KubeletWebhookAuthorization struct { CacheUnauthorizedTTL metav1.Duration } +// KubeletAuthentication holds the Kubetlet Authentication setttings. type KubeletAuthentication struct { // x509 contains settings related to x509 client certificate authentication X509 KubeletX509Authentication @@ -372,6 +377,7 @@ type KubeletAuthentication struct { Anonymous KubeletAnonymousAuthentication } +// KubeletX509Authentication contains settings related to x509 client certificate authentication type KubeletX509Authentication struct { // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, @@ -379,6 +385,7 @@ type KubeletX509Authentication struct { ClientCAFile string } +// KubeletWebhookAuthentication contains settings related to webhook authentication type KubeletWebhookAuthentication struct { // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API Enabled bool @@ -386,6 +393,7 @@ type KubeletWebhookAuthentication struct { CacheTTL metav1.Duration } +// KubeletAnonymousAuthentication enables anonymous requests to the kubetlet server. type KubeletAnonymousAuthentication struct { // enabled allows anonymous requests to the kubelet server. // Requests that are not rejected by another authentication method are treated as anonymous requests.