Skip to content

Commit

Permalink
chore: make organization selection an interface
Browse files Browse the repository at this point in the history 
Making organization a interface for preparing to avoid giving
system:masters access to the talosctl kubeconfig generated certificate.

Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
  • Loading branch information
@salkin @smira
salkin authored and smira committed Dec 19, 2022
1 parent a9643b4 commit 34babe8
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 2 deletions.
4 changes: 4 additions & 0 deletions internal/app/machined/pkg/controllers/secrets/kubernetes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,3 +349,7 @@ func (adapter *generateAdminAdapter) CertLifetime() time.Duration {
func (adapter *generateAdminAdapter) CommonName() string {
return constants.KubernetesTalosAdminCertCommonName
}

func (adapter *generateAdminAdapter) CertOrganization() string {
return constants.KubernetesAdminCertOrganization
}
3 changes: 1 addition & 2 deletions pkg/kubeconfig/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ import (
"github.com/siderolabs/crypto/x509"

"github.com/siderolabs/talos/pkg/machinery/config"
"github.com/siderolabs/talos/pkg/machinery/constants"
)

const kubeConfigTemplate = `apiVersion: v1
Expand Down Expand Up @@ -59,7 +58,7 @@ func GenerateAdmin(config GenerateAdminInput, out io.Writer) error {
CertificateLifetime: config.AdminKubeconfig().CertLifetime(),

CommonName: config.AdminKubeconfig().CommonName(),
Organization: constants.KubernetesAdminCertOrganization,
Organization: config.AdminKubeconfig().CertOrganization(),

Endpoint: config.Endpoint().String(),
Username: "admin",
Expand Down
1 change: 1 addition & 0 deletions pkg/machinery/config/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,7 @@ type ExternalCloudProvider interface {
// AdminKubeconfig defines settings for admin kubeconfig.
type AdminKubeconfig interface {
CommonName() string
CertOrganization() string
CertLifetime() time.Duration
}

Expand Down
5 changes: 5 additions & 0 deletions pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1247,6 +1247,11 @@ func (a *AdminKubeconfigConfig) CommonName() string {
return constants.KubernetesAdminCertCommonName
}

// CertOrganization implements the config.Provider interface.
func (a *AdminKubeconfigConfig) CertOrganization() string {
return constants.KubernetesAdminCertOrganization
}

// Endpoints implements the config.Provider interface.
func (r *RegistryMirrorConfig) Endpoints() []string {
return r.MirrorEndpoints
Expand Down

0 comments on commit 34babe8

Please sign in to comment.