keyvault

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 9, 2024 License: MIT Imports: 30 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultNginxCertName added in v0.2.2

func DefaultNginxCertName(nic *v1alpha1.NginxIngressController) string

DefaultNginxCertName returns a default name for the nginx certificate name using the IngressClassName from the spec. Truncates characters in the IngressClassName passed the max secret length (255) if the IngressClassName and the default namespace are over the limit

func NewEventMirror

func NewEventMirror(manager ctrl.Manager, conf *config.Config) error

func NewIngressSecretProviderClassReconciler

func NewIngressSecretProviderClassReconciler(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error

func NewIngressTlsReconciler added in v0.2.2

func NewIngressTlsReconciler(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error

func NewNginxSecretProviderClassReconciler added in v0.2.2

func NewNginxSecretProviderClassReconciler(manager ctrl.Manager, conf *config.Config) error

func NewPlaceholderPodController

func NewPlaceholderPodController(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error

Types

type EventMirror

type EventMirror struct {
	// contains filtered or unexported fields
}

EventMirror copies events published to pod resources by the Keyvault CSI driver into ingress events. This allows users to easily determine why a certificate might be missing for a given ingress.

func (*EventMirror) Reconcile

func (e *EventMirror) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

type IngressManager added in v0.0.2

type IngressManager interface {
	IsManaging(ing *netv1.Ingress) (bool, error)
}

IngressManager returns a boolean indicating whether the Ingress is being managed by us

func NewIngressManagerFromFn added in v0.1.0

func NewIngressManagerFromFn(IsManaging func(ing *netv1.Ingress) (bool, error)) IngressManager

NewIngressManagerFromFn returns an IngressManager from a function that determines whether the Ingress is being managed by us

type IngressSecretProviderClassReconciler

type IngressSecretProviderClassReconciler struct {
	// contains filtered or unexported fields
}

IngressSecretProviderClassReconciler manages a SecretProviderClass for each ingress resource that references a Keyvault certificate. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the ingress controller.

func (*IngressSecretProviderClassReconciler) Reconcile

type NginxSecretProviderClassReconciler added in v0.2.2

type NginxSecretProviderClassReconciler struct {
	// contains filtered or unexported fields
}

NginxSecretProviderClassReconciler manages a SecretProviderClass for each nginx ingress controller that has a Keyvault URI in its DefaultSSLCertificate field. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the CRD controller.

func (*NginxSecretProviderClassReconciler) Reconcile added in v0.2.2

type PlaceholderPodController

type PlaceholderPodController struct {
	// contains filtered or unexported fields
}

PlaceholderPodController manages a single-replica deployment of no-op pods that mount the Keyvault secrets referenced by each secret provider class managed by IngressSecretProviderClassReconciler.

This is necessitated by the Keyvault CSI implementation, which requires at least one mount in order to start mirroring the Keyvault values into corresponding Kubernetes secret(s).

func (*PlaceholderPodController) Reconcile

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL