Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AttestorConfig ¶
type AttestorConfig struct {
Clusters map[string]*ClusterConfig `hcl:"clusters"`
}
AttestorConfig contains a map of clusters that uses cluster name as key
type AttestorPlugin ¶
type AttestorPlugin struct { nodeattestorv1.UnsafeNodeAttestorServer configv1.UnsafeConfigServer // contains filtered or unexported fields }
AttestorPlugin is a PSAT (Projected SAT) node attestor plugin
func (*AttestorPlugin) Attest ¶
func (p *AttestorPlugin) Attest(stream nodeattestorv1.NodeAttestor_AttestServer) error
func (*AttestorPlugin) Configure ¶
func (p *AttestorPlugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error)
func (*AttestorPlugin) SetLogger ¶
func (p *AttestorPlugin) SetLogger(log hclog.Logger)
SetLogger sets up plugin logging
type ClusterConfig ¶
type ClusterConfig struct { // Array of allowed service accounts names // Attestation is denied if coming from a service account that is not in the list ServiceAccountAllowList []string `hcl:"service_account_allow_list"` // Audience for PSAT token validation // If audience is not configured, defaultAudience will be used // If audience value is set to an empty slice, k8s apiserver audience will be used Audience *[]string `hcl:"audience"` // Kubernetes configuration file path // Used to create a k8s client to query the API server. If string is empty, in-cluster configuration is used KubeConfigFile string `hcl:"kube_config_file"` // Node labels that are allowed to use as selectors AllowedNodeLabelKeys []string `hcl:"allowed_node_label_keys"` // Pod labels that are allowed to use as selectors AllowedPodLabelKeys []string `hcl:"allowed_pod_label_keys"` }
ClusterConfig holds a single cluster configuration
Click to show internal directories.
Click to hide internal directories.