webhook

package

v1.15.3 Latest Latest Go to latest Published: Apr 5, 2022 License: Apache-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/banzaicloud/bank-vaults

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
func IsAllowedToCache(container *corev1.Container) bool
func SetConfigDefaults()
type ImageRegistry
- func NewRegistry() ImageRegistry
type MutatingWebhook
- func NewMutatingWebhook(logger *logrus.Entry, k8sClient kubernetes.Interface) (*MutatingWebhook, error)
type Registry
- func (r *Registry) GetImageConfig(ctx context.Context, client kubernetes.Interface, namespace string, ...) (*v1.Config, error)
type VaultConfig

Constants ¶

View Source

const (
	VaultEnvVolumeName = "vault-env"
)

Variables ¶

This section is empty.

Functions ¶

func ErrorLoggerMutator ¶ added in v1.14.2

func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc

func IsAllowedToCache ¶

func IsAllowedToCache(container *corev1.Container) bool

IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy

func SetConfigDefaults ¶

func SetConfigDefaults()

Types ¶

type ImageRegistry ¶

type ImageRegistry interface {
	GetImageConfig(
		ctx context.Context,
		clientset kubernetes.Interface,
		namespace string,
		container *corev1.Container,
		podSpec *corev1.PodSpec) (*v1.Config, error)
}

ImageRegistry is a docker registry

func NewRegistry ¶

func NewRegistry() ImageRegistry

NewRegistry creates and initializes registry

type MutatingWebhook ¶

type MutatingWebhook struct {
	// contains filtered or unexported fields
}

func NewMutatingWebhook ¶

func NewMutatingWebhook(logger *logrus.Entry, k8sClient kubernetes.Interface) (*MutatingWebhook, error)

func (*MutatingWebhook) MutateConfigMap ¶

func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error

func (*MutatingWebhook) MutateObject ¶

func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error

func (*MutatingWebhook) MutatePod ¶

func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, dryRun bool) error

func (*MutatingWebhook) MutateSecret ¶

func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error

func (*MutatingWebhook) ServeMetrics ¶

func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)

func (*MutatingWebhook) VaultSecretsMutator ¶

func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)

type Registry ¶

type Registry struct {
	// contains filtered or unexported fields
}

Registry impl

func (*Registry) GetImageConfig ¶

func (r *Registry) GetImageConfig(
	ctx context.Context,
	client kubernetes.Interface,
	namespace string,
	container *corev1.Container,
	podSpec *corev1.PodSpec) (*v1.Config, error)

GetImageConfig returns entrypoint and command of container

type VaultConfig ¶

type VaultConfig struct {
	Addr                        string
	AuthMethod                  string
	Role                        string
	Path                        string
	SkipVerify                  bool
	TLSSecret                   string
	ClientTimeout               time.Duration
	UseAgent                    bool
	VaultEnvDaemon              bool
	VaultEnvDelay               time.Duration
	TransitKeyID                string
	TransitPath                 string
	CtConfigMap                 string
	CtImage                     string
	CtInjectInInitcontainers    bool
	CtOnce                      bool
	CtImagePullPolicy           corev1.PullPolicy
	CtShareProcess              bool
	CtShareProcessDefault       string
	CtCPU                       resource.Quantity
	CtMemory                    resource.Quantity
	PspAllowPrivilegeEscalation bool
	RunAsNonRoot                bool
	RunAsUser                   int64
	RunAsGroup                  int64
	ReadOnlyRootFilesystem      bool
	IgnoreMissingSecrets        string
	VaultEnvPassThrough         string
	ConfigfilePath              string
	MutateConfigMap             bool
	EnableJSONLog               string
	LogLevel                    string
	AgentConfigMap              string
	AgentOnce                   bool
	AgentShareProcess           bool
	AgentShareProcessDefault    string
	AgentCPU                    resource.Quantity
	AgentMemory                 resource.Quantity
	AgentImage                  string
	AgentImagePullPolicy        corev1.PullPolicy
	EnvImage                    string
	EnvImagePullPolicy          corev1.PullPolicy
	EnvLogServer                string
	Skip                        bool
	VaultEnvFromPath            string
	TokenAuthMount              string
	EnvCPURequest               resource.Quantity
	EnvMemoryRequest            resource.Quantity
	EnvCPULimit                 resource.Quantity
	EnvMemoryLimit              resource.Quantity
	VaultNamespace              string
	VaultServiceAccount         string
	ObjectNamespace             string
	MutateProbes                bool
}

VaultConfig represents vault options

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL