Documentation ¶
Index ¶
- Variables
- func IsAllowedToCache(container *corev1.Container) bool
- func SetConfigDefaults()
- type ImageRegistry
- type MutatingWebhook
- func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, ns string, ...) error
- func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
- func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
- type Registry
- type VaultConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var InlineMutationRegex = regexp.MustCompile(`\${([>]{0,2}vault:.*?)}`)
Functions ¶
func IsAllowedToCache ¶
IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy
func SetConfigDefaults ¶
func SetConfigDefaults()
Types ¶
type ImageRegistry ¶
type ImageRegistry interface { GetImageConfig( ctx context.Context, clientset kubernetes.Interface, namespace string, container *corev1.Container, podSpec *corev1.PodSpec) (*v1.Config, error) }
ImageRegistry is a docker registry
type MutatingWebhook ¶
type MutatingWebhook struct {
// contains filtered or unexported fields
}
func NewMutatingWebhook ¶
func NewMutatingWebhook(logger *logrus.Entry, k8sClient kubernetes.Interface) (*MutatingWebhook, error)
func (*MutatingWebhook) MutateConfigMap ¶
func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutateObject ¶
func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutatePod ¶
func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, ns string, dryRun bool) error
func (*MutatingWebhook) MutateSecret ¶
func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
func (*MutatingWebhook) ServeMetrics ¶
func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
func (*MutatingWebhook) VaultSecretsMutator ¶
func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
type VaultConfig ¶
type VaultConfig struct { Addr string AuthMethod string Role string Path string SkipVerify bool TLSSecret string ClientTimeout time.Duration UseAgent bool VaultEnvDaemon bool VaultEnvDelay time.Duration TransitKeyID string TransitPath string CtConfigMap string CtImage string CtInjectInInitcontainers bool CtOnce bool CtImagePullPolicy corev1.PullPolicy CtCPU resource.Quantity CtMemory resource.Quantity PspAllowPrivilegeEscalation bool IgnoreMissingSecrets string VaultEnvPassThrough string ConfigfilePath string MutateConfigMap bool InlineMutation bool EnableJSONLog string LogLevel string AgentConfigMap string AgentOnce bool AgentCPU resource.Quantity AgentMemory resource.Quantity AgentImage string AgentImagePullPolicy corev1.PullPolicy EnvImage string EnvImagePullPolicy corev1.PullPolicy Skip bool VaultEnvFromPath string TokenAuthMount string EnvCPURequest resource.Quantity EnvMemoryRequest resource.Quantity EnvCPULimit resource.Quantity EnvMemoryLimit resource.Quantity }
VaultConfig represents vault options
Click to show internal directories.
Click to hide internal directories.