webhook

package
v1.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 25, 2021 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var InlineMutationRegex = regexp.MustCompile(`\${([>]{0,2}vault:.*?)}`)

Functions

func IsAllowedToCache

func IsAllowedToCache(container *corev1.Container) bool

IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy

func SetConfigDefaults

func SetConfigDefaults()

Types

type ImageRegistry

type ImageRegistry interface {
	GetImageConfig(
		ctx context.Context,
		clientset kubernetes.Interface,
		namespace string,
		container *corev1.Container,
		podSpec *corev1.PodSpec) (*v1.Config, error)
}

ImageRegistry is a docker registry

func NewRegistry

func NewRegistry() ImageRegistry

NewRegistry creates and initializes registry

type MutatingWebhook

type MutatingWebhook struct {
	// contains filtered or unexported fields
}

func NewMutatingWebhook

func NewMutatingWebhook(logger *logrus.Entry, k8sClient kubernetes.Interface) (*MutatingWebhook, error)

func (*MutatingWebhook) MutateConfigMap

func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error

func (*MutatingWebhook) MutateObject

func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error

func (*MutatingWebhook) MutatePod

func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, ns string, dryRun bool) error

func (*MutatingWebhook) MutateSecret

func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error

func (*MutatingWebhook) ServeMetrics

func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)

func (*MutatingWebhook) VaultSecretsMutator

func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

Registry impl

func (*Registry) GetImageConfig

func (r *Registry) GetImageConfig(
	ctx context.Context,
	client kubernetes.Interface,
	namespace string,
	container *corev1.Container,
	podSpec *corev1.PodSpec) (*v1.Config, error)

GetImageConfig returns entrypoint and command of container

type VaultConfig

type VaultConfig struct {
	Addr                        string
	AuthMethod                  string
	Role                        string
	Path                        string
	SkipVerify                  bool
	TLSSecret                   string
	ClientTimeout               time.Duration
	UseAgent                    bool
	VaultEnvDaemon              bool
	VaultEnvDelay               time.Duration
	TransitKeyID                string
	TransitPath                 string
	CtConfigMap                 string
	CtImage                     string
	CtInjectInInitcontainers    bool
	CtOnce                      bool
	CtImagePullPolicy           corev1.PullPolicy
	CtShareProcess              bool
	CtShareProcessDefault       string
	CtCPU                       resource.Quantity
	CtMemory                    resource.Quantity
	PspAllowPrivilegeEscalation bool
	IgnoreMissingSecrets        string
	VaultEnvPassThrough         string
	ConfigfilePath              string
	MutateConfigMap             bool
	InlineMutation              bool
	EnableJSONLog               string
	LogLevel                    string
	AgentConfigMap              string
	AgentOnce                   bool
	AgentShareProcess           bool
	AgentShareProcessDefault    string
	AgentCPU                    resource.Quantity
	AgentMemory                 resource.Quantity
	AgentImage                  string
	AgentImagePullPolicy        corev1.PullPolicy
	EnvImage                    string
	EnvImagePullPolicy          corev1.PullPolicy
	Skip                        bool
	VaultEnvFromPath            string
	TokenAuthMount              string
	EnvCPURequest               resource.Quantity
	EnvMemoryRequest            resource.Quantity
	EnvCPULimit                 resource.Quantity
	EnvMemoryLimit              resource.Quantity
}

VaultConfig represents vault options

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL