oathkeeper-maester

command module
v0.1.11-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 21, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

README

Table of Contents generated with DocToc

oathkeeper-maester

ORY Maester is a Kubernetes controller that watches for instances of rules.oathkeeper.ory.sh/v1alpha1 custom resource (CR) and creates or updates the Oathkeeper ConfigMap with Access Rules found in the CRs. The controller passes the Access Rules as an array in a format recognized by the Oathkeeper.

The project is based on Kubebuilder

Prerequisites

  • recent version of Go language with support for modules (e.g: 1.12.6)
  • make
  • kubectl
  • kustomize
  • kind for local integration testing
  • ginkgo for local integration testing
  • access to K8s environment: minikube or KIND (https://github.com/kubernetes-sigs/kind), or a remote K8s cluster

How to use it

  • make to build the binary
  • make test to run tests
  • make test-integration to run integration tests with local KIND environment

Other targets require a working K8s environment. Set KUBECONFIG environment variable to the proper value.

  • make install to generate CRD file from go sources and install it in the cluster
  • make run to run controller locally

Refer to the Makefile for the details.

Command-line parameters

Usage example: ./manager [--global-flags] mode [--mode-flags]

Mode options
Name Description
controller This is the default mode of operation, in which oathkeeper-maester is expected to be deployed as a separate deployment. It uses the kubernetes api-server and ConfigMaps to store data.
sidecar Alternative mode of operation, in which the oathkeeper-maester is expected to be deployed as a sidecar container to the main application. It uses local filesystem to create the access rules file.
Global flags
Name Description Default values
metrics-addr The address the metric endpoint binds to 8080
enable-leader-election Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. false
kubeconfig Paths to a kubeconfig. Only required if out-of-cluster. $KUBECONFIG
Controller mode flags
Name Description Default values
rulesConfigmapName Name of the Configmap that stores Oathkeeper rules. oathkeeper-rules
rulesConfigmapNamespace Namespace of the Configmap that stores Oathkeeper rules. oathkeeper-maester-system
rulesFileName Name of the key in ConfigMap containing the rules.json access-rules.json
Sidecar mode flags
Name Description Default values
rulesFilePath Path to the file with converted Oathkeeper rules /etc/config/access-rules.json

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
api
v1alpha1
Package v1alpha1 contains API Schema definitions for the oathkeeper v1alpha1 API group +kubebuilder:object:generate=true +groupName=oathkeeper.ory.sh
Package v1alpha1 contains API Schema definitions for the oathkeeper v1alpha1 API group +kubebuilder:object:generate=true +groupName=oathkeeper.ory.sh
internal
pkg
client/clientset/versioned
This package has the automatically generated clientset.
This package has the automatically generated clientset.
client/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
client/clientset/versioned/typed/rule/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
client/clientset/versioned/typed/rule/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL