Documentation ¶
Index ¶
- Constants
- Variables
- func Instrument(path string, h http.Handler) http.Handler
- func Main(f *Flags, version string) error
- func ObserveCondition(ssecret *v1alpha1.SealedSecret)
- func ScheduleJobWithTrigger(initialDelay, period time.Duration, job func()) func()
- func UnregisterCondition(ssecret *v1alpha1.SealedSecret)
- type Controller
- type Flags
- type Key
- type KeyRegistry
Constants ¶
const ( // SuccessUnsealed is used as part of the Event 'reason' when // a SealedSecret is unsealed successfully. SuccessUnsealed = "Unsealed" // ErrUpdateFailed is used as part of the Event 'reason' when // a SealedSecret fails to update the target Secret for a // non-cryptography reason. Typically this is due to API I/O // or RBAC issues. ErrUpdateFailed = "ErrUpdateFailed" // ErrUnsealFailed is used as part of the Event 'reason' when a // SealedSecret fails the unsealing process. Typically this // is because it is encrypted with the wrong key or has been // renamed from its original namespace/name. ErrUnsealFailed = "ErrUnsealFailed" )
const SealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"
SealedSecretsKeyLabel is that label used to locate active key pairs used to decrypt sealed secrets.
Variables ¶
var ( // ErrCast happens when a K8s any type cannot be casted to the expected type ErrCast = errors.New("cast error") )
var ( // ErrPrivateKeyNotRSA is returned when the private key is not a valid RSA key. ErrPrivateKeyNotRSA = errors.New("private key is not an RSA key") )
Functions ¶
func ObserveCondition ¶
func ObserveCondition(ssecret *v1alpha1.SealedSecret)
ObserveCondition sets a `condition_info` Gauge according to a SealedSecret status.
func ScheduleJobWithTrigger ¶
ScheduleJobWithTrigger creates a long-running loop that runs a job after an initialDelay and then after each period duration. It returns a trigger function that runs the job early when called.
func UnregisterCondition ¶
func UnregisterCondition(ssecret *v1alpha1.SealedSecret)
UnregisterCondition unregisters Gauges associated to a SealedSecret conditions.
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller implements the main sealed-secrets-controller loop.
func NewController ¶
func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer informers.SharedInformerFactory, keyRegistry *KeyRegistry) (*Controller, error)
NewController returns the main sealed-secrets controller loop.
func (*Controller) AttemptUnseal ¶
func (c *Controller) AttemptUnseal(content []byte) (bool, error)
AttemptUnseal tries to unseal a secret.
func (*Controller) HasSynced ¶
func (c *Controller) HasSynced() bool
HasSynced returns true once this controller has completed an initial resource listing
func (*Controller) LastSyncResourceVersion ¶
func (c *Controller) LastSyncResourceVersion() string
LastSyncResourceVersion is the resource version observed when last synced with the underlying store. The value returned is not synchronized with access to the underlying store and is not thread-safe.
func (*Controller) Rotate ¶
func (c *Controller) Rotate(content []byte) ([]byte, error)
Rotate takes a sealed secret and returns a sealed secret that has been encrypted with the latest private key. If the secret is already encrypted with the latest, returns the input.
func (*Controller) Run ¶
func (c *Controller) Run(stopCh <-chan struct{})
Run begins processing items, and will continue until a value is sent down stopCh. It's an error to call Run more than once. Run blocks; call via go.
type Flags ¶
type Flags struct { KeyPrefix string KeySize int ValidFor time.Duration MyCN string KeyRenewPeriod time.Duration AcceptV1Data bool KeyCutoffTime string NamespaceAll bool AdditionalNamespaces string LabelSelector string RateLimitPerSecond int RateLimitBurst int OldGCBehavior bool UpdateStatus bool SkipRecreate bool }
Flags to configure the controller
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
A Key holds the cryptographic key pair and some metadata about it.
type KeyRegistry ¶
A KeyRegistry manages the key pairs used to (un)seal secrets.
func NewKeyRegistry ¶
func NewKeyRegistry(client kubernetes.Interface, namespace, keyPrefix, keyLabel string, keysize int) *KeyRegistry
NewKeyRegistry creates a new KeyRegistry.