controller

package

v0.20.4 Latest Latest Go to latest Published: Apr 17, 2023 License: Apache-2.0 Imports: 52 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bitnami-labs/sealed-secrets

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
Variables
func Instrument(path string, h http.Handler) http.Handler
func Main(f *Flags, version string) error
func ObserveCondition(ssecret *v1alpha1.SealedSecret)
func ScheduleJobWithTrigger(initialDelay, period time.Duration, job func()) func()
func UnregisterCondition(ssecret *v1alpha1.SealedSecret)
type Controller
- func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Interface, ...) (*Controller, error)
type Flags
type Key
type KeyRegistry
- func NewKeyRegistry(client kubernetes.Interface, namespace, keyPrefix, keyLabel string, ...) *KeyRegistry

Constants ¶

View Source

const (

	// SuccessUnsealed is used as part of the Event 'reason' when
	// a SealedSecret is unsealed successfully.
	SuccessUnsealed = "Unsealed"

	// ErrUpdateFailed is used as part of the Event 'reason' when
	// a SealedSecret fails to update the target Secret for a
	// non-cryptography reason. Typically this is due to API I/O
	// or RBAC issues.
	ErrUpdateFailed = "ErrUpdateFailed"

	// ErrUnsealFailed is used as part of the Event 'reason' when a
	// SealedSecret fails the unsealing process.  Typically this
	// is because it is encrypted with the wrong key or has been
	// renamed from its original namespace/name.
	ErrUnsealFailed = "ErrUnsealFailed"
)

View Source

const SealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"

SealedSecretsKeyLabel is that label used to locate active key pairs used to decrypt sealed secrets.

Variables ¶

View Source

var (
	// ErrCast happens when a K8s any type cannot be casted to the expected type
	ErrCast = errors.New("cast error")
)

View Source

var (
	// ErrPrivateKeyNotRSA is returned when the private key is not a valid RSA key.
	ErrPrivateKeyNotRSA = errors.New("private key is not an RSA key")
)

Functions ¶

func Instrument ¶

func Instrument(path string, h http.Handler) http.Handler

Instrument HTTP handler

func Main ¶

func Main(f *Flags, version string) error

func ObserveCondition ¶

func ObserveCondition(ssecret *v1alpha1.SealedSecret)

ObserveCondition sets a `condition_info` Gauge according to a SealedSecret status.

func ScheduleJobWithTrigger ¶

func ScheduleJobWithTrigger(initialDelay, period time.Duration, job func()) func()

ScheduleJobWithTrigger creates a long-running loop that runs a job after an initialDelay and then after each period duration. It returns a trigger function that runs the job early when called.

func UnregisterCondition ¶

func UnregisterCondition(ssecret *v1alpha1.SealedSecret)

UnregisterCondition unregisters Gauges associated to a SealedSecret conditions.

Types ¶

type Controller ¶

type Controller struct {
	// contains filtered or unexported fields
}

Controller implements the main sealed-secrets-controller loop.

func NewController ¶

func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer informers.SharedInformerFactory, keyRegistry *KeyRegistry) (*Controller, error)

NewController returns the main sealed-secrets controller loop.

func (*Controller) AttemptUnseal ¶

func (c *Controller) AttemptUnseal(content []byte) (bool, error)

AttemptUnseal tries to unseal a secret.

func (*Controller) HasSynced ¶

func (c *Controller) HasSynced() bool

HasSynced returns true once this controller has completed an initial resource listing

func (*Controller) LastSyncResourceVersion ¶

func (c *Controller) LastSyncResourceVersion() string

LastSyncResourceVersion is the resource version observed when last synced with the underlying store. The value returned is not synchronized with access to the underlying store and is not thread-safe.

func (*Controller) Rotate ¶

func (c *Controller) Rotate(content []byte) ([]byte, error)

Rotate takes a sealed secret and returns a sealed secret that has been encrypted with the latest private key. If the secret is already encrypted with the latest, returns the input.

func (*Controller) Run ¶

func (c *Controller) Run(stopCh <-chan struct{})

Run begins processing items, and will continue until a value is sent down stopCh. It's an error to call Run more than once. Run blocks; call via go.

type Flags ¶

type Flags struct {
	KeyPrefix            string
	KeySize              int
	ValidFor             time.Duration
	MyCN                 string
	KeyRenewPeriod       time.Duration
	AcceptV1Data         bool
	KeyCutoffTime        string
	NamespaceAll         bool
	AdditionalNamespaces string
	LabelSelector        string
	RateLimitPerSecond   int
	RateLimitBurst       int
	OldGCBehavior        bool
	UpdateStatus         bool
	SkipRecreate         bool
}

Flags to configure the controller

type Key ¶

type Key struct {
	// contains filtered or unexported fields
}

A Key holds the cryptographic key pair and some metadata about it.

type KeyRegistry ¶

type KeyRegistry struct {
	sync.Mutex
	// contains filtered or unexported fields
}

A KeyRegistry manages the key pairs used to (un)seal secrets.

func NewKeyRegistry ¶

func NewKeyRegistry(client kubernetes.Interface, namespace, keyPrefix, keyLabel string, keysize int) *KeyRegistry

NewKeyRegistry creates a new KeyRegistry.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL