Documentation
¶
Overview ¶
Package v1 is the v1 version of the Lockbox API
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type Condition
- type ConditionSeverity
- type ConditionType
- type Lockbox
- func (in *Lockbox) DeepCopy() *Lockbox
- func (in *Lockbox) DeepCopyInto(out *Lockbox)
- func (in *Lockbox) DeepCopyObject() runtime.Object
- func (in *Lockbox) GetConditions() []Condition
- func (in *Lockbox) SetConditions(conditions []Condition)
- func (in *Lockbox) UnlockInto(secret *corev1.Secret, pri nacl.Key) error
- type LockboxList
- type LockboxSecretTemplate
- type LockboxSpec
- type LockboxStatus
Constants ¶
const GroupName = "lockbox.k8s.cloudflare.com"
GroupName specifies the group name used to register the objects.
Variables ¶
var ( // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder // Depreciated: use Install instead AddToScheme = localSchemeBuilder.AddToScheme Install = localSchemeBuilder.AddToScheme )
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1"}
GroupVersion specifies the group and the version used to register the objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type Condition ¶
type Condition struct {
// Type of condition in CamelCase.
// +required
Type ConditionType `json:"type"`
// Status of the condition, one of True, False, Unknown
// +required
Status corev1.ConditionStatus `json:"status"`
// Severity provides explicit classification of Reason code, so that users or machines
// can immediately understand the current situation and act accordingly.
// The Severity field MUST be set only when Status=False.
// +optional
Severity ConditionSeverity `json:"severity"`
// LastTransitionTime marks when the condition last transitioned from one status to another.
// This should be when the underlying condition changed. If that is not known, then using the time
// when the API field changed is acceptable.
// +required
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// The reason for the condition's last transition in CamelCase.
// +optional
Reason string `json:"reason,omitempty"`
// A message is the human readable message indicating details about the transition.
// The field may be empty.
// +optional
Message string `json:"message,omitempty"`
}
Condition contains condition information for a Lockbox.
func (*Condition) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (*Condition) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionSeverity ¶
type ConditionSeverity string
+kubebuilder:validation:Enum=Error;Warning;Info
const ( ConditionSeverityError ConditionSeverity = "Error" ConditionSeverityWarning ConditionSeverity = "Warning" ConditionSeverityInfo ConditionSeverity = "Info" ConditionSeverityNone ConditionSeverity = "" )
type ConditionType ¶
type ConditionType string
+kubebuilder:validation:Enum=Ready
const (
ReadyCondition ConditionType = "Ready"
)
type Lockbox ¶
type Lockbox struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Lockbox resource.
Spec LockboxSpec `json:"spec"`
// Status of the Lockbox. This is set and managed automatically.
// +optional
Status LockboxStatus `json:"status,omitempty"`
}
Lockbox is a struct wrapping the LockboxSpec in standard API server metadata fields.
func NewFromSecret ¶
NewFromSecret creates a Lockbox wrapping the provided Secret. The value of each secret are individually encrypted using the provided key pair.
func (*Lockbox) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Lockbox.
func (*Lockbox) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Lockbox) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Lockbox) GetConditions ¶
func (*Lockbox) SetConditions ¶
type LockboxList ¶
LockboxList is a Lockbox-specific version of metav1.List.
func (*LockboxList) DeepCopy ¶
func (in *LockboxList) DeepCopy() *LockboxList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LockboxList.
func (*LockboxList) DeepCopyInto ¶
func (in *LockboxList) DeepCopyInto(out *LockboxList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*LockboxList) DeepCopyObject ¶
func (in *LockboxList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type LockboxSecretTemplate ¶
type LockboxSecretTemplate struct {
metav1.ObjectMeta `json:"metadata,omitempty"`
// Type is used to facilitate programmatic handling of secret data.
Type corev1.SecretType `json:"type,omitempty"`
}
LockboxSecretTemplate defines structure of API metadata fields of Secrets controlled by a Lockbox.
func (*LockboxSecretTemplate) DeepCopy ¶
func (in *LockboxSecretTemplate) DeepCopy() *LockboxSecretTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LockboxSecretTemplate.
func (*LockboxSecretTemplate) DeepCopyInto ¶
func (in *LockboxSecretTemplate) DeepCopyInto(out *LockboxSecretTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LockboxSpec ¶
type LockboxSpec struct {
// Sender stores the public key used to lock this Lockbox.
Sender []byte `json:"sender"`
// Peer stores the public key that can unlock this Lockbox.
Peer []byte `json:"peer"`
// Namespace stores an encrypted copy of which namespace this Lockbox is locked
// for, ensuring it cannot be deployed to another namespace under an attacker's
// control.
Namespace []byte `json:"namespace"`
// Data contains the secret data, encrypted to the Peer's public key. Each key in the
// data map must consist of alphanumeric characters, '-', '_', or '.'.
Data map[string][]byte `json:"data"`
// Template defines the structure of the Secret that will be
// created from this Lockbox.
// +optional
Template LockboxSecretTemplate `json:"template,omitempty"`
}
LockboxSpec is a struct wrapping the encrypted secrets along with the public keys of the sender and server.
func (*LockboxSpec) DeepCopy ¶
func (in *LockboxSpec) DeepCopy() *LockboxSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LockboxSpec.
func (*LockboxSpec) DeepCopyInto ¶
func (in *LockboxSpec) DeepCopyInto(out *LockboxSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LockboxStatus ¶
type LockboxStatus struct {
// List of status conditions to indicate the status of a Lockbox.
// +optional
Conditions []Condition `json:"conditions,omitempty"`
}
LockboxStatus contains status information about a Lockbox.
func (*LockboxStatus) DeepCopy ¶
func (in *LockboxStatus) DeepCopy() *LockboxStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LockboxStatus.
func (*LockboxStatus) DeepCopyInto ¶
func (in *LockboxStatus) DeepCopyInto(out *LockboxStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files