concierge

package
v0.36.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 17, 2021 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package concierge contains functionality to load/store Config's from/to some source.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIConfigSpec

type APIConfigSpec struct {
	ServingCertificateConfig ServingCertificateConfigSpec `json:"servingCertificate"`
}

APIConfigSpec contains configuration knobs for the Pinniped API. nolint: golint

type Config

type Config struct {
	DiscoveryInfo       DiscoveryInfoSpec `json:"discovery"`
	APIConfig           APIConfigSpec     `json:"api"`
	APIGroupSuffix      *string           `json:"apiGroupSuffix,omitempty"`
	NamesConfig         NamesConfigSpec   `json:"names"`
	KubeCertAgentConfig KubeCertAgentSpec `json:"kubeCertAgent"`
	Labels              map[string]string `json:"labels"`
	LogLevel            plog.LogLevel     `json:"logLevel"`
}

Config contains knobs to setup an instance of the Pinniped Concierge.

func FromPath

func FromPath(path string) (*Config, error)

FromPath loads an Config from a provided local file path, inserts any defaults (from the Config documentation), and verifies that the config is valid (per the Config documentation).

Note! The Config file should contain base64-encoded WebhookCABundle data. This function will decode that base64-encoded data to PEM bytes to be stored in the Config.

type DiscoveryInfoSpec

type DiscoveryInfoSpec struct {
	// URL contains the URL at which pinniped can be contacted.
	URL *string `json:"url,omitempty"`
}

DiscoveryInfoSpec contains configuration knobs specific to pinniped's publishing of discovery information. These values can be viewed as overrides, i.e., if these are set, then Pinniped will publish these values in its discovery document instead of the ones it finds.

type KubeCertAgentSpec

type KubeCertAgentSpec struct {
	// NamePrefix is the prefix of the name of the kube-cert-agent pods. For example, if this field is
	// set to "some-prefix-", then the name of the pods will look like "some-prefix-blah". The default
	// for this value is "pinniped-kube-cert-agent-".
	NamePrefix *string `json:"namePrefix,omitempty"`

	// Image is the container image that will be used by the kube-cert-agent pod. The container image
	// should contain at least 2 binaries: /bin/sleep and cat (somewhere on the $PATH). The default
	// for this value is "debian:latest".
	Image *string `json:"image"`

	// ImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
	// ImagePullSecrets on the kube-cert-agent pods.
	ImagePullSecrets []string
}

type NamesConfigSpec

type NamesConfigSpec struct {
	ServingCertificateSecret          string `json:"servingCertificateSecret"`
	CredentialIssuer                  string `json:"credentialIssuer"`
	APIService                        string `json:"apiService"`
	ImpersonationLoadBalancerService  string `json:"impersonationLoadBalancerService"`
	ImpersonationClusterIPService     string `json:"impersonationClusterIPService"`
	ImpersonationTLSCertificateSecret string `json:"impersonationTLSCertificateSecret"`
	ImpersonationCACertificateSecret  string `json:"impersonationCACertificateSecret"`
	ImpersonationSignerSecret         string `json:"impersonationSignerSecret"`
	AgentServiceAccount               string `json:"agentServiceAccount"`
}

NamesConfigSpec configures the names of some Kubernetes resources for the Concierge.

type ServingCertificateConfigSpec

type ServingCertificateConfigSpec struct {
	// DurationSeconds is the validity period, in seconds, of the API serving
	// certificate. By default, the serving certificate is issued for 31536000
	// seconds (1 year). This value is also used for the serving certificate's
	// CA certificate.
	DurationSeconds *int64 `json:"durationSeconds,omitempty"`

	// RenewBeforeSeconds is the period of time, in seconds, that Pinniped will
	// wait before rotating the serving certificate. This period of time starts
	// upon issuance of the serving certificate. This must be less than
	// DurationSeconds. By default, Pinniped begins rotation after 23328000
	// seconds (about 9 months).
	RenewBeforeSeconds *int64 `json:"renewBeforeSeconds,omitempty"`
}

ServingCertificateConfigSpec contains the configuration knobs for the API's serving certificate, i.e., the x509 certificate that it uses for the server certificate in inbound TLS connections.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL