Documentation
¶
Index ¶
- Constants
- Variables
- func CheckSecretExists(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object) (bool, error)
- func GetSecret(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object) (*corev1.Secret, bool, error)
- func HandleRolloutRestarts(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object, ...) error
- func RolloutRestart(ctx context.Context, namespace string, target v1alpha1.RolloutRestartTarget, ...) error
- func SyncSecret(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object, ...) error
- type SyncableSecretMetaData
Constants ¶
const AnnotationRestartedAt = "vso.secrets.hashicorp.com/restartedAt"
AnnotationRestartedAt is updated to trigger a rollout-restart
Variables ¶
var OwnerLabels = map[string]string{
"app.kubernetes.io/name": "vault-secrets-operator",
"app.kubernetes.io/managed-by": "hashicorp-vso",
"app.kubernetes.io/component": "secret-sync",
}
OwnerLabels will be applied to any k8s secret we create. They are used in Secret ownership checks. There are similar labels in the vault package. It's important that component secret's value never intersects with that of other components of the system, since this could lead to data loss.
Make OwnerLabels public so that they can be accessed from tests.
Functions ¶
func CheckSecretExists ¶
func CheckSecretExists(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object) (bool, error)
CheckSecretExists checks if the Secret configured on obj exists. Returns true if the secret exists, false if the secret was not found. If any error, other than apierrors.IsNotFound, is encountered, then that error will be returned along with the existence value of false.
See NewSyncableSecretMetaData for the supported types for obj.
func GetSecret ¶
func GetSecret(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object) (*corev1.Secret, bool, error)
GetSecret
func HandleRolloutRestarts ¶
func HandleRolloutRestarts(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object, recorder record.EventRecorder) error
HandleRolloutRestarts for all v1alpha1.RolloutRestartTarget(s) configured for obj. Supported objs are: v1alpha1.VaultDynamicSecret, v1alpha1.VaultStaticSecret, v1alpha1.VaultPKISecret Please note the following: - a rollout-restart will be triggered for each configured v1alpha1.RolloutRestartTarget - the rollout-restart action has no support for roll-back - does not wait for the action to complete
Returns all errors encountered.
func RolloutRestart ¶
func RolloutRestart(ctx context.Context, namespace string, target v1alpha1.RolloutRestartTarget, client ctrlclient.Client) error
RolloutRestart patches the target in namespace for rollout-restart. Supported target Kinds are: DaemonSet, Deployment, StatefulSet
func SyncSecret ¶
func SyncSecret(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object, data map[string][]byte) error
SyncSecret writes data to a Kubernetes Secret for obj. All configuring is derived from the object's Spec.Destination configuration.
See NewSyncableSecretMetaData for the supported types for obj.
Types ¶
type SyncableSecretMetaData ¶
type SyncableSecretMetaData struct {
// APIVersion of the syncable-secret object. Maps to obj.APIVersion.
APIVersion string
// Kind of the syncable-secret object. Maps to obj.Kind.
Kind string
// Destination of the syncable-secret object. Maps to obj.Spec.Destination.
Destination *secretsv1alpha1.Destination
}
SyncableSecretMetaData provides common data structure that extracts the bits pertinent when handling any of the sync-able secret custom resource types.
See NewSyncableSecretMetaData for the supported object types.
func NewSyncableSecretMetaData ¶
func NewSyncableSecretMetaData(obj ctrlclient.Object) (*SyncableSecretMetaData, error)
NewSyncableSecretMetaData returns SyncableSecretMetaData if obj is a supported type. An error will be returned of obj is not a supported type.
Supported types for obj are: VaultDynamicSecret, VaultStaticSecret. VaultPKISecret
Source Files