Affected by 
Documentation
¶
Index ¶
Constants ¶
const ( Unset PatchOperation = "unset" Add = "add" Replace = "replace" )
const ( // These environment variables aren't set by default. // Vault may read them in if set through these environment variables. // Example here: // https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/ // The client itself does nothing directly with these variables, it's // up to the caller. However, they live here so they'll be consistently // named should the client ever be reused. // We generally recommend preferring environmental settings over configured // ones, allowing settings from the Downward API to override hard-coded // ones. EnvVarKubernetesNamespace = "VAULT_K8S_NAMESPACE" EnvVarKubernetesPodName = "VAULT_K8S_POD_NAME" // The service host and port environment variables are // set by default inside a Kubernetes environment. EnvVarKubernetesServiceHost = "KUBERNETES_SERVICE_HOST" EnvVarKubernetesServicePort = "KUBERNETES_SERVICE_PORT" )
Variables ¶
var ( // Retry configuration RetryWaitMin = 500 * time.Millisecond RetryWaitMax = 30 * time.Second RetryMax = 10 // Standard errs ErrNamespaceUnset = errors.New(`"namespace" is unset`) ErrPodNameUnset = errors.New(`"podName" is unset`) ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined") )
var ( // These are presented as variables so they can be updated // to point at test fixtures if needed. They aren't passed // into inClusterConfig to avoid dependency injection. Scheme = "https://" TokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token" RootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" )
Functions ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a minimal Kubernetes client. We rolled our own because the existing Kubernetes client-go library available externally has a high number of dependencies and we thought it wasn't worth it for only two API calls. If at some point they break the client into smaller modules, or if we add quite a few methods to this client, it may be worthwhile to revisit that decision.
type Config ¶
type Config struct {
CACertPool *x509.CertPool
// Host must be a host string, a host:port pair, or a URL to the base of the apiserver.
// If a URL is given then the (optional) Path of that URL represents a prefix that must
// be appended to all request URIs used to access the apiserver. This allows a frontend
// proxy to easily relocate all of the apiserver endpoints.
Host string
// Server requires Bearer authentication. This client will not attempt to use
// refresh tokens for an OAuth2 flow.
BearerToken string
// Path to a file containing a BearerToken.
// If set, checks for a new token in the case of authorization errors.
BearerTokenFile string
}
This config is based on the one returned here: https://github.com/kubernetes/client-go/blob/a56922badea0f2a91771411eaa1173c9e9243908/rest/config.go#L451 It is pared down to the absolute minimum fields used by this code. The CACertPool is promoted to the top level from being originally on the TLSClientConfig because it is the only parameter of the TLSClientConfig used by this code. Also, it made more sense to simply reuse the pool rather than holding raw values and parsing it repeatedly.
type ErrNotFound ¶
type ErrNotFound struct {
// contains filtered or unexported fields
}
func (*ErrNotFound) Error ¶
func (e *ErrNotFound) Error() string
type Patch ¶
type Patch struct {
Operation PatchOperation
Path string
Value interface{}
}
type PatchOperation ¶
type PatchOperation string
Source Files
Directories