client

package
v1.14.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 11, 2023 License: MPL-2.0 Imports: 18 Imported by: 4

Documentation

Index

Constants

View Source
const (
	Unset   PatchOperation = "unset"
	Add                    = "add"
	Replace                = "replace"
)
View Source
const (
	// These environment variables aren't set by default.
	// Vault may read them in if set through these environment variables.
	// Example here:
	// https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
	// The client itself does nothing directly with these variables, it's
	// up to the caller. However, they live here so they'll be consistently
	// named should the client ever be reused.
	// We generally recommend preferring environmental settings over configured
	// ones, allowing settings from the Downward API to override hard-coded
	// ones.
	EnvVarKubernetesNamespace = "VAULT_K8S_NAMESPACE"
	EnvVarKubernetesPodName   = "VAULT_K8S_POD_NAME"

	// The service host and port environment variables are
	// set by default inside a Kubernetes environment.
	EnvVarKubernetesServiceHost = "KUBERNETES_SERVICE_HOST"
	EnvVarKubernetesServicePort = "KUBERNETES_SERVICE_PORT"
)

Variables

View Source
var (
	// Retry configuration
	RetryWaitMin = 500 * time.Millisecond
	RetryWaitMax = 30 * time.Second
	RetryMax     = 10

	// Standard errs
	ErrNamespaceUnset = errors.New(`"namespace" is unset`)
	ErrPodNameUnset   = errors.New(`"podName" is unset`)
	ErrNotInCluster   = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
)
View Source
var (
	// These are presented as variables so they can be updated
	// to point at test fixtures if needed. They aren't passed
	// into inClusterConfig to avoid dependency injection.
	Scheme     = "https://"
	TokenFile  = "/var/run/secrets/kubernetes.io/serviceaccount/token"
	RootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
)

Functions

func Sanitize

func Sanitize(val string) string

Sanitize is for "data" being sent to the Kubernetes API. Data must consist of alphanumeric characters, '-', '_' or '.'. Any other characters found in the original value will be stripped, and the surrounding characters will be concatenated.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a minimal Kubernetes client. We rolled our own because the existing Kubernetes client-go library available externally has a high number of dependencies and we thought it wasn't worth it for only two API calls. If at some point they break the client into smaller modules, or if we add quite a few methods to this client, it may be worthwhile to revisit that decision.

func New

func New(logger hclog.Logger) (*Client, error)

New instantiates a Client. The stopCh is used for exiting retry loops when closed.

func (*Client) GetPod

func (c *Client) GetPod(namespace, podName string) (*Pod, error)

GetPod gets a pod from the Kubernetes API.

func (*Client) PatchPod

func (c *Client) PatchPod(namespace, podName string, patches ...*Patch) error

PatchPod updates the pod's tags to the given ones. It does so non-destructively, or in other words, without tearing down the pod.

func (*Client) Shutdown added in v1.4.2

func (c *Client) Shutdown()

type Config

type Config struct {
	CACertPool *x509.CertPool

	// Host must be a host string, a host:port pair, or a URL to the base of the apiserver.
	// If a URL is given then the (optional) Path of that URL represents a prefix that must
	// be appended to all request URIs used to access the apiserver. This allows a frontend
	// proxy to easily relocate all of the apiserver endpoints.
	Host string

	// Server requires Bearer authentication. This client will not attempt to use
	// refresh tokens for an OAuth2 flow.
	BearerToken string

	// Path to a file containing a BearerToken.
	// If set, checks for a new token in the case of authorization errors.
	BearerTokenFile string
}

This config is based on the one returned here: https://github.com/kubernetes/client-go/blob/a56922badea0f2a91771411eaa1173c9e9243908/rest/config.go#L451 It is pared down to the absolute minimum fields used by this code. The CACertPool is promoted to the top level from being originally on the TLSClientConfig because it is the only parameter of the TLSClientConfig used by this code. Also, it made more sense to simply reuse the pool rather than holding raw values and parsing it repeatedly.

type ErrNotFound

type ErrNotFound struct {
	// contains filtered or unexported fields
}

func (*ErrNotFound) Error

func (e *ErrNotFound) Error() string

type Metadata

type Metadata struct {
	Name string `json:"name,omitempty"`

	// This map will be nil if no "labels" key was provided.
	// It will be populated but have a length of zero if the
	// key was provided, but no values.
	Labels map[string]string `json:"labels,omitempty"`
}

type Patch

type Patch struct {
	Operation PatchOperation
	Path      string
	Value     interface{}
}

type PatchOperation

type PatchOperation string

type Pod

type Pod struct {
	Metadata *Metadata `json:"metadata,omitempty"`
}

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL