Documentation ¶
Overview ¶
package vault contains an addon that installs Vault
Index ¶
- func NewVaultAppRoleSecret(name, secretId string) *corev1.Secret
- func NewVaultKubernetesSecret(name string, serviceAccountName string) *corev1.Secret
- func NewVaultServiceAccount(name string) *corev1.ServiceAccount
- func NewVaultServiceAccountClusterRoleBinding(roleName, namespace, subject string) *rbacv1.ClusterRoleBinding
- func NewVaultServiceAccountRole(namespace, serviceAccountName string) *rbacv1.ClusterRole
- func NewVaultTokenSecret(name string) *corev1.Secret
- type Details
- type Vault
- type VaultInitializer
- func (v *VaultInitializer) Clean() error
- func (v *VaultInitializer) CleanAppRole() error
- func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error
- func (v *VaultInitializer) CreateAppRole() (string, string, error)
- func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error
- func (v *VaultInitializer) Init() error
- func (v *VaultInitializer) Setup() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewVaultAppRoleSecret ¶
func NewVaultKubernetesSecret ¶ added in v0.11.0
func NewVaultServiceAccount ¶ added in v0.11.0
func NewVaultServiceAccount(name string) *corev1.ServiceAccount
func NewVaultServiceAccountClusterRoleBinding ¶ added in v0.11.0
func NewVaultServiceAccountClusterRoleBinding(roleName, namespace, subject string) *rbacv1.ClusterRoleBinding
func NewVaultServiceAccountRole ¶ added in v0.11.0
func NewVaultServiceAccountRole(namespace, serviceAccountName string) *rbacv1.ClusterRole
func NewVaultTokenSecret ¶
Types ¶
type Details ¶
type Details struct { // Kubectl is the path to kubectl Kubectl string // Host is the hostname that can be used to connect to Vault Host string // PodName is the name of the Vault pod PodName string // Namespace is the namespace vault has been deployed into Namespace string // VaultCA is the CA used to sign the vault serving certificate VaultCA []byte VaultCAPrivateKey []byte // VaultCert is the vault serving certificate VaultCert []byte VaultCertPrivateKey []byte }
type Vault ¶
type Vault struct { Base *base.Base // Name is a unique name for this Vault deployment Name string // Namespace is the namespace to deploy Vault into Namespace string // contains filtered or unexported fields }
Vault describes the configuration details for an instance of Vault deployed to the test cluster
func (*Vault) Deprovision ¶
Deprovision will destroy this instance of Vault
func (*Vault) SupportsGlobal ¶
type VaultInitializer ¶
type VaultInitializer struct { Details RootMount string IntermediateMount string // Whether the intermediate CA should be configured with root CA ConfigureWithRoot bool Role string // AppRole auth Role AppRoleAuthPath string // AppRole auth mount point in Vault KubernetesAuthPath string // Kubernetes auth mount point in Vault APIServerURL string // Kubernetes API Server URL APIServerCA string // Kubernetes API Server CA certificate // contains filtered or unexported fields }
VaultInitializer holds the state of a configured Vault PKI. We use the same Vault server for all tests. PKIs are mounted and unmounted for each test scenario that uses them.
func (*VaultInitializer) Clean ¶
func (v *VaultInitializer) Clean() error
func (*VaultInitializer) CleanAppRole ¶
func (v *VaultInitializer) CleanAppRole() error
func (*VaultInitializer) CleanKubernetesRole ¶ added in v0.11.0
func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error
CleanKubernetesRole cleans up the ClusterRoleBinding and ServiceAccount for Kubernetes auth delegation
func (*VaultInitializer) CreateAppRole ¶
func (v *VaultInitializer) CreateAppRole() (string, string, error)
func (*VaultInitializer) CreateKubernetesRole ¶ added in v0.11.0
func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error
CreateKubernetesRole creates a service account and ClusterRoleBinding for Kubernetes auth delegation
func (*VaultInitializer) Init ¶
func (v *VaultInitializer) Init() error
Set up a new Vault client, port-forward to the Vault instance.
Click to show internal directories.
Click to hide internal directories.