Documentation
¶
Index ¶
- Constants
- Variables
- func BootstrapEncryptionHashAnnotation(node *corev1.Node, runtime *config.ControlRuntime) error
- func GenEncryptionConfigHash(runtime *config.ControlRuntime) (string, error)
- func GenReencryptHash(runtime *config.ControlRuntime, keyName string) (string, error)
- func GetEncryptionConfigMetrics(runtime *config.ControlRuntime, initialMetrics bool) (int64, int64, error)
- func GetEncryptionKeys(runtime *config.ControlRuntime, includeIdentity bool) ([]apiserverconfigv1.Key, error)
- func GetEncryptionProviders(runtime *config.ControlRuntime) ([]apiserverconfigv1.ProviderConfiguration, error)
- func WaitForEncryptionConfigReload(runtime *config.ControlRuntime, reloadSuccesses, reloadTime int64) error
- func WriteEncryptionConfig(runtime *config.ControlRuntime, keys []apiserverconfigv1.Key, enable bool) error
- func WriteEncryptionHashAnnotation(runtime *config.ControlRuntime, node *corev1.Node, skipFile bool, stage string) error
Constants ¶
const ( EncryptionStart string = "start" EncryptionPrepare string = "prepare" EncryptionRotate string = "rotate" EncryptionRotateKeys string = "rotate_keys" EncryptionReencryptRequest string = "reencrypt_request" EncryptionReencryptActive string = "reencrypt_active" EncryptionReencryptFinished string = "reencrypt_finished" SecretListPageSize int64 = 20 SecretQPS float32 = 200 SecretBurst int = 200 SecretsUpdateErrorEvent string = "SecretsUpdateError" SecretsProgressEvent string = "SecretsProgress" SecretsUpdateCompleteEvent string = "SecretsUpdateComplete" )
Variables ¶
var EncryptionHashAnnotation = version.Program + ".io/encryption-config-hash"
Functions ¶
func BootstrapEncryptionHashAnnotation ¶
func BootstrapEncryptionHashAnnotation(node *corev1.Node, runtime *config.ControlRuntime) error
func GenEncryptionConfigHash ¶
func GenEncryptionConfigHash(runtime *config.ControlRuntime) (string, error)
func GenReencryptHash ¶
func GenReencryptHash(runtime *config.ControlRuntime, keyName string) (string, error)
GenReencryptHash generates a sha256 hash from the existing secrets keys and any identity providers plus a new key based on the input arguments.
func GetEncryptionConfigMetrics ¶
func GetEncryptionConfigMetrics(runtime *config.ControlRuntime, initialMetrics bool) (int64, int64, error)
GetEncryptionConfigMetrics fetches the metrics API and returns the last time the encryption config was reloaded and the number of times it has been reloaded.
func GetEncryptionKeys ¶
func GetEncryptionKeys(runtime *config.ControlRuntime, includeIdentity bool) ([]apiserverconfigv1.Key, error)
GetEncryptionKeys returns a list of encryption keys from the current encryption configuration. If includeIdentity is true, it will also include a fake key representing the identity provider, which is used to determine if encryption is enabled/disabled.
func GetEncryptionProviders ¶
func GetEncryptionProviders(runtime *config.ControlRuntime) ([]apiserverconfigv1.ProviderConfiguration, error)
func WaitForEncryptionConfigReload ¶
func WaitForEncryptionConfigReload(runtime *config.ControlRuntime, reloadSuccesses, reloadTime int64) error
WaitForEncryptionConfigReload watches the metrics API, polling the latest time the encryption config was reloaded.
func WriteEncryptionConfig ¶
func WriteEncryptionConfig(runtime *config.ControlRuntime, keys []apiserverconfigv1.Key, enable bool) error
func WriteEncryptionHashAnnotation ¶
func WriteEncryptionHashAnnotation(runtime *config.ControlRuntime, node *corev1.Node, skipFile bool, stage string) error
WriteEncryptionHashAnnotation writes the encryption hash to the node annotation and optionally to a file. The file is used to track the last stage of the reencryption process.
Types ¶
This section is empty.
Source Files