v1alpha1

package
v0.0.0-...-5e2b908 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 6, 2019 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package +groupName=vault.security.coreos.com

Index

Constants

View Source
const (
	VaultServiceKind   = "VaultService"
	VaultServicePlural = "vaultservices"
)
View Source
const (
	// Name of CA cert file in the client secret
	CATLSCertName = "vault-client-ca.crt"
)

Variables

View Source
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme

	CRDName = VaultServicePlural + "." + groupName
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: groupName, Version: "v1alpha1"}

SchemeGroupVersion is the group version used to register these objects.

View Source
var (
	VaultServiceShortNames = []string{"vault"}
)

Functions

func DefaultVaultClientTLSSecretName

func DefaultVaultClientTLSSecretName(vaultName string) string

DefaultVaultClientTLSSecretName returns the name of the default vault client TLS secret

func DefaultVaultServerTLSSecretName

func DefaultVaultServerTLSSecretName(vaultName string) string

DefaultVaultServerTLSSecretName returns the name of the default vault server TLS secret

func GetGeneratedDeepCopyFuncs deprecated

func GetGeneratedDeepCopyFuncs() []conversion.GeneratedDeepCopyFunc

GetGeneratedDeepCopyFuncs returns the generated funcs, since we aren't registering them.

Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.

func IsTLSConfigured

func IsTLSConfigured(tp *TLSPolicy) bool

IsTLSConfigured checks if the vault TLS secrets have been specified by the user

Types

type ClusterPhase

type ClusterPhase string
const (
	ClusterPhaseInitial ClusterPhase = ""
	ClusterPhaseRunning              = "Running"
)

type PodPolicy

type PodPolicy struct {
	// Resources is the resource requirements for the containers.
	Resources v1.ResourceRequirements `json:"resources,omitempty"`
}

PodPolicy defines the policy for pods owned by vault operator.

func (*PodPolicy) DeepCopy

func (in *PodPolicy) DeepCopy() *PodPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodPolicy.

func (*PodPolicy) DeepCopyInto

func (in *PodPolicy) DeepCopyInto(out *PodPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StaticTLS

type StaticTLS struct {
	// ServerSecret is the secret containing TLS certs used by each vault node
	// for the communication between the vault server and its clients.
	// The server secret should contain two files: server.crt and server.key
	// The server.crt file should only contain the server certificate.
	// It should not be concatenated with the optional ca certificate as allowed by https://www.vaultproject.io/docs/configuration/listener/tcp.html#tls_cert_file
	// The server certificate must allow the following wildcard domains:
	// localhost
	// *.<namespace>.pod
	// <vault-cluster-name>.<namespace>.svc
	ServerSecret string `json:"serverSecret,omitempty"`
	// ClientSecret is the secret containing the CA certificate
	// that will be used to verify the above server certificate
	// The ca secret should contain one file: vault-client-ca.crt
	ClientSecret string `json:"clientSecret,omitempty"`
}

func (*StaticTLS) DeepCopy

func (in *StaticTLS) DeepCopy() *StaticTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticTLS.

func (*StaticTLS) DeepCopyInto

func (in *StaticTLS) DeepCopyInto(out *StaticTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSPolicy

type TLSPolicy struct {
	// StaticTLS enables user to use static x509 certificates and keys,
	// by putting them into Kubernetes secrets, and specifying them here.
	// If this is not set, operator will auto-gen TLS assets and secrets.
	Static *StaticTLS `json:"static,omitempty"`
}

TLSPolicy defines the TLS policy of the vault nodes

func (*TLSPolicy) DeepCopy

func (in *TLSPolicy) DeepCopy() *TLSPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy.

func (*TLSPolicy) DeepCopyInto

func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultService

type VaultService struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`
	Spec              VaultServiceSpec   `json:"spec"`
	Status            VaultServiceStatus `json:"status,omitempty"`
}

func (*VaultService) DeepCopy

func (in *VaultService) DeepCopy() *VaultService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultService.

func (*VaultService) DeepCopyInto

func (in *VaultService) DeepCopyInto(out *VaultService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultService) DeepCopyObject

func (in *VaultService) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultService) SetDefaults

func (v *VaultService) SetDefaults() bool

SetDefaults sets the default vaules for the vault spec and returns true if the spec was changed

type VaultServiceList

type VaultServiceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`
	Items           []VaultService `json:"items"`
}

func (*VaultServiceList) DeepCopy

func (in *VaultServiceList) DeepCopy() *VaultServiceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServiceList.

func (*VaultServiceList) DeepCopyInto

func (in *VaultServiceList) DeepCopyInto(out *VaultServiceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultServiceList) DeepCopyObject

func (in *VaultServiceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultServiceSpec

type VaultServiceSpec struct {
	// Number of nodes to deploy for a Vault deployment.
	// Default: 1.
	Nodes int32 `json:"nodes,omitempty"`

	// Base image to use for a Vault deployment.
	BaseImage string `json:"baseImage"`

	// Version of Vault to be deployed.
	Version string `json:"version"`

	// Pod defines the policy for pods owned by vault operator.
	// This field cannot be updated once the CR is created.
	Pod *PodPolicy `json:"pod,omitempty"`

	// Name of the ConfigMap for Vault's configuration
	// If this is empty, operator will create a default config for Vault.
	// If this is not empty, operator will create a new config overwriting
	// the "storage", "listener" sections in orignal config.
	ConfigMapName string `json:"configMapName"`

	// TLS policy of vault nodes
	TLS *TLSPolicy `json:"TLS,omitempty"`
}

func (*VaultServiceSpec) DeepCopy

func (in *VaultServiceSpec) DeepCopy() *VaultServiceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServiceSpec.

func (*VaultServiceSpec) DeepCopyInto

func (in *VaultServiceSpec) DeepCopyInto(out *VaultServiceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultServiceStatus

type VaultServiceStatus struct {
	// Phase indicates the state this Vault cluster jumps in.
	// Phase goes as one way as below:
	//   Initial -> Running
	Phase ClusterPhase `json:"phase"`

	// Initialized indicates if the Vault service is initialized.
	Initialized bool `json:"initialized"`

	// ServiceName is the LB service for accessing vault nodes.
	ServiceName string `json:"serviceName,omitempty"`

	// ClientPort is the port for vault client to access.
	// It's the same on client LB service and vault nodes.
	ClientPort int `json:"clientPort,omitempty"`

	// VaultStatus is the set of Vault node specific statuses: Active, Standby, and Sealed
	VaultStatus VaultStatus `json:"vaultStatus"`

	// PodNames of updated Vault nodes. Updated means the Vault container image version
	// matches the spec's version.
	UpdatedNodes []string `json:"updatedNodes,omitempty"`
}

func (*VaultServiceStatus) DeepCopy

func (in *VaultServiceStatus) DeepCopy() *VaultServiceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServiceStatus.

func (*VaultServiceStatus) DeepCopyInto

func (in *VaultServiceStatus) DeepCopyInto(out *VaultServiceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultStatus

type VaultStatus struct {
	// PodName of the active Vault node. Active node is unsealed.
	// Only active node can serve requests.
	// Vault service only points to the active node.
	Active string `json:"active"`

	// PodNames of the standby Vault nodes. Standby nodes are unsealed.
	// Standby nodes do not process requests, and instead redirect to the active Vault.
	Standby []string `json:"standby"`

	// PodNames of Sealed Vault nodes. Sealed nodes MUST be manually unsealed to
	// become standby or leader.
	Sealed []string `json:"sealed"`
}

func (*VaultStatus) DeepCopy

func (in *VaultStatus) DeepCopy() *VaultStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStatus.

func (*VaultStatus) DeepCopyInto

func (in *VaultStatus) DeepCopyInto(out *VaultStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL