Documentation
¶
Index ¶
- Constants
- Variables
- func AddOwnerRefToObject(o metav1.Object, r metav1.OwnerReference)
- func AsOwner(v *api.VaultService) metav1.OwnerReference
- func CascadeDeleteBackground() *metav1.DeleteOptions
- func ConfigMapNameForVault(v *api.VaultService) string
- func DeleteEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) error
- func DeployEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) error
- func DeployVault(kubecli kubernetes.Interface, v *api.VaultService) error
- func DestroyVault(kubecli kubernetes.Interface, v *api.VaultService) error
- func EtcdClientTLSSecretName(vaultName string) string
- func EtcdNameForVault(name string) string
- func EtcdPeerTLSSecretName(vaultName string) string
- func EtcdServerTLSSecretName(vaultName string) string
- func EtcdURLForVault(name string) string
- func InClusterConfig() (*rest.Config, error)
- func IsPodReady(p v1.Pod) bool
- func IsVaultVersionMatch(ps v1.PodSpec, vs api.VaultServiceSpec) bool
- func LabelsForVault(name string) map[string]string
- func MustNewKubeClient() kubernetes.Interface
- func MustNewKubeExtClient() apiextensionsclient.Interface
- func PodDNSName(p v1.Pod) string
- func UpgradeDeployment(kubecli kubernetes.Interface, vr *api.VaultService, d *appsv1beta1.Deployment) error
- func VaultServiceURL(name, namespace string, port int) string
- func VaultTLSFromSecret(kubecli kubernetes.Interface, vr *api.VaultService) (*vaultapi.TLSConfig, error)
Constants ¶
const (
VaultClientPort = 8200
)
Variables ¶
var (
// VaultConfigPath is the path that vault pod uses to read config from
VaultConfigPath = "/run/vault/config/vault.hcl"
)
Functions ¶
func AddOwnerRefToObject ¶
func AddOwnerRefToObject(o metav1.Object, r metav1.OwnerReference)
AddOwnerRefToObject appends the desired OwnerReference to the object
func AsOwner ¶
func AsOwner(v *api.VaultService) metav1.OwnerReference
AsOwner returns an owner reference set as the vault cluster CR
func CascadeDeleteBackground ¶
func CascadeDeleteBackground() *metav1.DeleteOptions
CascadeDeleteBackground returns a background delete policy option which causes the garbage collector to delete the dependents in the background.
func ConfigMapNameForVault ¶
func ConfigMapNameForVault(v *api.VaultService) string
ConfigMapNameForVault is the configmap name for the given vault. If ConfigMapName is given is spec, it will make a new name based on that. Otherwise, we will create a default configmap using the Vault's name.
func DeleteEtcdCluster ¶
func DeleteEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) error
DeleteEtcdCluster deletes the etcd cluster for the given vault
func DeployEtcdCluster ¶
func DeployEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) error
DeployEtcdCluster creates an etcd cluster for the given vault's name via etcd operator and waits for all of its members to be ready.
func DeployVault ¶
func DeployVault(kubecli kubernetes.Interface, v *api.VaultService) error
DeployVault deploys a vault service. DeployVault is a multi-steps process. It creates the deployment, the service and other related Kubernetes objects for Vault. Any intermediate step can fail.
DeployVault is idempotent. If an object already exists, this function will ignore creating it and return no error. It is safe to retry on this function.
func DestroyVault ¶
func DestroyVault(kubecli kubernetes.Interface, v *api.VaultService) error
DestroyVault destroys a vault service. TODO: remove this function when CRD GC is enabled.
func EtcdClientTLSSecretName ¶
EtcdClientTLSSecretName returns the name of etcd client TLS secret for the given vault name
func EtcdNameForVault ¶
EtcdNameForVault returns the etcd cluster's name for the given vault's name
func EtcdPeerTLSSecretName ¶
EtcdPeerTLSSecretName returns the name of etcd peer TLS secret for the given vault name
func EtcdServerTLSSecretName ¶
EtcdServerTLSSecretName returns the name of etcd server TLS secret for the given vault name
func EtcdURLForVault ¶
EtcdURLForVault returns the URL to talk to etcd cluster for the given vault's name
func InClusterConfig ¶
func IsPodReady ¶
IsPodReady checks the status of the pod for the Ready condition
func IsVaultVersionMatch ¶
func IsVaultVersionMatch(ps v1.PodSpec, vs api.VaultServiceSpec) bool
func LabelsForVault ¶
LabelsForVault returns the labels for selecting the resources belonging to the given vault name.
func MustNewKubeClient ¶
func MustNewKubeClient() kubernetes.Interface
func MustNewKubeExtClient ¶
func MustNewKubeExtClient() apiextensionsclient.Interface
func PodDNSName ¶
PodDNSName constructs the dns name on which a pod can be addressed
func UpgradeDeployment ¶
func UpgradeDeployment(kubecli kubernetes.Interface, vr *api.VaultService, d *appsv1beta1.Deployment) error
UpgradeDeployment sets deployment spec to: - roll forward version - keep active Vault node available by setting `maxUnavailable=N-1` and `maxSurge=1`
func VaultServiceURL ¶
VaultServiceURL returns the DNS record of the vault service in the given namespace.
func VaultTLSFromSecret ¶
func VaultTLSFromSecret(kubecli kubernetes.Interface, vr *api.VaultService) (*vaultapi.TLSConfig, error)
VaultTLSFromSecret reads Vault CR's TLS secret and converts it into a vault client's TLS config struct.
Types ¶
This section is empty.
Source Files