Documentation ¶
Index ¶
- Variables
- type AWSSecretManagerConfig
- type Config
- type GCPSecretManagerConfig
- type KVVersion
- func (i KVVersion) IsAKVVersion() bool
- func (i KVVersion) MarshalJSON() ([]byte, error)
- func (i KVVersion) MarshalYAML() (interface{}, error)
- func (i KVVersion) String() string
- func (i *KVVersion) UnmarshalJSON(data []byte) error
- func (i *KVVersion) UnmarshalYAML(unmarshal func(interface{}) error) error
- type SecretManagerType
- func (i SecretManagerType) IsASecretManagerType() bool
- func (i SecretManagerType) MarshalJSON() ([]byte, error)
- func (i SecretManagerType) MarshalYAML() (interface{}, error)
- func (i SecretManagerType) String() string
- func (i *SecretManagerType) UnmarshalJSON(data []byte) error
- func (i *SecretManagerType) UnmarshalYAML(unmarshal func(interface{}) error) error
- type VaultSecretManagerConfig
Constants ¶
This section is empty.
Variables ¶
var ( DefaultConfig = &Config{ SecretName: "nebula-pod-webhook", ServiceName: "nebula-pod-webhook", ServicePort: 443, MetricsPrefix: "nebula:", CertDir: "/etc/webhook/certs", LocalCert: false, ListenPort: 9443, SecretManagerType: SecretManagerTypeK8s, AWSSecretManagerConfig: AWSSecretManagerConfig{ SidecarImage: "docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4", Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("500Mi"), corev1.ResourceCPU: resource.MustParse("200m"), }, Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("500Mi"), corev1.ResourceCPU: resource.MustParse("200m"), }, }, }, GCPSecretManagerConfig: GCPSecretManagerConfig{ SidecarImage: "gcr.io/google.com/cloudsdktool/cloud-sdk:alpine", Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("500Mi"), corev1.ResourceCPU: resource.MustParse("200m"), }, Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("500Mi"), corev1.ResourceCPU: resource.MustParse("200m"), }, }, }, VaultSecretManagerConfig: VaultSecretManagerConfig{ Role: "nebula", KVVersion: KVVersion2, }, } )
Functions ¶
This section is empty.
Types ¶
type AWSSecretManagerConfig ¶
type AWSSecretManagerConfig struct { SidecarImage string `json:"sidecarImage" pflag:",Specifies the sidecar docker image to use"` Resources corev1.ResourceRequirements `json:"resources" pflag:"-,Specifies resource requirements for the init container."` }
type Config ¶
type Config struct { MetricsPrefix string `json:"metrics-prefix" pflag:",An optional prefix for all published metrics."` CertDir string `json:"certDir" pflag:",Certificate directory to use to write generated certs. Defaults to /etc/webhook/certs/"` LocalCert bool `json:"localCert" pflag:",write certs locally. Defaults to false"` ListenPort int `json:"listenPort" pflag:",The port to use to listen to webhook calls. Defaults to 9443"` ServiceName string `json:"serviceName" pflag:",The name of the webhook service."` ServicePort int32 `json:"servicePort" pflag:",The port on the service that hosting webhook."` SecretName string `json:"secretName" pflag:",Secret name to write generated certs to."` SecretManagerType SecretManagerType `json:"secretManagerType" pflag:"-,Secret manager type to use if secrets are not found in global secrets."` AWSSecretManagerConfig AWSSecretManagerConfig `json:"awsSecretManager" pflag:",AWS Secret Manager config."` GCPSecretManagerConfig GCPSecretManagerConfig `json:"gcpSecretManager" pflag:",GCP Secret Manager config."` VaultSecretManagerConfig VaultSecretManagerConfig `json:"vaultSecretManager" pflag:",Vault Secret Manager config."` }
func (Config) ExpandCertDir ¶
type GCPSecretManagerConfig ¶
type GCPSecretManagerConfig struct { SidecarImage string `json:"sidecarImage" pflag:",Specifies the sidecar docker image to use"` Resources corev1.ResourceRequirements `json:"resources" pflag:"-,Specifies resource requirements for the init container."` }
type KVVersion ¶
type KVVersion int
Defines with KV Engine Version to use with VaultSecretManager - https://www.vaultproject.io/docs/secrets/kv#kv-secrets-engine
func KVVersionString ¶
KVVersionString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func KVVersionValues ¶
func KVVersionValues() []KVVersion
KVVersionValues returns all values of the enum
func (KVVersion) IsAKVVersion ¶
IsAKVVersion returns "true" if the value is listed in the enum definition. "false" otherwise
func (KVVersion) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface for KVVersion
func (KVVersion) MarshalYAML ¶
MarshalYAML implements a YAML Marshaler for KVVersion
func (*KVVersion) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface for KVVersion
func (*KVVersion) UnmarshalYAML ¶
UnmarshalYAML implements a YAML Unmarshaler for KVVersion
type SecretManagerType ¶
type SecretManagerType int
SecretManagerType defines which secret manager to use.
const ( // SecretManagerTypeGlobal defines a global secret manager that can read env vars and mounted secrets to the webhook // pod. SecretManagerTypeGlobal SecretManagerType = iota // SecretManagerTypeK8s defines a secret manager webhook that injects K8s volume mounts to mount K8s secrets. SecretManagerTypeK8s // SecretManagerTypeAWS defines a secret manager webhook that injects a side car to pull secrets from AWS Secret // Manager and mount them to a local file system (in memory) and share that mount with other containers in the pod. SecretManagerTypeAWS // SecretManagerTypeGCP defines a secret manager webhook that injects a side car to pull secrets from GCP Secret // Manager and mount them to a local file system (in memory) and share that mount with other containers in the pod. SecretManagerTypeGCP // SecretManagerTypeVault defines a secret manager webhook that pulls secrets from Hashicorp Vault. SecretManagerTypeVault )
func SecretManagerTypeString ¶
func SecretManagerTypeString(s string) (SecretManagerType, error)
SecretManagerTypeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func SecretManagerTypeValues ¶
func SecretManagerTypeValues() []SecretManagerType
SecretManagerTypeValues returns all values of the enum
func (SecretManagerType) IsASecretManagerType ¶
func (i SecretManagerType) IsASecretManagerType() bool
IsASecretManagerType returns "true" if the value is listed in the enum definition. "false" otherwise
func (SecretManagerType) MarshalJSON ¶
func (i SecretManagerType) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface for SecretManagerType
func (SecretManagerType) MarshalYAML ¶
func (i SecretManagerType) MarshalYAML() (interface{}, error)
MarshalYAML implements a YAML Marshaler for SecretManagerType
func (SecretManagerType) String ¶
func (i SecretManagerType) String() string
func (*SecretManagerType) UnmarshalJSON ¶
func (i *SecretManagerType) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface for SecretManagerType
func (*SecretManagerType) UnmarshalYAML ¶
func (i *SecretManagerType) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML implements a YAML Unmarshaler for SecretManagerType