k8ssat

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 27 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuiltIn

func BuiltIn() catalog.BuiltIn

Types

type AttestorConfig

type AttestorConfig struct {
	Clusters map[string]*ClusterConfig `hcl:"clusters"`
}

type AttestorPlugin

type AttestorPlugin struct {
	nodeattestorbase.Base
	nodeattestorv1.UnsafeNodeAttestorServer
	configv1.UnsafeConfigServer
	// contains filtered or unexported fields
}

func New

func New() *AttestorPlugin

func (*AttestorPlugin) Attest

func (*AttestorPlugin) Configure

func (*AttestorPlugin) SetLogger

func (p *AttestorPlugin) SetLogger(log hclog.Logger)

SetLogger sets up plugin logging

func (*AttestorPlugin) Validate added in v1.11.0

type ClusterConfig

type ClusterConfig struct {
	// Path on disk to a PEM encoded file containing public keys used in validating tokens for that cluster
	// If use_token_review_api_validation is true, then this path is ignored and TokenReview API is used for validation
	ServiceAccountKeyFile string `hcl:"service_account_key_file"`

	// ServiceAccountAllowList is a list of service account names, qualified by
	// namespace (for example, "default:blog" or "production:web") to allow for node attestation
	ServiceAccountAllowList []string `hcl:"service_account_allow_list"`

	// UseTokenReviewAPI
	//   If true token review API will be used for token validation
	//   If false ServiceAccountKeyFile will be used for token validation
	UseTokenReviewAPI bool `hcl:"use_token_review_api_validation"`

	// Kubernetes configuration file path
	// Used to create a client to query the Kubernetes API server. If string is empty, in-cluster configuration is used
	KubeConfigFile string `hcl:"kube_config_file"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL