k8spsat

package
v1.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2023 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuiltIn

func BuiltIn() catalog.BuiltIn

Types

type AttestorConfig

type AttestorConfig struct {
	Clusters map[string]*ClusterConfig `hcl:"clusters"`
}

AttestorConfig contains a map of clusters that uses cluster name as key

type AttestorPlugin

type AttestorPlugin struct {
	nodeattestorv1.UnsafeNodeAttestorServer
	configv1.UnsafeConfigServer
	// contains filtered or unexported fields
}

AttestorPlugin is a PSAT (Projected SAT) node attestor plugin

func New

func New() *AttestorPlugin

New creates a new PSAT node attestor plugin

func (*AttestorPlugin) Attest

func (*AttestorPlugin) Configure

func (*AttestorPlugin) SetLogger

func (p *AttestorPlugin) SetLogger(log hclog.Logger)

SetLogger sets up plugin logging

type ClusterConfig

type ClusterConfig struct {
	// Array of allowed service accounts names
	// Attestation is denied if coming from a service account that is not in the list
	ServiceAccountAllowList []string `hcl:"service_account_allow_list"`

	// Audience for PSAT token validation
	// If audience is not configured, defaultAudience will be used
	// If audience value is set to an empty slice, k8s apiserver audience will be used
	Audience *[]string `hcl:"audience"`

	// Kubernetes configuration file path
	// Used to create a k8s client to query the API server. If string is empty, in-cluster configuration is used
	KubeConfigFile string `hcl:"kube_config_file"`

	// Node labels that are allowed to use as selectors
	AllowedNodeLabelKeys []string `hcl:"allowed_node_label_keys"`

	// Pod labels that are allowed to use as selectors
	AllowedPodLabelKeys []string `hcl:"allowed_pod_label_keys"`
}

ClusterConfig holds a single cluster configuration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL