sharing

package
v0.4.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

sharing package introduces SecretExport and SecretRequest concepts for sharing secrets between namespaces.

Index

Constants

View Source 
const (
	// WeightAnnKey allows to control which secrets are preferred to others
	// during fulfillment of secret requests. It's especially handy for
	// controlling how multiple image pull secrets are merged together.
	WeightAnnKey = "secretgen.carvel.dev/weight"
)

Variables

This section is empty.

Functions

func NewCombinedDockerConfigJSON added in v0.5.0 

func NewCombinedDockerConfigJSON(secrets []*corev1.Secret) (map[string][]byte, error)

NewCombinedDockerConfigJSON combines multiple kubernetes.io/dockerconfigjson Secrets into a single map to be used in single Secret. (https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets)

Types

type SecretExportReconciler 

type SecretExportReconciler struct {
	// contains filtered or unexported fields
}

SecretExportReconciler watches SecretExport CRs to record which Secret resources are exported so that they could be imported in other namespaces.

func NewSecretExportReconciler 

func NewSecretExportReconciler(sgClient sgclient.Interface, coreClient kubernetes.Interface,
	secretExports *SecretExports, log logr.Logger) *SecretExportReconciler

func (*SecretExportReconciler) AttachWatches 

func (r *SecretExportReconciler) AttachWatches(controller controller.Controller) error

func (*SecretExportReconciler) Reconcile 

func (r *SecretExportReconciler) Reconcile(request reconcile.Request) (reconcile.Result, error)

Reconcile acs on a request for a SecretExport to implement a kubernetes reconciler

func (*SecretExportReconciler) WarmUp 

func (r *SecretExportReconciler) WarmUp() error

WarmUp hydrates SecretExports given to this SecretExportReconciler with latest secret exports. If this method is not called before using SecretExports then users of SecretExports such as SecretReconciler will not have complete/accurate data.

type SecretExports 

type SecretExports struct {
	// contains filtered or unexported fields
}

SecretExports is an in-memory cache of exported secrets. It can be asked to return secrets that match specific criteria for importing. (SecretExports is used by SecretExportReconciler to export/unexport secrets; SecretExports is used by SecretReconciler to determine imported secrets.)

func NewSecretExports 

func NewSecretExports(log logr.Logger) *SecretExports

NewSecretExports constructs new SecretExports cache.

func (*SecretExports) Export 

func (se *SecretExports) Export(export *sgv1alpha1.SecretExport, secret *corev1.Secret)

Export adds the in-memory representation (cached) of both the SecretExport and underlying Secret.

func (*SecretExports) MatchedSecretsForImport 

func (se *SecretExports) MatchedSecretsForImport(matcher SecretMatcher) []*corev1.Secret

MatchedSecretsForImport filters secrets export cache by the given criteria. Returned order (last in the array is most specific):

  • secret with highest weight? (default weight=0), or
  • secret within the same namespace
  • secret with specific namespace
  • secret with wildcard namespace match
  • secret within other namespaces
  • secret with specific namespace
  • secret with wildcard namespace match (in all cases fallback to secret namespace/name sort)

func (*SecretExports) Unexport 

func (se *SecretExports) Unexport(export *sgv1alpha1.SecretExport)

Unexport deletes the in-memory representation (cached) of both the SecretExport and underlying Secret.

type SecretMatcher 

type SecretMatcher struct {
	Namespace  string
	Subject    string
	SecretType corev1.SecretType
}

SecretMatcher allows to specify criteria for matching exported secrets.

type SecretReconciler added in v0.5.0 

type SecretReconciler struct {
	// contains filtered or unexported fields
}

SecretReconciler watches Secret resources. If a Secret is recognized to be a placeholder secret for image pull secrets it gets filled with a combined image pull secret that matched import criteria for that Secret.

func NewSecretReconciler added in v0.5.0 

func NewSecretReconciler(sgClient sgclient.Interface, coreClient kubernetes.Interface,
	secretExports *SecretExports, log logr.Logger) *SecretReconciler

func (*SecretReconciler) AttachWatches added in v0.5.0 

func (r *SecretReconciler) AttachWatches(controller controller.Controller) error

func (*SecretReconciler) Reconcile added in v0.5.0 

func (r *SecretReconciler) Reconcile(request reconcile.Request) (reconcile.Result, error)

type SecretRequestReconciler 

type SecretRequestReconciler struct {
	// contains filtered or unexported fields
}

SecretRequestReconciler creates an imported Secret if it was exported.

func NewSecretRequestReconciler 

func NewSecretRequestReconciler(sgClient sgclient.Interface,
	coreClient kubernetes.Interface, log logr.Logger) *SecretRequestReconciler

func (*SecretRequestReconciler) AttachWatches 

func (r *SecretRequestReconciler) AttachWatches(controller controller.Controller) error

func (*SecretRequestReconciler) Reconcile 

func (r *SecretRequestReconciler) Reconcile(request reconcile.Request) (reconcile.Result, error)

type SecretStatus added in v0.5.0 

type SecretStatus struct {
	Conditions  []sgv1alpha1.Condition `json:"conditions,omitempty"`
	SecretNames []string               `json:"secretNames,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.