Documentation ¶
Overview ¶
+k8s:deepcopy-gen=package,register +k8s:conversion-gen=kubevault.dev/apimachinery/apis/kubevault/v1alpha2 +k8s:openapi-gen=true +k8s:defaulter-gen=TypeMeta +groupName=kubevault.com
Index ¶
- Constants
- Variables
- func Convert_v1alpha1_AllowedSecretEngines_To_v1alpha2_AllowedSecretEngines(in *AllowedSecretEngines, out *v1alpha2.AllowedSecretEngines, ...) error
- func Convert_v1alpha1_AuthMethodStatus_To_v1alpha2_AuthMethodStatus(in *AuthMethodStatus, out *v1alpha2.AuthMethodStatus, s conversion.Scope) error
- func Convert_v1alpha1_AuthMethod_To_v1alpha2_AuthMethod(in *AuthMethod, out *v1alpha2.AuthMethod, s conversion.Scope) error
- func Convert_v1alpha1_AwsKmsSsmSpec_To_v1alpha2_AwsKmsSsmSpec(in *AwsKmsSsmSpec, out *v1alpha2.AwsKmsSsmSpec, s conversion.Scope) error
- func Convert_v1alpha1_AzureKeyVault_To_v1alpha2_AzureKeyVault(in *AzureKeyVault, out *v1alpha2.AzureKeyVault, s conversion.Scope) error
- func Convert_v1alpha1_AzureSpec_To_v1alpha2_AzureSpec(in *AzureSpec, out *v1alpha2.AzureSpec, s conversion.Scope) error
- func Convert_v1alpha1_BackendStorageSpec_To_v1alpha2_BackendStorageSpec(in *BackendStorageSpec, out *v1alpha2.BackendStorageSpec, s conversion.Scope) error
- func Convert_v1alpha1_ConsulSpec_To_v1alpha2_ConsulSpec(in *ConsulSpec, out *v1alpha2.ConsulSpec, s conversion.Scope) error
- func Convert_v1alpha1_DynamoDBSpec_To_v1alpha2_DynamoDBSpec(in *DynamoDBSpec, out *v1alpha2.DynamoDBSpec, s conversion.Scope) error
- func Convert_v1alpha1_EtcdSpec_To_v1alpha2_EtcdSpec(in *EtcdSpec, out *v1alpha2.EtcdSpec, s conversion.Scope) error
- func Convert_v1alpha1_FileSpec_To_v1alpha2_FileSpec(in *FileSpec, out *v1alpha2.FileSpec, s conversion.Scope) error
- func Convert_v1alpha1_GcsSpec_To_v1alpha2_GcsSpec(in *GcsSpec, out *v1alpha2.GcsSpec, s conversion.Scope) error
- func Convert_v1alpha1_GoogleKmsGcsSpec_To_v1alpha2_GoogleKmsGcsSpec(in *GoogleKmsGcsSpec, out *v1alpha2.GoogleKmsGcsSpec, s conversion.Scope) error
- func Convert_v1alpha1_InmemSpec_To_v1alpha2_InmemSpec(in *InmemSpec, out *v1alpha2.InmemSpec, s conversion.Scope) error
- func Convert_v1alpha1_KubernetesSecretSpec_To_v1alpha2_KubernetesSecretSpec(in *KubernetesSecretSpec, out *v1alpha2.KubernetesSecretSpec, ...) error
- func Convert_v1alpha1_ModeSpec_To_v1alpha2_ModeSpec(in *ModeSpec, out *v1alpha2.ModeSpec, s conversion.Scope) error
- func Convert_v1alpha1_MySQLSpec_To_v1alpha2_MySQLSpec(in *MySQLSpec, out *v1alpha2.MySQLSpec, s conversion.Scope) error
- func Convert_v1alpha1_NamedServiceTemplateSpec_To_v1alpha2_NamedServiceTemplateSpec(in *NamedServiceTemplateSpec, out *v1alpha2.NamedServiceTemplateSpec, ...) error
- func Convert_v1alpha1_PostgreSQLSpec_To_v1alpha2_PostgreSQLSpec(in *PostgreSQLSpec, out *v1alpha2.PostgreSQLSpec, s conversion.Scope) error
- func Convert_v1alpha1_RaftSpec_To_v1alpha2_RaftSpec(in *RaftSpec, out *v1alpha2.RaftSpec, s conversion.Scope) error
- func Convert_v1alpha1_S3Spec_To_v1alpha2_S3Spec(in *S3Spec, out *v1alpha2.S3Spec, s conversion.Scope) error
- func Convert_v1alpha1_SecretEngineNamespaces_To_v1alpha2_SecretEngineNamespaces(in *SecretEngineNamespaces, out *v1alpha2.SecretEngineNamespaces, ...) error
- func Convert_v1alpha1_SwiftSpec_To_v1alpha2_SwiftSpec(in *SwiftSpec, out *v1alpha2.SwiftSpec, s conversion.Scope) error
- func Convert_v1alpha1_TLSPolicy_To_v1alpha2_TLSPolicy(in *TLSPolicy, out *v1alpha2.TLSPolicy, s conversion.Scope) error
- func Convert_v1alpha1_UnsealerSpec_To_v1alpha2_UnsealerSpec(in *UnsealerSpec, out *v1alpha2.UnsealerSpec, s conversion.Scope) error
- func Convert_v1alpha1_VaultServerList_To_v1alpha2_VaultServerList(in *VaultServerList, out *v1alpha2.VaultServerList, s conversion.Scope) error
- func Convert_v1alpha1_VaultServerSpec_To_v1alpha2_VaultServerSpec(in *VaultServerSpec, out *v1alpha2.VaultServerSpec, s conversion.Scope) error
- func Convert_v1alpha1_VaultServerStatus_To_v1alpha2_VaultServerStatus(in *VaultServerStatus, out *v1alpha2.VaultServerStatus, s conversion.Scope) error
- func Convert_v1alpha1_VaultServer_To_v1alpha2_VaultServer(in *VaultServer, out *v1alpha2.VaultServer, s conversion.Scope) error
- func Convert_v1alpha1_VaultStatus_To_v1alpha2_VaultStatus(in *VaultStatus, out *v1alpha2.VaultStatus, s conversion.Scope) error
- func Convert_v1alpha2_AllowedSecretEngines_To_v1alpha1_AllowedSecretEngines(in *v1alpha2.AllowedSecretEngines, out *AllowedSecretEngines, ...) error
- func Convert_v1alpha2_AuthMethodStatus_To_v1alpha1_AuthMethodStatus(in *v1alpha2.AuthMethodStatus, out *AuthMethodStatus, s conversion.Scope) error
- func Convert_v1alpha2_AuthMethod_To_v1alpha1_AuthMethod(in *v1alpha2.AuthMethod, out *AuthMethod, s conversion.Scope) error
- func Convert_v1alpha2_AwsKmsSsmSpec_To_v1alpha1_AwsKmsSsmSpec(in *v1alpha2.AwsKmsSsmSpec, out *AwsKmsSsmSpec, s conversion.Scope) error
- func Convert_v1alpha2_AzureKeyVault_To_v1alpha1_AzureKeyVault(in *v1alpha2.AzureKeyVault, out *AzureKeyVault, s conversion.Scope) error
- func Convert_v1alpha2_AzureSpec_To_v1alpha1_AzureSpec(in *v1alpha2.AzureSpec, out *AzureSpec, s conversion.Scope) error
- func Convert_v1alpha2_BackendStorageSpec_To_v1alpha1_BackendStorageSpec(in *v1alpha2.BackendStorageSpec, out *BackendStorageSpec, s conversion.Scope) error
- func Convert_v1alpha2_ConsulSpec_To_v1alpha1_ConsulSpec(in *v1alpha2.ConsulSpec, out *ConsulSpec, s conversion.Scope) error
- func Convert_v1alpha2_DynamoDBSpec_To_v1alpha1_DynamoDBSpec(in *v1alpha2.DynamoDBSpec, out *DynamoDBSpec, s conversion.Scope) error
- func Convert_v1alpha2_EtcdSpec_To_v1alpha1_EtcdSpec(in *v1alpha2.EtcdSpec, out *EtcdSpec, s conversion.Scope) error
- func Convert_v1alpha2_FileSpec_To_v1alpha1_FileSpec(in *v1alpha2.FileSpec, out *FileSpec, s conversion.Scope) error
- func Convert_v1alpha2_GcsSpec_To_v1alpha1_GcsSpec(in *v1alpha2.GcsSpec, out *GcsSpec, s conversion.Scope) error
- func Convert_v1alpha2_GoogleKmsGcsSpec_To_v1alpha1_GoogleKmsGcsSpec(in *v1alpha2.GoogleKmsGcsSpec, out *GoogleKmsGcsSpec, s conversion.Scope) error
- func Convert_v1alpha2_InmemSpec_To_v1alpha1_InmemSpec(in *v1alpha2.InmemSpec, out *InmemSpec, s conversion.Scope) error
- func Convert_v1alpha2_KubernetesSecretSpec_To_v1alpha1_KubernetesSecretSpec(in *v1alpha2.KubernetesSecretSpec, out *KubernetesSecretSpec, ...) error
- func Convert_v1alpha2_ModeSpec_To_v1alpha1_ModeSpec(in *v1alpha2.ModeSpec, out *ModeSpec, s conversion.Scope) error
- func Convert_v1alpha2_MySQLSpec_To_v1alpha1_MySQLSpec(in *v1alpha2.MySQLSpec, out *MySQLSpec, s conversion.Scope) error
- func Convert_v1alpha2_NamedServiceTemplateSpec_To_v1alpha1_NamedServiceTemplateSpec(in *v1alpha2.NamedServiceTemplateSpec, out *NamedServiceTemplateSpec, ...) error
- func Convert_v1alpha2_PostgreSQLSpec_To_v1alpha1_PostgreSQLSpec(in *v1alpha2.PostgreSQLSpec, out *PostgreSQLSpec, s conversion.Scope) error
- func Convert_v1alpha2_RaftSpec_To_v1alpha1_RaftSpec(in *v1alpha2.RaftSpec, out *RaftSpec, s conversion.Scope) error
- func Convert_v1alpha2_S3Spec_To_v1alpha1_S3Spec(in *v1alpha2.S3Spec, out *S3Spec, s conversion.Scope) error
- func Convert_v1alpha2_SecretEngineNamespaces_To_v1alpha1_SecretEngineNamespaces(in *v1alpha2.SecretEngineNamespaces, out *SecretEngineNamespaces, ...) error
- func Convert_v1alpha2_SwiftSpec_To_v1alpha1_SwiftSpec(in *v1alpha2.SwiftSpec, out *SwiftSpec, s conversion.Scope) error
- func Convert_v1alpha2_TLSPolicy_To_v1alpha1_TLSPolicy(in *v1alpha2.TLSPolicy, out *TLSPolicy, s conversion.Scope) error
- func Convert_v1alpha2_UnsealerSpec_To_v1alpha1_UnsealerSpec(in *v1alpha2.UnsealerSpec, out *UnsealerSpec, s conversion.Scope) error
- func Convert_v1alpha2_VaultServerList_To_v1alpha1_VaultServerList(in *v1alpha2.VaultServerList, out *VaultServerList, s conversion.Scope) error
- func Convert_v1alpha2_VaultServerSpec_To_v1alpha1_VaultServerSpec(in *v1alpha2.VaultServerSpec, out *VaultServerSpec, s conversion.Scope) error
- func Convert_v1alpha2_VaultServerStatus_To_v1alpha1_VaultServerStatus(in *v1alpha2.VaultServerStatus, out *VaultServerStatus, s conversion.Scope) error
- func Convert_v1alpha2_VaultServer_To_v1alpha1_VaultServer(in *v1alpha2.VaultServer, out *VaultServer, s conversion.Scope) error
- func Convert_v1alpha2_VaultStatus_To_v1alpha1_VaultStatus(in *v1alpha2.VaultStatus, out *VaultStatus, s conversion.Scope) error
- func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition
- func Kind(kind string) schema.GroupKind
- func RegisterConversions(s *runtime.Scheme) error
- func Resource(resource string) schema.GroupResource
- type AllowedSecretEngines
- type AuthConfig
- type AuthMethod
- type AuthMethodEnableDisableStatus
- type AuthMethodStatus
- type AuthMethodType
- type AwsKmsSsmSpec
- type AzureKeyVault
- type AzureSpec
- type BackendStorageSpec
- type ConsulSpec
- type DynamoDBSpec
- type EtcdSpec
- type FileSpec
- type FromNamespaces
- type GcsSpec
- type GoogleKmsGcsSpec
- type InmemSpec
- type KubernetesSecretSpec
- type ModeSpec
- type MySQLSpec
- type NamedServiceTemplateSpec
- type PostgreSQLSpec
- type RaftSpec
- type S3Spec
- type SecretEngineNamespaces
- type SecretEngineType
- type ServiceAlias
- type SwiftSpec
- type TLSPolicy
- type TerminationPolicy
- type UnsealerSpec
- type VaultCertificateAlias
- type VaultServer
- func (v VaultServer) AppBindingName() string
- func (v *VaultServer) CertificateMountPath(alias VaultCertificateAlias) string
- func (v VaultServer) ConfigSecretName() string
- func (dst *VaultServer) ConvertFrom(srcRaw kbconv.Hub) (err error)
- func (src *VaultServer) ConvertTo(dstRaw kbconv.Hub) (err error)
- func (_ VaultServer) CustomResourceDefinition() *apiextensions.CustomResourceDefinition
- func (in *VaultServer) DeepCopy() *VaultServer
- func (in *VaultServer) DeepCopyInto(out *VaultServer)
- func (in *VaultServer) DeepCopyObject() runtime.Object
- func (vs *VaultServer) DefaultCertSecretName(alias string) string
- func (vs *VaultServer) GetCertSecretName(alias string) string
- func (vs *VaultServer) GetCertificateCN(alias VaultCertificateAlias) string
- func (v VaultServer) GetKey() string
- func (vs *VaultServer) GetServiceTemplate(alias ServiceAlias) ofst.ServiceTemplateSpec
- func (v VaultServer) IsValid() error
- func (vs *VaultServer) KeyPrefix() string
- func (v VaultServer) OffshootLabels() map[string]string
- func (v VaultServer) OffshootName() string
- func (v VaultServer) OffshootSelectors() map[string]string
- func (v VaultServer) PolicyNameForAuthMethodController() string
- func (v VaultServer) PolicyNameForPolicyController() string
- func (v *VaultServer) ReplicasAreReady(lister appslister.StatefulSetLister) (bool, string, error)
- func (_ VaultServer) ResourceFQN() string
- func (vs *VaultServer) RootTokenID() string
- func (vs *VaultServer) Scheme() string
- func (v VaultServer) ServiceAccountForTokenReviewer() string
- func (v VaultServer) ServiceAccountName() string
- func (v VaultServer) ServiceName(alias ServiceAlias) string
- func (v VaultServer) StatsLabels() map[string]string
- func (v VaultServer) StatsService() mona.StatsAccessor
- func (v VaultServer) StatsServiceName() string
- func (v VaultServer) TLSSecretName() string
- func (vs *VaultServer) UnsealKeyID(id int) string
- type VaultServerBackend
- type VaultServerList
- type VaultServerPhase
- type VaultServerSpec
- type VaultServerStatus
- type VaultStatus
Constants ¶
const ( VaultContainerName = "vault" VaultUnsealerContainerName = "vault-unsealer" VaultInitContainerName = "vault-config" VaultExporterContainerName = "vault-exporter" )
const ( ResourceKindVaultServer = "VaultServer" ResourceVaultServer = "vaultserver" ResourceVaultServers = "vaultservers" )
Variables ¶
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: kubevault.GroupName, Version: "v1alpha1"}
Functions ¶
func Convert_v1alpha1_AllowedSecretEngines_To_v1alpha2_AllowedSecretEngines ¶ added in v0.8.0
func Convert_v1alpha1_AllowedSecretEngines_To_v1alpha2_AllowedSecretEngines(in *AllowedSecretEngines, out *v1alpha2.AllowedSecretEngines, s conversion.Scope) error
Convert_v1alpha1_AllowedSecretEngines_To_v1alpha2_AllowedSecretEngines is an autogenerated conversion function.
func Convert_v1alpha1_AuthMethodStatus_To_v1alpha2_AuthMethodStatus ¶ added in v0.8.0
func Convert_v1alpha1_AuthMethodStatus_To_v1alpha2_AuthMethodStatus(in *AuthMethodStatus, out *v1alpha2.AuthMethodStatus, s conversion.Scope) error
Convert_v1alpha1_AuthMethodStatus_To_v1alpha2_AuthMethodStatus is an autogenerated conversion function.
func Convert_v1alpha1_AuthMethod_To_v1alpha2_AuthMethod ¶ added in v0.8.0
func Convert_v1alpha1_AuthMethod_To_v1alpha2_AuthMethod(in *AuthMethod, out *v1alpha2.AuthMethod, s conversion.Scope) error
func Convert_v1alpha1_AwsKmsSsmSpec_To_v1alpha2_AwsKmsSsmSpec ¶ added in v0.8.0
func Convert_v1alpha1_AwsKmsSsmSpec_To_v1alpha2_AwsKmsSsmSpec(in *AwsKmsSsmSpec, out *v1alpha2.AwsKmsSsmSpec, s conversion.Scope) error
func Convert_v1alpha1_AzureKeyVault_To_v1alpha2_AzureKeyVault ¶ added in v0.8.0
func Convert_v1alpha1_AzureKeyVault_To_v1alpha2_AzureKeyVault(in *AzureKeyVault, out *v1alpha2.AzureKeyVault, s conversion.Scope) error
func Convert_v1alpha1_AzureSpec_To_v1alpha2_AzureSpec ¶ added in v0.8.0
func Convert_v1alpha1_BackendStorageSpec_To_v1alpha2_BackendStorageSpec ¶ added in v0.8.0
func Convert_v1alpha1_BackendStorageSpec_To_v1alpha2_BackendStorageSpec(in *BackendStorageSpec, out *v1alpha2.BackendStorageSpec, s conversion.Scope) error
Convert_v1alpha1_BackendStorageSpec_To_v1alpha2_BackendStorageSpec is an autogenerated conversion function.
func Convert_v1alpha1_ConsulSpec_To_v1alpha2_ConsulSpec ¶ added in v0.8.0
func Convert_v1alpha1_ConsulSpec_To_v1alpha2_ConsulSpec(in *ConsulSpec, out *v1alpha2.ConsulSpec, s conversion.Scope) error
func Convert_v1alpha1_DynamoDBSpec_To_v1alpha2_DynamoDBSpec ¶ added in v0.8.0
func Convert_v1alpha1_DynamoDBSpec_To_v1alpha2_DynamoDBSpec(in *DynamoDBSpec, out *v1alpha2.DynamoDBSpec, s conversion.Scope) error
func Convert_v1alpha1_EtcdSpec_To_v1alpha2_EtcdSpec ¶ added in v0.8.0
func Convert_v1alpha1_FileSpec_To_v1alpha2_FileSpec ¶ added in v0.8.0
func Convert_v1alpha1_FileSpec_To_v1alpha2_FileSpec(in *FileSpec, out *v1alpha2.FileSpec, s conversion.Scope) error
Convert_v1alpha1_FileSpec_To_v1alpha2_FileSpec is an autogenerated conversion function.
func Convert_v1alpha1_GcsSpec_To_v1alpha2_GcsSpec ¶ added in v0.8.0
func Convert_v1alpha1_GoogleKmsGcsSpec_To_v1alpha2_GoogleKmsGcsSpec ¶ added in v0.8.0
func Convert_v1alpha1_GoogleKmsGcsSpec_To_v1alpha2_GoogleKmsGcsSpec(in *GoogleKmsGcsSpec, out *v1alpha2.GoogleKmsGcsSpec, s conversion.Scope) error
func Convert_v1alpha1_InmemSpec_To_v1alpha2_InmemSpec ¶ added in v0.8.0
func Convert_v1alpha1_InmemSpec_To_v1alpha2_InmemSpec(in *InmemSpec, out *v1alpha2.InmemSpec, s conversion.Scope) error
Convert_v1alpha1_InmemSpec_To_v1alpha2_InmemSpec is an autogenerated conversion function.
func Convert_v1alpha1_KubernetesSecretSpec_To_v1alpha2_KubernetesSecretSpec ¶ added in v0.8.0
func Convert_v1alpha1_KubernetesSecretSpec_To_v1alpha2_KubernetesSecretSpec(in *KubernetesSecretSpec, out *v1alpha2.KubernetesSecretSpec, s conversion.Scope) error
Convert_v1alpha1_KubernetesSecretSpec_To_v1alpha2_KubernetesSecretSpec is an autogenerated conversion function.
func Convert_v1alpha1_ModeSpec_To_v1alpha2_ModeSpec ¶ added in v0.8.0
func Convert_v1alpha1_ModeSpec_To_v1alpha2_ModeSpec(in *ModeSpec, out *v1alpha2.ModeSpec, s conversion.Scope) error
Convert_v1alpha1_ModeSpec_To_v1alpha2_ModeSpec is an autogenerated conversion function.
func Convert_v1alpha1_MySQLSpec_To_v1alpha2_MySQLSpec ¶ added in v0.8.0
func Convert_v1alpha1_NamedServiceTemplateSpec_To_v1alpha2_NamedServiceTemplateSpec ¶ added in v0.8.0
func Convert_v1alpha1_NamedServiceTemplateSpec_To_v1alpha2_NamedServiceTemplateSpec(in *NamedServiceTemplateSpec, out *v1alpha2.NamedServiceTemplateSpec, s conversion.Scope) error
Convert_v1alpha1_NamedServiceTemplateSpec_To_v1alpha2_NamedServiceTemplateSpec is an autogenerated conversion function.
func Convert_v1alpha1_PostgreSQLSpec_To_v1alpha2_PostgreSQLSpec ¶ added in v0.8.0
func Convert_v1alpha1_PostgreSQLSpec_To_v1alpha2_PostgreSQLSpec(in *PostgreSQLSpec, out *v1alpha2.PostgreSQLSpec, s conversion.Scope) error
func Convert_v1alpha1_RaftSpec_To_v1alpha2_RaftSpec ¶ added in v0.8.0
func Convert_v1alpha1_S3Spec_To_v1alpha2_S3Spec ¶ added in v0.8.0
func Convert_v1alpha1_SecretEngineNamespaces_To_v1alpha2_SecretEngineNamespaces ¶ added in v0.8.0
func Convert_v1alpha1_SecretEngineNamespaces_To_v1alpha2_SecretEngineNamespaces(in *SecretEngineNamespaces, out *v1alpha2.SecretEngineNamespaces, s conversion.Scope) error
Convert_v1alpha1_SecretEngineNamespaces_To_v1alpha2_SecretEngineNamespaces is an autogenerated conversion function.
func Convert_v1alpha1_SwiftSpec_To_v1alpha2_SwiftSpec ¶ added in v0.8.0
func Convert_v1alpha1_TLSPolicy_To_v1alpha2_TLSPolicy ¶ added in v0.8.0
func Convert_v1alpha1_TLSPolicy_To_v1alpha2_TLSPolicy(in *TLSPolicy, out *v1alpha2.TLSPolicy, s conversion.Scope) error
Convert_v1alpha1_TLSPolicy_To_v1alpha2_TLSPolicy is an autogenerated conversion function.
func Convert_v1alpha1_UnsealerSpec_To_v1alpha2_UnsealerSpec ¶ added in v0.8.0
func Convert_v1alpha1_UnsealerSpec_To_v1alpha2_UnsealerSpec(in *UnsealerSpec, out *v1alpha2.UnsealerSpec, s conversion.Scope) error
Convert_v1alpha1_UnsealerSpec_To_v1alpha2_UnsealerSpec is an autogenerated conversion function.
func Convert_v1alpha1_VaultServerList_To_v1alpha2_VaultServerList ¶ added in v0.8.0
func Convert_v1alpha1_VaultServerList_To_v1alpha2_VaultServerList(in *VaultServerList, out *v1alpha2.VaultServerList, s conversion.Scope) error
Convert_v1alpha1_VaultServerList_To_v1alpha2_VaultServerList is an autogenerated conversion function.
func Convert_v1alpha1_VaultServerSpec_To_v1alpha2_VaultServerSpec ¶ added in v0.8.0
func Convert_v1alpha1_VaultServerSpec_To_v1alpha2_VaultServerSpec(in *VaultServerSpec, out *v1alpha2.VaultServerSpec, s conversion.Scope) error
Convert_v1alpha1_VaultServerSpec_To_v1alpha2_VaultServerSpec is an autogenerated conversion function.
func Convert_v1alpha1_VaultServerStatus_To_v1alpha2_VaultServerStatus ¶ added in v0.8.0
func Convert_v1alpha1_VaultServerStatus_To_v1alpha2_VaultServerStatus(in *VaultServerStatus, out *v1alpha2.VaultServerStatus, s conversion.Scope) error
Convert_v1alpha1_VaultServerStatus_To_v1alpha2_VaultServerStatus is an autogenerated conversion function.
func Convert_v1alpha1_VaultServer_To_v1alpha2_VaultServer ¶ added in v0.8.0
func Convert_v1alpha1_VaultServer_To_v1alpha2_VaultServer(in *VaultServer, out *v1alpha2.VaultServer, s conversion.Scope) error
Convert_v1alpha1_VaultServer_To_v1alpha2_VaultServer is an autogenerated conversion function.
func Convert_v1alpha1_VaultStatus_To_v1alpha2_VaultStatus ¶ added in v0.8.0
func Convert_v1alpha1_VaultStatus_To_v1alpha2_VaultStatus(in *VaultStatus, out *v1alpha2.VaultStatus, s conversion.Scope) error
Convert_v1alpha1_VaultStatus_To_v1alpha2_VaultStatus is an autogenerated conversion function.
func Convert_v1alpha2_AllowedSecretEngines_To_v1alpha1_AllowedSecretEngines ¶ added in v0.8.0
func Convert_v1alpha2_AllowedSecretEngines_To_v1alpha1_AllowedSecretEngines(in *v1alpha2.AllowedSecretEngines, out *AllowedSecretEngines, s conversion.Scope) error
Convert_v1alpha2_AllowedSecretEngines_To_v1alpha1_AllowedSecretEngines is an autogenerated conversion function.
func Convert_v1alpha2_AuthMethodStatus_To_v1alpha1_AuthMethodStatus ¶ added in v0.8.0
func Convert_v1alpha2_AuthMethodStatus_To_v1alpha1_AuthMethodStatus(in *v1alpha2.AuthMethodStatus, out *AuthMethodStatus, s conversion.Scope) error
Convert_v1alpha2_AuthMethodStatus_To_v1alpha1_AuthMethodStatus is an autogenerated conversion function.
func Convert_v1alpha2_AuthMethod_To_v1alpha1_AuthMethod ¶ added in v0.8.0
func Convert_v1alpha2_AuthMethod_To_v1alpha1_AuthMethod(in *v1alpha2.AuthMethod, out *AuthMethod, s conversion.Scope) error
func Convert_v1alpha2_AwsKmsSsmSpec_To_v1alpha1_AwsKmsSsmSpec ¶ added in v0.8.0
func Convert_v1alpha2_AwsKmsSsmSpec_To_v1alpha1_AwsKmsSsmSpec(in *v1alpha2.AwsKmsSsmSpec, out *AwsKmsSsmSpec, s conversion.Scope) error
func Convert_v1alpha2_AzureKeyVault_To_v1alpha1_AzureKeyVault ¶ added in v0.8.0
func Convert_v1alpha2_AzureKeyVault_To_v1alpha1_AzureKeyVault(in *v1alpha2.AzureKeyVault, out *AzureKeyVault, s conversion.Scope) error
func Convert_v1alpha2_AzureSpec_To_v1alpha1_AzureSpec ¶ added in v0.8.0
func Convert_v1alpha2_BackendStorageSpec_To_v1alpha1_BackendStorageSpec ¶ added in v0.8.0
func Convert_v1alpha2_BackendStorageSpec_To_v1alpha1_BackendStorageSpec(in *v1alpha2.BackendStorageSpec, out *BackendStorageSpec, s conversion.Scope) error
Convert_v1alpha2_BackendStorageSpec_To_v1alpha1_BackendStorageSpec is an autogenerated conversion function.
func Convert_v1alpha2_ConsulSpec_To_v1alpha1_ConsulSpec ¶ added in v0.8.0
func Convert_v1alpha2_ConsulSpec_To_v1alpha1_ConsulSpec(in *v1alpha2.ConsulSpec, out *ConsulSpec, s conversion.Scope) error
func Convert_v1alpha2_DynamoDBSpec_To_v1alpha1_DynamoDBSpec ¶ added in v0.8.0
func Convert_v1alpha2_DynamoDBSpec_To_v1alpha1_DynamoDBSpec(in *v1alpha2.DynamoDBSpec, out *DynamoDBSpec, s conversion.Scope) error
func Convert_v1alpha2_EtcdSpec_To_v1alpha1_EtcdSpec ¶ added in v0.8.0
func Convert_v1alpha2_FileSpec_To_v1alpha1_FileSpec ¶ added in v0.8.0
func Convert_v1alpha2_FileSpec_To_v1alpha1_FileSpec(in *v1alpha2.FileSpec, out *FileSpec, s conversion.Scope) error
Convert_v1alpha2_FileSpec_To_v1alpha1_FileSpec is an autogenerated conversion function.
func Convert_v1alpha2_GcsSpec_To_v1alpha1_GcsSpec ¶ added in v0.8.0
func Convert_v1alpha2_GoogleKmsGcsSpec_To_v1alpha1_GoogleKmsGcsSpec ¶ added in v0.8.0
func Convert_v1alpha2_GoogleKmsGcsSpec_To_v1alpha1_GoogleKmsGcsSpec(in *v1alpha2.GoogleKmsGcsSpec, out *GoogleKmsGcsSpec, s conversion.Scope) error
func Convert_v1alpha2_InmemSpec_To_v1alpha1_InmemSpec ¶ added in v0.8.0
func Convert_v1alpha2_InmemSpec_To_v1alpha1_InmemSpec(in *v1alpha2.InmemSpec, out *InmemSpec, s conversion.Scope) error
Convert_v1alpha2_InmemSpec_To_v1alpha1_InmemSpec is an autogenerated conversion function.
func Convert_v1alpha2_KubernetesSecretSpec_To_v1alpha1_KubernetesSecretSpec ¶ added in v0.8.0
func Convert_v1alpha2_KubernetesSecretSpec_To_v1alpha1_KubernetesSecretSpec(in *v1alpha2.KubernetesSecretSpec, out *KubernetesSecretSpec, s conversion.Scope) error
Convert_v1alpha2_KubernetesSecretSpec_To_v1alpha1_KubernetesSecretSpec is an autogenerated conversion function.
func Convert_v1alpha2_ModeSpec_To_v1alpha1_ModeSpec ¶ added in v0.8.0
func Convert_v1alpha2_ModeSpec_To_v1alpha1_ModeSpec(in *v1alpha2.ModeSpec, out *ModeSpec, s conversion.Scope) error
Convert_v1alpha2_ModeSpec_To_v1alpha1_ModeSpec is an autogenerated conversion function.
func Convert_v1alpha2_MySQLSpec_To_v1alpha1_MySQLSpec ¶ added in v0.8.0
func Convert_v1alpha2_NamedServiceTemplateSpec_To_v1alpha1_NamedServiceTemplateSpec ¶ added in v0.8.0
func Convert_v1alpha2_NamedServiceTemplateSpec_To_v1alpha1_NamedServiceTemplateSpec(in *v1alpha2.NamedServiceTemplateSpec, out *NamedServiceTemplateSpec, s conversion.Scope) error
Convert_v1alpha2_NamedServiceTemplateSpec_To_v1alpha1_NamedServiceTemplateSpec is an autogenerated conversion function.
func Convert_v1alpha2_PostgreSQLSpec_To_v1alpha1_PostgreSQLSpec ¶ added in v0.8.0
func Convert_v1alpha2_PostgreSQLSpec_To_v1alpha1_PostgreSQLSpec(in *v1alpha2.PostgreSQLSpec, out *PostgreSQLSpec, s conversion.Scope) error
func Convert_v1alpha2_RaftSpec_To_v1alpha1_RaftSpec ¶ added in v0.8.0
func Convert_v1alpha2_RaftSpec_To_v1alpha1_RaftSpec(in *v1alpha2.RaftSpec, out *RaftSpec, s conversion.Scope) error
Convert_v1alpha2_RaftSpec_To_v1alpha1_RaftSpec is an autogenerated conversion function.
func Convert_v1alpha2_S3Spec_To_v1alpha1_S3Spec ¶ added in v0.8.0
func Convert_v1alpha2_SecretEngineNamespaces_To_v1alpha1_SecretEngineNamespaces ¶ added in v0.8.0
func Convert_v1alpha2_SecretEngineNamespaces_To_v1alpha1_SecretEngineNamespaces(in *v1alpha2.SecretEngineNamespaces, out *SecretEngineNamespaces, s conversion.Scope) error
Convert_v1alpha2_SecretEngineNamespaces_To_v1alpha1_SecretEngineNamespaces is an autogenerated conversion function.
func Convert_v1alpha2_SwiftSpec_To_v1alpha1_SwiftSpec ¶ added in v0.8.0
func Convert_v1alpha2_TLSPolicy_To_v1alpha1_TLSPolicy ¶ added in v0.8.0
func Convert_v1alpha2_TLSPolicy_To_v1alpha1_TLSPolicy(in *v1alpha2.TLSPolicy, out *TLSPolicy, s conversion.Scope) error
Convert_v1alpha2_TLSPolicy_To_v1alpha1_TLSPolicy is an autogenerated conversion function.
func Convert_v1alpha2_UnsealerSpec_To_v1alpha1_UnsealerSpec ¶ added in v0.8.0
func Convert_v1alpha2_UnsealerSpec_To_v1alpha1_UnsealerSpec(in *v1alpha2.UnsealerSpec, out *UnsealerSpec, s conversion.Scope) error
Convert_v1alpha2_UnsealerSpec_To_v1alpha1_UnsealerSpec is an autogenerated conversion function.
func Convert_v1alpha2_VaultServerList_To_v1alpha1_VaultServerList ¶ added in v0.8.0
func Convert_v1alpha2_VaultServerList_To_v1alpha1_VaultServerList(in *v1alpha2.VaultServerList, out *VaultServerList, s conversion.Scope) error
Convert_v1alpha2_VaultServerList_To_v1alpha1_VaultServerList is an autogenerated conversion function.
func Convert_v1alpha2_VaultServerSpec_To_v1alpha1_VaultServerSpec ¶ added in v0.8.0
func Convert_v1alpha2_VaultServerSpec_To_v1alpha1_VaultServerSpec(in *v1alpha2.VaultServerSpec, out *VaultServerSpec, s conversion.Scope) error
func Convert_v1alpha2_VaultServerStatus_To_v1alpha1_VaultServerStatus ¶ added in v0.8.0
func Convert_v1alpha2_VaultServerStatus_To_v1alpha1_VaultServerStatus(in *v1alpha2.VaultServerStatus, out *VaultServerStatus, s conversion.Scope) error
Convert_v1alpha2_VaultServerStatus_To_v1alpha1_VaultServerStatus is an autogenerated conversion function.
func Convert_v1alpha2_VaultServer_To_v1alpha1_VaultServer ¶ added in v0.8.0
func Convert_v1alpha2_VaultServer_To_v1alpha1_VaultServer(in *v1alpha2.VaultServer, out *VaultServer, s conversion.Scope) error
Convert_v1alpha2_VaultServer_To_v1alpha1_VaultServer is an autogenerated conversion function.
func Convert_v1alpha2_VaultStatus_To_v1alpha1_VaultStatus ¶ added in v0.8.0
func Convert_v1alpha2_VaultStatus_To_v1alpha1_VaultStatus(in *v1alpha2.VaultStatus, out *VaultStatus, s conversion.Scope) error
Convert_v1alpha2_VaultStatus_To_v1alpha1_VaultStatus is an autogenerated conversion function.
func GetOpenAPIDefinitions ¶
func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition
func RegisterConversions ¶ added in v0.8.0
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type AllowedSecretEngines ¶ added in v0.5.0
type AllowedSecretEngines struct { // Namespaces indicates namespaces from which Secret Engines may be attached to this // Listener. This is restricted to the namespace of this VaultServer by default. // // +optional // +kubebuilder:default={from: Same} Namespaces *SecretEngineNamespaces `json:"namespaces,omitempty"` // SecretEngines specifies the types of Secret Engines that are allowed to bind // to this VaultServer. When unspecified or empty, all types of Secret Engines // are allowed. // // +optional SecretEngines []SecretEngineType `json:"secretEngines,omitempty"` }
AllowedSecretEngines defines which Secret Engines may be attached to this Listener.
func (*AllowedSecretEngines) DeepCopy ¶ added in v0.5.0
func (in *AllowedSecretEngines) DeepCopy() *AllowedSecretEngines
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedSecretEngines.
func (*AllowedSecretEngines) DeepCopyInto ¶ added in v0.5.0
func (in *AllowedSecretEngines) DeepCopyInto(out *AllowedSecretEngines)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthConfig ¶
type AuthConfig struct { // The default lease duration, specified as a string duration like "5s" or "30m". // +optional DefaultLeaseTTL string `json:"defaultLeaseTTL,omitempty"` // The maximum lease duration, specified as a string duration like "5s" or "30m". // +optional MaxLeaseTTL string `json:"maxLeaseTTL,omitempty"` // The name of the plugin in the plugin catalog to use. // +optional PluginName string `json:"pluginName,omitempty"` // List of keys that will not be HMAC'd by audit devices in the request data object. // +optional AuditNonHMACRequestKeys []string `json:"auditNonHMACRequestKeys,omitempty"` // List of keys that will not be HMAC'd by audit devices in the response data object. // +optional AuditNonHMACResponseKeys []string `json:"auditNonHMACResponseKeys,omitempty"` // Speficies whether to show this mount in the UI-specific listing endpoint. // +optional ListingVisibility string `json:"listingVisibility,omitempty"` // List of headers to whitelist and pass from the request to the backend. // +optional PassthroughRequestHeaders []string `json:"passthroughRequestHeaders,omitempty"` }
func (*AuthConfig) DeepCopy ¶
func (in *AuthConfig) DeepCopy() *AuthConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.
func (*AuthConfig) DeepCopyInto ¶
func (in *AuthConfig) DeepCopyInto(out *AuthConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthMethod ¶
type AuthMethod struct { // Specifies the name of the authentication method type, such as "github" or "token". Type string `json:"type"` // Specifies the path in which to enable the auth method. // Default value is the same as the 'type' Path string `json:"path"` // Specifies a human-friendly description of the auth method. // +optional Description string `json:"description,omitempty"` // Specifies configuration options for this auth method. // +optional Config *AuthConfig `json:"config,omitempty"` // Specifies the name of the auth plugin to use based from the name in the plugin catalog. // Applies only to plugin methods. // +optional PluginName string `json:"pluginName,omitempty"` // Specifies if the auth method is a local only. Local auth methods are not replicated nor (if a secondary) removed by replication. // +optional Local bool `json:"local,omitempty"` }
AuthMethod contains the information to enable vault auth method links: https://www.vaultproject.io/api/system/auth.html
func (*AuthMethod) DeepCopy ¶
func (in *AuthMethod) DeepCopy() *AuthMethod
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMethod.
func (*AuthMethod) DeepCopyInto ¶
func (in *AuthMethod) DeepCopyInto(out *AuthMethod)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthMethodEnableDisableStatus ¶
type AuthMethodEnableDisableStatus string
+kubebuilder:validation:Enum=EnableSucceeded;EnableFailed;DisableSucceeded;DisableFailed
const ( AuthMethodEnableSucceeded AuthMethodEnableDisableStatus = "EnableSucceeded" AuthMethodEnableFailed AuthMethodEnableDisableStatus = "EnableFailed" AuthMethodDisableSucceeded AuthMethodEnableDisableStatus = "DisableSucceeded" AuthMethodDisableFailed AuthMethodEnableDisableStatus = "DisableFailed" )
type AuthMethodStatus ¶
type AuthMethodStatus struct { // Specifies the name of the authentication method type, such as "github" or "token". Type string `json:"type"` // Specifies the path in which to enable the auth method. Path string `json:"path"` // Specifies whether auth method is enabled or not Status AuthMethodEnableDisableStatus `json:"status"` // Specifies the reason why failed to enable auth method // +optional Reason string `json:"reason,omitempty"` }
AuthMethodStatus specifies the status of the auth method maintained by the auth method controller
func (*AuthMethodStatus) DeepCopy ¶
func (in *AuthMethodStatus) DeepCopy() *AuthMethodStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMethodStatus.
func (*AuthMethodStatus) DeepCopyInto ¶
func (in *AuthMethodStatus) DeepCopyInto(out *AuthMethodStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthMethodType ¶
type AuthMethodType string
+kubebuilder:validation:Enum=kubernetes;aws;gcp;userpass;cert;azure
const ( AuthTypeKubernetes AuthMethodType = "kubernetes" AuthTypeAws AuthMethodType = "aws" AuthTypeGcp AuthMethodType = "gcp" AuthTypeUserPass AuthMethodType = "userpass" AuthTypeCert AuthMethodType = "cert" AuthTypeAzure AuthMethodType = "azure" )
type AwsKmsSsmSpec ¶
type AwsKmsSsmSpec struct { // The ID or ARN of the AWS KMS key to encrypt values KmsKeyID string `json:"kmsKeyID"` // +optional // An optional Key prefix for SSM Parameter store SsmKeyPrefix string `json:"ssmKeyPrefix,omitempty"` Region string `json:"region,omitempty"` // Specifies the secret name containing AWS access key and AWS secret key // secret data: // - access_key:<value> // - secret_key:<value> // +optional CredentialSecret string `json:"credentialSecret,omitempty"` // Used to make AWS KMS requests. This is useful, // for example, when connecting to KMS over a VPC Endpoint. // If not set, Vault will use the default API endpoint for your region. Endpoint string `json:"endpoint,omitempty"` }
AwsKmsSsmSpec contain the fields that required to unseal vault using aws kms ssm
func (*AwsKmsSsmSpec) DeepCopy ¶
func (in *AwsKmsSsmSpec) DeepCopy() *AwsKmsSsmSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsKmsSsmSpec.
func (*AwsKmsSsmSpec) DeepCopyInto ¶
func (in *AwsKmsSsmSpec) DeepCopyInto(out *AwsKmsSsmSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureKeyVault ¶
type AzureKeyVault struct { // Azure key vault url, for example https://myvault.vault.azure.net VaultBaseURL string `json:"vaultBaseURL"` // The cloud environment identifier // default: "AZUREPUBLICCLOUD" // +optional Cloud string `json:"cloud,omitempty"` // The AAD Tenant ID TenantID string `json:"tenantID"` // Specifies the name of secret containing client cert and client cert password // secret data: // - client-cert:<value> // - client-cert-password: <value> // +optional ClientCertSecret string `json:"clientCertSecret,omitempty"` // Specifies the name of secret containing client id and client secret of AAD application // secret data: // - client-id:<value> // - client-secret:<value> // +optional AADClientSecret string `json:"aadClientSecret,omitempty"` // Use managed service identity for the virtual machine // +optional UseManagedIdentity bool `json:"useManagedIdentity,omitempty"` }
AzureKeyVault contain the fields that required to unseal vault using azure key vault
func (*AzureKeyVault) DeepCopy ¶
func (in *AzureKeyVault) DeepCopy() *AzureKeyVault
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKeyVault.
func (*AzureKeyVault) DeepCopyInto ¶
func (in *AzureKeyVault) DeepCopyInto(out *AzureKeyVault)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureSpec ¶
type AzureSpec struct { // Specifies the Azure Storage account name. AccountName string `json:"accountName"` // Specifies the secret containing Azure Storage account key. // secret data: // - account_key:<value> AccountKeySecret string `json:"accountKeySecret"` // Specifies the Azure Storage Blob container name. Container string `json:"container"` // Specifies the maximum number of concurrent operations to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/azure.html
AzureSpec defines configuration to set up Google Cloud Storage as backend storage in vault
func (*AzureSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSpec.
func (*AzureSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendStorageSpec ¶
type BackendStorageSpec struct { // ref: https://www.vaultproject.io/docs/configuration/storage/in-memory.html // +optional Inmem *InmemSpec `json:"inmem,omitempty"` // +optional Etcd *EtcdSpec `json:"etcd,omitempty"` // +optional Gcs *GcsSpec `json:"gcs,omitempty"` // +optional S3 *S3Spec `json:"s3,omitempty"` // +optional Azure *AzureSpec `json:"azure,omitempty"` // +optional PostgreSQL *PostgreSQLSpec `json:"postgresql,omitempty"` // +optional MySQL *MySQLSpec `json:"mysql,omitempty"` // +optional File *FileSpec `json:"file,omitempty"` // +optional DynamoDB *DynamoDBSpec `json:"dynamodb,omitempty"` // +optional Swift *SwiftSpec `json:"swift,omitempty"` // +optional Consul *ConsulSpec `json:"consul,omitempty"` // +optional Raft *RaftSpec `json:"raft,omitempty"` }
TODO : set defaults and validation BackendStorageSpec defines storage backend configuration of vault
func (*BackendStorageSpec) DeepCopy ¶
func (in *BackendStorageSpec) DeepCopy() *BackendStorageSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendStorageSpec.
func (*BackendStorageSpec) DeepCopyInto ¶
func (in *BackendStorageSpec) DeepCopyInto(out *BackendStorageSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BackendStorageSpec) GetBackendType ¶
func (vsb *BackendStorageSpec) GetBackendType() (VaultServerBackend, error)
type ConsulSpec ¶
type ConsulSpec struct { // Specifies the address of the Consul agent to communicate with. // This can be an IP address, DNS record, or unix socket. // +optional Address string `json:"address,omitempty"` // Specifies the check interval used to send health check information // back to Consul. // This is specified using a label suffix like "30s" or "1h". // +optional CheckTimeout string `json:"checkTimeout,omitempty"` // Specifies the Consul consistency mode. // Possible values are "default" or "strong". // +optional ConsistencyMode string `json:"consistencyMode,omitempty"` // Specifies whether Vault should register itself with Consul. // Possible values are "true" or "false" // +optional DisableRegistration string `json:"disableRegistration,omitempty"` // Specifies the maximum number of concurrent requests to Consul. // +optional MaxParallel string `json:"maxParallel,omitempty"` // Specifies the path in Consul's key-value store // where Vault data will be stored. // +optional Path string `json:"path,omitempty"` // Specifies the scheme to use when communicating with Consul. // This can be set to "http" or "https". // +optional Scheme string `json:"scheme,omitempty"` // Specifies the name of the service to register in Consul. // +optional Service string `json:"service,omitempty"` // Specifies a comma-separated list of tags // to attach to the service registration in Consul. // +optional ServiceTags string `json:"serviceTags,omitempty"` // Specifies a service-specific address to set on the service registration // in Consul. // If unset, Vault will use what it knows to be the HA redirect address // - which is usually desirable. // Setting this parameter to "" will tell Consul to leverage the configuration // of the node the service is registered on dynamically. // +optional ServiceAddress string `json:"serviceAddress,omitempty"` // Specifies the secret name that contains ACL token with permission // to read and write from the path in Consul's key-value store. // secret data: // - aclToken:<value> // +optional ACLTokenSecretName string `json:"aclTokenSecretName,omitempty"` // Specifies the minimum allowed session TTL. // Consul server has a lower limit of 10s on the session TTL by default. // +optional SessionTTL string `json:"sessionTTL,omitempty"` // Specifies the wait time before a lock lock acquisition is made. // This affects the minimum time it takes to cancel a lock acquisition. // +optional LockWaitTime string `json:"lockWaitTime,omitempty"` // Specifies the secret name that contains tls_ca_file, tls_cert_file and tls_key_file // for consul communication // Secret data: // - ca.crt // - client.crt // - client.key // +optional TLSSecretName string `json:"tlsSecretName,omitempty"` // Specifies the minimum TLS version to use. // Accepted values are "tls10", "tls11" or "tls12". // +optional TLSMinVersion string `json:"tlsMinVersion,omitempty"` // Specifies if the TLS host verification should be disabled. // It is highly discouraged that you disable this option. // +optional TLSSkipVerify bool `json:"tlsSkipVerify,omitempty"` }
ref: https://www.vaultproject.io/docs/configuration/storage/consul.html
ConsulSpec defines the configuration to set up consul as backend storage in vault
func (*ConsulSpec) DeepCopy ¶
func (in *ConsulSpec) DeepCopy() *ConsulSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsulSpec.
func (*ConsulSpec) DeepCopyInto ¶
func (in *ConsulSpec) DeepCopyInto(out *ConsulSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DynamoDBSpec ¶
type DynamoDBSpec struct { // Specifies an alternative, AWS compatible, DynamoDB endpoint. // +optional Endpoint string `json:"endpoint,omitempty"` // Specifies the AWS region // +optional Region string `json:"region,omitempty"` // Specifies whether this backend should be used to run Vault in high availability mode. // +optional HaEnabled bool `json:"haEnabled,omitempty"` // Specifies the maximum number of reads consumed per second on the table // +optional ReadCapacity int64 `json:"readCapacity,omitempty"` // Specifies the maximum number of writes performed per second on the table. // +optional WriteCapacity int64 `json:"writeCapacity,omitempty"` // Specifies the name of the DynamoDB table in which to store Vault data. // If the specified table does not yet exist, it will be created during initialization. // default: vault-dynamodb-backend // +optional Table string `json:"table,omitempty"` // Specifies the secret name containing AWS access key and AWS secret key // secret data: // - access_key=<value> // - secret_key=<value> // +optional CredentialSecret string `json:"credentialSecret,omitempty"` // Specifies the secret name containing AWS session token // secret data: // - session_token:<value> // +optional SessionTokenSecret string `json:"sessionTokenSecret,omitempty"` // Specifies the maximum number of parallel operations to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/dynamodb.html
DynamoDBSpec defines configuration to set up DynamoDB Storage as backend storage in vault
func (*DynamoDBSpec) DeepCopy ¶
func (in *DynamoDBSpec) DeepCopy() *DynamoDBSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamoDBSpec.
func (*DynamoDBSpec) DeepCopyInto ¶
func (in *DynamoDBSpec) DeepCopyInto(out *DynamoDBSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EtcdSpec ¶
type EtcdSpec struct { // Specifies the addresses of the etcd instances Address string `json:"address"` // Specifies the version of the API to communicate with etcd // +optional EtcdApi string `json:"etcdApi,omitempty"` // Specifies if high availability should be enabled // +optional HAEnable bool `json:"haEnable,omitempty"` // Specifies the path in etcd where vault data will be stored // +optional Path string `json:"path,omitempty"` // Specifies whether to sync list of available etcd services on startup // +optional Sync bool `json:"sync,omitempty"` // Specifies the domain name to query for SRV records describing cluster endpoints // +optional DiscoverySrv string `json:"discoverySrv,omitempty"` // Specifies the secret name that contain username and password to use when authenticating with the etcd server // secret data: // - username:<value> // - password:<value> // +optional CredentialSecretName string `json:"credentialSecretName,omitempty"` // Specifies the secret name that contains tls_ca_file, tls_cert_file and tls_key_file for etcd communication // secret data: // - ca.crt // - client.crt // - client.key // +optional TLSSecretName string `json:"tlsSecretName,omitempty"` }
TODO : set defaults and validation vault doc: https://www.vaultproject.io/docs/configuration/storage/etcd.html
EtcdSpec defines configuration to set up etcd as backend storage in vault
func (*EtcdSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdSpec.
func (*EtcdSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileSpec ¶
type FileSpec struct { // The absolute path on disk to the directory where the data will be stored. // If the directory does not exist, Vault will create it. Path string `json:"path"` // volumeClaimTemplate is a claim that pods are allowed to reference. // The VaultServer controller is responsible for deploying the claim // and update the volumeMounts in the Vault server container in the template. VolumeClaimTemplate ofst.PersistentVolumeClaim `json:"volumeClaimTemplate"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/filesystem.html
FileSpec defines configuration to set up File system Storage as backend storage in vault
func (*FileSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileSpec.
func (*FileSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FromNamespaces ¶ added in v0.5.0
type FromNamespaces string
FromNamespaces specifies namespace from which Secret Engines may be attached to a VaultServer.
+kubebuilder:validation:Enum=All;Selector;Same
const ( // Secret Engines in all namespaces may be attached to this VaultServer. NamespacesFromAll FromNamespaces = "All" // Only Secret Engines in namespaces selected by the selector may be attached to // this VaultServer. NamespacesFromSelector FromNamespaces = "Selector" // Only Secret Engines in the same namespace as the VaultServer may be attached to this // VaultServer. NamespacesFromSame FromNamespaces = "Same" )
type GcsSpec ¶
type GcsSpec struct { // Specifies the name of the bucket to use for storage. Bucket string `json:"bucket"` // Specifies the maximum size (in kilobytes) to send in a single request. If set to 0, // it will attempt to send the whole object at once, but will not retry any failures. // +optional ChunkSize string `json:"chunkSize,omitempty"` // Specifies the maximum number of parallel operations to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` // Specifies if high availability mode is enabled. // +optional HAEnabled bool `json:"haEnabled,omitempty"` // Secret containing Google application credential // secret data: // - sa.json:<value> // +optional CredentialSecret string `json:"credentialSecret,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/google-cloud-storage.html
GcsSpec defines configuration to set up Google Cloud Storage as backend storage in vault
func (*GcsSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcsSpec.
func (*GcsSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GoogleKmsGcsSpec ¶
type GoogleKmsGcsSpec struct { // The name of the Google Cloud KMS crypto key to use KmsCryptoKey string `json:"kmsCryptoKey"` // The name of the Google Cloud KMS key ring to use KmsKeyRing string `json:"kmsKeyRing"` // The Google Cloud KMS location to use (eg. 'global', 'europe-west1') KmsLocation string `json:"kmsLocation"` // The Google Cloud KMS project to use KmsProject string `json:"kmsProject"` // The name of the Google Cloud Storage bucket to store values in Bucket string `json:"bucket"` // Secret containing Google application credential // secret data: // - sa.json:<value> // +optional CredentialSecret string `json:"credentialSecret,omitempty"` }
GoogleKmsGcsSpec contain the fields that required to unseal vault using google kms
func (*GoogleKmsGcsSpec) DeepCopy ¶
func (in *GoogleKmsGcsSpec) DeepCopy() *GoogleKmsGcsSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleKmsGcsSpec.
func (*GoogleKmsGcsSpec) DeepCopyInto ¶
func (in *GoogleKmsGcsSpec) DeepCopyInto(out *GoogleKmsGcsSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InmemSpec ¶
type InmemSpec struct{}
ref: https://www.vaultproject.io/docs/configuration/storage/in-memory.html
func (*InmemSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InmemSpec.
func (*InmemSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesSecretSpec ¶
type KubernetesSecretSpec struct {
SecretName string `json:"secretName"`
}
KubernetesSecretSpec contain the fields that required to unseal using kubernetes secret
func (*KubernetesSecretSpec) DeepCopy ¶
func (in *KubernetesSecretSpec) DeepCopy() *KubernetesSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretSpec.
func (*KubernetesSecretSpec) DeepCopyInto ¶
func (in *KubernetesSecretSpec) DeepCopyInto(out *KubernetesSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ModeSpec ¶
type ModeSpec struct { // +optional KubernetesSecret *KubernetesSecretSpec `json:"kubernetesSecret,omitempty"` // +optional GoogleKmsGcs *GoogleKmsGcsSpec `json:"googleKmsGcs,omitempty"` // +optional AwsKmsSsm *AwsKmsSsmSpec `json:"awsKmsSsm,omitempty"` // +optional AzureKeyVault *AzureKeyVault `json:"azureKeyVault,omitempty"` }
ModeSpec contain unseal mechanism
func (*ModeSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModeSpec.
func (*ModeSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MySQLSpec ¶
type MySQLSpec struct { // Specifies the address of the MySQL host. // +optional Address string `json:"address"` // Specifies the name of the database. If the database does not exist, Vault will attempt to create it. // +optional Database string `json:"database,omitempty"` // Specifies the name of the table. If the table does not exist, Vault will attempt to create it. // +optional Table string `json:"table,omitempty"` // Specifies the MySQL username and password to connect to the database // secret data: // - username=<value> // - password=<value> UserCredentialSecret string `json:"userCredentialSecret"` // Specifies the name of the secret containing the CA certificate to connect using TLS. // secret data: // - tls_ca_file=<ca_cert> // +optional TLSCASecret string `json:"tlsCASecret,omitempty"` // Specifies the maximum number of concurrent requests to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/mysql.html
MySQLSpec defines configuration to set up MySQL Storage as backend storage in vault
func (*MySQLSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MySQLSpec.
func (*MySQLSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamedServiceTemplateSpec ¶
type NamedServiceTemplateSpec struct { // Alias represents the identifier of the service. Alias ServiceAlias `json:"alias"` // ServiceTemplate is an optional configuration for a service used to expose VaultServer // +optional ofst.ServiceTemplateSpec `json:",inline,omitempty"` }
func (*NamedServiceTemplateSpec) DeepCopy ¶
func (in *NamedServiceTemplateSpec) DeepCopy() *NamedServiceTemplateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedServiceTemplateSpec.
func (*NamedServiceTemplateSpec) DeepCopyInto ¶
func (in *NamedServiceTemplateSpec) DeepCopyInto(out *NamedServiceTemplateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PostgreSQLSpec ¶
type PostgreSQLSpec struct { // Specifies the name of the secret containing the connection string to use to authenticate and connect to PostgreSQL. // A full list of supported parameters can be found in the pq library documentation(https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters). // secret data: // - connection_url:<data> ConnectionURLSecret string `json:"connectionURLSecret"` // Specifies the name of the table in which to write Vault data. // This table must already exist (Vault will not attempt to create it). // +optional Table string `json:"table,omitempty"` // Specifies the maximum number of concurrent requests to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/postgresql.html
PostgreSQLSpec defines configuration to set up PostgreSQL storage as backend storage in vault
func (*PostgreSQLSpec) DeepCopy ¶
func (in *PostgreSQLSpec) DeepCopy() *PostgreSQLSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLSpec.
func (*PostgreSQLSpec) DeepCopyInto ¶
func (in *PostgreSQLSpec) DeepCopyInto(out *PostgreSQLSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RaftSpec ¶
type RaftSpec struct { // Path (string: "") specifies the filesystem path where the vault data gets stored. // This value can be overridden by setting the VAULT_RAFT_PATH environment variable. // default: "" // +optional Path string `json:"path,omitempty"` // An integer multiplier used by servers to scale key Raft timing parameters. // Tuning this affects the time it takes Vault to detect leader failures and to perform leader elections, // at the expense of requiring more network and CPU resources for better performance. // default: 0 // +optional PerformanceMultiplier int64 `json:"performanceMultiplier,omitempty"` // This controls how many log entries are left in the log store on disk after a snapshot is made. // default: 10000 // +optional TrailingLogs *int64 `json:"trailingLogs,omitempty"` // This controls the minimum number of raft commit entries between snapshots that are saved to disk. // default: 8192 // +optional SnapshotThreshold *int64 `json:"snapshotThreshold,omitempty"` // This configures the maximum number of bytes for a raft entry. It applies to both Put operations and transactions. // default: 1048576 // +optional MaxEntrySize *int64 `json:"maxEntrySize,omitempty"` // This is the interval after which autopilot will pick up any state changes. // default: "" // +optional AutopilotReconcileInterval string `json:"autopilotReconcileInterval,omitempty"` // Storage to specify how storage shall be used. Storage *core.PersistentVolumeClaimSpec `json:"storage,omitempty"` }
RaftSpec defines the configuration for the Raft integrated storage. https://www.vaultproject.io/docs/configuration/storage/raft
func (*RaftSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RaftSpec.
func (*RaftSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type S3Spec ¶
type S3Spec struct { // Specifies the name of the bucket to use for storage. Bucket string `json:"bucket"` // Specifies an alternative, AWS compatible, S3 endpoint. // +optional Endpoint string `json:"endpoint,omitempty"` // Specifies the AWS region // +optional Region string `json:"region,omitempty"` // Specifies the secret name containing AWS access key and AWS secret key // secret data: // - access_key=<value> // - secret_key=<value> // +optional CredentialSecret string `json:"credentialSecret,omitempty"` // Specifies the secret name containing AWS session token // secret data: // - session_token:<value> // +optional SessionTokenSecret string `json:"sessionTokenSecret,omitempty"` // Specifies the maximum number of parallel operations to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` // Specifies whether to use host bucket style domains with the configured endpoint. // +optional ForcePathStyle bool `json:"forcePathStyle,omitempty"` // Specifies if SSL should be used for the endpoint connection // +optional DisableSSL bool `json:"disableSSL,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/s3.html
S3Spec defines configuration to set up Amazon S3 Storage as backend storage in vault
func (*S3Spec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S3Spec.
func (*S3Spec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretEngineNamespaces ¶ added in v0.5.0
type SecretEngineNamespaces struct { // From indicates where Secret Engines will be selected for this VaultServer. Possible // values are: // * All: Secret Engines in all namespaces may be used by this VaultServer. // * Selector: Secret Engines in namespaces selected by the selector may be used by // this VaultServer. // * Same: Only Secret Engines in the same namespace may be used by this VaultServer. // // +optional // +kubebuilder:default=Same From *FromNamespaces `json:"from,omitempty"` // Selector must be specified when From is set to "Selector". In that case, // only Secret Engines in Namespaces matching this Selector will be selected by this // VaultServer. This field is ignored for other values of "From". // // +optional Selector *metav1.LabelSelector `json:"selector,omitempty"` }
SecretEngineNamespaces indicate which namespaces Secret Engines should be selected from.
func (*SecretEngineNamespaces) DeepCopy ¶ added in v0.5.0
func (in *SecretEngineNamespaces) DeepCopy() *SecretEngineNamespaces
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineNamespaces.
func (*SecretEngineNamespaces) DeepCopyInto ¶ added in v0.5.0
func (in *SecretEngineNamespaces) DeepCopyInto(out *SecretEngineNamespaces)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretEngineType ¶ added in v0.5.0
type SecretEngineType string
+kubebuilder:validation:Enum=kv;pki;aws;azure;gcp;postgres;mongodb;mysql;elasticsearch
const ( SecretEngineTypeKV SecretEngineType = "kv" SecretEngineTypePKI SecretEngineType = "pki" SecretEngineTypeAWS SecretEngineType = "aws" SecretEngineTypeAzure SecretEngineType = "azure" SecretEngineTypeGCP SecretEngineType = "gcp" SecretEngineTypePostgres SecretEngineType = "postgres" SecretEngineTypeMongoDB SecretEngineType = "mongodb" SecretEngineTypeMySQL SecretEngineType = "mysql" SecretEngineTypeElasticsearch SecretEngineType = "elasticsearch" )
type ServiceAlias ¶
type ServiceAlias string
+kubebuilder:validation:Enum=internal;vault;stats
const ( VaultServerServiceInternal ServiceAlias = "internal" VaultServerServiceVault ServiceAlias = "vault" VaultServerServiceStats ServiceAlias = "stats" )
type SwiftSpec ¶
type SwiftSpec struct { // Specifies the OpenStack authentication endpoint. AuthURL string `json:"authURL"` // Specifies the name of the Swift container. Container string `json:"container"` // Specifies the name of the secret containing the OpenStack account/username and password // secret data: // - username=<value> // - password=<value> CredentialSecret string `json:"credentialSecret"` // Specifies the name of the tenant. If left blank, this will default to the default tenant of the username. // +optional Tenant string `json:"tenant,omitempty"` // Specifies the name of the region. // +optional Region string `json:"region,omitempty"` // Specifies the id of the tenant. // +optional TenantID string `json:"tenantID,omitempty"` // Specifies the name of the user domain. // +optional Domain string `json:"domain,omitempty"` // Specifies the name of the project's domain. // +optional ProjectDomain string `json:"projectDomain,omitempty"` // Specifies the id of the trust. // +optional TrustID string `json:"trustID,omitempty"` // Specifies storage URL from alternate authentication. // +optional StorageURL string `json:"storageURL,omitempty"` // Specifies secret containing auth token from alternate authentication. // secret data: // - auth_token=<value> // +optional AuthTokenSecret string `json:"authTokenSecret,omitempty"` // Specifies the maximum number of concurrent requests to take place. // +optional MaxParallel int64 `json:"maxParallel,omitempty"` }
vault doc: https://www.vaultproject.io/docs/configuration/storage/swift.html
SwiftSpec defines configuration to set up Swift Storage as backend storage in vault
func (*SwiftSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SwiftSpec.
func (*SwiftSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSPolicy ¶
type TLSPolicy struct { // TLSSecret is the secret containing TLS certs used by each vault node // for the communication between the vault server and its clients. // The secret should contain three files: // - tls.crt // - tls.key // // The server certificate must allow the following wildcard domains: // - localhost // - *.<namespace>.pod // - <vaultServer-name>.<namespace>.svc TLSSecret string `json:"tlsSecret"` // CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate. // +optional CABundle []byte `json:"caBundle,omitempty"` }
TLSPolicy defines the TLS policy of the vault nodes If this is not set, operator will auto-gen TLS assets and secrets.
func (*TLSPolicy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy.
func (*TLSPolicy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TerminationPolicy ¶
type TerminationPolicy string
+kubebuilder:validation:Enum=Halt;Delete;WipeOut;DoNotTerminate
const ( // Deletes VaultServer pods, service but leave the PVCs and stash backup data intact. TerminationPolicyHalt TerminationPolicy = "Halt" // Deletes VaultServer pods, service, pvcs but leave the stash backup data intact. TerminationPolicyDelete TerminationPolicy = "Delete" // Deletes VaultServer pods, service, pvcs and stash backup data. TerminationPolicyWipeOut TerminationPolicy = "WipeOut" // Rejects attempt to delete VaultServer using ValidationWebhook. TerminationPolicyDoNotTerminate TerminationPolicy = "DoNotTerminate" )
type UnsealerSpec ¶
type UnsealerSpec struct { // +optional SecretShares int64 `json:"secretShares,omitempty"` // Minimum required secret shares to unseal // +optional SecretThreshold int64 `json:"secretThreshold,omitempty"` // How often to attempt to unseal the vault instance // +optional RetryPeriodSeconds time.Duration `json:"retryPeriodSeconds,omitempty"` // overwrite existing unseal keys and root tokens, possibly dangerous! // +optional OverwriteExisting bool `json:"overwriteExisting,omitempty"` // should the root token be stored in the key store (default true) // +optional StoreRootToken bool `json:"storeRootToken,omitempty"` // mode contains unseal mechanism // +optional Mode ModeSpec `json:"mode,omitempty"` }
UnsealerSpec contain the configuration for auto vault initialize/unseal
func (*UnsealerSpec) DeepCopy ¶
func (in *UnsealerSpec) DeepCopy() *UnsealerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsealerSpec.
func (*UnsealerSpec) DeepCopyInto ¶
func (in *UnsealerSpec) DeepCopyInto(out *UnsealerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAlias ¶
type VaultCertificateAlias string
+kubebuilder:validation:Enum=ca;server;client;storage
const ( VaultCACert VaultCertificateAlias = "ca" VaultServerCert VaultCertificateAlias = "server" VaultClientCert VaultCertificateAlias = "client" VaultStorageCert VaultCertificateAlias = "storage" )
type VaultServer ¶
type VaultServer struct { metav1.TypeMeta `json:",inline,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultServerSpec `json:"spec,omitempty"` Status VaultServerStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:resource:path=vaultservers,singular=vaultserver,shortName=vs,categories={vault,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Replicas",type="string",JSONPath=".spec.replicas" +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version" +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
func (VaultServer) AppBindingName ¶
func (v VaultServer) AppBindingName() string
func (*VaultServer) CertificateMountPath ¶
func (v *VaultServer) CertificateMountPath(alias VaultCertificateAlias) string
func (VaultServer) ConfigSecretName ¶
func (v VaultServer) ConfigSecretName() string
func (*VaultServer) ConvertFrom ¶ added in v0.8.0
func (dst *VaultServer) ConvertFrom(srcRaw kbconv.Hub) (err error)
ConvertFrom converts from the Hub version (v1alpha2) to this version.
func (*VaultServer) ConvertTo ¶ added in v0.8.0
func (src *VaultServer) ConvertTo(dstRaw kbconv.Hub) (err error)
ConvertTo converts this to the Hub version (v1alpha2).
func (VaultServer) CustomResourceDefinition ¶
func (_ VaultServer) CustomResourceDefinition() *apiextensions.CustomResourceDefinition
func (*VaultServer) DeepCopy ¶
func (in *VaultServer) DeepCopy() *VaultServer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServer.
func (*VaultServer) DeepCopyInto ¶
func (in *VaultServer) DeepCopyInto(out *VaultServer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultServer) DeepCopyObject ¶
func (in *VaultServer) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultServer) DefaultCertSecretName ¶
func (vs *VaultServer) DefaultCertSecretName(alias string) string
Returns the default certificate secret name for given alias.
func (*VaultServer) GetCertSecretName ¶
func (vs *VaultServer) GetCertSecretName(alias string) string
Returns certificate secret name for given alias if exists, otherwise returns the default certificate secret name.
func (*VaultServer) GetCertificateCN ¶
func (vs *VaultServer) GetCertificateCN(alias VaultCertificateAlias) string
func (VaultServer) GetKey ¶
func (v VaultServer) GetKey() string
func (*VaultServer) GetServiceTemplate ¶
func (vs *VaultServer) GetServiceTemplate(alias ServiceAlias) ofst.ServiceTemplateSpec
GetServiceTemplate returns a pointer to the desired serviceTemplate referred by "alias". Otherwise, it returns nil.
func (VaultServer) IsValid ¶
func (v VaultServer) IsValid() error
func (*VaultServer) KeyPrefix ¶ added in v0.6.0
func (vs *VaultServer) KeyPrefix() string
func (VaultServer) OffshootLabels ¶
func (v VaultServer) OffshootLabels() map[string]string
func (VaultServer) OffshootName ¶
func (v VaultServer) OffshootName() string
func (VaultServer) OffshootSelectors ¶
func (v VaultServer) OffshootSelectors() map[string]string
func (VaultServer) PolicyNameForAuthMethodController ¶
func (v VaultServer) PolicyNameForAuthMethodController() string
func (VaultServer) PolicyNameForPolicyController ¶
func (v VaultServer) PolicyNameForPolicyController() string
func (*VaultServer) ReplicasAreReady ¶
func (v *VaultServer) ReplicasAreReady(lister appslister.StatefulSetLister) (bool, string, error)
func (VaultServer) ResourceFQN ¶
func (_ VaultServer) ResourceFQN() string
func (*VaultServer) RootTokenID ¶ added in v0.6.0
func (vs *VaultServer) RootTokenID() string
RootTokenID is the ID that used as key name when storing root token
func (*VaultServer) Scheme ¶
func (vs *VaultServer) Scheme() string
func (VaultServer) ServiceAccountForTokenReviewer ¶
func (v VaultServer) ServiceAccountForTokenReviewer() string
func (VaultServer) ServiceAccountName ¶
func (v VaultServer) ServiceAccountName() string
func (VaultServer) ServiceName ¶
func (v VaultServer) ServiceName(alias ServiceAlias) string
func (VaultServer) StatsLabels ¶
func (v VaultServer) StatsLabels() map[string]string
func (VaultServer) StatsService ¶
func (v VaultServer) StatsService() mona.StatsAccessor
func (VaultServer) StatsServiceName ¶
func (v VaultServer) StatsServiceName() string
func (VaultServer) TLSSecretName ¶
func (v VaultServer) TLSSecretName() string
func (*VaultServer) UnsealKeyID ¶ added in v0.6.0
func (vs *VaultServer) UnsealKeyID(id int) string
UnsealKeyID is the ID that used as key name when storing unseal key
type VaultServerBackend ¶
type VaultServerBackend string
+kubebuilder:validation:Enum=inmem;etcd;gcs;s3;azure;postgresql;mysql;file;dynamodb;swift;consul;raft
const ( VaultServerInmem VaultServerBackend = "inmem" VaultServerEtcd VaultServerBackend = "etcd" VaultServerGcs VaultServerBackend = "gcs" VaultServerS3 VaultServerBackend = "s3" VaultServerAzure VaultServerBackend = "azure" VaultServerPostgreSQL VaultServerBackend = "postgresql" VaultServerMySQL VaultServerBackend = "mysql" VaultServerFile VaultServerBackend = "file" VaultServerDynamoDB VaultServerBackend = "dynamodb" VaultServerSwift VaultServerBackend = "swift" VaultServerConsul VaultServerBackend = "consul" VaultServerRaft VaultServerBackend = "raft" )
type VaultServerList ¶
type VaultServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultServer `json:"items,omitempty"` }
func (*VaultServerList) DeepCopy ¶
func (in *VaultServerList) DeepCopy() *VaultServerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServerList.
func (*VaultServerList) DeepCopyInto ¶
func (in *VaultServerList) DeepCopyInto(out *VaultServerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultServerList) DeepCopyObject ¶
func (in *VaultServerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultServerPhase ¶
type VaultServerPhase string
+kubebuilder:validation:Enum=Initializing;Unsealing;Sealed;Ready;NotReady;Critical
const ( // used for VaultServer that are Initializing VaultServerPhaseInitializing VaultServerPhase = "Initializing" // used for VaultServer that are Unsealing VaultServerPhaseUnsealing VaultServerPhase = "Unsealing" // used for VaultServer that are sealed VaultServerPhaseSealed VaultServerPhase = "Sealed" // used for VaultServer that are Ready VaultServerPhaseReady VaultServerPhase = "Ready" // used for VaultServer that are NotReady VaultServerPhaseNotReady VaultServerPhase = "NotReady" // used for VaultServer that are Critical VaultServerPhaseCritical VaultServerPhase = "Critical" )
type VaultServerSpec ¶
type VaultServerSpec struct { // Version of VaultServer to be deployed. Version string `json:"version"` // Number of instances to deploy for a VaultServer. Replicas *int32 `json:"replicas,omitempty"` // ConfigSecret is an optional field to provide extra configuration for vault. // This secret contain extra config for vault // File name should be 'vault.hcl'. // If specified, this file will be appended to the controller configuration file. // +optional ConfigSecret *core.LocalObjectReference `json:"configSecret,omitempty"` // DataSources is a list of Configmaps/Secrets in the same namespace as the VaultServer // object, which shall be mounted into the VaultServer Pods. // The data are mounted into /etc/vault/data/<name>. // The first data will be named as "data-0", second one will be named as "data-1" and so on. // +optional DataSources []core.VolumeSource `json:"dataSources,omitempty"` // TLS policy of vault nodes // +optional TLS *kmapi.TLSConfig `json:"tls,omitempty"` // backend storage configuration for vault Backend BackendStorageSpec `json:"backend"` // Unsealer configuration for vault // +optional Unsealer *UnsealerSpec `json:"unsealer,omitempty"` // Specifies the list of auth methods to enable // +optional AuthMethods []AuthMethod `json:"authMethods,omitempty"` // Monitor is used monitor database instance // +optional Monitor *mona.AgentSpec `json:"monitor,omitempty"` // PodTemplate is an optional configuration for pods used to run vault // +optional PodTemplate ofst.PodTemplateSpec `json:"podTemplate,omitempty"` // ServiceTemplates is an optional configuration for services used to expose database // +optional ServiceTemplates []NamedServiceTemplateSpec `json:"serviceTemplates,omitempty"` // Indicates that the vault server is halted and all offshoot Kubernetes resources except PVCs are deleted. // +optional Halted bool `json:"halted,omitempty"` // TerminationPolicy controls the delete operation for vault server // +optional TerminationPolicy TerminationPolicy `json:"terminationPolicy,omitempty"` // AllowedSecretEngines defines the types of Secret Engines that MAY be attached to a // Listener and the trusted namespaces where those Route resources MAY be // present. // // Although a client request may match multiple route rules, only one rule // may ultimately receive the request. Matching precedence MUST be // determined in order of the following criteria: // // * The most specific match as defined by the Route type. // * The oldest Route based on creation timestamp. For example, a Route with // a creation timestamp of "2020-09-08 01:02:03" is given precedence over // a Route with a creation timestamp of "2020-09-08 01:02:04". // * If everything else is equivalent, the Route appearing first in // alphabetical order (namespace/name) should be given precedence. For // example, foo/bar is given precedence over foo/baz. // // All valid rules within a Route attached to this Listener should be // implemented. Invalid Route rules can be ignored (sometimes that will mean // the full Route). If a Route rule transitions from valid to invalid, // support for that Route rule should be dropped to ensure consistency. For // example, even if a filter specified by a Route rule is invalid, the rest // of the rules within that Route should still be supported. // // Support: Core // +kubebuilder:default={namespaces:{from: Same}} // +optional AllowedSecretEngines *AllowedSecretEngines `json:"allowedSecretEngines,omitempty"` }
func (*VaultServerSpec) DeepCopy ¶
func (in *VaultServerSpec) DeepCopy() *VaultServerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServerSpec.
func (*VaultServerSpec) DeepCopyInto ¶
func (in *VaultServerSpec) DeepCopyInto(out *VaultServerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultServerStatus ¶
type VaultServerStatus struct { // ObservedGeneration is the most recent generation observed for this resource. It corresponds to the // resource's generation, which is updated on mutation by the API Server. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` // Phase indicates the state this Vault server jumps in. // +optional Phase VaultServerPhase `json:"phase,omitempty"` // Initialized indicates if the Vault service is initialized. // +optional Initialized bool `json:"initialized,omitempty"` // ServiceName is the LB service for accessing vault nodes. // +optional ServiceName string `json:"serviceName,omitempty"` // ClientPort is the port for vault client to access. // It's the same on client LB service and vault nodes. // +optional ClientPort int64 `json:"clientPort,omitempty"` // VaultStatus is the set of Vault node specific statuses: Active, Standby, and Sealed // +optional VaultStatus VaultStatus `json:"vaultStatus,omitempty"` // PodNames of updated Vault nodes. Updated means the Vault container image version // matches the spec's version. // +optional UpdatedNodes []string `json:"updatedNodes,omitempty"` // Represents the latest available observations of a VaultServer current state. // +optional Conditions []kmapi.Condition `json:"conditions,omitempty"` // Status of the vault auth methods // +optional AuthMethodStatus []AuthMethodStatus `json:"authMethodStatus,omitempty"` }
func (*VaultServerStatus) DeepCopy ¶
func (in *VaultServerStatus) DeepCopy() *VaultServerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServerStatus.
func (*VaultServerStatus) DeepCopyInto ¶
func (in *VaultServerStatus) DeepCopyInto(out *VaultServerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultStatus ¶
type VaultStatus struct { // PodName of the active Vault node. Active node is unsealed. // Only active node can serve requests. // Vault service only points to the active node. // +optional Active string `json:"active,omitempty"` // PodNames of the standby Vault nodes. Standby nodes are unsealed. // Standby nodes do not process requests, and instead redirect to the active Vault. // +optional Standby []string `json:"standby,omitempty"` // PodNames of Sealed Vault nodes. Sealed nodes MUST be unsealed to // become standby or leader. // +optional Sealed []string `json:"sealed,omitempty"` // PodNames of Unsealed Vault nodes. // +optional Unsealed []string `json:"unsealed,omitempty"` }
func (*VaultStatus) DeepCopy ¶
func (in *VaultStatus) DeepCopy() *VaultStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStatus.
func (*VaultStatus) DeepCopyInto ¶
func (in *VaultStatus) DeepCopyInto(out *VaultStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.