Documentation
¶
Index ¶
- Constants
- func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
- func IsAllowedToCache(container *corev1.Container) bool
- func NewWhLogger(l *slog.Logger) log.Logger
- func SetConfigDefaults()
- type ImageRegistry
- type MutatingWebhook
- func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, dryRun bool) error
- func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
- func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
- type Registry
- type VaultConfig
Constants ¶
View Source
const (
VaultEnvVolumeName = "vault-env"
)
Variables ¶
This section is empty.
Functions ¶
func ErrorLoggerMutator ¶
func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
func IsAllowedToCache ¶
IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy
func NewWhLogger ¶ added in v1.21.0
NewWhLogger returns a new log.Logger for a slog implementation.
func SetConfigDefaults ¶
func SetConfigDefaults()
Types ¶
type ImageRegistry ¶
type ImageRegistry interface {
GetImageConfig(
ctx context.Context,
clientset kubernetes.Interface,
namespace string,
isDisabled bool,
container *corev1.Container,
podSpec *corev1.PodSpec) (*v1.Config, error)
}
ImageRegistry is a docker registry
type MutatingWebhook ¶
type MutatingWebhook struct {
// contains filtered or unexported fields
}
func NewMutatingWebhook ¶
func NewMutatingWebhook(logger *slog.Logger, k8sClient kubernetes.Interface) (*MutatingWebhook, error)
func (*MutatingWebhook) MutateConfigMap ¶
func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutateObject ¶
func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutatePod ¶
func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, dryRun bool) error
func (*MutatingWebhook) MutateSecret ¶
func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
func (*MutatingWebhook) ServeMetrics ¶
func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
func (*MutatingWebhook) VaultSecretsMutator ¶
func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
type VaultConfig ¶
type VaultConfig struct {
Addr string
AuthMethod string
Role string
Path string
SkipVerify bool
TLSSecret string
ClientTimeout time.Duration
UseAgent bool
VaultEnvDaemon bool
VaultEnvDelay time.Duration
TransitKeyID string
TransitPath string
TransitBatchSize int
CtConfigMap string
CtImage string
CtInjectInInitcontainers bool
CtOnce bool
CtImagePullPolicy corev1.PullPolicy
CtCPU resource.Quantity
CtMemory resource.Quantity
PspAllowPrivilegeEscalation bool
RunAsNonRoot bool
RunAsUser int64
RunAsGroup int64
ReadOnlyRootFilesystem bool
RegistrySkipVerify bool
IgnoreMissingSecrets string
VaultEnvPassThrough string
ConfigfilePath string
EnableJSONLog string
LogLevel string
AgentConfigMap string
AgentOnce bool
AgentCPULimit resource.Quantity
AgentMemoryLimit resource.Quantity
AgentCPURequest resource.Quantity
AgentMemoryRequest resource.Quantity
AgentImage string
AgentImagePullPolicy corev1.PullPolicy
AgentEnvVariables string
ServiceAccountTokenVolumeName string
EnvImage string
EnvImagePullPolicy corev1.PullPolicy
EnvLogServer string
Skip bool
VaultEnvFromPath string
TokenAuthMount string
EnvCPURequest resource.Quantity
EnvMemoryRequest resource.Quantity
EnvCPULimit resource.Quantity
EnvMemoryLimit resource.Quantity
VaultNamespace string
VaultServiceAccount string
ObjectNamespace string
MutateProbes bool
Token string
}
VaultConfig represents vault options
Source Files
Click to show internal directories.
Click to hide internal directories.