Documentation ¶
Index ¶
- Constants
- func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
- func IsAllowedToCache(container *corev1.Container) bool
- func NewWhLogger(l *slog.Logger) log.Logger
- func SetConfigDefaults()
- type ImageRegistry
- type MutatingWebhook
- func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, dryRun bool) error
- func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
- func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
- type Registry
- type VaultConfig
Constants ¶
View Source
const (
VaultEnvVolumeName = "vault-env"
)
Variables ¶
This section is empty.
Functions ¶
func ErrorLoggerMutator ¶
func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
func IsAllowedToCache ¶
IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy
func NewWhLogger ¶ added in v1.21.0
NewWhLogger returns a new log.Logger for a slog implementation.
func SetConfigDefaults ¶
func SetConfigDefaults()
Types ¶
type ImageRegistry ¶
type ImageRegistry interface { GetImageConfig( ctx context.Context, clientset kubernetes.Interface, namespace string, isDisabled bool, container *corev1.Container, podSpec *corev1.PodSpec) (*v1.Config, error) }
ImageRegistry is a docker registry
type MutatingWebhook ¶
type MutatingWebhook struct {
// contains filtered or unexported fields
}
func NewMutatingWebhook ¶
func NewMutatingWebhook(logger *slog.Logger, k8sClient kubernetes.Interface) (*MutatingWebhook, error)
func (*MutatingWebhook) MutateConfigMap ¶
func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutateObject ¶
func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutatePod ¶
func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, vaultConfig VaultConfig, dryRun bool) error
func (*MutatingWebhook) MutateSecret ¶
func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
func (*MutatingWebhook) ServeMetrics ¶
func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
func (*MutatingWebhook) VaultSecretsMutator ¶
func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
type VaultConfig ¶
type VaultConfig struct { Addr string AuthMethod string Role string Path string SkipVerify bool TLSSecret string ClientTimeout time.Duration UseAgent bool VaultEnvDaemon bool VaultEnvDelay time.Duration TransitKeyID string TransitPath string TransitBatchSize int CtConfigMap string CtImage string CtInjectInInitcontainers bool CtOnce bool CtImagePullPolicy corev1.PullPolicy CtCPU resource.Quantity CtMemory resource.Quantity PspAllowPrivilegeEscalation bool RunAsNonRoot bool RunAsUser int64 RunAsGroup int64 ReadOnlyRootFilesystem bool RegistrySkipVerify bool IgnoreMissingSecrets string VaultEnvPassThrough string ConfigfilePath string EnableJSONLog string LogLevel string AgentConfigMap string AgentOnce bool AgentCPULimit resource.Quantity AgentMemoryLimit resource.Quantity AgentCPURequest resource.Quantity AgentMemoryRequest resource.Quantity AgentImage string AgentImagePullPolicy corev1.PullPolicy AgentEnvVariables string ServiceAccountTokenVolumeName string EnvImage string EnvImagePullPolicy corev1.PullPolicy EnvLogServer string Skip bool VaultEnvFromPath string TokenAuthMount string EnvCPURequest resource.Quantity EnvMemoryRequest resource.Quantity EnvCPULimit resource.Quantity EnvMemoryLimit resource.Quantity VaultNamespace string VaultServiceAccount string ObjectNamespace string MutateProbes bool Token string }
VaultConfig represents vault options
Click to show internal directories.
Click to hide internal directories.