bank-vaults: github.com/banzaicloud/bank-vaults/operator/pkg/apis/vault/v1alpha1 Index | Files

package v1alpha1

import "github.com/banzaicloud/bank-vaults/operator/pkg/apis/vault/v1alpha1"

Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=vault.banzaicloud.com

Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=vault.banzaicloud.com

Index

Package Files

doc.go embedded_v1.go register.go vault_types.go zz_generated.deepcopy.go zz_generated.defaults.go

Variables

var (
    // SchemeGroupVersion is group version used to register these objects
    SchemeGroupVersion = schema.GroupVersion{Group: "vault.banzaicloud.com", Version: "v1alpha1"}

    // SchemeBuilder is used to add go types to the GroupVersionKind scheme
    SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
    // AddToScheme helper
    AddToScheme = SchemeBuilder.AddToScheme
)
var HAStorageTypes = map[string]bool{
    "consul":     true,
    "dynamodb":   true,
    "etcd":       true,
    "gcs":        true,
    "mysql":      true,
    "postgresql": true,
    "raft":       true,
    "spanner":    true,
    "zookeeper":  true,
}

HAStorageTypes is the set of storage backends supporting High Availability

func Kind Uses

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func RegisterDefaults Uses

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func Resource Uses

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

type AWSUnsealConfig Uses

type AWSUnsealConfig struct {
    KMSKeyID  string `json:"kmsKeyId"`
    KMSRegion string `json:"kmsRegion"`
    S3Bucket  string `json:"s3Bucket"`
    S3Prefix  string `json:"s3Prefix"`
    S3Region  string `json:"s3Region"`
    S3SSE     string `json:"s3SSE,omitempty"`
}

AWSUnsealConfig holds the parameters for AWS KMS based unsealing

func (*AWSUnsealConfig) DeepCopy Uses

func (in *AWSUnsealConfig) DeepCopy() *AWSUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSUnsealConfig.

func (*AWSUnsealConfig) DeepCopyInto Uses

func (in *AWSUnsealConfig) DeepCopyInto(out *AWSUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaUnsealConfig Uses

type AlibabaUnsealConfig struct {
    KMSRegion   string `json:"kmsRegion"`
    KMSKeyID    string `json:"kmsKeyId"`
    OSSEndpoint string `json:"ossEndpoint"`
    OSSBucket   string `json:"ossBucket"`
    OSSPrefix   string `json:"ossPrefix"`
}

AlibabaUnsealConfig holds the parameters for Alibaba Cloud KMS based unsealing

--alibaba-kms-region eu-central-1 --alibaba-kms-key-id 9d8063eb-f9dc-421b-be80-15d195c9f148 --alibaba-oss-endpoint oss-eu-central-1.aliyuncs.com --alibaba-oss-bucket bank-vaults

func (*AlibabaUnsealConfig) DeepCopy Uses

func (in *AlibabaUnsealConfig) DeepCopy() *AlibabaUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaUnsealConfig.

func (*AlibabaUnsealConfig) DeepCopyInto Uses

func (in *AlibabaUnsealConfig) DeepCopyInto(out *AlibabaUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureUnsealConfig Uses

type AzureUnsealConfig struct {
    KeyVaultName string `json:"keyVaultName"`
}

AzureUnsealConfig holds the parameters for Azure Key Vault based unsealing

func (*AzureUnsealConfig) DeepCopy Uses

func (in *AzureUnsealConfig) DeepCopy() *AzureUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureUnsealConfig.

func (*AzureUnsealConfig) DeepCopyInto Uses

func (in *AzureUnsealConfig) DeepCopyInto(out *AzureUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CredentialsConfig Uses

type CredentialsConfig struct {
    Env        string `json:"env"`
    Path       string `json:"path"`
    SecretName string `json:"secretName"`
}

CredentialsConfig configuration for a credentials file provided as a secret

func (*CredentialsConfig) DeepCopy Uses

func (in *CredentialsConfig) DeepCopy() *CredentialsConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsConfig.

func (*CredentialsConfig) DeepCopyInto Uses

func (in *CredentialsConfig) DeepCopyInto(out *CredentialsConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EmbeddedObjectMetadata Uses

type EmbeddedObjectMetadata struct {
    // Name must be unique within a namespace. Is required when creating resources, although
    // some resources may allow a client to request the generation of an appropriate name
    // automatically. Name is primarily intended for creation idempotence and configuration
    // definition.
    // Cannot be updated.
    // More info: http://kubernetes.io/docs/user-guide/identifiers#names
    // +optional
    Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`

    // Map of string keys and values that can be used to organize and categorize
    // (scope and select) objects. May match selectors of replication controllers
    // and services.
    // More info: http://kubernetes.io/docs/user-guide/labels
    // +optional
    Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,11,rep,name=labels"`

    // Annotations is an unstructured key value map stored with a resource that may be
    // set by external tools to store and retrieve arbitrary metadata. They are not
    // queryable and should be preserved when modifying objects.
    // More info: http://kubernetes.io/docs/user-guide/annotations
    // +optional
    Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
}

EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included. controller-gen discards embedded ObjectMetadata type fields, so we have to overcome this.

func (*EmbeddedObjectMetadata) DeepCopy Uses

func (in *EmbeddedObjectMetadata) DeepCopy() *EmbeddedObjectMetadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmbeddedObjectMetadata.

func (*EmbeddedObjectMetadata) DeepCopyInto Uses

func (in *EmbeddedObjectMetadata) DeepCopyInto(out *EmbeddedObjectMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EmbeddedPersistentVolumeClaim Uses

type EmbeddedPersistentVolumeClaim struct {
    metav1.TypeMeta `json:",inline"`

    // EmbeddedMetadata contains metadata relevant to an EmbeddedResource.
    EmbeddedObjectMetadata `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // Spec defines the desired characteristics of a volume requested by a pod author.
    // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
    // +optional
    Spec v1.PersistentVolumeClaimSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}

EmbeddedPersistentVolumeClaim is an embeddable and controller-gen friendly version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.

func (*EmbeddedPersistentVolumeClaim) DeepCopy Uses

func (in *EmbeddedPersistentVolumeClaim) DeepCopy() *EmbeddedPersistentVolumeClaim

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmbeddedPersistentVolumeClaim.

func (*EmbeddedPersistentVolumeClaim) DeepCopyInto Uses

func (in *EmbeddedPersistentVolumeClaim) DeepCopyInto(out *EmbeddedPersistentVolumeClaim)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EmbeddedPodSpec Uses

type EmbeddedPodSpec struct {
    // List of volumes that can be mounted by containers belonging to the pod.
    // More info: https://kubernetes.io/docs/concepts/storage/volumes
    // +optional
    // +patchMergeKey=name
    // +patchStrategy=merge,retainKeys
    Volumes []v1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
    // List of initialization containers belonging to the pod.
    // Init containers are executed in order prior to containers being started. If any
    // init container fails, the pod is considered to have failed and is handled according
    // to its restartPolicy. The name for an init container or normal container must be
    // unique among all containers.
    // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
    // The resourceRequirements of an init container are taken into account during scheduling
    // by finding the highest request/limit for each resource type, and then using the max of
    // of that value or the sum of the normal containers. Limits are applied to init containers
    // in a similar fashion.
    // Init containers cannot currently be added or removed.
    // Cannot be updated.
    // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    // +patchMergeKey=name
    // +patchStrategy=merge
    InitContainers []v1.Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"`
    // List of containers belonging to the pod.
    // Containers cannot currently be added or removed.
    // There must be at least one container in a Pod.
    // Cannot be updated.
    // +patchMergeKey=name
    // +patchStrategy=merge
    Containers []v1.Container `json:"containers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"`
    // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
    // pod to perform user-initiated actions such as debugging. This list cannot be specified when
    // creating a pod, and it cannot be modified by updating the pod spec. In order to add an
    // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
    // This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.
    // +optional
    // +patchMergeKey=name
    // +patchStrategy=merge
    EphemeralContainers []v1.EphemeralContainer `json:"ephemeralContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,34,rep,name=ephemeralContainers"`
    // Restart policy for all containers within the pod.
    // One of Always, OnFailure, Never.
    // Default to Always.
    // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
    // +optional
    RestartPolicy v1.RestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,3,opt,name=restartPolicy,casttype=RestartPolicy"`
    // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
    // Value must be non-negative integer. The value zero indicates delete immediately.
    // If this value is nil, the default grace period will be used instead.
    // The grace period is the duration in seconds after the processes running in the pod are sent
    // a termination signal and the time when the processes are forcibly halted with a kill signal.
    // Set this value longer than the expected cleanup time for your process.
    // Defaults to 30 seconds.
    // +optional
    TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty" protobuf:"varint,4,opt,name=terminationGracePeriodSeconds"`
    // Optional duration in seconds the pod may be active on the node relative to
    // StartTime before the system will actively try to mark it failed and kill associated containers.
    // Value must be a positive integer.
    // +optional
    ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty" protobuf:"varint,5,opt,name=activeDeadlineSeconds"`
    // Set DNS policy for the pod.
    // Defaults to "ClusterFirst".
    // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
    // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
    // To have DNS options set along with hostNetwork, you have to specify DNS policy
    // explicitly to 'ClusterFirstWithHostNet'.
    // +optional
    DNSPolicy v1.DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"`
    // NodeSelector is a selector which must be true for the pod to fit on a node.
    // Selector which must match a node's labels for the pod to be scheduled on that node.
    // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
    // +optional
    NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"`

    // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
    // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
    // +optional
    ServiceAccountName string `json:"serviceAccountName,omitempty" protobuf:"bytes,8,opt,name=serviceAccountName"`
    // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
    // Deprecated: Use serviceAccountName instead.
    // +k8s:conversion-gen=false
    // +optional
    DeprecatedServiceAccount string `json:"serviceAccount,omitempty" protobuf:"bytes,9,opt,name=serviceAccount"`
    // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
    // +optional
    AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty" protobuf:"varint,21,opt,name=automountServiceAccountToken"`

    // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
    // the scheduler simply schedules this pod onto that node, assuming that it fits resource
    // requirements.
    // +optional
    NodeName string `json:"nodeName,omitempty" protobuf:"bytes,10,opt,name=nodeName"`
    // Host networking requested for this pod. Use the host's network namespace.
    // If this option is set, the ports that will be used must be specified.
    // Default to false.
    // +k8s:conversion-gen=false
    // +optional
    HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,11,opt,name=hostNetwork"`
    // Use the host's pid namespace.
    // Optional: Default to false.
    // +k8s:conversion-gen=false
    // +optional
    HostPID bool `json:"hostPID,omitempty" protobuf:"varint,12,opt,name=hostPID"`
    // Use the host's ipc namespace.
    // Optional: Default to false.
    // +k8s:conversion-gen=false
    // +optional
    HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,13,opt,name=hostIPC"`
    // Share a single process namespace between all of the containers in a pod.
    // When this is set containers will be able to view and signal processes from other containers
    // in the same pod, and the first process in each container will not be assigned PID 1.
    // HostPID and ShareProcessNamespace cannot both be set.
    // Optional: Default to false.
    // +k8s:conversion-gen=false
    // +optional
    ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty" protobuf:"varint,27,opt,name=shareProcessNamespace"`
    // SecurityContext holds pod-level security attributes and common container settings.
    // Optional: Defaults to empty.  See type description for default values of each field.
    // +optional
    SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty" protobuf:"bytes,14,opt,name=securityContext"`
    // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
    // If specified, these secrets will be passed to individual puller implementations for them to use. For example,
    // in the case of docker, only DockerConfig type secrets are honored.
    // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
    // +optional
    // +patchMergeKey=name
    // +patchStrategy=merge
    ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
    // Specifies the hostname of the Pod
    // If not specified, the pod's hostname will be set to a system-defined value.
    // +optional
    Hostname string `json:"hostname,omitempty" protobuf:"bytes,16,opt,name=hostname"`
    // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
    // If not specified, the pod will not have a domainname at all.
    // +optional
    Subdomain string `json:"subdomain,omitempty" protobuf:"bytes,17,opt,name=subdomain"`
    // If specified, the pod's scheduling constraints
    // +optional
    Affinity *v1.Affinity `json:"affinity,omitempty" protobuf:"bytes,18,opt,name=affinity"`
    // If specified, the pod will be dispatched by specified scheduler.
    // If not specified, the pod will be dispatched by default scheduler.
    // +optional
    SchedulerName string `json:"schedulerName,omitempty" protobuf:"bytes,19,opt,name=schedulerName"`
    // If specified, the pod's tolerations.
    // +optional
    Tolerations []v1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"`
    // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
    // file if specified. This is only valid for non-hostNetwork pods.
    // +optional
    // +patchMergeKey=ip
    // +patchStrategy=merge
    HostAliases []v1.HostAlias `json:"hostAliases,omitempty" patchStrategy:"merge" patchMergeKey:"ip" protobuf:"bytes,23,rep,name=hostAliases"`
    // If specified, indicates the pod's priority. "system-node-critical" and
    // "system-cluster-critical" are two special keywords which indicate the
    // highest priorities with the former being the highest priority. Any other
    // name must be defined by creating a PriorityClass object with that name.
    // If not specified, the pod priority will be default or zero if there is no
    // default.
    // +optional
    PriorityClassName string `json:"priorityClassName,omitempty" protobuf:"bytes,24,opt,name=priorityClassName"`
    // The priority value. Various system components use this field to find the
    // priority of the pod. When Priority Admission Controller is enabled, it
    // prevents users from setting this field. The admission controller populates
    // this field from PriorityClassName.
    // The higher the value, the higher the priority.
    // +optional
    Priority *int32 `json:"priority,omitempty" protobuf:"bytes,25,opt,name=priority"`
    // Specifies the DNS parameters of a pod.
    // Parameters specified here will be merged to the generated DNS
    // configuration based on DNSPolicy.
    // +optional
    DNSConfig *v1.PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"`
    // If specified, all readiness gates will be evaluated for pod readiness.
    // A pod is ready when all its containers are ready AND
    // all conditions specified in the readiness gates have status equal to "True"
    // More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md
    // +optional
    ReadinessGates []v1.PodReadinessGate `json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
    // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
    // to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
    // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
    // empty definition that uses the default runtime handler.
    // More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
    // This is a beta feature as of Kubernetes v1.14.
    // +optional
    RuntimeClassName *string `json:"runtimeClassName,omitempty" protobuf:"bytes,29,opt,name=runtimeClassName"`
    // EnableServiceLinks indicates whether information about services should be injected into pod's
    // environment variables, matching the syntax of Docker links.
    // Optional: Defaults to true.
    // +optional
    EnableServiceLinks *bool `json:"enableServiceLinks,omitempty" protobuf:"varint,30,opt,name=enableServiceLinks"`
    // PreemptionPolicy is the Policy for preempting pods with lower priority.
    // One of Never, PreemptLowerPriority.
    // Defaults to PreemptLowerPriority if unset.
    // This field is beta-level, gated by the NonPreemptingPriority feature-gate.
    // +optional
    PreemptionPolicy *v1.PreemptionPolicy `json:"preemptionPolicy,omitempty" protobuf:"bytes,31,opt,name=preemptionPolicy"`
    // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
    // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
    // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
    // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
    // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
    // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
    // More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md
    // This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.
    // +optional
    Overhead v1.ResourceList `json:"overhead,omitempty" protobuf:"bytes,32,opt,name=overhead"`
    // TopologySpreadConstraints describes how a group of pods ought to spread across topology
    // domains. Scheduler will schedule pods in a way which abides by the constraints.
    // All topologySpreadConstraints are ANDed.
    // +optional
    // +patchMergeKey=topologyKey
    // +patchStrategy=merge
    // +listType=map
    // +listMapKey=topologyKey
    // +listMapKey=whenUnsatisfiable
    TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty" patchStrategy:"merge" patchMergeKey:"topologyKey" protobuf:"bytes,33,opt,name=topologySpreadConstraints"`
    // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
    // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
    // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
    // If a pod does not have FQDN, this has no effect.
    // Default to false.
    // +optional
    SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty" protobuf:"varint,35,opt,name=setHostnameAsFQDN"`
}

EmbeddedPodSpec is a description of a pod, which allows containers to be missing, almost as k8s.io/api/core/v1.PodSpec.

func (*EmbeddedPodSpec) DeepCopy Uses

func (in *EmbeddedPodSpec) DeepCopy() *EmbeddedPodSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmbeddedPodSpec.

func (*EmbeddedPodSpec) DeepCopyInto Uses

func (in *EmbeddedPodSpec) DeepCopyInto(out *EmbeddedPodSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GoogleUnsealConfig Uses

type GoogleUnsealConfig struct {
    KMSKeyRing    string `json:"kmsKeyRing"`
    KMSCryptoKey  string `json:"kmsCryptoKey"`
    KMSLocation   string `json:"kmsLocation"`
    KMSProject    string `json:"kmsProject"`
    StorageBucket string `json:"storageBucket"`
}

GoogleUnsealConfig holds the parameters for Google KMS based unsealing

func (*GoogleUnsealConfig) DeepCopy Uses

func (in *GoogleUnsealConfig) DeepCopy() *GoogleUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleUnsealConfig.

func (*GoogleUnsealConfig) DeepCopyInto Uses

func (in *GoogleUnsealConfig) DeepCopyInto(out *GoogleUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HSMUnsealConfig Uses

type HSMUnsealConfig struct {
    Daemon     bool   `json:"daemon,omitempty"`
    ModulePath string `json:"modulePath"`
    SlotID     uint   `json:"slotId,omitempty"`
    TokenLabel string `json:"tokenLabel,omitempty"`
    Pin        string `json:"pin"`
    KeyLabel   string `json:"keyLabel"`
}

HSMUnsealConfig holds the parameters for remote HSM based unsealing

func (*HSMUnsealConfig) DeepCopy Uses

func (in *HSMUnsealConfig) DeepCopy() *HSMUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HSMUnsealConfig.

func (*HSMUnsealConfig) DeepCopyInto Uses

func (in *HSMUnsealConfig) DeepCopyInto(out *HSMUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ingress Uses

type Ingress struct {
    Annotations map[string]string   `json:"annotations,omitempty"`
    Spec        v1beta1.IngressSpec `json:"spec,omitempty"`
}

Ingress specification for the Vault cluster

func (*Ingress) DeepCopy Uses

func (in *Ingress) DeepCopy() *Ingress

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress.

func (*Ingress) DeepCopyInto Uses

func (in *Ingress) DeepCopyInto(out *Ingress)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesUnsealConfig Uses

type KubernetesUnsealConfig struct {
    SecretNamespace string `json:"secretNamespace,omitempty"`
    SecretName      string `json:"secretName,omitempty"`
}

KubernetesUnsealConfig holds the parameters for Kubernetes based unsealing

func (*KubernetesUnsealConfig) DeepCopy Uses

func (in *KubernetesUnsealConfig) DeepCopy() *KubernetesUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUnsealConfig.

func (*KubernetesUnsealConfig) DeepCopyInto Uses

func (in *KubernetesUnsealConfig) DeepCopyInto(out *KubernetesUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Resources Uses

type Resources struct {
    Vault              *v1.ResourceRequirements `json:"vault,omitempty"`
    BankVaults         *v1.ResourceRequirements `json:"bankVaults,omitempty"`
    HSMDaemon          *v1.ResourceRequirements `json:"hsmDaemon,omitempty"`
    Etcd               *v1.ResourceRequirements `json:"etcd,omitempty"`
    PrometheusExporter *v1.ResourceRequirements `json:"prometheusExporter,omitempty"`
    FluentD            *v1.ResourceRequirements `json:"fluentd,omitempty"`
}

Resources holds different container's ResourceRequirements

func (*Resources) DeepCopy Uses

func (in *Resources) DeepCopy() *Resources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Resources.

func (*Resources) DeepCopyInto Uses

func (in *Resources) DeepCopyInto(out *Resources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UnsealConfig Uses

type UnsealConfig struct {
    Options    UnsealOptions          `json:"options,omitempty"`
    Kubernetes KubernetesUnsealConfig `json:"kubernetes,omitempty"`
    Google     *GoogleUnsealConfig    `json:"google,omitempty"`
    Alibaba    *AlibabaUnsealConfig   `json:"alibaba,omitempty"`
    Azure      *AzureUnsealConfig     `json:"azure,omitempty"`
    AWS        *AWSUnsealConfig       `json:"aws,omitempty"`
    Vault      *VaultUnsealConfig     `json:"vault,omitempty"`
    HSM        *HSMUnsealConfig       `json:"hsm,omitempty"`
}

UnsealConfig represents the UnsealConfig field of a VaultSpec Kubernetes object

func (*UnsealConfig) DeepCopy Uses

func (in *UnsealConfig) DeepCopy() *UnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsealConfig.

func (*UnsealConfig) DeepCopyInto Uses

func (in *UnsealConfig) DeepCopyInto(out *UnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UnsealConfig) HSMDaemonNeeded Uses

func (usc *UnsealConfig) HSMDaemonNeeded() bool

HSMDaemonNeeded returns if the unsealing mechanims needs a HSM Daemon present

func (*UnsealConfig) ToArgs Uses

func (usc *UnsealConfig) ToArgs(vault *Vault) []string

ToArgs returns the UnsealConfig as and argument array for bank-vaults

type UnsealOptions Uses

type UnsealOptions struct {
    PreFlightChecks *bool `json:"preFlightChecks,omitempty"`
}

UnsealOptions represents the common options to all unsealing backends

func (*UnsealOptions) DeepCopy Uses

func (in *UnsealOptions) DeepCopy() *UnsealOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsealOptions.

func (*UnsealOptions) DeepCopyInto Uses

func (in *UnsealOptions) DeepCopyInto(out *UnsealOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (UnsealOptions) ToArgs Uses

func (uso UnsealOptions) ToArgs() []string

type Vault Uses

type Vault struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata,omitempty"`

    Spec   VaultSpec   `json:"spec,omitempty"`
    Status VaultStatus `json:"status,omitempty"`
}

+genclient +genclient:noStatus +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +k8s:openapi-gen=true

func (*Vault) AsOwnerReference Uses

func (vault *Vault) AsOwnerReference() metav1.OwnerReference

AsOwnerReference returns this Vault instance as an OwnerReference

func (*Vault) ConfigJSON Uses

func (v *Vault) ConfigJSON() (string, error)

ConfigJSON returns the Config field as a JSON string

func (*Vault) DeepCopy Uses

func (in *Vault) DeepCopy() *Vault

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Vault.

func (*Vault) DeepCopyInto Uses

func (in *Vault) DeepCopyInto(out *Vault)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Vault) DeepCopyObject Uses

func (in *Vault) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Vault) GetIngress Uses

func (vault *Vault) GetIngress() *Ingress

GetIngress the Ingress configuration for Vault if any

func (*Vault) LabelsForVault Uses

func (vault *Vault) LabelsForVault() map[string]string

LabelsForVault returns the labels for selecting the resources belonging to the given vault CR name.

func (*Vault) LabelsForVaultConfigurer Uses

func (vault *Vault) LabelsForVaultConfigurer() map[string]string

LabelsForVaultConfigurer returns the labels for selecting the resources belonging to the given vault CR name.

type VaultList Uses

type VaultList struct {
    metav1.TypeMeta `json:",inline"`
    metav1.ListMeta `json:"metadata,omitempty"`
    Items           []Vault `json:"items"`
}

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*VaultList) DeepCopy Uses

func (in *VaultList) DeepCopy() *VaultList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultList.

func (*VaultList) DeepCopyInto Uses

func (in *VaultList) DeepCopyInto(out *VaultList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultList) DeepCopyObject Uses

func (in *VaultList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultSpec Uses

type VaultSpec struct {

    // Size defines the number of Vault instances in the cluster (>= 1 means HA)
    // default: 1
    Size int32 `json:"size,omitempty"`

    // Image specifies the Vault image to use for the Vault instances
    // default: library/vault:latest
    Image string `json:"image,omitempty"`

    // BankVaultsImage specifies the Bank Vaults image to use for Vault unsealing and configuration
    // default: banzaicloud/bank-vaults:latest
    BankVaultsImage string `json:"bankVaultsImage,omitempty"`

    // BankVaultsVolumeMounts define some extra Kubernetes Volume mounts for the Bank Vaults Sidecar container.
    // default:
    BankVaultsVolumeMounts []v1.VolumeMount `json:"bankVaultsVolumeMounts,omitempty"`

    // StatsDDisabled specifies if StatsD based metrics should be disabled
    // default: false
    StatsDDisabled bool `json:"statsdDisabled,omitempty"`

    // StatsDImage specifices the StatsD image to use for Vault metrics exportation
    // default: prom/statsd-exporter:latest
    StatsDImage string `json:"statsdImage,omitempty"`

    // FluentDEnabled specifies if FluentD based log exportation should be enabled
    // default: false
    FluentDEnabled bool `json:"fluentdEnabled,omitempty"`

    // FluentDImage specifices the FluentD image to use for Vault log exportation
    // default: fluent/fluentd:edge
    FluentDImage string `json:"fluentdImage,omitempty"`

    // FleuntDConfLocation is the location of the fluent.conf file
    // default: "/fluentd/etc"
    FleuntDConfLocation string `json:"fleuntdConfLocation,omitempty"`

    // FluentDConfig specifices the FluentD configuration to use for Vault log exportation
    // default:
    FluentDConfig string `json:"fluentdConfig,omitempty"`

    // WatchedSecretsLabels specifices a set of Kubernetes label selectors which select Secrets to watch.
    // If these Secrets change the Vault cluster gets restarted. For example a Secret that Cert-Manager is
    // managing a public Certificate for Vault using let's Encrypt.
    // default:
    WatchedSecretsLabels []map[string]string `json:"watchedSecretsLabels,omitempty"`

    // WatchedSecretsAnnotations specifices a set of Kubernetes annotations selectors which select Secrets to watch.
    // If these Secrets change the Vault cluster gets restarted. For example a Secret that Cert-Manager is
    // managing a public Certificate for Vault using let's Encrypt.
    // default:
    WatchedSecretsAnnotations []map[string]string `json:"watchedSecretsAnnotations,omitempty"`

    // Annotations define a set of common Kubernetes annotations that will be added to all operator managed resources.
    // default:
    Annotations map[string]string `json:"annotations,omitempty"`

    // VaultAnnotations define a set of Kubernetes annotations that will be added to all Vault Pods.
    // default:
    VaultAnnotations map[string]string `json:"vaultAnnotations,omitempty"`

    // VaultLabels define a set of Kubernetes labels that will be added to all Vault Pods.
    // default:
    VaultLabels map[string]string `json:"vaultLabels,omitempty"`

    // VaultPodSpec is a Kubernetes Pod specification snippet (`spec:` block) that will be merged into the operator generated
    // Vault Pod specification.
    // default:
    VaultPodSpec *EmbeddedPodSpec `json:"vaultPodSpec,omitempty"`

    // VaultContainerSpec is a Kubernetes Container specification snippet that will be merged into the operator generated
    // Vault Container specification.
    // default:
    VaultContainerSpec v1.Container `json:"vaultContainerSpec,omitempty"`

    // VaultConfigurerAnnotations define a set of Kubernetes annotations that will be added to the Vault Configurer Pod.
    // default:
    VaultConfigurerAnnotations map[string]string `json:"vaultConfigurerAnnotations,omitempty"`

    // VaultConfigurerLabels define a set of Kubernetes labels that will be added to all Vault Configurer Pod.
    // default:
    VaultConfigurerLabels map[string]string `json:"vaultConfigurerLabels,omitempty"`

    // VaultConfigurerPodSpec is a Kubernetes Pod specification snippet (`spec:` block) that will be merged into
    // the operator generated Vault Configurer Pod specification.
    // default:
    VaultConfigurerPodSpec *EmbeddedPodSpec `json:"vaultConfigurerPodSpec,omitempty"`

    // Config is the Vault Server configuration. See https://www.vaultproject.io/docs/configuration/ for more details.
    // default:
    Config extv1beta1.JSON `json:"config"`

    // ExternalConfig is higher level configuration block which instructs the Bank Vaults Configurer to configure Vault
    // through its API, thus allows setting up:
    // - Secret Engines
    // - Auth Methods
    // - Audit Devices
    // - Plugin Backends
    // - Policies
    // - Startup Secrets (Bank Vaults feature)
    // A documented example: https://github.com/banzaicloud/bank-vaults/blob/master/vault-config.yml
    // default:
    ExternalConfig extv1beta1.JSON `json:"externalConfig,omitempty"`

    // UnsealConfig defines where the Vault cluster's unseal keys and root token should be stored after initialization.
    // See the type's documentation for more details. Only one method may be specified.
    // default: Kubernetes Secret based unsealing
    UnsealConfig UnsealConfig `json:"unsealConfig,omitempty"`

    // CredentialsConfig defines a external Secret for Vault and how it should be mounted to the Vault Pod
    // for example accessing Cloud resources.
    // default:
    CredentialsConfig CredentialsConfig `json:"credentialsConfig,omitempty"`

    // EnvsConfig is a list of Kubernetes environment variable definitions that will be passed to all Bank-Vaults pods.
    // default:
    EnvsConfig []v1.EnvVar `json:"envsConfig,omitempty"`

    // SecurityContext is a Kubernetes PodSecurityContext that will be applied to all Pods created by the operator.
    // default:
    SecurityContext v1.PodSecurityContext `json:"securityContext,omitempty"`

    // EtcdVersion is the ETCD version of the automatically provisioned ETCD cluster
    // default: "3.3.17"
    EtcdVersion string `json:"etcdVersion,omitempty"`

    // EtcdSize is the size of the automatically provisioned ETCD cluster, -1 will disable automatic cluster provisioning.
    // The cluster is only provisioned if it is detected from the Vault configuration that it would like to use
    // ETCD as the storage backend. If not odd it will be changed always to the next (< etcdSize) odd number.
    // default: 3
    EtcdSize int `json:"etcdSize,omitempty"`

    // EtcdRepository is the repository used to pull the etcd imaegs
    // default:
    EtcdRepository string `json:"etcdRepository,omitempty"`

    // BusyBox image used for the etcd pod init container
    // default:
    EtcdPodBusyBoxImage string `json:"etcdPodBusyBoxImage,omitempty"`

    // EtcdAnnotations define a set of Kubernetes annotations that will be added to ETCD Cluster CR.
    // default:
    EtcdAnnotations map[string]string `json:"etcdAnnotations,omitempty"`

    // EtcdPodAnnotations define a set of Kubernetes annotations that will be added to ETCD Pods.
    // default:
    EtcdPodAnnotations map[string]string `json:"etcdPodAnnotations,omitempty"`

    // EtcdPVCSpec is a Kuberrnetes PersistentVolumeClaimSpec that will be used by the ETCD Pods.
    // emptyDir is used if not defined (no persistence).
    // default:
    EtcdPVCSpec *v1.PersistentVolumeClaimSpec `json:"etcdPVCSpec,omitempty"`

    // EtcdAffinity is a Kubernetes Affinity that will be used by the ETCD Pods.
    // If not defined PodAntiAffinity will be use.  If both are empty no Affinity is used
    // default:
    EtcdAffinity *v1.Affinity `json:"etcdAffinity,omitempty"`

    // ServiceType is a Kubernetes Service type of the Vault Service.
    // default: ClusterIP
    ServiceType string `json:"serviceType,omitempty"`

    // LoadBalancerIP is an optional setting for allocating a specific address for the entry service object
    // of type LoadBalancer
    // default: ""
    LoadBalancerIP string `json:"loadBalancerIP,omitempty"`

    // serviceRegistrationEnabled enables the injection of the service_registration Vault stanza.
    // This requires elaborated RBAC privileges for updating Pod labels for the Vault Pod.
    // default: false
    ServiceRegistrationEnabled bool `json:"serviceRegistrationEnabled,omitempty"`

    // RaftLeaderAddress defines the leader address of the raft cluster in multi-cluster deployments.
    // (In single cluster (namespace) deployments it is automatically detected).
    // "self" is a special value which means that this instance should be the bootstrap leader instance.
    // default: ""
    RaftLeaderAddress string `json:"raftLeaderAddress,omitempty"`

    // ServicePorts is an extra map of ports that should be exposed by the Vault Service.
    // default:
    ServicePorts map[string]int32 `json:"servicePorts,omitempty"`

    // Affinity is a group of affinity scheduling rules applied to all Vault Pods.
    // default:
    Affinity *v1.Affinity `json:"affinity,omitempty"`

    // PodAntiAffinity is the TopologyKey in the Vault Pod's PodAntiAffinity.
    // No PodAntiAffinity is used if empty.
    // Deprecated. Use Affinity.
    // default:
    PodAntiAffinity string `json:"podAntiAffinity,omitempty"`

    // NodeAffinity is Kubernetees NodeAffinity definition that should be applied to all Vault Pods.
    // Deprecated. Use Affinity.
    // default:
    NodeAffinity v1.NodeAffinity `json:"nodeAffinity,omitempty"`

    // NodeSelector is Kubernetees NodeSelector definition that should be applied to all Vault Pods.
    // default:
    NodeSelector map[string]string `json:"nodeSelector,omitempty"`

    // Tolerations is Kubernetes Tolerations definition that should be applied to all Vault Pods.
    // default:
    Tolerations []v1.Toleration `json:"tolerations,omitempty"`

    // ServiceAccount is Kubernetes ServiceAccount in which the Vault Pods should be running in.
    // default: default
    ServiceAccount string `json:"serviceAccount,omitempty"`

    // Volumes define some extra Kubernetes Volumes for the Vault Pods.
    // default:
    Volumes []v1.Volume `json:"volumes,omitempty"`

    // VolumeMounts define some extra Kubernetes Volume mounts for the Vault Pods.
    // default:
    VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"`

    // VolumeClaimTemplates define some extra Kubernetes PersistentVolumeClaim templates for the Vault Statefulset.
    // default:
    VolumeClaimTemplates []EmbeddedPersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`

    // VaultEnvsConfig is a list of Kubernetes environment variable definitions that will be passed to the Vault container.
    // default:
    VaultEnvsConfig []v1.EnvVar `json:"vaultEnvsConfig,omitempty"`

    // SidecarEnvsConfig is a list of Kubernetes environment variable definitions that will be passed to Vault sidecar containers.
    // default:
    SidecarEnvsConfig []v1.EnvVar `json:"sidecarEnvsConfig,omitempty"`

    // Resources defines the resource limits for all the resources created by the operator.
    // See the type for more details.
    // default:
    Resources *Resources `json:"resources,omitempty"`

    // Ingress, if it is specified the operator will create an Ingress resource for the Vault Service and
    // will annotate it with the correct Ingress annotations specific to the TLS settings in the configuration.
    // See the type for more details.
    // default:
    Ingress *Ingress `json:"ingress,omitempty"`

    // ServiceMonitorEnabled enables the creation of Prometheus Operator specific ServiceMonitor for Vault.
    // default: false
    ServiceMonitorEnabled bool `json:"serviceMonitorEnabled,omitempty"`

    // ExistingTLSSecretName is name of the secret that contains a TLS server certificate and key and the corresponding CA certificate.
    // Required secret format kubernetes.io/tls type secret keys + ca.crt key
    // If it is set, generating certificate will be disabled
    // default: ""
    ExistingTLSSecretName string `json:"existingTlsSecretName,omitempty"`

    // TLSExpiryThreshold is the Vault TLS certificate expiration threshold in Go's Duration format.
    // default: 168h
    TLSExpiryThreshold string `json:"tlsExpiryThreshold,omitempty"`

    // TLSAdditionalHosts is a list of additional hostnames or IP addresses to add to the SAN on the automatically generated TLS certificate.
    // default:
    TLSAdditionalHosts []string `json:"tlsAdditionalHosts,omitempty"`

    // CANamespaces define a list of namespaces where the generated CA certificate for Vault should be distributed,
    // use ["*"] for all namespaces.
    // default:
    CANamespaces []string `json:"caNamespaces,omitempty"`

    // IstioEnabled describes if the cluster has a Istio running and enabled.
    // default: false
    IstioEnabled bool `json:"istioEnabled,omitempty"`

    // VeleroEnabled describes if the cluster has a Velero running and enabled.
    // default: false
    VeleroEnabled bool `json:"veleroEnabled,omitempty"`

    // VeleroFsfreezeImage specifices the Velero Fsrfeeze image to use in Velero backup hooks
    // default: velero/fsfreeze-pause:latest
    VeleroFsfreezeImage string `json:"veleroFsfreezeImage,omitempty"`

    // InitContainers add extra initContainers
    VaultInitContainers []v1.Container `json:"vaultInitContainers,omitempty"`
}

VaultSpec defines the desired state of Vault Important: Run "make generate-code" to regenerate code after modifying this file

func (*VaultSpec) DeepCopy Uses

func (in *VaultSpec) DeepCopy() *VaultSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSpec.

func (*VaultSpec) DeepCopyInto Uses

func (in *VaultSpec) DeepCopyInto(out *VaultSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSpec) ExternalConfigJSON Uses

func (spec *VaultSpec) ExternalConfigJSON() string

ExternalConfigJSON returns the ExternalConfig field as a JSON string

func (*VaultSpec) GetAPIPortName Uses

func (spec *VaultSpec) GetAPIPortName() string

GetAPIPortName returns the main Vault port name based on Istio and TLS settings

func (*VaultSpec) GetAPIScheme Uses

func (spec *VaultSpec) GetAPIScheme() string

GetAPIScheme returns if Vault's API address should be called on http or https

func (*VaultSpec) GetAnnotations Uses

func (spec *VaultSpec) GetAnnotations() map[string]string

GetAnnotations returns the Common Annotations

func (*VaultSpec) GetBankVaultsImage Uses

func (spec *VaultSpec) GetBankVaultsImage() string

GetBankVaultsImage returns the bank-vaults image to use

func (*VaultSpec) GetEtcdSize Uses

func (spec *VaultSpec) GetEtcdSize() int

GetEtcdSize returns the number of etcd pods to use

func (*VaultSpec) GetEtcdStorage Uses

func (spec *VaultSpec) GetEtcdStorage() map[string]interface{}

GetEtcdStorage returns the etcd storage if configured or nil

func (*VaultSpec) GetEtcdVersion Uses

func (spec *VaultSpec) GetEtcdVersion() string

GetEtcdVersion returns the etcd version to use

func (*VaultSpec) GetFluentDConfMountPath Uses

func (spec *VaultSpec) GetFluentDConfMountPath() string

GetFluentDConfMountPath returns the mount path for the fluent.conf

func (*VaultSpec) GetFluentDImage Uses

func (spec *VaultSpec) GetFluentDImage() string

GetFluentDImage returns the FluentD image to use

func (*VaultSpec) GetHAStorage Uses

func (spec *VaultSpec) GetHAStorage() map[string]interface{}

GetHAStorage returns Vault's ha_storage stanza

func (*VaultSpec) GetHAStorageType Uses

func (spec *VaultSpec) GetHAStorageType() string

GetHAStorageType returns the type of Vault's ha_storage stanza

func (*VaultSpec) GetServiceAccount Uses

func (spec *VaultSpec) GetServiceAccount() string

GetServiceAccount returns the Kubernetes Service Account to use for Vault

func (*VaultSpec) GetStatsDImage Uses

func (spec *VaultSpec) GetStatsDImage() string

GetStatsDImage returns the StatsD image to use

func (*VaultSpec) GetStorage Uses

func (spec *VaultSpec) GetStorage() map[string]interface{}

GetStorage returns Vault's storage stanza

func (*VaultSpec) GetStorageType Uses

func (spec *VaultSpec) GetStorageType() string

GetStorageType returns the type of Vault's storage stanza

func (*VaultSpec) GetTLSExpiryThreshold Uses

func (spec *VaultSpec) GetTLSExpiryThreshold() time.Duration

GetTLSExpiryThreshold returns the Vault TLS certificate expiration threshold

func (*VaultSpec) GetVaultAnnotations Uses

func (spec *VaultSpec) GetVaultAnnotations() map[string]string

GetVaultAnnotations returns the Vault Pod , Secret and ConfigMap Annotations

func (*VaultSpec) GetVaultConfig Uses

func (spec *VaultSpec) GetVaultConfig() map[string]interface{}

func (*VaultSpec) GetVaultConfigurerAnnotations Uses

func (spec *VaultSpec) GetVaultConfigurerAnnotations() map[string]string

GetVaultConfigurerAnnotations returns the Vault Configurer Pod Annotations

func (*VaultSpec) GetVaultConfigurerLabels Uses

func (spec *VaultSpec) GetVaultConfigurerLabels() map[string]string

GetVaultConfigurerLabels returns the Vault Configurer Pod Labels

func (*VaultSpec) GetVaultImage Uses

func (spec *VaultSpec) GetVaultImage() string

GetVaultImage returns the Vault image to use

func (*VaultSpec) GetVaultLabels Uses

func (spec *VaultSpec) GetVaultLabels() map[string]string

GetVaultLAbels returns the Vault Pod , Secret and ConfigMap Labels

func (*VaultSpec) GetVeleroFsfreezeImage Uses

func (spec *VaultSpec) GetVeleroFsfreezeImage() string

GetVeleroFsfreezeImage returns the Velero Fsreeze image to use

func (*VaultSpec) GetVersion Uses

func (spec *VaultSpec) GetVersion() (*semver.Version, error)

GetVersion returns the version of Vault

func (*VaultSpec) GetVolumeClaimTemplates Uses

func (spec *VaultSpec) GetVolumeClaimTemplates() []v1.PersistentVolumeClaim

GetVolumeClaimTemplates fixes the "status diff" in PVC templates

func (*VaultSpec) GetWatchedSecretsAnnotations Uses

func (spec *VaultSpec) GetWatchedSecretsAnnotations() []map[string]string

GetWatchedSecretsAnnotations returns the set of annotations for secrets to watch in the vault namespace

func (*VaultSpec) GetWatchedSecretsLabels Uses

func (spec *VaultSpec) GetWatchedSecretsLabels() []map[string]string

GetWatchedSecretsLabels returns the set of labels for secrets to watch in the vault namespace

func (*VaultSpec) HasEtcdStorage Uses

func (spec *VaultSpec) HasEtcdStorage() bool

HasEtcdStorage detects if Vault is configured to use etcd as storage or ha_storage backend

func (*VaultSpec) HasHAStorage Uses

func (spec *VaultSpec) HasHAStorage() bool

HasHAStorage detects if Vault is configured to use a storage backend which supports High Availability or if it has ha_storage stanza, then doesn't check for ha_enabled flag

func (*VaultSpec) HasStorageHAEnabled Uses

func (spec *VaultSpec) HasStorageHAEnabled() bool

HasStorageHAEnabled detects if the ha_enabled field is set to true in Vault's storage stanza

func (*VaultSpec) IsAutoUnseal Uses

func (spec *VaultSpec) IsAutoUnseal() bool

IsAutoUnseal checks if auto-unseal is configured

func (*VaultSpec) IsFluentDEnabled Uses

func (spec *VaultSpec) IsFluentDEnabled() bool

IsFluentDEnabled returns true if fluentd sidecar is to be deployed

func (*VaultSpec) IsRaftBootstrapFollower Uses

func (spec *VaultSpec) IsRaftBootstrapFollower() bool

IsRaftBootstrapFollower checks if this cluster should be considered the bootstrap follower.

func (*VaultSpec) IsRaftHAStorage Uses

func (spec *VaultSpec) IsRaftHAStorage() bool

IsRaftHAStorage checks if raft ha_storage is configured

func (*VaultSpec) IsRaftStorage Uses

func (spec *VaultSpec) IsRaftStorage() bool

IsRaftStorage checks if raft storage is configured

func (*VaultSpec) IsStatsDDisabled Uses

func (spec *VaultSpec) IsStatsDDisabled() bool

IsStatsDDisabled returns false if statsd sidecar is to be deployed

func (*VaultSpec) IsTLSDisabled Uses

func (spec *VaultSpec) IsTLSDisabled() bool

IsTLSDisabled returns if Vault's TLS should be disabled

func (*VaultSpec) IsTelemetryUnauthenticated Uses

func (spec *VaultSpec) IsTelemetryUnauthenticated() bool

IsTelemetryUnauthenticated returns if Vault's telemetry endpoint can be accessed publicly

type VaultStatus Uses

type VaultStatus struct {
    // Important: Run "make generate-code" to regenerate code after modifying this file
    Nodes      []string                `json:"nodes"`
    Leader     string                  `json:"leader"`
    Conditions []v1.ComponentCondition `json:"conditions,omitempty"`
}

VaultStatus defines the observed state of Vault

func (*VaultStatus) DeepCopy Uses

func (in *VaultStatus) DeepCopy() *VaultStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStatus.

func (*VaultStatus) DeepCopyInto Uses

func (in *VaultStatus) DeepCopyInto(out *VaultStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultUnsealConfig Uses

type VaultUnsealConfig struct {
    Address        string `json:"address"`
    UnsealKeysPath string `json:"unsealKeysPath"`
    Role           string `json:"role,omitempty"`
    AuthPath       string `json:"authPath,omitempty"`
    TokenPath      string `json:"tokenPath,omitempty"`
    Token          string `json:"token,omitempty"`
}

VaultUnsealConfig holds the parameters for remote Vault based unsealing

func (*VaultUnsealConfig) DeepCopy Uses

func (in *VaultUnsealConfig) DeepCopy() *VaultUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultUnsealConfig.

func (*VaultUnsealConfig) DeepCopyInto Uses

func (in *VaultUnsealConfig) DeepCopyInto(out *VaultUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Package v1alpha1 imports 21 packages (graph) and is imported by 8 packages. Updated 2021-01-20. Refresh now. Tools for package owners.