controller

package
v0.26.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 53 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// SuccessUnsealed is used as part of the Event 'reason' when
	// a SealedSecret is unsealed successfully.
	SuccessUnsealed = "Unsealed"

	// ErrUpdateFailed is used as part of the Event 'reason' when
	// a SealedSecret fails to update the target Secret for a
	// non-cryptography reason. Typically this is due to API I/O
	// or RBAC issues.
	ErrUpdateFailed = "ErrUpdateFailed"

	// ErrUnsealFailed is used as part of the Event 'reason' when a
	// SealedSecret fails the unsealing process.  Typically this
	// is because it is encrypted with the wrong key or has been
	// renamed from its original namespace/name.
	ErrUnsealFailed = "ErrUnsealFailed"
)
View Source 
const SealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"

SealedSecretsKeyLabel is that label used to locate active key pairs used to decrypt sealed secrets.

Variables

View Source 
var (
	// ErrCast happens when a K8s any type cannot be casted to the expected type.
	ErrCast = errors.New("cast error")
)
View Source 
var (
	// ErrPrivateKeyNotRSA is returned when the private key is not a valid RSA key.
	ErrPrivateKeyNotRSA = errors.New("private key is not an RSA key")
)

Functions

func Instrument 

func Instrument(path string, h http.Handler) http.Handler

Instrument HTTP handler.

func Main 

func Main(f *Flags, version string) error

func ObserveCondition 

func ObserveCondition(ssecret *v1alpha1.SealedSecret)

ObserveCondition sets a `condition_info` Gauge according to a SealedSecret status.

func ScheduleJobWithTrigger 

func ScheduleJobWithTrigger(initialDelay, period time.Duration, job func()) func()

ScheduleJobWithTrigger creates a long-running loop that runs a job after an initialDelay and then after each period duration. It returns a trigger function that runs the job early when called.

func UnregisterCondition 

func UnregisterCondition(ssecret *v1alpha1.SealedSecret)

UnregisterCondition unregisters Gauges associated to a SealedSecret conditions.

Types

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

Controller implements the main sealed-secrets-controller loop.

func NewController 

func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer informers.SharedInformerFactory, keyRegistry *KeyRegistry) (*Controller, error)

NewController returns the main sealed-secrets controller loop.

func (*Controller) AttemptUnseal 

func (c *Controller) AttemptUnseal(content []byte) (bool, error)

AttemptUnseal tries to unseal a secret.

func (*Controller) HasSynced 

func (c *Controller) HasSynced() bool

HasSynced returns true once this controller has completed an initial resource listing.

func (*Controller) LastSyncResourceVersion 

func (c *Controller) LastSyncResourceVersion() string

LastSyncResourceVersion is the resource version observed when last synced with the underlying store. The value returned is not synchronized with access to the underlying store and is not thread-safe.

func (*Controller) Rotate 

func (c *Controller) Rotate(content []byte) ([]byte, error)

Rotate takes a sealed secret and returns a sealed secret that has been encrypted with the latest private key. If the secret is already encrypted with the latest, returns the input.

func (*Controller) Run 

func (c *Controller) Run(stopCh <-chan struct{})

Run begins processing items, and will continue until a value is sent down stopCh. It's an error to call Run more than once. Run blocks; call via go.

type Flags 

type Flags struct {
	KeyPrefix             string
	KeySize               int
	ValidFor              time.Duration
	MyCN                  string
	KeyRenewPeriod        time.Duration
	AcceptV1Data          bool
	KeyCutoffTime         string
	NamespaceAll          bool
	AdditionalNamespaces  string
	LabelSelector         string
	RateLimitPerSecond    int
	RateLimitBurst        int
	OldGCBehavior         bool
	UpdateStatus          bool
	SkipRecreate          bool
	LogInfoToStdout       bool
	LogLevel              string
	LogFormat             string
	PrivateKeyAnnotations string
	PrivateKeyLabels      string
}

Flags to configure the controller.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

A Key holds the cryptographic key pair and some metadata about it.

type KeyRegistry 

type KeyRegistry struct {
	sync.Mutex
	// contains filtered or unexported fields
}

A KeyRegistry manages the key pairs used to (un)seal secrets.

func NewKeyRegistry 

func NewKeyRegistry(client kubernetes.Interface, namespace, keyPrefix, keyLabel string, keysize int) *KeyRegistry

NewKeyRegistry creates a new KeyRegistry.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.