kubernetes

package
v0.0.0-...-5169047 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2019 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Overview

Copyright Jetstack Ltd. See LICENSE for details.

Copyright Jetstack Ltd. See LICENSE for details.

Copyright Jetstack Ltd. See LICENSE for details.

Copyright Jetstack Ltd. See LICENSE for details.

Copyright Jetstack Ltd. See LICENSE for details.

Copyright Jetstack Ltd. See LICENSE for details.

Copyright Jetstack Ltd. See LICENSE for details.

Index

Constants

View Source 
const FlagInitTokenAll = "init-token-all"
View Source 
const FlagInitTokenEtcd = "init-token-etcd"
View Source 
const FlagInitTokenMaster = "init-token-master"
View Source 
const FlagInitTokenWorker = "init-token-worker"
View Source 
const FlagMaxValidityAdmin = "max-validity-admin"
View Source 
const FlagMaxValidityCA = "max-validity-ca"
View Source 
const FlagMaxValidityComponents = "max-validity-components"

Variables

View Source 
var Version string

Functions

func GetMountByPath 

func GetMountByPath(vaultClient Vault, mountPath string) (*vault.MountOutput, error)

Types

type Backend 

type Backend interface {
	Ensure() error
	EnsureDryRun() (bool, error)
	Delete() error
	Path() string
	Type() string
	Name() string
}

type DryRun 

type DryRun struct {
	*multierror.Error
}

type FlagInitTokens 

type FlagInitTokens struct {
	Etcd   string
	Master string
	Worker string
	All    string
}

type GenericVaultBackend 

type GenericVaultBackend struct {
	Log *logrus.Entry
	// contains filtered or unexported fields
}

func (*GenericVaultBackend) Delete 

func (g *GenericVaultBackend) Delete() error

func (*GenericVaultBackend) DeleteInitTokenStore 

func (g *GenericVaultBackend) DeleteInitTokenStore(role string) error

func (*GenericVaultBackend) EncryptionConfigPath 

func (g *GenericVaultBackend) EncryptionConfigPath() string

EncryptionConfigPath is the vault path for the kubernetes encryption config file content

func (*GenericVaultBackend) Ensure 

func (g *GenericVaultBackend) Ensure() error

func (*GenericVaultBackend) EnsureDryRun 

func (g *GenericVaultBackend) EnsureDryRun() (bool, error)

func (*GenericVaultBackend) InitToken 

func (g *GenericVaultBackend) InitToken(name, role string, policies []string, expectedToken string) (string, error)

func (*GenericVaultBackend) InitTokenStore 

func (g *GenericVaultBackend) InitTokenStore(role string) (token string, err error)

func (*GenericVaultBackend) Name 

func (g *GenericVaultBackend) Name() string

func (*GenericVaultBackend) Path 

func (g *GenericVaultBackend) Path() string

func (*GenericVaultBackend) ServiceAccountsPath 

func (g *GenericVaultBackend) ServiceAccountsPath() string

ServiceAccountsPath is the vault path for the service-accounts certificate content

func (*GenericVaultBackend) SetInitTokenStore 

func (g *GenericVaultBackend) SetInitTokenStore(role string, token string) error

func (*GenericVaultBackend) Type 

func (g *GenericVaultBackend) Type() string

type InitToken 

type InitToken struct {
	Role     string
	Policies []string

	ExpectedToken string
	// contains filtered or unexported fields
}

func (*InitToken) Delete 

func (i *InitToken) Delete() error

func (*InitToken) Ensure 

func (i *InitToken) Ensure() error

func (*InitToken) EnsureDryRun 

func (i *InitToken) EnsureDryRun() (bool, error)

func (*InitToken) InitToken 

func (i *InitToken) InitToken() (string, error)

InitToken fetches the token from the secrets backend if it is not already set

func (*InitToken) Name 

func (i *InitToken) Name() string

Get init token name

func (*InitToken) Path 

func (i *InitToken) Path() string

Construct file path for ../auth

type Kubernetes 

type Kubernetes struct {
	Log *logrus.Entry

	MaxValidityAdmin      time.Duration
	MaxValidityComponents time.Duration
	MaxValidityCA         time.Duration
	MaxValidityInitTokens time.Duration

	FlagInitTokens FlagInitTokens
	// contains filtered or unexported fields
}

func New 

func New(vaultClient *vault.Client, logger *logrus.Entry) *Kubernetes

func (*Kubernetes) Delete 

func (k *Kubernetes) Delete() error

func (*Kubernetes) DeletePolicy 

func (k *Kubernetes) DeletePolicy(p *Policy) error

func (*Kubernetes) Ensure 

func (k *Kubernetes) Ensure() error

func (*Kubernetes) EnsureDryRun 

func (k *Kubernetes) EnsureDryRun() (bool, error)

return true if change needed

func (*Kubernetes) InitTokens 

func (k *Kubernetes) InitTokens() map[string]string

func (*Kubernetes) NewGenericVaultBackend 

func (k *Kubernetes) NewGenericVaultBackend(logger *logrus.Entry) *GenericVaultBackend

func (*Kubernetes) NewInitToken 

func (k *Kubernetes) NewInitToken(role, expected string, policies []string) *InitToken

func (*Kubernetes) NewInitTokens 

func (k *Kubernetes) NewInitTokens() []*InitToken

func (*Kubernetes) Path 

func (k *Kubernetes) Path() string

func (*Kubernetes) ReadPolicy 

func (k *Kubernetes) ReadPolicy(p *Policy) (string, error)

func (*Kubernetes) SetClusterID 

func (k *Kubernetes) SetClusterID(clusterID string)

func (*Kubernetes) SetInitFlags 

func (k *Kubernetes) SetInitFlags(flags FlagInitTokens)

func (*Kubernetes) SetVersion 

func (k *Kubernetes) SetVersion(version string)

func (*Kubernetes) Version 

func (k *Kubernetes) Version() string

func (*Kubernetes) WritePolicy 

func (k *Kubernetes) WritePolicy(p *Policy) error

type PKIVaultBackend 

type PKIVaultBackend struct {
	MaxLeaseTTL     time.Duration
	DefaultLeaseTTL time.Duration

	Log *logrus.Entry
	// contains filtered or unexported fields
}

func NewPKIVaultBackend 

func NewPKIVaultBackend(k *Kubernetes, pkiName string, logger *logrus.Entry) *PKIVaultBackend

func (*PKIVaultBackend) Delete 

func (p *PKIVaultBackend) Delete() error

func (*PKIVaultBackend) DeleteRole 

func (p *PKIVaultBackend) DeleteRole(role *pkiRole) error

func (*PKIVaultBackend) Ensure 

func (p *PKIVaultBackend) Ensure() error

func (*PKIVaultBackend) EnsureDryRun 

func (p *PKIVaultBackend) EnsureDryRun() (bool, error)

func (*PKIVaultBackend) Name 

func (p *PKIVaultBackend) Name() string

func (*PKIVaultBackend) Path 

func (p *PKIVaultBackend) Path() string

func (*PKIVaultBackend) ReadRole 

func (p *PKIVaultBackend) ReadRole(role *pkiRole) (*vault.Secret, error)

func (*PKIVaultBackend) TuneMount 

func (p *PKIVaultBackend) TuneMount(mount *vault.MountOutput) error

func (*PKIVaultBackend) TuneMountRequired 

func (p *PKIVaultBackend) TuneMountRequired(mount *vault.MountOutput) bool

func (*PKIVaultBackend) Type 

func (p *PKIVaultBackend) Type() string

Type is the sting key of the vault backend type

func (*PKIVaultBackend) WriteRole 

func (p *PKIVaultBackend) WriteRole(role *pkiRole) error

type Policy 

type Policy struct {
	Name     string
	Policies []*policyPath
	Role     string
}

func (*Policy) Policy 

func (p *Policy) Policy() string

type Vault 

type Vault interface {
	Logical() VaultLogical
	Sys() VaultSys
	Auth() VaultAuth
}

type VaultAuth 

type VaultAuth interface {
	Token() VaultToken
}

type VaultLogical 

type VaultLogical interface {
	Write(path string, data map[string]interface{}) (*vault.Secret, error)
	Read(path string) (*vault.Secret, error)
	Delete(path string) (*vault.Secret, error)
}

type VaultSys 

type VaultSys interface {
	ListMounts() (map[string]*vault.MountOutput, error)
	ListPolicies() ([]string, error)

	Mount(path string, mountInfo *vault.MountInput) error
	PutPolicy(name, rules string) error
	TuneMount(path string, config vault.MountConfigInput) error
	GetPolicy(name string) (string, error)

	Unmount(path string) error
	DeletePolicy(policy string) error
	Revoke(id string) error
}

type VaultToken 

type VaultToken interface {
	CreateOrphan(opts *vault.TokenCreateRequest) (*vault.Secret, error)
	RevokeOrphan(token string) error
	Lookup(token string) (*vault.Secret, error)
	Renew(token string, increment int) (*vault.Secret, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.