config

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	DefaultConfig = &Config{
		SecretName:        "kozmo-pod-webhook",
		ServiceName:       "kozmo-pod-webhook",
		ServicePort:       443,
		MetricsPrefix:     "kozmo:",
		CertDir:           "/etc/webhook/certs",
		LocalCert:         false,
		ListenPort:        9443,
		SecretManagerType: SecretManagerTypeK8s,
		AWSSecretManagerConfig: AWSSecretManagerConfig{
			SidecarImage: "docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4",
			Resources: corev1.ResourceRequirements{
				Requests: corev1.ResourceList{
					corev1.ResourceMemory: resource.MustParse("500Mi"),
					corev1.ResourceCPU:    resource.MustParse("200m"),
				},
				Limits: corev1.ResourceList{
					corev1.ResourceMemory: resource.MustParse("500Mi"),
					corev1.ResourceCPU:    resource.MustParse("200m"),
				},
			},
		},
		GCPSecretManagerConfig: GCPSecretManagerConfig{
			SidecarImage: "gcr.io/google.com/cloudsdktool/cloud-sdk:alpine",
			Resources: corev1.ResourceRequirements{
				Requests: corev1.ResourceList{
					corev1.ResourceMemory: resource.MustParse("500Mi"),
					corev1.ResourceCPU:    resource.MustParse("200m"),
				},
				Limits: corev1.ResourceList{
					corev1.ResourceMemory: resource.MustParse("500Mi"),
					corev1.ResourceCPU:    resource.MustParse("200m"),
				},
			},
		},
		VaultSecretManagerConfig: VaultSecretManagerConfig{
			Role:      "kozmo",
			KVVersion: KVVersion2,
		},
	}
)

Functions

This section is empty.

Types

type AWSSecretManagerConfig

type AWSSecretManagerConfig struct {
	SidecarImage string                      `json:"sidecarImage" pflag:",Specifies the sidecar docker image to use"`
	Resources    corev1.ResourceRequirements `json:"resources" pflag:"-,Specifies resource requirements for the init container."`
}

type Config

type Config struct {
	MetricsPrefix            string                   `json:"metrics-prefix" pflag:",An optional prefix for all published metrics."`
	CertDir                  string                   `json:"certDir" pflag:",Certificate directory to use to write generated certs. Defaults to /etc/webhook/certs/"`
	LocalCert                bool                     `json:"localCert" pflag:",write certs locally. Defaults to false"`
	ListenPort               int                      `json:"listenPort" pflag:",The port to use to listen to webhook calls. Defaults to 9443"`
	ServiceName              string                   `json:"serviceName" pflag:",The name of the webhook service."`
	ServicePort              int32                    `json:"servicePort" pflag:",The port on the service that hosting webhook."`
	SecretName               string                   `json:"secretName" pflag:",Secret name to write generated certs to."`
	SecretManagerType        SecretManagerType        `json:"secretManagerType" pflag:"-,Secret manager type to use if secrets are not found in global secrets."`
	AWSSecretManagerConfig   AWSSecretManagerConfig   `json:"awsSecretManager" pflag:",AWS Secret Manager config."`
	GCPSecretManagerConfig   GCPSecretManagerConfig   `json:"gcpSecretManager" pflag:",GCP Secret Manager config."`
	VaultSecretManagerConfig VaultSecretManagerConfig `json:"vaultSecretManager" pflag:",Vault Secret Manager config."`
}

func GetConfig

func GetConfig() *Config

func (Config) ExpandCertDir

func (c Config) ExpandCertDir() string

func (Config) GetPFlagSet

func (cfg Config) GetPFlagSet(prefix string) *pflag.FlagSet

GetPFlagSet will return strongly types pflags for all fields in Config and its nested types. The format of the flags is json-name.json-sub-name... etc.

type GCPSecretManagerConfig

type GCPSecretManagerConfig struct {
	SidecarImage string                      `json:"sidecarImage" pflag:",Specifies the sidecar docker image to use"`
	Resources    corev1.ResourceRequirements `json:"resources" pflag:"-,Specifies resource requirements for the init container."`
}

type KVVersion

type KVVersion int

Defines with KV Engine Version to use with VaultSecretManager - https://www.vaultproject.io/docs/secrets/kv#kv-secrets-engine

const (
	// KV v1 refers to unversioned secrets
	KVVersion1 KVVersion = iota
	// KV v2 refers to versioned secrets
	KVVersion2
)

func KVVersionString

func KVVersionString(s string) (KVVersion, error)

KVVersionString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func KVVersionValues

func KVVersionValues() []KVVersion

KVVersionValues returns all values of the enum

func (KVVersion) IsAKVVersion

func (i KVVersion) IsAKVVersion() bool

IsAKVVersion returns "true" if the value is listed in the enum definition. "false" otherwise

func (KVVersion) MarshalJSON

func (i KVVersion) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for KVVersion

func (KVVersion) MarshalYAML

func (i KVVersion) MarshalYAML() (interface{}, error)

MarshalYAML implements a YAML Marshaler for KVVersion

func (KVVersion) String

func (i KVVersion) String() string

func (*KVVersion) UnmarshalJSON

func (i *KVVersion) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for KVVersion

func (*KVVersion) UnmarshalYAML

func (i *KVVersion) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements a YAML Unmarshaler for KVVersion

type SecretManagerType

type SecretManagerType int

SecretManagerType defines which secret manager to use.

const (
	// SecretManagerTypeGlobal defines a global secret manager that can read env vars and mounted secrets to the webhook
	// pod.
	SecretManagerTypeGlobal SecretManagerType = iota

	// SecretManagerTypeK8s defines a secret manager webhook that injects K8s volume mounts to mount K8s secrets.
	SecretManagerTypeK8s

	// SecretManagerTypeAWS defines a secret manager webhook that injects a side car to pull secrets from AWS Secret
	// Manager and mount them to a local file system (in memory) and share that mount with other containers in the pod.
	SecretManagerTypeAWS

	// SecretManagerTypeGCP defines a secret manager webhook that injects a side car to pull secrets from GCP Secret
	// Manager and mount them to a local file system (in memory) and share that mount with other containers in the pod.
	SecretManagerTypeGCP

	// SecretManagerTypeVault defines a secret manager webhook that pulls secrets from Hashicorp Vault.
	SecretManagerTypeVault
)

func SecretManagerTypeString

func SecretManagerTypeString(s string) (SecretManagerType, error)

SecretManagerTypeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func SecretManagerTypeValues

func SecretManagerTypeValues() []SecretManagerType

SecretManagerTypeValues returns all values of the enum

func (SecretManagerType) IsASecretManagerType

func (i SecretManagerType) IsASecretManagerType() bool

IsASecretManagerType returns "true" if the value is listed in the enum definition. "false" otherwise

func (SecretManagerType) MarshalJSON

func (i SecretManagerType) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for SecretManagerType

func (SecretManagerType) MarshalYAML

func (i SecretManagerType) MarshalYAML() (interface{}, error)

MarshalYAML implements a YAML Marshaler for SecretManagerType

func (SecretManagerType) String

func (i SecretManagerType) String() string

func (*SecretManagerType) UnmarshalJSON

func (i *SecretManagerType) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for SecretManagerType

func (*SecretManagerType) UnmarshalYAML

func (i *SecretManagerType) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements a YAML Unmarshaler for SecretManagerType

type VaultSecretManagerConfig

type VaultSecretManagerConfig struct {
	Role        string            `json:"role" pflag:",Specifies the vault role to use"`
	KVVersion   KVVersion         `` /* 239-byte string literal not displayed */
	Annotations map[string]string `` /* 266-byte string literal not displayed */
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL