Documentation ¶
Index ¶
Constants ¶
View Source
const DefaultLabelValue = "default"
DefaultLabelValue is the default label value that will be applied to secrets created by pentagon.
View Source
const DefaultNamespace = "default"
DefaultNamespace is the default kubernetes namespace.
View Source
const LabelKey = "pentagon"
LabelKey is the name of label that will be attached to every secret created by pentagon.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // VaultURL is the URL used to connect to vault. Vault VaultConfig `yaml:"vault"` // Namespace is the k8s namespace that the secrets will be created in. Namespace string `yaml:"namespace"` // Label is the value of the `pentagon` label that will be added to all // k8s secrets created by pentagon. Label string `yaml:"label"` // Mappings is a list of mappings. Mappings []Mapping `yaml:"mappings"` }
Config describes the configuration for vaultofsecrets
func (*Config) SetDefaults ¶
func (c *Config) SetDefaults()
SetDefaults sets defaults for the Namespace and Label in case they're not passed in from the configuration file.
type Mapping ¶
type Mapping struct { // VaultPath is the path to the vault secret. VaultPath string `yaml:"vaultPath"` // SecretName is the name of the k8s secret that the vault contents should // be written to. Note that this must be a DNS-1123-compatible name and // match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* SecretName string `yaml:"secretName"` // SecretType is a k8s SecretType type (string) SecretType corev1.SecretType `yaml:"secretType"` // VaultEngineType is the type of secrets engine mounted at the path of this // Vault secret. This specifically overrides the DefaultEngineType // specified in VaultConfig. VaultEngineType vault.EngineType `yaml:"vaultEngineType"` }
Mapping is a single mapping for a vault secret to a k8s secret.
type Reflector ¶
type Reflector struct {
// contains filtered or unexported fields
}
Reflector moves things from vault to kubernetes
func NewReflector ¶
func NewReflector( vaultClient vault.Logical, k8sClient kubernetes.Interface, k8sNamespace string, labelValue string, ) *Reflector
NewReflector returns a new relfector
type VaultConfig ¶
type VaultConfig struct { // URL is the url to the vault server. URL string `yaml:"url"` // AuthType can be "token" or "gcp-default". AuthType vault.AuthType `yaml:"authType"` // DefaultEngineType is the type of secrets engine used because the API // responses may differ based on the engine used. In particular, K/V v2 // has an extra layer of data wrapping that differs from v1. // Allowed values are "kv" and "kv-v2". DefaultEngineType vault.EngineType `yaml:"defaultEngineType"` // Role is the role used when authenticating with vault. If this is unset // the role will be discovered by querying the GCP metadata service for // the default service account's email address and using the "user" portion // (before the '@'). Role string `yaml:"role"` // used for non-token auth // Token is a vault token and is only considered when AuthType == "token". Token string `yaml:"token"` // TLSConfig allows you to set any TLS options that the vault client // accepts. TLSConfig *api.TLSConfig `yaml:"tls"` // for other vault TLS options }
VaultConfig is the vault configuration.
Click to show internal directories.
Click to hide internal directories.