v1alpha1

package
v0.0.0-...-b140147 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2019 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package +groupName=vault.security.coreos.com

Index

Constants

View Source 
const (
	// Name of CA cert file in the client secret
	CATLSCertName = "vault-client-ca.crt"
)
View Source 
const (
	VaultServiceKind = "VaultService"
)

Variables

View Source 
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
	// SchemeGroupVersion is the group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: groupName, Version: version}
)

Functions

func DefaultVaultClientTLSSecretName 

func DefaultVaultClientTLSSecretName(vaultName string) string

DefaultVaultClientTLSSecretName returns the name of the default vault client TLS secret

func DefaultVaultServerTLSSecretName 

func DefaultVaultServerTLSSecretName(vaultName string) string

DefaultVaultServerTLSSecretName returns the name of the default vault server TLS secret

func IsTLSConfigured 

func IsTLSConfigured(tp *TLSPolicy) bool

IsTLSConfigured checks if the vault TLS secrets have been specified by the user

Types

type ClusterPhase 

type ClusterPhase string
const (
	ClusterPhaseInitial ClusterPhase = ""
	ClusterPhaseRunning              = "Running"
)

type PodPolicy 

type PodPolicy struct {
	// Resources is the resource requirements for the containers.
	Resources v1.ResourceRequirements `json:"resources,omitempty"`
}

PodPolicy defines the policy for pods owned by vault operator.

func (*PodPolicy) DeepCopy 

func (in *PodPolicy) DeepCopy() *PodPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodPolicy.

func (*PodPolicy) DeepCopyInto 

func (in *PodPolicy) DeepCopyInto(out *PodPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StaticTLS 

type StaticTLS struct {
	// ServerSecret is the secret containing TLS certs used by each vault node
	// for the communication between the vault server and its clients.
	// The server secret should contain two files: server.crt and server.key
	// The server.crt file should only contain the server certificate.
	// It should not be concatenated with the optional ca certificate as allowed by https://www.vaultproject.io/docs/configuration/listener/tcp.html#tls_cert_file
	// The server certificate must allow the following wildcard domains:
	// localhost
	// *.<namespace>.pod
	// <vault-cluster-name>.<namespace>.svc
	ServerSecret string `json:"serverSecret,omitempty"`
	// ClientSecret is the secret containing the CA certificate
	// that will be used to verify the above server certificate
	// The ca secret should contain one file: vault-client-ca.crt
	ClientSecret string `json:"clientSecret,omitempty"`
}

func (*StaticTLS) DeepCopy 

func (in *StaticTLS) DeepCopy() *StaticTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticTLS.

func (*StaticTLS) DeepCopyInto 

func (in *StaticTLS) DeepCopyInto(out *StaticTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSPolicy 

type TLSPolicy struct {
	// StaticTLS enables user to use static x509 certificates and keys,
	// by putting them into Kubernetes secrets, and specifying them here.
	// If this is not set, operator will auto-gen TLS assets and secrets.
	Static *StaticTLS `json:"static,omitempty"`
}

TLSPolicy defines the TLS policy of the vault nodes

func (*TLSPolicy) DeepCopy 

func (in *TLSPolicy) DeepCopy() *TLSPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy.

func (*TLSPolicy) DeepCopyInto 

func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultService 

type VaultService struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`
	Spec              VaultServiceSpec   `json:"spec"`
	Status            VaultServiceStatus `json:"status,omitempty"`
}

func (*VaultService) DeepCopy 

func (in *VaultService) DeepCopy() *VaultService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultService.

func (*VaultService) DeepCopyInto 

func (in *VaultService) DeepCopyInto(out *VaultService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultService) DeepCopyObject 

func (in *VaultService) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultService) SetDefaults 

func (v *VaultService) SetDefaults() bool

SetDefaults sets the default vaules for the vault spec and returns true if the spec was changed

type VaultServiceList 

type VaultServiceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`
	Items           []VaultService `json:"items"`
}

func (*VaultServiceList) DeepCopy 

func (in *VaultServiceList) DeepCopy() *VaultServiceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServiceList.

func (*VaultServiceList) DeepCopyInto 

func (in *VaultServiceList) DeepCopyInto(out *VaultServiceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultServiceList) DeepCopyObject 

func (in *VaultServiceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultServiceSpec 

type VaultServiceSpec struct {
	// Number of nodes to deploy for a Vault deployment.
	// Default: 1.
	Nodes int32 `json:"nodes,omitempty"`

	// Base image to use for a Vault deployment.
	BaseImage string `json:"baseImage"`

	// Version of Vault to be deployed.
	Version string `json:"version"`

	// Pod defines the policy for pods owned by vault operator.
	// This field cannot be updated once the CR is created.
	Pod *PodPolicy `json:"pod,omitempty"`

	// Name of the ConfigMap for Vault's configuration
	// If this is empty, operator will create a default config for Vault.
	// If this is not empty, operator will create a new config overwriting
	// the "storage", "listener" sections in orignal config.
	ConfigMapName string `json:"configMapName"`

	// TLS policy of vault nodes
	TLS *TLSPolicy `json:"TLS,omitempty"`
}

func (*VaultServiceSpec) DeepCopy 

func (in *VaultServiceSpec) DeepCopy() *VaultServiceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServiceSpec.

func (*VaultServiceSpec) DeepCopyInto 

func (in *VaultServiceSpec) DeepCopyInto(out *VaultServiceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultServiceStatus 

type VaultServiceStatus struct {
	// Phase indicates the state this Vault cluster jumps in.
	// Phase goes as one way as below:
	//   Initial -> Running
	Phase ClusterPhase `json:"phase"`

	// Initialized indicates if the Vault service is initialized.
	Initialized bool `json:"initialized"`

	// ServiceName is the LB service for accessing vault nodes.
	ServiceName string `json:"serviceName,omitempty"`

	// ClientPort is the port for vault client to access.
	// It's the same on client LB service and vault nodes.
	ClientPort int `json:"clientPort,omitempty"`

	// VaultStatus is the set of Vault node specific statuses: Active, Standby, and Sealed
	VaultStatus VaultStatus `json:"vaultStatus"`

	// PodNames of updated Vault nodes. Updated means the Vault container image version
	// matches the spec's version.
	UpdatedNodes []string `json:"updatedNodes,omitempty"`
}

func (*VaultServiceStatus) DeepCopy 

func (in *VaultServiceStatus) DeepCopy() *VaultServiceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServiceStatus.

func (*VaultServiceStatus) DeepCopyInto 

func (in *VaultServiceStatus) DeepCopyInto(out *VaultServiceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultStatus 

type VaultStatus struct {
	// PodName of the active Vault node. Active node is unsealed.
	// Only active node can serve requests.
	// Vault service only points to the active node.
	Active string `json:"active"`

	// PodNames of the standby Vault nodes. Standby nodes are unsealed.
	// Standby nodes do not process requests, and instead redirect to the active Vault.
	Standby []string `json:"standby"`

	// PodNames of Sealed Vault nodes. Sealed nodes MUST be manually unsealed to
	// become standby or leader.
	Sealed []string `json:"sealed"`
}

func (*VaultStatus) DeepCopy 

func (in *VaultStatus) DeepCopy() *VaultStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStatus.

func (*VaultStatus) DeepCopyInto 

func (in *VaultStatus) DeepCopyInto(out *VaultStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.