Documentation ¶
Index ¶
- Constants
- func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
- func IsAllowedToCache(container *corev1.Container) bool
- func NewWhLogger(l *slog.Logger) log.Logger
- func SetConfigDefaults()
- type Config
- type ImageRegistry
- type MutatingWebhook
- func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, webhookConfig Config, ...) error
- func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
- func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
- func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
- type Registry
- type SecretInitConfig
- type VaultConfig
Constants ¶
View Source
const (
SecretInitVolumeName = "secret-init"
)
Variables ¶
This section is empty.
Functions ¶
func ErrorLoggerMutator ¶
func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc
func IsAllowedToCache ¶
IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy
func NewWhLogger ¶
NewWhLogger returns a new log.Logger for a slog implementation.
func SetConfigDefaults ¶
func SetConfigDefaults()
Types ¶
type Config ¶
type Config struct { PspAllowPrivilegeEscalation bool RunAsNonRoot bool RunAsUser int64 RunAsGroup int64 ReadOnlyRootFilesystem bool RegistrySkipVerify bool Mutate bool MutateProbes bool }
Config represents the configuration for the webhook
type ImageRegistry ¶
type ImageRegistry interface { GetImageConfig( ctx context.Context, clientset kubernetes.Interface, namespace string, isDisabled bool, container *corev1.Container, podSpec *corev1.PodSpec) (*v1.Config, error) }
ImageRegistry is a docker registry
type MutatingWebhook ¶
type MutatingWebhook struct {
// contains filtered or unexported fields
}
func NewMutatingWebhook ¶
func NewMutatingWebhook(logger *slog.Logger, k8sClient kubernetes.Interface) (*MutatingWebhook, error)
func (*MutatingWebhook) MutateConfigMap ¶
func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutateObject ¶
func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error
func (*MutatingWebhook) MutatePod ¶
func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, webhookConfig Config, secretInitConfig SecretInitConfig, vaultConfig VaultConfig, dryRun bool) error
func (*MutatingWebhook) MutateSecret ¶
func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error
func (*MutatingWebhook) ServeMetrics ¶
func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)
func (*MutatingWebhook) VaultSecretsMutator ¶
func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)
type SecretInitConfig ¶
type SecretInitConfig struct { Daemon bool Delay time.Duration LogLevel string JSONLog string Image string ImagePullPolicy corev1.PullPolicy LogServer string CPURequest resource.Quantity MemoryRequest resource.Quantity CPULimit resource.Quantity MemoryLimit resource.Quantity }
SecretInitConfig represents the configuration for the secret-init container
type VaultConfig ¶
type VaultConfig struct { ObjectNamespace string Addr string AuthMethod string Role string Path string SkipVerify bool TLSSecret string ClientTimeout time.Duration UseAgent bool TransitKeyID string TransitPath string TransitBatchSize int CtConfigMap string CtImage string CtInjectInInitcontainers bool CtOnce bool CtImagePullPolicy corev1.PullPolicy CtCPU resource.Quantity CtMemory resource.Quantity ConfigfilePath string AgentConfigMap string AgentOnce bool AgentCPULimit resource.Quantity AgentMemoryLimit resource.Quantity AgentCPURequest resource.Quantity AgentMemoryRequest resource.Quantity AgentImage string AgentImagePullPolicy corev1.PullPolicy AgentEnvVariables string ServiceAccountTokenVolumeName string TokenAuthMount string VaultNamespace string VaultServiceAccount string Token string IgnoreMissingSecrets string Passthrough string LogLevel string FromPath string }
VaultConfig represents vault options
Click to show internal directories.
Click to hide internal directories.