webhook

package
v0.0.0-...-8205ab4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SecretInitVolumeName = "secret-init"
)

Variables

This section is empty.

Functions

func ErrorLoggerMutator 

func ErrorLoggerMutator(mutator mutating.MutatorFunc, logger log.Logger) mutating.MutatorFunc

func IsAllowedToCache 

func IsAllowedToCache(container *corev1.Container) bool

IsAllowedToCache checks that information about Docker image can be cached base on image name and container PullPolicy

func NewWhLogger 

func NewWhLogger(l *slog.Logger) log.Logger

NewWhLogger returns a new log.Logger for a slog implementation.

func SetConfigDefaults 

func SetConfigDefaults()

Types

type Config 

type Config struct {
	PspAllowPrivilegeEscalation bool
	RunAsNonRoot                bool
	RunAsUser                   int64
	RunAsGroup                  int64
	ReadOnlyRootFilesystem      bool
	RegistrySkipVerify          bool
	Mutate                      bool
	MutateProbes                bool
}

Config represents the configuration for the webhook

type ImageRegistry 

type ImageRegistry interface {
	GetImageConfig(
		ctx context.Context,
		clientset kubernetes.Interface,
		namespace string,
		isDisabled bool,
		container *corev1.Container,
		podSpec *corev1.PodSpec) (*v1.Config, error)
}

ImageRegistry is a docker registry

func NewRegistry 

func NewRegistry() ImageRegistry

NewRegistry creates and initializes registry

type MutatingWebhook 

type MutatingWebhook struct {
	// contains filtered or unexported fields
}

func NewMutatingWebhook 

func NewMutatingWebhook(logger *slog.Logger, k8sClient kubernetes.Interface) (*MutatingWebhook, error)

func (*MutatingWebhook) MutateConfigMap 

func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, vaultConfig VaultConfig) error

func (*MutatingWebhook) MutateObject 

func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, vaultConfig VaultConfig) error

func (*MutatingWebhook) MutatePod 

func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, webhookConfig Config, secretInitConfig SecretInitConfig, vaultConfig VaultConfig, dryRun bool) error

func (*MutatingWebhook) MutateSecret 

func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, vaultConfig VaultConfig) error

func (*MutatingWebhook) ServeMetrics 

func (mw *MutatingWebhook) ServeMetrics(addr string, handler http.Handler)

func (*MutatingWebhook) VaultSecretsMutator 

func (mw *MutatingWebhook) VaultSecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error)

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry impl

func (*Registry) GetImageConfig 

func (r *Registry) GetImageConfig(
	ctx context.Context,
	client kubernetes.Interface,
	namespace string,
	isDisabled bool,
	container *corev1.Container,
	podSpec *corev1.PodSpec) (*v1.Config, error)

GetImageConfig returns entrypoint and command of container

type SecretInitConfig 

type SecretInitConfig struct {
	Daemon          bool
	Delay           time.Duration
	LogLevel        string
	JSONLog         string
	Image           string
	ImagePullPolicy corev1.PullPolicy
	LogServer       string
	CPURequest      resource.Quantity
	MemoryRequest   resource.Quantity
	CPULimit        resource.Quantity
	MemoryLimit     resource.Quantity
}

SecretInitConfig represents the configuration for the secret-init container

type VaultConfig 

type VaultConfig struct {
	ObjectNamespace               string
	Addr                          string
	AuthMethod                    string
	Role                          string
	Path                          string
	SkipVerify                    bool
	TLSSecret                     string
	ClientTimeout                 time.Duration
	UseAgent                      bool
	TransitKeyID                  string
	TransitPath                   string
	TransitBatchSize              int
	CtConfigMap                   string
	CtImage                       string
	CtInjectInInitcontainers      bool
	CtOnce                        bool
	CtImagePullPolicy             corev1.PullPolicy
	CtShareProcess                bool
	CtShareProcessDefault         string
	CtCPU                         resource.Quantity
	CtMemory                      resource.Quantity
	ConfigfilePath                string
	AgentConfigMap                string
	AgentOnce                     bool
	AgentShareProcess             bool
	AgentShareProcessDefault      string
	AgentCPULimit                 resource.Quantity
	AgentMemoryLimit              resource.Quantity
	AgentCPURequest               resource.Quantity
	AgentMemoryRequest            resource.Quantity
	AgentImage                    string
	AgentImagePullPolicy          corev1.PullPolicy
	AgentEnvVariables             string
	ServiceAccountTokenVolumeName string
	TokenAuthMount                string
	VaultNamespace                string
	VaultServiceAccount           string
	Token                         string
	IgnoreMissingSecrets          string
	Passthrough                   string
	LogLevel                      string
	FromPath                      string
}

VaultConfig represents vault options

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.