Documentation
¶
Overview ¶
+groupName=bitnami.com
Index ¶
Constants ¶
const ( // SealedSecretName is the name used in SealedSecret CRD SealedSecretName = "sealed-secret." + GroupName // SealedSecretPlural is the collection plural used with SealedSecret API SealedSecretPlural = "sealedsecrets" // SealedSecretClusterWideAnnotation is the name for the annotation for // setting the secret to be available cluster wide. SealedSecretClusterWideAnnotation = annoNs + "cluster-wide" // SealedSecretNamespaceWideAnnotation is the name for the annotation for // setting the secret to be available namespace wide. SealedSecretNamespaceWideAnnotation = annoNs + "namespace-wide" )
const GroupName = "bitnami.com"
GroupName is the group name used in this package
Variables ¶
var ( // SchemeGroupVersion is the group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} // SchemeBuilder adds this group to scheme SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ByCreationTimestamp ¶ added in v0.8.0
ByCreationTimestamp is used to sort a list of secrets
func (ByCreationTimestamp) Len ¶ added in v0.8.0
func (s ByCreationTimestamp) Len() int
func (ByCreationTimestamp) Less ¶ added in v0.8.0
func (s ByCreationTimestamp) Less(i, j int) bool
func (ByCreationTimestamp) Swap ¶ added in v0.8.0
func (s ByCreationTimestamp) Swap(i, j int)
type SealedSecret ¶
type SealedSecret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SealedSecretSpec `json:"spec"`
Status SealedSecretStatus `json:"status"`
}
SealedSecret is the K8s representation of a "sealed Secret" - a regular k8s Secret that has been sealed (encrypted) using the controller's key.
func NewSealedSecret ¶
func NewSealedSecret(codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, secret *v1.Secret) (*SealedSecret, error)
NewSealedSecret creates a new SealedSecret object wrapping the provided secret. This encrypts only the values of each secrets individually, so secrets can be updated one by one.
func NewSealedSecretV1 ¶ added in v0.7.0
func NewSealedSecretV1(codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, secret *v1.Secret) (*SealedSecret, error)
NewSealedSecretV1 creates a new SealedSecret object wrapping the provided secret. This encrypts all the secrets into a single encrypted blob and stores it in the `Data` attribute. Keeping this for backward compatibility.
func (*SealedSecret) DeepCopy ¶
func (in *SealedSecret) DeepCopy() *SealedSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecret.
func (*SealedSecret) DeepCopyInto ¶
func (in *SealedSecret) DeepCopyInto(out *SealedSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SealedSecret) DeepCopyObject ¶
func (in *SealedSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SealedSecret) Unseal ¶
func (s *SealedSecret) Unseal(codecs runtimeserializer.CodecFactory, privKey *rsa.PrivateKey) (*v1.Secret, error)
Unseal decrypts and returns the embedded v1.Secret.
type SealedSecretCondition ¶ added in v0.8.0
type SealedSecretCondition struct {
// Type of condition for a sealed secret.
// Valid value: "Synced"
Type SealedSecretConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=DeploymentConditionType"`
// Status of the condition for a sealed secret.
// Valid values for "Synced": "True", "False", or "Unknown".
Status apiv1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
// The last time this condition was updated.
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,6,opt,name=lastUpdateTime"`
// Last time the condition transitioned from one status to another.
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,7,opt,name=lastTransitionTime"`
// The reason for the condition's last transition.
Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
// A human readable message indicating details about the transition.
Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
}
SealedSecretCondition describes the state of a sealed secret at a certain point.
func (*SealedSecretCondition) DeepCopy ¶ added in v0.8.0
func (in *SealedSecretCondition) DeepCopy() *SealedSecretCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretCondition.
func (*SealedSecretCondition) DeepCopyInto ¶ added in v0.8.0
func (in *SealedSecretCondition) DeepCopyInto(out *SealedSecretCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SealedSecretConditionType ¶ added in v0.8.0
type SealedSecretConditionType string
SealedSecretConditionType describes the type of SealedSecret condition
const ( // SealedSecretSynced means the SealedSecret has been decrypted and the Secret has been updated successfully. SealedSecretSynced SealedSecretConditionType = "Synced" )
type SealedSecretExpansion ¶ added in v0.8.0
type SealedSecretExpansion interface {
Unseal(codecs runtimeserializer.CodecFactory, privKey *rsa.PrivateKey) (*v1.Secret, error)
}
SealedSecretExpansion has methods to work with SealedSecrets resources.
type SealedSecretList ¶
type SealedSecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []SealedSecret `json:"items"`
}
SealedSecretList represents a list of SealedSecrets
func (*SealedSecretList) DeepCopy ¶
func (in *SealedSecretList) DeepCopy() *SealedSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretList.
func (*SealedSecretList) DeepCopyInto ¶
func (in *SealedSecretList) DeepCopyInto(out *SealedSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SealedSecretList) DeepCopyObject ¶
func (in *SealedSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SealedSecretSpec ¶
type SealedSecretSpec struct {
// Template defines the structure of the Secret that will be
// created from this sealed secret.
// +optional
Template SecretTemplateSpec `json:"template,omitempty"`
// Data is deprecated and will be removed eventually. Use per-value EncryptedData instead.
Data []byte `json:"data,omitempty"`
EncryptedData map[string][]byte `json:"encryptedData"`
}
SealedSecretSpec is the specification of a SealedSecret
func (*SealedSecretSpec) DeepCopy ¶
func (in *SealedSecretSpec) DeepCopy() *SealedSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretSpec.
func (*SealedSecretSpec) DeepCopyInto ¶
func (in *SealedSecretSpec) DeepCopyInto(out *SealedSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SealedSecretStatus ¶ added in v0.8.0
type SealedSecretStatus struct {
// ObservedGeneration reflects the generation most recently observed by the sealed-secrets controller.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,3,opt,name=observedGeneration"`
// Represents the latest available observations of a sealed secret's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []SealedSecretCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
}
SealedSecretStatus is the most recently observed status of the SealedSecret.
func (*SealedSecretStatus) DeepCopy ¶ added in v0.8.0
func (in *SealedSecretStatus) DeepCopy() *SealedSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretStatus.
func (*SealedSecretStatus) DeepCopyInto ¶ added in v0.8.0
func (in *SealedSecretStatus) DeepCopyInto(out *SealedSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretTemplateSpec ¶ added in v0.8.0
type SecretTemplateSpec struct {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Used to facilitate programmatic handling of secret data.
// +optional
Type apiv1.SecretType `json:"type,omitempty" protobuf:"bytes,3,opt,name=type,casttype=SecretType"`
}
SecretTemplateSpec describes the structure a Secret should have when created from a template
func (*SecretTemplateSpec) DeepCopy ¶ added in v0.8.0
func (in *SecretTemplateSpec) DeepCopy() *SecretTemplateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretTemplateSpec.
func (*SecretTemplateSpec) DeepCopyInto ¶ added in v0.8.0
func (in *SecretTemplateSpec) DeepCopyInto(out *SecretTemplateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files