Documentation
¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type AESConfiguration
- type DebuggingConfiguration
- type EncryptionConfiguration
- type IdentityConfiguration
- type KMSConfiguration
- type Key
- type LeaderElectionConfiguration
- type ProviderConfiguration
- type ResourceConfiguration
- type SecretboxConfiguration
Constants ¶
const GroupName = "apiserver.config.k8s.io"
GroupName is the group name use in this package.
Variables ¶
var ( // SchemeBuilder points to a list of functions added to Scheme. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds this group to a scheme. AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource.
Types ¶
type AESConfiguration ¶
type AESConfiguration struct {
// keys is a list of keys to be used for creating the AES transformer.
// Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM.
Keys []Key
}
AESConfiguration contains the API configuration for an AES transformer.
func (*AESConfiguration) DeepCopy ¶
func (in *AESConfiguration) DeepCopy() *AESConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AESConfiguration.
func (*AESConfiguration) DeepCopyInto ¶
func (in *AESConfiguration) DeepCopyInto(out *AESConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DebuggingConfiguration ¶
type DebuggingConfiguration struct {
// enableProfiling enables profiling via web interface host:port/debug/pprof/
EnableProfiling bool
// enableContentionProfiling enables lock contention profiling, if
// enableProfiling is true.
EnableContentionProfiling bool
}
DebuggingConfiguration holds configuration for Debugging related features.
func (*DebuggingConfiguration) DeepCopy ¶
func (in *DebuggingConfiguration) DeepCopy() *DebuggingConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DebuggingConfiguration.
func (*DebuggingConfiguration) DeepCopyInto ¶
func (in *DebuggingConfiguration) DeepCopyInto(out *DebuggingConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EncryptionConfiguration ¶
type EncryptionConfiguration struct {
metav1.TypeMeta
// resources is a list containing resources, and their corresponding encryption providers.
Resources []ResourceConfiguration
}
EncryptionConfiguration stores the complete configuration for encryption providers.
func (*EncryptionConfiguration) DeepCopy ¶
func (in *EncryptionConfiguration) DeepCopy() *EncryptionConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfiguration.
func (*EncryptionConfiguration) DeepCopyInto ¶
func (in *EncryptionConfiguration) DeepCopyInto(out *EncryptionConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EncryptionConfiguration) DeepCopyObject ¶
func (in *EncryptionConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IdentityConfiguration ¶
type IdentityConfiguration struct{}
IdentityConfiguration is an empty struct to allow identity transformer in provider configuration.
func (*IdentityConfiguration) DeepCopy ¶
func (in *IdentityConfiguration) DeepCopy() *IdentityConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityConfiguration.
func (*IdentityConfiguration) DeepCopyInto ¶
func (in *IdentityConfiguration) DeepCopyInto(out *IdentityConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KMSConfiguration ¶
type KMSConfiguration struct {
// name is the name of the KMS plugin to be used.
Name string
// cacheSize is the maximum number of secrets which are cached in memory. The default value is 1000.
// +optional
CacheSize int32
// endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock".
Endpoint string
}
KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer.
func (*KMSConfiguration) DeepCopy ¶
func (in *KMSConfiguration) DeepCopy() *KMSConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfiguration.
func (*KMSConfiguration) DeepCopyInto ¶
func (in *KMSConfiguration) DeepCopyInto(out *KMSConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Key ¶
type Key struct {
// name is the name of the key to be used while storing data to disk.
Name string
// secret is the actual key, encoded in base64.
Secret string
}
Key contains name and secret of the provided key for a transformer.
func (*Key) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key.
func (*Key) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LeaderElectionConfiguration ¶
type LeaderElectionConfiguration struct {
// leaderElect enables a leader election client to gain leadership
// before executing the main loop. Enable this when running replicated
// components for high availability.
LeaderElect bool
// leaseDuration is the duration that non-leader candidates will wait
// after observing a leadership renewal until attempting to acquire
// leadership of a led but unrenewed leader slot. This is effectively the
// maximum duration that a leader can be stopped before it is replaced
// by another candidate. This is only applicable if leader election is
// enabled.
LeaseDuration metav1.Duration
// renewDeadline is the interval between attempts by the acting master to
// renew a leadership slot before it stops leading. This must be less
// than or equal to the lease duration. This is only applicable if leader
// election is enabled.
RenewDeadline metav1.Duration
// retryPeriod is the duration the clients should wait between attempting
// acquisition and renewal of a leadership. This is only applicable if
// leader election is enabled.
RetryPeriod metav1.Duration
// resourceLock indicates the resource object type that will be used to lock
// during leader election cycles.
ResourceLock string
}
LeaderElectionConfiguration defines the configuration of leader election clients for components that can run with leader election enabled.
func (*LeaderElectionConfiguration) DeepCopy ¶
func (in *LeaderElectionConfiguration) DeepCopy() *LeaderElectionConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfiguration.
func (*LeaderElectionConfiguration) DeepCopyInto ¶
func (in *LeaderElectionConfiguration) DeepCopyInto(out *LeaderElectionConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProviderConfiguration ¶
type ProviderConfiguration struct {
// aesgcm is the configuration for the AES-GCM transformer.
AESGCM *AESConfiguration
// aescbc is the configuration for the AES-CBC transformer.
AESCBC *AESConfiguration
// secretbox is the configuration for the Secretbox based transformer.
Secretbox *SecretboxConfiguration
// identity is the (empty) configuration for the identity transformer.
Identity *IdentityConfiguration
// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
KMS *KMSConfiguration
}
ProviderConfiguration stores the provided configuration for an encryption provider.
func (*ProviderConfiguration) DeepCopy ¶
func (in *ProviderConfiguration) DeepCopy() *ProviderConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfiguration.
func (*ProviderConfiguration) DeepCopyInto ¶
func (in *ProviderConfiguration) DeepCopyInto(out *ProviderConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceConfiguration ¶
type ResourceConfiguration struct {
// resources is a list of kubernetes resources which have to be encrypted.
Resources []string
// providers is a list of transformers to be used for reading and writing the resources to disk.
// eg: aesgcm, aescbc, secretbox, identity.
Providers []ProviderConfiguration
}
ResourceConfiguration stores per resource configuration.
func (*ResourceConfiguration) DeepCopy ¶
func (in *ResourceConfiguration) DeepCopy() *ResourceConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceConfiguration.
func (*ResourceConfiguration) DeepCopyInto ¶
func (in *ResourceConfiguration) DeepCopyInto(out *ResourceConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretboxConfiguration ¶
type SecretboxConfiguration struct {
// keys is a list of keys to be used for creating the Secretbox transformer.
// Each key has to be 32 bytes long.
Keys []Key
}
SecretboxConfiguration contains the API configuration for an Secretbox transformer.
func (*SecretboxConfiguration) DeepCopy ¶
func (in *SecretboxConfiguration) DeepCopy() *SecretboxConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretboxConfiguration.
func (*SecretboxConfiguration) DeepCopyInto ¶
func (in *SecretboxConfiguration) DeepCopyInto(out *SecretboxConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Directories