Documentation ¶
Index ¶
- Constants
- func ChecksumSecret(secret *v1.Secret) (checksum string, err error)
- type TlsFile
- type TlsFiles
- type TlsSync
- func (ts *TlsSync) GetSecretByName(name string) (secret *v1.Secret, err error)
- func (ts *TlsSync) InitK8sClients() (err error)
- func (ts *TlsSync) LoadSecrets() (err error)
- func (ts *TlsSync) MonitorSecrets() (err error)
- func (ts *TlsSync) RunCommand(tlsFile *TlsFile) (err error)
- func (ts *TlsSync) WritePEMFiles(tlsFile *TlsFile) (err error)
Constants ¶
const COMBINED_FILE_EXTENSION = "pem"
const CRT_FILE_EXTENSION = "crt"
const DEFAULT_MONITOR_INTERVAL = 300
DEFAULT_MONITOR_INTERVAL Number of seconds to wait between config or secret checks by default
const IN_POD_NAMESPACE_FILE = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
IN_POD_NAMESPACE_FILE Default location in a pod where k8s stores the name of the pod's namespace. If this file is present, odds are we're running in a k8s pod
const KEY_FILE_EXTENSION = "key"
const MONITOR_SECRETS_INTERVAL = "MONITOR_SECRETS_INTERVAL"
MONITOR_SECRETS_INTERVAL Interval in seconds after which we check to see if our secrets have changed
Variables ¶
This section is empty.
Functions ¶
Types ¶
type TlsFile ¶
type TlsFile struct { SecretName string `json:"secret_name"` SeparateFiles bool `json:"separate_files"` FileBase string `json:"file_base""` FilePath string `json:"file_path"` Checksum string Data map[string][]byte ShellCommand string `json:"shell_command"` }
func LoadConfig ¶
type TlsSync ¶
type TlsSync struct { K8sNamespace string K8sConfig *rest.Config K8sClientset *kubernetes.Clientset K8sDynamicClient dynamic.Interface SecretChecksums map[string]string MonitorSecretsInterval int TlsFiles []*TlsFile FirstRun bool }
func NewTlsSync ¶
func (*TlsSync) GetSecretByName ¶
GetSecretByName Attempts to retrieve a secret based on it's name. This will fail unless the bot is configured with proper RBAC permission to read secrets in its namespace.
func (*TlsSync) InitK8sClients ¶
InitK8sClients Initializes the connection to Kubernetes. This function has to figure out whether you're running IN a k8s cluster, or running with access to one, and initialize the proper goodies to make you able to connect. It's intended to be called once at bot creation time.
func (*TlsSync) LoadSecrets ¶
func (*TlsSync) MonitorSecrets ¶
MonitorSecrets Waits the configured seconds and then reloads the secrets it monitors, and updates the local files if they have changed.