Documentation
¶
Overview ¶
Copyright 2022 Tuan Anh Tran <me@tuananh.org>
Package v1alpha1 contains API Schema definitions for the tuananh.net v1alpha1 API group +kubebuilder:object:generate=true +groupName=tuananh.net
Copyright 2022 Tuan Anh Tran <me@tuananh.org>
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "tuananh.net", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type VaultSecret ¶
type VaultSecret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec VaultSecretSpec `json:"spec,omitempty"`
Status VaultSecretStatus `json:"status,omitempty"`
}
VaultSecret is the Schema for the vaultsecrets API +kubebuilder:printcolumn:name="Succeeded",type=string,JSONPath=`.status.conditions[?(@.type=="SecretCreated")].status`,description="Indicates if the secret was created/updated successfully" +kubebuilder:printcolumn:name="Reason",type=string,JSONPath=`.status.conditions[?(@.type=="SecretCreated")].reason`,description="Reason for the current status" +kubebuilder:printcolumn:name="Message",type=string,JSONPath=`.status.conditions[?(@.type=="SecretCreated")].message`,description="Message with more information, regarding the current status" +kubebuilder:printcolumn:name="Last Transition",type=date,JSONPath=`.status.conditions[?(@.type=="SecretCreated")].lastTransitionTime`,description="Time when the condition was updated the last time" +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Time when this VaultSecret was created" +kubebuilder:subresource:status
func (*VaultSecret) DeepCopy ¶
func (in *VaultSecret) DeepCopy() *VaultSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecret.
func (*VaultSecret) DeepCopyInto ¶
func (in *VaultSecret) DeepCopyInto(out *VaultSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultSecret) DeepCopyObject ¶
func (in *VaultSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultSecretList ¶
type VaultSecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []VaultSecret `json:"items"`
}
VaultSecretList contains a list of VaultSecret
func (*VaultSecretList) DeepCopy ¶
func (in *VaultSecretList) DeepCopy() *VaultSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretList.
func (*VaultSecretList) DeepCopyInto ¶
func (in *VaultSecretList) DeepCopyInto(out *VaultSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultSecretList) DeepCopyObject ¶
func (in *VaultSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultSecretSpec ¶
type VaultSecretSpec struct {
// VaultRole can be used to specify the Vault role, which should be used to get the secret from Vault. If the
// vaultRole property is set a new client with the specified Vault Role will be created and the shared client is
// ignored. If the operator is configured using the token auth method this property has no effect.
VaultRole string `json:"vaultRole,omitempty"`
// VaultNamespace can be used to specify the Vault namespace for a secret. When this value is set, the
// X-Vault-Namespace header will be set for the request. More information regarding namespaces can be found in the
// Vault Enterprise documentation: https://www.vaultproject.io/docs/enterprise/namespaces
VaultNamespace string `json:"vaultNamespace,omitempty"`
// ReconcileStrategy defines the strategy for reconcilation. The default value is "Replace", which replaces any
// existing data keys in a secret with the loaded keys from Vault. The second valid value is "Merge" wiche merges
// the loaded keys from Vault with the existing keys in a secret. Duplicated keys will be replaced with the value
// from Vault. Other values are not valid for this field.
ReconcileStrategy string `json:"reconcileStrategy,omitempty"`
// Keys is an array of Keys, which should be included in the Kubernetes
// secret. If the Keys field is ommitted all keys from the Vault secret will
// be included in the Kubernetes secret.
Keys []string `json:"keys,omitempty"`
// Templates, if not empty will be run through the the Go templating engine, with `.Secrets` being mapped
// to the list of secrets received from Vault. When omitted set, all secrets will be added as key/val pairs
// under Secret.data.
Templates map[string]string `json:"templates,omitempty"`
// Path is the path of the corresponding secret in Vault.
Path string `json:"path"`
// SecretEngine specifies the type of the Vault secret engine in which the
// secret is stored. Currently the 'KV Secrets Engine - Version 1' and
// 'KV Secrets Engine - Version 2' are supported. The value must be 'kv'. If
// the value is omitted or an other values is used the Vault Secrets
// Operator will try to use the KV secret engine.
SecretEngine string `json:"secretEngine,omitempty"`
// EngineOptions specifies options for the engine.
EngineOptions map[string]string `json:"engineOptions,omitempty"`
// Role specifies the role to use with PKI engine
Role string `json:"role,omitempty"`
// Type is the type of the Kubernetes secret, which will be created by the
// Vault Secrets Operator.
Type corev1.SecretType `json:"type"`
// Version sets the version of the secret which should be used. The version
// is only used if the KVv2 secret engine is used. If the version is
// omitted the Operator uses the latest version of the secret. If the version
// omitted and the VAULT_RECONCILIATION_TIME environment variable is set, the
// Kubernetes secret will be updated if the Vault secret changes.
Version int `json:"version,omitempty"`
// isBinary is a flag indicates if data stored in vault is
// binary data. Since vault does not store binary data natively,
// the binary data is stored as base64 encoded. However, same data get encoded
// again when operator stored them as secret in k8s which caused the data to
// get double encoded. This flag will skip the base64 encode which is needed
// for string data to avoid the double encode problem.
IsBinary bool `json:"isBinary,omitempty"`
}
VaultSecretSpec defines the desired state of VaultSecret
func (*VaultSecretSpec) DeepCopy ¶
func (in *VaultSecretSpec) DeepCopy() *VaultSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretSpec.
func (*VaultSecretSpec) DeepCopyInto ¶
func (in *VaultSecretSpec) DeepCopyInto(out *VaultSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSecretStatus ¶
VaultSecretStatus defines the observed state of VaultSecret
func (*VaultSecretStatus) DeepCopy ¶
func (in *VaultSecretStatus) DeepCopy() *VaultSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretStatus.
func (*VaultSecretStatus) DeepCopyInto ¶
func (in *VaultSecretStatus) DeepCopyInto(out *VaultSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files