Package concierge contains functionality to load/store Config's from/to some source.



    This section is empty.


    This section is empty.


    This section is empty.


    type APIConfigSpec

    type APIConfigSpec struct {
    	ServingCertificateConfig ServingCertificateConfigSpec `json:"servingCertificate"`

      APIConfigSpec contains configuration knobs for the Pinniped API. nolint: golint

      type Config

      type Config struct {
      	DiscoveryInfo       DiscoveryInfoSpec `json:"discovery"`
      	APIConfig           APIConfigSpec     `json:"api"`
      	APIGroupSuffix      *string           `json:"apiGroupSuffix,omitempty"`
      	NamesConfig         NamesConfigSpec   `json:"names"`
      	KubeCertAgentConfig KubeCertAgentSpec `json:"kubeCertAgent"`
      	Labels              map[string]string `json:"labels"`
      	LogLevel            plog.LogLevel     `json:"logLevel"`

        Config contains knobs to setup an instance of the Pinniped Concierge.

        func FromPath

        func FromPath(path string) (*Config, error)

          FromPath loads an Config from a provided local file path, inserts any defaults (from the Config documentation), and verifies that the config is valid (per the Config documentation).

          Note! The Config file should contain base64-encoded WebhookCABundle data. This function will decode that base64-encoded data to PEM bytes to be stored in the Config.

          type DiscoveryInfoSpec

          type DiscoveryInfoSpec struct {
          	// URL contains the URL at which pinniped can be contacted.
          	URL *string `json:"url,omitempty"`

            DiscoveryInfoSpec contains configuration knobs specific to pinniped's publishing of discovery information. These values can be viewed as overrides, i.e., if these are set, then Pinniped will publish these values in its discovery document instead of the ones it finds.

            type KubeCertAgentSpec

            type KubeCertAgentSpec struct {
            	// NamePrefix is the prefix of the name of the kube-cert-agent pods. For example, if this field is
            	// set to "some-prefix-", then the name of the pods will look like "some-prefix-blah". The default
            	// for this value is "pinniped-kube-cert-agent-".
            	NamePrefix *string `json:"namePrefix,omitempty"`
            	// Image is the container image that will be used by the kube-cert-agent pod. The container image
            	// should contain at least 2 binaries: /bin/sleep and cat (somewhere on the $PATH). The default
            	// for this value is "debian:latest".
            	Image *string `json:"image"`
            	// ImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
            	// ImagePullSecrets on the kube-cert-agent pods.
            	ImagePullSecrets []string

            type NamesConfigSpec

            type NamesConfigSpec struct {
            	ServingCertificateSecret string `json:"servingCertificateSecret"`
            	CredentialIssuer         string `json:"credentialIssuer"`
            	APIService               string `json:"apiService"`

              NamesConfigSpec configures the names of some Kubernetes resources for the Concierge.

              type ServingCertificateConfigSpec

              type ServingCertificateConfigSpec struct {
              	// DurationSeconds is the validity period, in seconds, of the API serving
              	// certificate. By default, the serving certificate is issued for 31536000
              	// seconds (1 year). This value is also used for the serving certificate's
              	// CA certificate.
              	DurationSeconds *int64 `json:"durationSeconds,omitempty"`
              	// RenewBeforeSeconds is the period of time, in seconds, that Pinniped will
              	// wait before rotating the serving certificate. This period of time starts
              	// upon issuance of the serving certificate. This must be less than
              	// DurationSeconds. By default, Pinniped begins rotation after 23328000
              	// seconds (about 9 months).
              	RenewBeforeSeconds *int64 `json:"renewBeforeSeconds,omitempty"`

                ServingCertificateConfigSpec contains the configuration knobs for the API's serving certificate, i.e., the x509 certificate that it uses for the server certificate in inbound TLS connections.

                Source Files