keyvault

package
v0.2.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2025 License: MIT Imports: 34 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var EventMirrorSelector = fields.AndSelectors(
	fields.ParseSelectorOrDie(fmt.Sprintf("%s=%s", involvedObjectKindField, eventKindPod)),
	fields.ParseSelectorOrDie(fmt.Sprintf("%s=%s", reasonField, eventReasonFailedMount)),
)

EventMirrorSelector is a selector for Events that are relevant to the EventMirror controller

Functions

func AddGatewayServiceAccountIndex added in v0.2.5 

func AddGatewayServiceAccountIndex(indexer client.FieldIndexer, indexName string) error

func DefaultNginxCertName added in v0.2.2 

func DefaultNginxCertName(nic *v1alpha1.NginxIngressController) string

DefaultNginxCertName returns a default name for the nginx certificate name using the IngressClassName from the spec. Truncates characters in the IngressClassName passed the max secret length (255) if the IngressClassName and the default namespace are over the limit

func NewEventMirror 

func NewEventMirror(manager ctrl.Manager, conf *config.Config) error

func NewGatewaySecretClassProviderReconciler added in v0.2.5 

func NewGatewaySecretClassProviderReconciler(manager ctrl.Manager, conf *config.Config, serviceAccountIndexName string) error

func NewIngressSecretProviderClassReconciler 

func NewIngressSecretProviderClassReconciler(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error

func NewIngressTlsReconciler added in v0.2.2 

func NewIngressTlsReconciler(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error

func NewNginxSecretProviderClassReconciler added in v0.2.2 

func NewNginxSecretProviderClassReconciler(manager ctrl.Manager, conf *config.Config) error

func NewPlaceholderPodController 

func NewPlaceholderPodController(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error

Types

type EventMirror 

type EventMirror struct {
	// contains filtered or unexported fields
}

EventMirror copies events published to pod resources by the Keyvault CSI driver into ingress events. This allows users to easily determine why a certificate might be missing for a given ingress.

func (*EventMirror) Reconcile 

func (e *EventMirror) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

type GatewaySecretProviderClassReconciler added in v0.2.5 

type GatewaySecretProviderClassReconciler struct {
	// contains filtered or unexported fields
}

GatewaySecretProviderClassReconciler manages a SecretProviderClass for Gateway resource that specifies a ServiceAccount and Keyvault URI in its TLS options field. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the CRD controller.

func (*GatewaySecretProviderClassReconciler) Reconcile added in v0.2.5 

func (g *GatewaySecretProviderClassReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, retErr error)

type IngressManager added in v0.0.2 

type IngressManager interface {
	IsManaging(ing *netv1.Ingress) (bool, error)
}

IngressManager returns a boolean indicating whether the Ingress is being managed by us

func NewIngressManagerFromFn added in v0.1.0 

func NewIngressManagerFromFn(IsManaging func(ing *netv1.Ingress) (bool, error)) IngressManager

NewIngressManagerFromFn returns an IngressManager from a function that determines whether the Ingress is being managed by us

type IngressSecretProviderClassReconciler 

type IngressSecretProviderClassReconciler struct {
	// contains filtered or unexported fields
}

IngressSecretProviderClassReconciler manages a SecretProviderClass for each ingress resource that references a Keyvault certificate. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the ingress controller.

func (*IngressSecretProviderClassReconciler) Reconcile 

func (i *IngressSecretProviderClassReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, retErr error)

type NginxSecretProviderClassReconciler added in v0.2.2 

type NginxSecretProviderClassReconciler struct {
	// contains filtered or unexported fields
}

NginxSecretProviderClassReconciler manages a SecretProviderClass for each nginx ingress controller that has a Keyvault URI in its DefaultSSLCertificate field. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the CRD controller.

func (*NginxSecretProviderClassReconciler) Reconcile added in v0.2.2 

func (i *NginxSecretProviderClassReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, retErr error)

type PlaceholderPodController 

type PlaceholderPodController struct {
	// contains filtered or unexported fields
}

PlaceholderPodController manages a single-replica deployment of no-op pods that mount the Keyvault secrets referenced by each secret provider class managed by IngressSecretProviderClassReconciler.

This is necessitated by the Keyvault CSI implementation, which requires at least one mount in order to start mirroring the Keyvault values into corresponding Kubernetes secret(s).

func (*PlaceholderPodController) Reconcile 

func (p *PlaceholderPodController) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, retErr error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.