Documentation
¶
Overview ¶
package vault contains an addon that installs Vault
Index ¶
- func CleanKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error
- func CreateKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error
- func GenerateCA() ([]byte, []byte, error)
- func NewVaultAppRoleSecret(secretName, secretId string) *corev1.Secret
- func NewVaultKubernetesSecret(secretName, serviceAccountName string) *corev1.Secret
- func RoleAndBindingForServiceAccountRefAuth(roleName, namespace, serviceAccount string) (*rbacv1.Role, *rbacv1.RoleBinding)
- type Details
- type Vault
- func (v *Vault) Deprovision() error
- func (v *Vault) Details() *Details
- func (v *Vault) Logs() (map[string]string, error)
- func (v *Vault) Provision() error
- func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferableData) (internal.AddonTransferableData, error)
- func (v *Vault) SupportsGlobal() bool
- type VaultInitializer
- func NewVaultInitializerAllAuth(kubeClient kubernetes.Interface, details Details, configureWithRoot bool, ...) *VaultInitializer
- func NewVaultInitializerAppRole(kubeClient kubernetes.Interface, details Details, configureWithRoot bool) *VaultInitializer
- func NewVaultInitializerKubernetes(kubeClient kubernetes.Interface, details Details, configureWithRoot bool, ...) *VaultInitializer
- func (v *VaultInitializer) AppRoleAuthPath() string
- func (v *VaultInitializer) Clean() error
- func (v *VaultInitializer) CleanAppRole() error
- func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error
- func (v *VaultInitializer) CreateAppRole() (string, string, error)
- func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error
- func (v *VaultInitializer) Init() error
- func (v *VaultInitializer) IntermediateMount() string
- func (v *VaultInitializer) IntermediateSignPath() string
- func (v *VaultInitializer) KubernetesAuthPath() string
- func (v *VaultInitializer) Role() string
- func (v *VaultInitializer) RootMount() string
- func (v *VaultInitializer) Setup() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CleanKubernetesRoleForServiceAccountRefAuth ¶
func CleanKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error
func CreateKubernetesRoleForServiceAccountRefAuth ¶
func CreateKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error
CreateKubernetesRoleForServiceAccountRefAuth creates a service account and a role for using the "serviceAccountRef" field.
func GenerateCA ¶
func NewVaultAppRoleSecret ¶
func RoleAndBindingForServiceAccountRefAuth ¶
func RoleAndBindingForServiceAccountRefAuth(roleName, namespace, serviceAccount string) (*rbacv1.Role, *rbacv1.RoleBinding)
Types ¶
type Vault ¶
type Vault struct {
Base *base.Base
// Name is a unique name for this Vault deployment
Name string
// Namespace is the namespace to deploy Vault into
Namespace string
// contains filtered or unexported fields
}
Vault describes the configuration details for an instance of Vault deployed to the test cluster
func (*Vault) Deprovision ¶
Deprovision will destroy this instance of Vault
func (*Vault) Setup ¶
func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferableData) (internal.AddonTransferableData, error)
func (*Vault) SupportsGlobal ¶
type VaultInitializer ¶
type VaultInitializer struct {
// contains filtered or unexported fields
}
VaultInitializer holds the state of a configured Vault PKI. We use the same Vault server for all tests. PKIs are mounted and unmounted for each test scenario that uses them.
func NewVaultInitializerAllAuth ¶
func NewVaultInitializerAllAuth( kubeClient kubernetes.Interface, details Details, configureWithRoot bool, apiServerURL string, ) *VaultInitializer
func NewVaultInitializerAppRole ¶
func NewVaultInitializerAppRole( kubeClient kubernetes.Interface, details Details, configureWithRoot bool, ) *VaultInitializer
func NewVaultInitializerKubernetes ¶
func NewVaultInitializerKubernetes( kubeClient kubernetes.Interface, details Details, configureWithRoot bool, apiServerURL string, ) *VaultInitializer
func (*VaultInitializer) AppRoleAuthPath ¶
func (v *VaultInitializer) AppRoleAuthPath() string
AppRoleAuthPath returns the AppRole auth mount point in Vault. The format is "xxxxx-auth-approle".
func (*VaultInitializer) Clean ¶
func (v *VaultInitializer) Clean() error
func (*VaultInitializer) CleanAppRole ¶
func (v *VaultInitializer) CleanAppRole() error
func (*VaultInitializer) CleanKubernetesRole ¶
func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error
CleanKubernetesRole cleans up the ClusterRoleBinding and ServiceAccount for Kubernetes auth delegation
func (*VaultInitializer) CreateAppRole ¶
func (v *VaultInitializer) CreateAppRole() (string, string, error)
func (*VaultInitializer) CreateKubernetesRole ¶
func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error
CreateKubernetesrole creates a service account and ClusterRoleBinding for Kubernetes auth delegation. The name "boundSA" refers to the Vault param "bound_service_account_names".
func (*VaultInitializer) Init ¶
func (v *VaultInitializer) Init() error
Set up a new Vault client, port-forward to the Vault instance.
func (*VaultInitializer) IntermediateMount ¶
func (v *VaultInitializer) IntermediateMount() string
func (*VaultInitializer) IntermediateSignPath ¶
func (v *VaultInitializer) IntermediateSignPath() string
func (*VaultInitializer) KubernetesAuthPath ¶
func (v *VaultInitializer) KubernetesAuthPath() string
KubernetesAuthPath returns the Kubernetes auth mount point in Vault. The format is "/v1/auth/xxxxx-auth-kubernetes".
func (*VaultInitializer) Role ¶
func (v *VaultInitializer) Role() string
func (*VaultInitializer) RootMount ¶
func (v *VaultInitializer) RootMount() string
Source Files
Click to show internal directories.
Click to hide internal directories.