secretsync

package

v1.20.0-pre.3 Latest Latest Go to latest Published: Jun 1, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Index ¶

Variables
func EnqueueTLSSecrets(c client.Client, logger *slog.Logger) handler.EventHandler
func GetReferencedSecretsFromHeaderRules(ports api.PortRules, logger *slog.Logger) []reconcile.Request
func GetReferencedTLSSecretsFromPortRules(ports api.PortRules, logger *slog.Logger) []reconcile.Request
func IsReferencedByCiliumClusterwideNetworkPolicy(ctx context.Context, c client.Client, logger *slog.Logger, obj *corev1.Secret) bool
func IsReferencedByCiliumNetworkPolicy(ctx context.Context, c client.Client, logger *slog.Logger, obj *corev1.Secret) bool
func IsSecretReferencedByPortRule(ports api.PortRules, logger *slog.Logger, secretName types.NamespacedName) bool
type SecretSyncConfig
- func (def SecretSyncConfig) Flags(flags *pflag.FlagSet)

Constants ¶

This section is empty.

Variables ¶

View Source

var Cell = cell.Module(
	"secretsync-watcher",
	"Watches network policy updates for TLS secrets to sync",

	cell.Config(secretSyncDefaultConfig),
	cell.Provide(registerCNPSecretSync),
	cell.Provide(registerCCNPSecretSync),
)

Functions ¶

func EnqueueTLSSecrets ¶

func EnqueueTLSSecrets(c client.Client, logger *slog.Logger) handler.EventHandler

EnqueueTLSSecrets returns a map function that, given a CiliumNetworkPolicy or CilumClusterwideNetworkPolicy, will return a slice of requests for any Secrets referenced in that CiliumNetworkPolicy.

This includes both TLS secrets (Origination or Termination), plus Secrets used for storing header values.

func GetReferencedSecretsFromHeaderRules ¶

func GetReferencedSecretsFromHeaderRules(ports api.PortRules, logger *slog.Logger) []reconcile.Request

GetReferencedSecretsFromHeaderRules finds all Header Secrets referenced by a set of port rules.

func GetReferencedTLSSecretsFromPortRules ¶

func GetReferencedTLSSecretsFromPortRules(ports api.PortRules, logger *slog.Logger) []reconcile.Request

GetReferencedTLSSecretsFromPortRules finds all TLS Secrets referenced by a set of port rules.

func IsReferencedByCiliumClusterwideNetworkPolicy ¶

func IsReferencedByCiliumClusterwideNetworkPolicy(ctx context.Context, c client.Client, logger *slog.Logger, obj *corev1.Secret) bool

func IsReferencedByCiliumNetworkPolicy ¶

func IsReferencedByCiliumNetworkPolicy(ctx context.Context, c client.Client, logger *slog.Logger, obj *corev1.Secret) bool

func IsSecretReferencedByPortRule ¶

func IsSecretReferencedByPortRule(ports api.PortRules, logger *slog.Logger, secretName types.NamespacedName) bool

IsSecretReferencedByPortRule checks if a given Secret is referenced in any rule in the supplied set of PortRules, whether that is in a TLS or header-value sense.

Types ¶

type SecretSyncConfig ¶

type SecretSyncConfig struct {
	EnablePolicySecretsSync bool
	PolicySecretsNamespace  string
}

func (SecretSyncConfig) Flags ¶

func (def SecretSyncConfig) Flags(flags *pflag.FlagSet)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL