vault

package

v0.14.2 Latest Latest Go to latest Published: Apr 8, 2020 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jetstack/cert-manager

Links

Open Source Insights

Documentation ¶

Overview ¶

package vault contains an addon that installs Vault

Index ¶

func NewVaultAppRoleSecret(name, secretId string) *v1.Secret
func NewVaultKubernetesSecret(name string, serviceAccountName string) *v1.Secret
func NewVaultServiceAccount(name string) *v1.ServiceAccount
func NewVaultServiceAccountClusterRoleBinding(roleName, namespace, subject string) *rbacv1.ClusterRoleBinding
func NewVaultServiceAccountRole(namespace string) *rbacv1.ClusterRole
func NewVaultTokenSecret(name string) *v1.Secret
type Details
type Vault
type VaultInitializer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewVaultAppRoleSecret ¶

func NewVaultAppRoleSecret(name, secretId string) *v1.Secret

func NewVaultKubernetesSecret ¶ added in v0.11.0

func NewVaultKubernetesSecret(name string, serviceAccountName string) *v1.Secret

func NewVaultServiceAccount ¶ added in v0.11.0

func NewVaultServiceAccount(name string) *v1.ServiceAccount

func NewVaultServiceAccountClusterRoleBinding ¶ added in v0.11.0

func NewVaultServiceAccountClusterRoleBinding(roleName, namespace, subject string) *rbacv1.ClusterRoleBinding

func NewVaultServiceAccountRole ¶ added in v0.11.0

func NewVaultServiceAccountRole(namespace string) *rbacv1.ClusterRole

func NewVaultTokenSecret ¶

func NewVaultTokenSecret(name string) *v1.Secret

Types ¶

type Details ¶

type Details struct {
	// Kubectl is the path to kubectl
	Kubectl string

	// Host is the hostname that can be used to connect to Vault
	Host string

	// PodName is the name of the Vault pod
	PodName string

	// Namespace is the namespace vault has been deployed into
	Namespace string

	// VaultCA is the CA used to sign the vault serving certificate
	VaultCA           []byte
	VaultCAPrivateKey []byte

	// VaultCert is the vault serving certificate
	VaultCert           []byte
	VaultCertPrivateKey []byte
}

type Vault ¶

type Vault struct {
	Base *base.Base

	// Name is a unique name for this Vault deployment
	Name string

	// Namespace is the namespace to deploy Vault into
	Namespace string
	// contains filtered or unexported fields
}

Vault describes the configuration details for an instance of Vault deployed to the test cluster

func (*Vault) Deprovision ¶

func (v *Vault) Deprovision() error

Deprovision will destroy this instance of Vault

func (*Vault) Details ¶

func (v *Vault) Details() *Details

Details returns details that can be used to utilise the instance of Vault.

func (*Vault) Logs ¶ added in v0.6.0

func (v *Vault) Logs() (map[string]string, error)

func (*Vault) Provision ¶

func (v *Vault) Provision() error

Provision will actually deploy this instance of Vault to the cluster.

func (*Vault) Setup ¶

func (v *Vault) Setup(cfg *config.Config) error

func (*Vault) SupportsGlobal ¶

func (v *Vault) SupportsGlobal() bool

type VaultInitializer ¶

type VaultInitializer struct {
	Details

	RootMount          string
	IntermediateMount  string
	Role               string // AppRole auth Role
	AppRoleAuthPath    string // AppRole auth mount point in Vault
	KubernetesAuthPath string // Kubernetes auth mount point in Vault
	APIServerURL       string // Kubernetes API Server URL
	APIServerCA        string // Kubernetes API Server CA certificate
	// contains filtered or unexported fields
}

func (*VaultInitializer) Clean ¶

func (v *VaultInitializer) Clean() error

func (*VaultInitializer) CleanAppRole ¶

func (v *VaultInitializer) CleanAppRole() error

func (*VaultInitializer) CleanKubernetesRole ¶ added in v0.11.0

func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error

CleanKubernetesRole cleans up the ClusterRoleBinding and ServiceAccount for Kubernetes auth delegation

func (*VaultInitializer) CreateAppRole ¶

func (v *VaultInitializer) CreateAppRole() (string, string, error)

func (*VaultInitializer) CreateKubernetesRole ¶ added in v0.11.0

func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error

CreateKubernetesRole creates a service account and ClusterRoleBinding for Kubernetes auth delegation

func (*VaultInitializer) Init ¶

func (v *VaultInitializer) Init() error

func (*VaultInitializer) Setup ¶

func (v *VaultInitializer) Setup() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL