v1alpha1

package
v0.0.0-...-824a4a4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2019 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=vault.banzaicloud.com

Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=vault.banzaicloud.com

Index

Constants

This section is empty.

Variables

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "vault.banzaicloud.com", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme helper
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var HAStorageTypes = map[string]bool{
	"consul":     true,
	"dynamodb":   true,
	"etcd":       true,
	"gcs":        true,
	"mysql":      true,
	"postgresql": true,
	"raft":       true,
	"spanner":    true,
	"zookeeper":  true,
}

HAStorageTypes is the set of storage backends supporting High Availability

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func RegisterDefaults 

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type AWSUnsealConfig 

type AWSUnsealConfig struct {
	KMSKeyID  string `json:"kmsKeyId"`
	KMSRegion string `json:"kmsRegion"`
	S3Bucket  string `json:"s3Bucket"`
	S3Prefix  string `json:"s3Prefix"`
	S3Region  string `json:"s3Region"`
}

AWSUnsealConfig holds the parameters for AWS KMS based unsealing

func (*AWSUnsealConfig) DeepCopy 

func (in *AWSUnsealConfig) DeepCopy() *AWSUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSUnsealConfig.

func (*AWSUnsealConfig) DeepCopyInto 

func (in *AWSUnsealConfig) DeepCopyInto(out *AWSUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaUnsealConfig 

type AlibabaUnsealConfig struct {
	KMSRegion   string `json:"kmsRegion"`
	KMSKeyID    string `json:"kmsKeyId"`
	OSSEndpoint string `json:"ossEndpoint"`
	OSSBucket   string `json:"ossBucket"`
	OSSPrefix   string `json:"ossPrefix"`
}

AlibabaUnsealConfig holds the parameters for Alibaba Cloud KMS based unsealing 

--alibaba-kms-region eu-central-1 --alibaba-kms-key-id 9d8063eb-f9dc-421b-be80-15d195c9f148 --alibaba-oss-endpoint oss-eu-central-1.aliyuncs.com --alibaba-oss-bucket bank-vaults

func (*AlibabaUnsealConfig) DeepCopy 

func (in *AlibabaUnsealConfig) DeepCopy() *AlibabaUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaUnsealConfig.

func (*AlibabaUnsealConfig) DeepCopyInto 

func (in *AlibabaUnsealConfig) DeepCopyInto(out *AlibabaUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureUnsealConfig 

type AzureUnsealConfig struct {
	KeyVaultName string `json:"keyVaultName"`
}

AzureUnsealConfig holds the parameters for Azure Key Vault based unsealing

func (*AzureUnsealConfig) DeepCopy 

func (in *AzureUnsealConfig) DeepCopy() *AzureUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureUnsealConfig.

func (*AzureUnsealConfig) DeepCopyInto 

func (in *AzureUnsealConfig) DeepCopyInto(out *AzureUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CredentialsConfig 

type CredentialsConfig struct {
	Env        string `json:"env"`
	Path       string `json:"path"`
	SecretName string `json:"secretName"`
}

CredentialsConfig configuration for a credentials file provided as a secret

func (*CredentialsConfig) DeepCopy 

func (in *CredentialsConfig) DeepCopy() *CredentialsConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsConfig.

func (*CredentialsConfig) DeepCopyInto 

func (in *CredentialsConfig) DeepCopyInto(out *CredentialsConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GoogleUnsealConfig 

type GoogleUnsealConfig struct {
	KMSKeyRing    string `json:"kmsKeyRing"`
	KMSCryptoKey  string `json:"kmsCryptoKey"`
	KMSLocation   string `json:"kmsLocation"`
	KMSProject    string `json:"kmsProject"`
	StorageBucket string `json:"storageBucket"`
}

GoogleUnsealConfig holds the parameters for Google KMS based unsealing

func (*GoogleUnsealConfig) DeepCopy 

func (in *GoogleUnsealConfig) DeepCopy() *GoogleUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleUnsealConfig.

func (*GoogleUnsealConfig) DeepCopyInto 

func (in *GoogleUnsealConfig) DeepCopyInto(out *GoogleUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ingress 

type Ingress struct {
	Annotations map[string]string   `json:"annotations,omitempty"`
	Spec        v1beta1.IngressSpec `json:"spec,omitempty"`
}

Ingress specification for the Vault cluster

func (*Ingress) DeepCopy 

func (in *Ingress) DeepCopy() *Ingress

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress.

func (*Ingress) DeepCopyInto 

func (in *Ingress) DeepCopyInto(out *Ingress)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesUnsealConfig 

type KubernetesUnsealConfig struct {
	SecretNamespace string `json:"secretNamespace"`
	SecretName      string `json:"secretName"`
}

KubernetesUnsealConfig holds the parameters for Kubernetes based unsealing

func (*KubernetesUnsealConfig) DeepCopy 

func (in *KubernetesUnsealConfig) DeepCopy() *KubernetesUnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUnsealConfig.

func (*KubernetesUnsealConfig) DeepCopyInto 

func (in *KubernetesUnsealConfig) DeepCopyInto(out *KubernetesUnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Resources 

type Resources struct {
	Vault              *v1.ResourceRequirements `json:"vault,omitempty"`
	BankVaults         *v1.ResourceRequirements `json:"bankVaults,omitempty"`
	Etcd               *v1.ResourceRequirements `json:"etcd,omitempty"`
	PrometheusExporter *v1.ResourceRequirements `json:"prometheusExporter,omitempty"`
}

Resources holds different container's ResourceRequirements

func (*Resources) DeepCopy 

func (in *Resources) DeepCopy() *Resources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Resources.

func (*Resources) DeepCopyInto 

func (in *Resources) DeepCopyInto(out *Resources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UnsealConfig 

type UnsealConfig struct {
	Options    UnsealOptions          `json:"options,omitempty"`
	Kubernetes KubernetesUnsealConfig `json:"kubernetes,omitempty"`
	Google     *GoogleUnsealConfig    `json:"google,omitempty"`
	Alibaba    *AlibabaUnsealConfig   `json:"alibaba,omitempty"`
	Azure      *AzureUnsealConfig     `json:"azure,omitempty"`
	AWS        *AWSUnsealConfig       `json:"aws,omitempty"`
}

UnsealConfig represents the UnsealConfig field of a VaultSpec Kubernetes object

func (*UnsealConfig) DeepCopy 

func (in *UnsealConfig) DeepCopy() *UnsealConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsealConfig.

func (*UnsealConfig) DeepCopyInto 

func (in *UnsealConfig) DeepCopyInto(out *UnsealConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UnsealConfig) ToArgs 

func (usc *UnsealConfig) ToArgs(vault *Vault) []string

ToArgs returns the UnsealConfig as and argument array for bank-vaults

type UnsealOptions 

type UnsealOptions struct {
	PreFlightChecks *bool `json:"preFlightChecks,omitempty"`
}

UnsealOptions represents the common options to all unsealing backends

func (*UnsealOptions) DeepCopy 

func (in *UnsealOptions) DeepCopy() *UnsealOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsealOptions.

func (*UnsealOptions) DeepCopyInto 

func (in *UnsealOptions) DeepCopyInto(out *UnsealOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (UnsealOptions) ToArgs 

func (uso UnsealOptions) ToArgs() []string

type Vault 

type Vault struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultSpec   `json:"spec,omitempty"`
	Status VaultStatus `json:"status,omitempty"`
}

+genclient +genclient:noStatus +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +k8s:openapi-gen=true

func (*Vault) DeepCopy 

func (in *Vault) DeepCopy() *Vault

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Vault.

func (*Vault) DeepCopyInto 

func (in *Vault) DeepCopyInto(out *Vault)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Vault) DeepCopyObject 

func (in *Vault) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Vault) GetIngress 

func (vault *Vault) GetIngress() *Ingress

GetIngress the Ingress configuration for Vault if any

type VaultConfig 

type VaultConfig map[string]interface{}

func (VaultConfig) DeepCopy 

func (c VaultConfig) DeepCopy() VaultConfig

func (VaultConfig) DeepCopyInto 

func (in VaultConfig) DeepCopyInto(out *VaultConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultExternalConfig 

type VaultExternalConfig map[string]interface{}

func (VaultExternalConfig) DeepCopy 

func (c VaultExternalConfig) DeepCopy() VaultExternalConfig

func (VaultExternalConfig) DeepCopyInto 

func (in VaultExternalConfig) DeepCopyInto(out *VaultExternalConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultList 

type VaultList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Vault `json:"items"`
}

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*VaultList) DeepCopy 

func (in *VaultList) DeepCopy() *VaultList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultList.

func (*VaultList) DeepCopyInto 

func (in *VaultList) DeepCopyInto(out *VaultList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultList) DeepCopyObject 

func (in *VaultList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultSpec 

type VaultSpec struct {

	// Size defines the number of Vault instances in the cluster (>= 1 means HA)
	// default: 1
	Size int32 `json:"size"`

	// Image specifies the Vault image to use for the Vault instances
	// default: library/vault:latest
	Image string `json:"image"`

	// BankVaultsImage specifies the Bank Vaults image to use for Vault unsealing and configuration
	// default: banzaicloud/bank-vaults:latest
	BankVaultsImage string `json:"bankVaultsImage"`

	// StatsDDisabled specifies if StatsD based metrics should be disabled
	// default: false
	StatsDDisabled bool `json:"statsdDisabled"`

	// StatsDImage specifices the StatsD image to use for Vault metrics exportation
	// default: prom/statsd-exporter:latest
	StatsDImage string `json:"statsdImage"`

	// FluentDEnabled specifies if FluentD based log exportation should be enabled
	// default: false
	FluentDEnabled bool `json:"fluentdEnabled"`

	// FluentDImage specifices the FluentD image to use for Vault log exportation
	// default: fluent/fluentd:stable
	FluentDImage string `json:"fluentdImage"`

	// FluentDConfig specifices the FluentD configuration to use for Vault log exportation
	// default:
	FluentDConfig string `json:"fluentdConfig"`

	// WatchedSecretsLabels specifices a set of Kubernetes label selectors which select Secrets to watch.
	// If these Secrets change the Vault cluster gets restarted. For example a Secret that Cert-Manager is
	// managing a public Certificate for Vault using let's Encrypt.
	// default:
	WatchedSecretsLabels []map[string]string `json:"watchedSecretsLabels"`

	// Annotations define a set of common Kubernetes annotations that will be added to all operator managed resources.
	// default:
	Annotations map[string]string `json:"annotations"`

	// VaultAnnotations define a set of Kubernetes annotations that will be added to all Vault Pods.
	// default:
	VaultAnnotations map[string]string `json:"vaultAnnotations"`

	// VaultLabels define a set of Kubernetes labels that will be added to all Vault Pods.
	// default:
	VaultLabels map[string]string `json:"vaultLabels"`

	// VaultPodSpec is a Kubernetes Pod specification snippet (`spec:` block) that will be merged into the operator generated
	// Vault Pod specification.
	// default:
	VaultPodSpec v1.PodSpec `json:"vaultPodSpec"`

	// VaultConfigurerAnnotations define a set of Kubernetes annotations that will be added to the Vault Configurer Pod.
	// default:
	VaultConfigurerAnnotations map[string]string `json:"vaultConfigurerAnnotations"`

	// VaultConfigurerLabels define a set of Kubernetes labels that will be added to all Vault Configurer Pod.
	// default:
	VaultConfigurerLabels map[string]string `json:"vaultConfigurerLabels"`

	// VaultConfigurerPodSpec is a Kubernetes Pod specification snippet (`spec:` block) that will be merged into
	// the operator generated Vault Configurer Pod specification.
	// default:
	VaultConfigurerPodSpec v1.PodSpec `json:"vaultConfigurerPodSpec"`

	// Config is the Vault Server configuration. See https://www.vaultproject.io/docs/configuration/ for more details.
	// default:
	Config VaultConfig `json:"config"`

	// ExternalConfig is higher level configuration block which instructs the Bank Vaults Configurer to configure Vault
	// through its API, thus allows setting up:
	// - Secret Engines
	// - Auth Methods
	// - Autid Devices
	// - Plugin Backends
	// - Policies
	// - Startup Secrets (Bank Vaults feature)
	// A documented example: https://github.com/banzaicloud/bank-vaults/blob/master/vault-config.yml
	// default:
	ExternalConfig VaultExternalConfig `json:"externalConfig"`

	// UnsealConfig defines where the Vault cluster's unseal keys and root token should be stored after initialization.
	// See the type's documentation for more details. Only one method may be specified.
	// default: Kubernetes Secret based unsealing
	UnsealConfig UnsealConfig `json:"unsealConfig"`

	// CredentialsConfig defines a external Secret for Vault and how it should be mounted to the Vault Pod
	// for example accessing Cloud resources.
	// default:
	CredentialsConfig CredentialsConfig `json:"credentialsConfig"`

	// EnvsConfig is a list of Kubernetes environment variable definitions that will be passed to all Bank-Vaults pods.
	// default:
	EnvsConfig []v1.EnvVar `json:"envsConfig"`

	// SecurityContext is a Kubernetes PodSecurityContext that will be applied to all Pods created by the operator.
	// default:
	SecurityContext v1.PodSecurityContext `json:"securityContext,omitempty"`

	// EtcdVersion is the ETCD version of the automatically provisioned ETCD cluster
	// default: "3.1.15"
	EtcdVersion string `json:"etcdVersion"`

	// EtcdSize is the size of the automatically provisioned ETCD cluster, -1 will disable automatic cluster provisioning.
	// The cluster is only provisioned if it is detected from the Vault configuration that it would like to use
	// ETCD as the storage backend. If not odd it will be changed always to the next (< etcdSize) odd number.
	// default: 3
	EtcdSize int `json:"etcdSize"`

	// EtcdRepository is the repository used to pull the etcd imaegs
	// default:
	EtcdRepository string `json:"etcdRepository,omitempty"`

	// BusyBox image used for the etcd pod init container
	// default:
	EtcdPodBusyBoxImage string `json:"etcdPodBusyBoxImage,omitempty"`

	// EtcdAnnotations define a set of Kubernetes annotations that will be added to ETCD Cluster CR.
	// default:
	EtcdAnnotations map[string]string `json:"etcdAnnotations,omitempty"`

	// EtcdPodAnnotations define a set of Kubernetes annotations that will be added to ETCD Pods.
	// default:
	EtcdPodAnnotations map[string]string `json:"etcdPodAnnotations,omitempty"`

	// EtcdPVCSpec is a Kuberrnetes PersistentVolumeClaimSpec that will be used by the ETCD Pods.
	// emptyDir is used if not defined (no persistence).
	// default:
	EtcdPVCSpec *v1.PersistentVolumeClaimSpec `json:"etcdPVCSpec,omitempty"`

	// ServiceType is a Kuberrnetes Service type of the Vault Service.
	// default: ClusterIP
	ServiceType string `json:"serviceType"`

	// ServicePorts is an extra map of ports that should be exposed by the Vault Service.
	// default:
	ServicePorts map[string]int32 `json:"servicePorts"`

	// PodAntiAffinity is the TopologyKey in the Vault Pod's PodAntiAffinity.
	// No PodAntiAffinity is used if empty.
	// default:
	PodAntiAffinity string `json:"podAntiAffinity"`

	// NodeAffinity is Kubernetees NodeAffinity definition that should be applied to all Vault Pods.
	// default:
	NodeAffinity v1.NodeAffinity `json:"nodeAffinity"`

	// NodeSelector is Kubernetees NodeSelector definition that should be applied to all Vault Pods.
	// default:
	NodeSelector map[string]string `json:"nodeSelector"`

	// Tolerations is Kubernetes Tolerations definition that should be applied to all Vault Pods.
	// default:
	Tolerations []v1.Toleration `json:"tolerations"`

	// ServiceAccount is Kubernetes ServiceAccount in which the Vault Pods should be running in.
	// default: default
	ServiceAccount string `json:"serviceAccount"`

	// Volumes define some extra Kubernetes Volumes for the Vault Pods.
	// default:
	Volumes []v1.Volume `json:"volumes,omitempty"`

	// VolumeMounts define some extra Kubernetes Volume mounts for the Vault Pods.
	// default:
	VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"`

	// VolumeClaimTemplates define some extra Kubernetes PersistentVolumeClaim templates for the Vault Statefulset.
	// default:
	VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`

	// VaultEnvsConfig is a list of Kubernetes environment variable definitions that will be passed to Vault Pods.
	// default:
	VaultEnvsConfig []v1.EnvVar `json:"vaultEnvsConfig"`

	// Resources defines the resource limits for all the resources created by the operator.
	// See the type for more details.
	// default:
	Resources *Resources `json:"resources,omitempty"`

	// Ingress, if it is specified the operator will create an Ingress resource for the Vault Service and
	// will annotate it with the correct Ingress annotations specific to the TLS settings in the configuration.
	// See the type for more details.
	// default:
	Ingress *Ingress `json:"ingress,omitempty"`

	// ServiceMonitorEnabled enables the creation of Prometheus Operator specific ServiceMonitor for Vault.
	// default: false
	ServiceMonitorEnabled bool `json:"serviceMonitorEnabled,omitempty"`

	// TLSExpiryThreshold is the Vault TLS certificate expiration threshold in Go's Duration format.
	// default: 168h
	TLSExpiryThreshold *time.Duration `json:"tlsExpiryThreshold,omitempty"`

	// CANamespaces define a list of namespaces where the generated CA certificate for Vault should be distributed,
	// use ["*"] for all namespaces.
	// default:
	CANamespaces []string `json:"caNamespaces,omitempty"`
}

VaultSpec defines the desired state of Vault Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file

func (*VaultSpec) ConfigJSON 

func (spec *VaultSpec) ConfigJSON() string

ConfigJSON returns the Config field as a JSON string

func (*VaultSpec) DeepCopy 

func (in *VaultSpec) DeepCopy() *VaultSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSpec.

func (*VaultSpec) DeepCopyInto 

func (in *VaultSpec) DeepCopyInto(out *VaultSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSpec) ExternalConfigJSON 

func (spec *VaultSpec) ExternalConfigJSON() string

ExternalConfigJSON returns the ExternalConfig field as a JSON string

func (*VaultSpec) GetAnnotations 

func (spec *VaultSpec) GetAnnotations() map[string]string

GetAnnotations returns the Common Annotations

func (*VaultSpec) GetBankVaultsImage 

func (spec *VaultSpec) GetBankVaultsImage() string

GetBankVaultsImage returns the bank-vaults image to use

func (*VaultSpec) GetEtcdSize 

func (spec *VaultSpec) GetEtcdSize() int

GetEtcdSize returns the number of etcd pods to use

func (*VaultSpec) GetEtcdVersion 

func (spec *VaultSpec) GetEtcdVersion() string

GetEtcdVersion returns the etcd version to use

func (*VaultSpec) GetFluentDImage 

func (spec *VaultSpec) GetFluentDImage() string

GetFluentDImage returns the FluentD image to use

func (*VaultSpec) GetServiceAccount 

func (spec *VaultSpec) GetServiceAccount() string

GetServiceAccount returns the Kubernetes Service Account to use for Vault

func (*VaultSpec) GetStatsDImage 

func (spec *VaultSpec) GetStatsDImage() string

GetStatsDImage returns the StatsD image to use

func (*VaultSpec) GetStorage 

func (spec *VaultSpec) GetStorage() map[string]interface{}

GetStorage returns Vault's storage stanza

func (*VaultSpec) GetStorageType 

func (spec *VaultSpec) GetStorageType() string

GetStorageType returns the type of Vault's storage stanza

func (*VaultSpec) GetTLSDisable 

func (spec *VaultSpec) GetTLSDisable() bool

GetTLSDisable returns if Vault's TLS should be disabled

func (*VaultSpec) GetTLSExpiryThreshold 

func (spec *VaultSpec) GetTLSExpiryThreshold() time.Duration

GetTLSExpiryThreshold returns the Vault TLS certificate expiration threshold

func (*VaultSpec) GetVaultAnnotations 

func (spec *VaultSpec) GetVaultAnnotations() map[string]string

GetVaultAnnotations returns the Vault Pod , Secret and ConfigMap Annotations

func (*VaultSpec) GetVaultConfigurerAnnotations 

func (spec *VaultSpec) GetVaultConfigurerAnnotations() map[string]string

GetVaultConfigurerAnnotations returns the Vault Configurer Pod Annotations

func (*VaultSpec) GetVaultConfigurerLabels 

func (spec *VaultSpec) GetVaultConfigurerLabels() map[string]string

GetVaultConfigurerLabels returns the Vault Configurer Pod Labels

func (*VaultSpec) GetVaultImage 

func (spec *VaultSpec) GetVaultImage() string

GetVaultImage returns the Vault image to use

func (*VaultSpec) GetVaultLabels 

func (spec *VaultSpec) GetVaultLabels() map[string]string

GetVaultLAbels returns the Vault Pod , Secret and ConfigMap Labels

func (*VaultSpec) GetVersion 

func (spec *VaultSpec) GetVersion() (*semver.Version, error)

GetVersion returns the version of Vault

func (*VaultSpec) GetWatchedSecretsLabels 

func (spec *VaultSpec) GetWatchedSecretsLabels() []map[string]string

GetWatchedSecretsLabels returns the set of labels for secrets to watch in the vault namespace

func (*VaultSpec) HasHAStorage 

func (spec *VaultSpec) HasHAStorage() bool

HasHAStorage detects if Vault is configured to use a storage backend which supports High Availability or if it has ha_storage stanza, then doesn't check for ha_enabled flag

func (*VaultSpec) HasStorageHAEnabled 

func (spec *VaultSpec) HasStorageHAEnabled() bool

HasStorageHAEnabled detects if the ha_enabled field is set to true in Vault's storage stanza

func (*VaultSpec) IsAutoUnseal 

func (spec *VaultSpec) IsAutoUnseal() bool

IsAutoUnseal checks if auto-unseal is configured

func (*VaultSpec) IsFluentDEnabled 

func (spec *VaultSpec) IsFluentDEnabled() bool

IsFluentDEnabled returns true if fluentd sidecar is to be deployed

func (*VaultSpec) IsRaftStorage 

func (spec *VaultSpec) IsRaftStorage() bool

IsRaftStorage checks if raft storage is configured

func (*VaultSpec) IsStatsDDisabled 

func (spec *VaultSpec) IsStatsDDisabled() bool

IsStatsDDisabled returns false if statsd sidecar is to be deployed

type VaultStatus 

type VaultStatus struct {
	// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
	Nodes  []string `json:"nodes"`
	Leader string   `json:"leader"`
}

VaultStatus defines the observed state of Vault

func (*VaultStatus) DeepCopy 

func (in *VaultStatus) DeepCopy() *VaultStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStatus.

func (*VaultStatus) DeepCopyInto 

func (in *VaultStatus) DeepCopyInto(out *VaultStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.