refhash

package module
v0.0.0-...-5c159d4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 27, 2023 License: 0BSD Imports: 8 Imported by: 0

README

KRM Filter - RefHash

Find references to secrets and configmaps and annotate their holder with checksums

Find all references to resource and annotate their holder with a checksum of the found reference. This allows to trigger a new deployment rollout or similar pod restarts when the content of the references resource has changed-

Examples

The function config is a simple configmap-like object containing options.

apiVersion: v1
kind: ConfigMap
metadata:
  name: hash
data:
  secret_kinds: Secret,SealedSecret
  configmap_kinds: ConfigMap

Run the function as standalone providing the function config and resources.

refhash fn-config.yaml - < resources.yaml

Documentation

Index

Constants

View Source 
const (
	KindSecret                = "Secret"
	KindConfigMap             = "ConfigMap"
	KindSealedSecret          = "SealedSecret"
	KindPod                   = "Pod"
	AnnotationChecksum        = "internal.refhash/checksum"
	AnnotationPodChecksumFstr = "%s.checksum/%s"
)

Variables

View Source 
var (
	DefaultSecretKinds    = []string{KindSecret, KindSealedSecret}
	DefaultConfigMapKinds = []string{KindConfigMap}
)
View Source 
var (
	PathVolumeSecrets           = []string{"spec", "volumes", "*", "secret", "secretName"}
	PathVolumeConfigMaps        = []string{"spec", "volumes", "*", "configMap", "name"}
	PathContainerEnvSecrets     = []string{"spec", "containers", "*", "env", "*", "valueFrom", "secretKeyRef", "name"}
	PathContainerEnvConfigMaps  = []string{"spec", "containers", "*", "env", "*", "valueFrom", "configMapKeyRef", "name"}
	PathContainerEnvFromSecrets = []string{"spec", "containers", "*", "envFrom", "*", "secretRef", "name"}
	PathContainerEnvFromConfigs = []string{"spec", "containers", "*", "envFrom", "*", "configMapRef", "name"}
)

the matchers will always return a sequence node, meaning any filter after them need to anticipate the sequence and handle it accordingly

Functions

func MatchPath 

func MatchPath(path ...string) yaml.Filter

func Processor 

func Processor() framework.ResourceListProcessor

This processor finds potential ref sources in the input node list and annotates pods with their checksum where applicable.

Types

type Data 

type Data struct {
	// kinds that can be secret ref sources
	SecretKinds util.CSV `json:"secrets_kinds,omitempty"`
	// kinds that can be configMap sources
	ConfigMapKinds util.CSV `json:"configmap_kinds,omitempty"`
}

type FunctionConfig 

type FunctionConfig struct {
	Data Data `json:"data,omitempty"`
}

func (*FunctionConfig) Default 

func (config *FunctionConfig) Default() error

type RefHasher 

type RefHasher struct {
	SecretKinds    []string
	ConfigMapKinds []string
	Refs           []*yaml.RNode
	Results        framework.Results
	// contains filtered or unexported fields
}

the ref hasher implements a yaml filter

func (*RefHasher) Each 

func (rh *RefHasher) Each(objects []*yaml.RNode) ([]*yaml.RNode, error)

call the filter func for each element in the node list this methods implements the kio.Filter interface

func (*RefHasher) Filter 

func (rh *RefHasher) Filter(parent *yaml.RNode) (*yaml.RNode, error)

the filter filters by pod and finds references to secrets and configmap in the pod spec. Each found reference is matched against the Refs list known to the hasher and if a match is found, an annotation with the ref sources checksum is added to the pod spec. This method implements the yaml.Filter interface

Source Files

View all Source files

Directories

Path Synopsis
cmd
refhash
Code generated by "mdtogo"; DO NOT EDIT.
 Code generated by "mdtogo"; DO NOT EDIT.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.