Documentation
¶
Index ¶
- type AuditConfig
- type Brand
- type CA
- type Calico
- type CertManager
- type Cluster
- type ConfigMapReloader
- type Connection
- type Consul
- type DB
- type Dashboard
- type DynamicDNS
- type ECK
- type Elasticsearch
- type Enabled
- type Filebeat
- type FluentdOperator
- type GitOps
- type Grafana
- type Harbor
- type HarborProject
- type HarborSettings
- type Kubernetes
- type Ldap
- type LdapAccessConfig
- type LdapE2E
- type Machine
- type Memory
- type Monitoring
- type MonitoringE2E
- type NFS
- type NSX
- type Nginx
- type NodeLocalDNS
- type NsxCOE
- type NsxHA
- type NsxK8s
- type NsxNodeAgent
- type NsxV3
- type OAuth2Proxy
- type OPA
- type OPAE2E
- type Persistence
- type PlatformConfig
- type PostgresOperator
- type Prometheus
- type RegistryCredentials
- type RegistryCredentialsACR
- type RegistryCredentialsDPR
- type RegistryCredentialsECR
- type RegistryCredentialsGCR
- type S3
- type S3E2E
- type SMTP
- type SealedSecrets
- type Thanos
- type ThanosE2E
- type VM
- type Vault
- type VaultClient
- type VaultPolicy
- type VaultPolicyPath
- type Velero
- type Versions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditConfig ¶
type AuditConfig struct {
PolicyFile string `yaml:"policyFile,omitempty"`
}
AuditConfig is used to specify the audit policy file. If a policy file is specified them cluster auditing is enabled. Configure additional `--audit-log-*` flags under kubernetes.apiServerExtraArgs
type Calico ¶
type Calico struct {
Disabled bool `yaml:"disabled,omitempty"`
IPIP calico.IPIPMode `yaml:"ipip"`
VxLAN calico.VXLANMode `yaml:"vxlan"`
Version string `yaml:"version,omitempty"`
Log string `yaml:"log,omitempty"`
BGPPeers []calico.BGPPeer `yaml:"bgpPeers,omitempty"`
BGPConfig calico.BGPConfiguration `yaml:"bgpConfig,omitempty"`
IPPools []calico.IPPool `yaml:"ipPools,omitempty"`
}
type CertManager ¶
type CertManager struct {
Version string `yaml:"version"`
// Details of a vault server to use for signing ingress certificates
Vault *VaultClient `yaml:"vault,omitempty"`
}
type ConfigMapReloader ¶
type Connection ¶
type Connection struct {
URL string `yaml:"url"`
User string `yaml:"user,omitempty"`
Password string `yaml:"password,omitempty"`
Port string `yaml:"port,omitempty"`
Scheme string `yaml:"scheme,omitempty"`
Verify string `yaml:"verify,omitempty"`
}
func (Connection) GetURL ¶
func (c Connection) GetURL() string
type DB ¶
type DB struct {
Host string `yaml:"host"`
Username string `yaml:"username"`
Password string `yaml:"password"`
Port int `yaml:"port"`
}
func (DB) GetConnectionURL ¶
type Dashboard ¶
type Dashboard struct {
Enabled
AccessRestricted LdapAccessConfig `yaml:"accessRestricted,omitempty"`
}
type DynamicDNS ¶
type DynamicDNS struct {
Disabled bool `yaml:"disabled,omitempty"`
Nameserver string `yaml:"nameserver,omitempty"`
Key string `yaml:"key,omitempty"`
KeyName string `yaml:"keyName,omitempty"`
Algorithm string `yaml:"algorithm,omitempty"`
Zone string `yaml:"zone,omitempty"`
AccessKey string `yaml:"accessKey,omitempty"`
SecretKey string `yaml:"secretKey,omitempty"`
Type string `yaml:"type,omitempty"`
}
type Elasticsearch ¶
type Elasticsearch struct {
Version string `yaml:"version"`
Mem *Memory `yaml:"mem,omitempty"`
Replicas int `yaml:"replicas,omitempty"`
Persistence *Persistence `yaml:"persistence,omitempty"`
Disabled bool `yaml:"disabled,omitempty"`
}
type Filebeat ¶
type Filebeat struct {
Version string `yaml:"version"`
Disabled bool `yaml:"disabled,omitempty"`
Elasticsearch *Connection `yaml:"elasticsearch,omitempty"`
Logstash *Connection `yaml:"logstash,omitempty"`
}
type FluentdOperator ¶
type FluentdOperator struct {
Disabled bool `yaml:"disabled,omitempty"`
Version string `yaml:"version"`
Elasticsearch Connection `yaml:"elasticsearch,omitempty"`
DisableDefaultConfig bool `yaml:"disableDefaultConfig"`
}
type GitOps ¶
type GitOps struct {
// The name of the gitops deployment, defaults to namespace name
Name string `yaml:"name,omitempty"`
// Do not scan container image registries to fill in the registry cache, implies `--git-read-only` (default: true)
DisableScanning *bool `yaml:"disableScanning,omitempty"`
// The namespace to deploy the GitOps operator into, if empty then it will be deployed cluster-wide into kube-system
Namespace string `yaml:"namespace,omitempty"`
// The URL to git repository to clone
GitURL string `yaml:"gitUrl"`
// The git branch to use (default: `master`)
GitBranch string `yaml:"gitBranch,omitempty"`
// The path with in the git repository to look for YAML in (default: `.`)
GitPath string `yaml:"gitPath,omitempty"`
// The frequency with which to fetch the git repository (default: `5m0s`)
GitPollInterval string `yaml:"gitPollInterval,omitempty"`
// The frequency with which to sync the manifests in the repository to the cluster (default: `5m0s`)
SyncInterval string `yaml:"syncInterval,omitempty"`
// The Kubernetes secret to use for cloning, if it does not exist it will be generated (default: `flux-$name-git-deploy`)
GitKey string `yaml:"gitKey,omitempty"`
// The contents of the known_hosts file to mount into Flux and helm-operator
KnownHosts string `yaml:"knownHosts,omitempty"`
// The contents of the ~/.ssh/config file to mount into Flux and helm-operator
SSHConfig string `yaml:"sshConfig,omitempty"`
// The version to use for flux (default: 1.9.0 )
FluxVersion string `yaml:"fluxVersion,omitempty"`
// a map of args to pass to flux without -- prepended. See [fluxd](https://docs.fluxcd.io/en/1.19.0/references/daemon/) for a full list
Args map[string]string `yaml:"args,omitempty"`
}
type Harbor ¶
type Harbor struct {
Disabled bool `yaml:"disabled,omitempty"`
Version string `yaml:"version,omitempty"`
ChartVersion string `yaml:"chartVersion,omitempty"`
AdminPassword string `yaml:"-"`
ClairVersion string `yaml:"clairVersion"`
RegistryVersion string `yaml:"registryVersion"`
// Logging level for various components, valid options are `info`,`warn`,`debug` (default: `warn`)
LogLevel string `yaml:"logLevel,omitempty"`
DB *DB `yaml:"db,omitempty"`
URL string `yaml:"url,omitempty"`
Projects map[string]HarborProject `yaml:"projects,omitempty"`
Settings *HarborSettings `yaml:"settings,omitempty"`
Replicas int `yaml:"replicas,omitempty"`
// S3 bucket for the docker registry to use
Bucket string `yaml:"bucket"`
}
type HarborProject ¶
type HarborSettings ¶
type HarborSettings struct {
AuthMode string `json:"auth_mode,omitempty" yaml:"auth_mode,omitempty"`
EmailFrom string `json:"email_from,omitempty" yaml:"email_from,omitempty"`
EmailHost string `json:"email_host,omitempty" yaml:"email_host,omitempty"`
EmailIdentity string `json:"email_identity,omitempty" yaml:"email_identity,omitempty"`
EmailPassword string `json:"email_password,omitempty" yaml:"email_password,omitempty"`
EmailInsecure string `json:"email_insecure,omitempty" yaml:"email_insecure,omitempty"`
EmailPort string `json:"email_port,omitempty" yaml:"email_port,omitempty"`
EmailSsl *bool `json:"email_ssl,omitempty" yaml:"email_ssl,omitempty"`
EmailUsername string `json:"email_username,omitempty" yaml:"email_username,omitempty"`
LdapURL string `json:"ldap_url,omitempty" yaml:"ldap_url,omitempty"`
LdapBaseDN string `json:"ldap_base_dn,omitempty" yaml:"ldap_base_dn,omitempty"`
LdapFilter string `json:"ldap_filter,omitempty" yaml:"ldap_filter,omitempty"`
LdapScope string `json:"ldap_scope,omitempty" yaml:"ldap_scope,omitempty"`
LdapSearchDN string `json:"ldap_search_dn,omitempty" yaml:"ldap_search_dn,omitempty"`
LdapSearchPassword string `json:"ldap_search_password,omitempty" yaml:"ldap_search_password,omitempty"`
LdapTimeout string `json:"ldap_timeout,omitempty" yaml:"ldap_timeout,omitempty"`
LdapUID string `json:"ldap_uid,omitempty" yaml:"ldap_uid,omitempty"`
LdapVerifyCert *bool `json:"ldap_verify_cert,omitempty" yaml:"ldap_verify_cert,omitempty"`
LdapGroupAdminDN string `json:"ldap_group_admin_dn,omitempty" yaml:"ldap_group_admin_dn,omitempty"`
LdapGroupAttributeName string `json:"ldap_group_attribute_name,omitempty" yaml:"ldap_group_attribute_name,omitempty"`
LdapGroupBaseDN string `json:"ldap_group_base_dn,omitempty" yaml:"ldap_group_base_dn,omitempty"`
LdapGroupSearchFilter string `json:"ldap_group_search_filter,omitempty" yaml:"ldap_group_search_filter,omitempty"`
LdapGroupSearchScope string `json:"ldap_group_search_scope,omitempty" yaml:"ldap_group_search_scope,omitempty"`
LdapGroupMembershipAttribute string `json:"ldap_group_membership_attribute,omitempty" yaml:"ldap_group_membership_attribute,omitempty"`
ProjectCreationRestriction string `json:"project_creation_restriction,omitempty" yaml:"project_creation_restriction,omitempty"`
ReadOnly string `json:"read_only,omitempty" yaml:"read_only,omitempty"`
SelfRegistration *bool `json:"self_registration,omitempty" yaml:"self_registration,omitempty"`
TokenExpiration int `json:"token_expiration,omitempty" yaml:"token_expiration,omitempty"`
OidcName string `json:"oidc_name,omitempty" yaml:"oidc_name,omitempty"`
OidcEndpoint string `json:"oidc_endpoint,omitempty" yaml:"oidc_endpoint,omitempty"`
OidcClientID string `json:"oidc_client_id,omitempty" yaml:"oidc_client_id,omitempty"`
OidcClientSecret string `json:"oidc_client_secret,omitempty" yaml:"oidc_client_secret,omitempty"`
OidcScope string `json:"oidc_scope,omitempty" yaml:"oidc_scope,omitempty"`
OidcVerifyCert string `json:"oidc_verify_cert,omitempty" yaml:"oidc_verify_cert,omitempty"`
RobotTokenDuration int `json:"robot_token_duration,omitempty" yaml:"robot_token_duration,omitempty"`
}
type Kubernetes ¶
type Kubernetes struct {
Version string `yaml:"version"`
// Configure additional kubelet [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/)
KubeletExtraArgs map[string]string `yaml:"kubeletExtraArgs,omitempty"`
// Configure additional kube-controller-manager [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
ControllerExtraArgs map[string]string `yaml:"controllerExtraArgs,omitempty"`
// Configure additional kube-scheduler [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/)
SchedulerExtraArgs map[string]string `yaml:"schedulerExtraArgs,omitempty"`
// Configure additional kube-apiserver [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/)
APIServerExtraArgs map[string]string `yaml:"apiServerExtraArgs,omitempty"`
// Configure additional etcd [flags](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md)
EtcdExtraArgs map[string]string `yaml:"etcdExtraArgs,omitempty"`
MasterIP string `yaml:"masterIP,omitempty"`
// Configure Kubernetes auditing
AuditConfig AuditConfig `yaml:"auditing,omitempty"`
}
func (*Kubernetes) UnmarshalYAML ¶
func (c *Kubernetes) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML is used to customize the YAML unmarshalling of Kubernetes objects. It makes sure that if a audit policy is specified that a default audit-log-path will be supplied.
type Ldap ¶
type Ldap struct {
Disabled bool `yaml:"disabled,omitempty"`
Host string `yaml:"host,omitempty"`
Port string `yaml:"port,omitempty"`
Username string `yaml:"username,omitempty"`
Password string `yaml:"password,omitempty"`
Domain string `yaml:"domain,omitempty"`
// Members of this group will become cluster-admins
AdminGroup string `yaml:"adminGroup,omitempty"`
UserDN string `yaml:"userDN,omitempty"`
GroupDN string `yaml:"groupDN,omitempty"`
// GroupObjectClass is used for searching user groups in LDAP. Default is `group` for Active Directory and `groupOfNames` for Apache DS
GroupObjectClass string `yaml:"groupObjectClass,omitempty"`
// GroupNameAttr is the attribute used for returning group name in OAuth tokens. Default is `name` in ActiveDirectory and `DN` in Apache DS
GroupNameAttr string `yaml:"groupNameAttr,omitempty"`
E2E LdapE2E `yaml:"e2e,omitempty"`
}
func (Ldap) GetConnectionURL ¶
type LdapAccessConfig ¶
type Machine ¶
type Machine interface {
String() string
WaitForPoweredOff() error
GetIP(timeout time.Duration) (string, error)
WaitForIP() (string, error)
SetAttributes(attributes map[string]string) error
GetAttributes() (map[string]string, error)
Shutdown() error
PowerOff() error
Terminate() error
Name() string
GetAge() time.Duration
GetTemplate() string
IP() string
}
Machine represents a running instance of a VM
type Monitoring ¶
type Monitoring struct {
Disabled bool `yaml:"disabled,omitempty"`
AlertEmail string `yaml:"alert_email,omitempty"`
Version string `yaml:"version,omitempty" json:"version,omitempty"`
Prometheus Prometheus `yaml:"prometheus,omitempty" json:"prometheus,omitempty"`
Grafana Grafana `yaml:"grafana,omitempty" json:"grafana,omitempty"`
AlertManager string `yaml:"alertMmanager,omitempty"`
KubeStateMetrics string `yaml:"kubeStateMetrics,omitempty"`
KubeRbacProxy string `yaml:"kubeRbacProxy,omitempty"`
NodeExporter string `yaml:"nodeExporter,omitempty"`
AddonResizer string `yaml:"addonResizer,omitempty"`
PrometheusOperator string `yaml:"prometheus_operator,omitempty"`
E2E MonitoringE2E `yaml:"e2e,omitempty"`
}
type MonitoringE2E ¶
type MonitoringE2E struct {
// MinAlertLevel is the minimum alert level for which E2E tests should fail. can be
// can be one of critical, warning, info
MinAlertLevel string `yaml:"minAlertLevel,omitempty"`
}
type NSX ¶
type NSX struct {
LoadBalancerIPPool string `yaml:"loadbalancer_ip_pool,omitempty"`
Tier0 string `yaml:"tier0,omitempty"`
Disabled bool `structs:"-" yaml:"disabled"`
Image string `structs:"-" yaml:""`
Version string `structs:"-" yaml:"version"`
// If set to true, the logging level will be set to DEBUG instead of the
// default INFO level.
Debug *bool `structs:"debug,omitempty" yaml:"debug,omitempty"`
// If set to true, log output to standard error.
UseStderr *bool `structs:"use_stderr,omitempty" yaml:"use_stderr,omitempty"`
// If set to true, use syslog for logging.
UseSyslog *bool `structs:"use_syslog,omitempty" yaml:"use_syslog,omitempty"`
// The base directory used for relative log_file paths.
LogDir string `structs:"log_dir,omitempty" yaml:"log_dir,omitempty"`
// Name of log file to send logging output to.
LogFile string `structs:"log_file,omitempty" yaml:"log_file,omitempty"`
// max MB for each compressed file. Defaults to 100 MB.
//log_rotation_file_max_mb = 100
LogRotationFileMaxMb *int `structs:"log_rotation_file_max_mb,omitempty" yaml:"log_rotation_file_max_mb,omitempty"`
// Total number of compressed backup files to store. Defaults to 5.
LogRotationBackupCount *int `structs:"log_rotation_backup_count,omitempty" yaml:"log_rotation_backup_count,omitempty"`
// Specify the directory where nsx-python-logging is installed
NsxPythonLoggingPath string `structs:"nsx_python_logging_path,omitempty" yaml:"nsx_python_logging_path,omitempty"`
// Specify the directory where nsx-cli is installed
NsxCliPath string `structs:"nsx_cli_path,omitempty" yaml:"nsx_cli_path,omitempty"`
NsxV3 *NsxV3 `structs:"nsx_v3,omitempty" yaml:"nsx_v3,omitempty"`
NsxHA *NsxHA `structs:"ha,omitempty" yaml:"nsx_ha,omitempty"`
NsxCOE *NsxCOE `structs:"coe,omitempty" yaml:"coe,omitempty"`
NsxK8s *NsxK8s `structs:"k8s" yaml:"nsx_k8s,omitempty"`
NsxNodeAgent *NsxNodeAgent `structs:"nsx_node_agent" yaml:"nsx_node_agent,omitempty"`
}
type Nginx ¶
type Nginx struct {
Disabled bool `yaml:"disabled"`
// The version of the nginx controller to deploy (default: `0.25.1.flanksource.1`)
Version string `yaml:"version"`
// Disable access logs
DisableAccessLog bool `yaml:"disableAccessLog,omitempty"`
// Size of request body buffer (default: `16M`)
RequestBodyBuffer string `yaml:"requestBodyBuffer,omitempty"`
// Max size of request body (default: `32M`)
RequestBodyMax string `yaml:"requestBodyMax,omitempty"`
}
Configures the Nginx Ingress Controller, the controller Docker image is forked from upstream to include more LUA packages for OAuth. <br> To configure global settings not available below, override the <b>ingress-nginx/nginx-configuration</b> configmap with settings from [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/)
type NodeLocalDNS ¶
type NsxCOE ¶
type NsxCOE struct {
// Container orchestrator adaptor to plug in.
Adaptor string `structs:"adaptor,omitempty" yaml:"adaptor,omitempty"`
// Specify cluster for adaptor.
Cluster string `structs:"cluster,omitempty" yaml:"cluster,omitempty"`
// Log level for NCP operations
// Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
Loglevel string `structs:"loglevel,omitempty" yaml:"loglevel,omitempty"`
// Log level for NSX API client operations
// Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
NsxlibLoglevel string `structs:"nsxlib_loglevel,omitempty" yaml:"nsxlib_loglevel,omitempty"`
// Enable SNAT for all projects in this cluster
EnableSnat *bool `structs:"enable_snat,omitempty" yaml:"enable_snat,omitempty"`
// Option to enable profiling
Profiling *bool `structs:"profiling,omitempty" yaml:"profiling,omitempty"`
// The type of container host node
// Choices: HOSTVM BAREMETAL CLOUD WCP_WORKER
NodeType string `structs:"node_type,omitempty" yaml:"node_type,omitempty"`
// The time in seconds for NCP/nsx_node_agent to recover the connection to
// NSX manager/container orchestrator adaptor/Hyperbus before exiting. If
// the value is 0, NCP/nsx_node_agent wont exit automatically when the
// connection check fails
ConnectRetryTimeout *int `structs:"connect_retry_timeout,omitempty" yaml:"connect_retry_timeout,omitempty"`
}
type NsxHA ¶
type NsxHA struct {
// Time duration in seconds of mastership timeout. NCP instance will remain
// master for this duration after elected. Note that the heartbeat period
// plus the update timeout must not be greater than this period. This is
// done to ensure that the master instance will either confirm liveness or
// fail before the timeout.
MasterTimeout *int `structs:"master_timeout,omitempty"`
// Time in seconds between heartbeats for elected leader. Once an NCP
// instance is elected master, it will periodically confirm liveness based
// on this value.
HeartbeatPeriod *int `structs:"heartbeat_period,omitempty"`
// Timeout duration in seconds for update to election resource. The default
// value is calculated by subtracting heartbeat period from master timeout.
// If the update request does not complete before the timeout it will be
// aborted. Used for master heartbeats to ensure that the update fstructs:shes or
// is aborted before the master timeout occurs.
UpdateTimeout *int `structs:"update_timeout,omitempty"`
}
type NsxK8s ¶
type NsxK8s struct {
// Kubernetes API server IP address.
ApiserverHostIP string `structs:"apiserver_host_ip,omitempty" yaml:"apiserver_host_ip,omitempty"`
// Kubernetes API server port.
ApiserverHostPort string `structs:"apiserver_host_port,omitempty" yaml:"apiserver_host_port,omitempty"`
// Full path of the Token file to use for authenticating with the k8s API
// server.
ClientTokenFile string `structs:"client_token_file,omitempty" yaml:"client_token_file,omitempty"`
// Full path of the client certificate file to use for authenticating with
// the k8s API server. It must be specified together with
// "client_private_key_file".
ClientCertFile string `structs:"client_cert_file,omitempty" yaml:"client_cert_file,omitempty"`
ClientPrivateKeyFile string `structs:"client_private_key_file,omitempty" yaml:"client_private_key_file,omitempty"`
// Specify a CA bundle file to use in verifying the k8s API server
// certificate.
CaFile string `structs:"ca_file,omitempty" yaml:"ca_file,omitempty"`
// Specify whether ingress controllers are expected to be deployed in
// hostnework mode or as regular pods externally accessed via NAT
// Choices: hostnetwork nat
IngressMode string `structs:"ingress_mode,omitempty" yaml:"ingress_mode,omitempty"`
// Log level for the kubernetes adaptor
// Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
Loglevel string `structs:"loglevel,omitempty" yaml:"loglevel,omitempty"`
HTTPIngressPort *int `structs:"http_ingress_port,omitempty" yaml:"http_ingress_port,omitempty"`
// The default HTTPS ingress port
HTTPSIngressPort *int `structs:"https_ingress_port,omitempty" yaml:"https_ingress_port,omitempty"`
// Specify thread pool size to process resource events
ResourceWatcherThreadPoolSize *int `structs:"resource_watcher_thread_pool_size,omitempty" yaml:"resource_watcher_thread_pool_size,omitempty"`
// User specified IP address for HTTP and HTTPS ingresses
// nolint: golint, stylecheck
HttpAndHttpsIngressIp string `structs:"http_and_https_ingress_ip,omitempty" yaml:"http_and_https_ingress_ip,omitempty"`
// Set this to True to enable NCP to create segment port for VM through
// NsxNetworkInterface CRD.
EnableNsxNetifCrd *bool `structs:"enable_nsx_netif_crd,omitempty" yaml:"enable_nsx_netif_crd,omitempty"`
// Option to set the type of baseline cluster policy. ALLOW_CLUSTER creates
// an explicit baseline policy to allow any pod to communicate any other pod
// within the cluster. ALLOW_NAMESPACE creates an explicit baseline policy
// to allow pods within the same namespace to communicate with each other.
// By default, no baseline rule will be created and the cluster will assume
// the default behavior as specified by the backend.
// Choices: <None> allow_cluster allow_namespace
BaselinePolicyType string `structs:"baseline_policy_type,omitempty" yaml:"baseline_policy_type,omitempty"`
}
type NsxNodeAgent ¶
type NsxNodeAgent struct {
// The log level of NSX RPC library
// Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
LogLevel string `structs:"nsxrpc_loglevel,omitempty" yaml:"log_level,omitempty"`
// OVS bridge name
OvsBridge string `structs:"ovs_bridge,omitempty" yaml:"ovs_bridge,omitempty"`
// The OVS uplink OpenFlow port where to apply the NAT rules to.
OvsUplinkPort string `structs:"ovs_uplink_port,omit_empty" yaml:"ovs_uplink_port,omitempty"`
// The time in seconds for nsx_node_agent to wait CIF config from HyperBus
// before returning to CNI
ConfigRetryTimeout *int `structs:"config_retry_timeout,omitempty" yaml:"config_retry_timeout,omitempty"`
// The time in seconds for nsx_node_agent to backoff before re-using an
// existing cached CIF to serve CNI request. Must be less than config_retry_timeout.
ConfigReuseBackoffTime *int `structs:"config_reuse_backoff_time,omitempty" yaml:"config_reuse_backoff_time,omitempty"`
}
type NsxV3 ¶
type NsxV3 struct {
NsxAPIUser string `structs:"nsx_api_user,omitempty" yaml:"nsx_api_user,omitempty"`
NsxAPIPass string `structs:"nsx_api_password,omitempty" yaml:"nsx_api_password,omitempty"`
PolicyNSXAPI *bool `structs:"policy_nsxapi" yaml:"policy_nsxapi,omitempty"`
// Path to NSX client certificate file. If specified, the nsx_api_user and
// nsx_api_password options will be ignored. Must be specified along with
// nsx_api_private_key_file option
NsxAPICertFile string `structs:"nsx_api_cert_file,omitempty" yaml:"nsx_api_cert_file,omitempty"`
// Path to NSX client private key file. If specified, the nsx_api_user and
// nsx_api_password options will be ignored. Must be specified along with
// nsx_api_cert_file option
NsxAPIPrivateKeyFile string `structs:"nsx_api_private_key_file,omitempty" yaml:"nsx_api_private_key_file,omitempty"`
// IP address of one or more NSX managers separated by commas. The IP
// address should be of the form:
// [<scheme>://]<ip_adress>[:<port>]
// If
// scheme is not provided https is used. If port is not provided port 80 is
// used for http and port 443 for https.
NsxAPIManagers []string `structs:"nsx_api_managers,omitempty" yaml:"nsx_api_managers,omitempty"`
// is available to serve a request, and retry the request instead
ClusterUnavailableRetry *bool `structs:"cluster_unavailable_retry,omitempty" yaml:"cluster_unavailable_retry,omitempty"`
// Maximum number of times to retry API requests upon stale revision errors.
Retries *int `structs:"retries,omitempty" yaml:"retries,omitempty"`
// Specify one or a list of CA bundle files to use in verifying the NSX
// Manager server certificate. This option is ignored if "insecure" is set
// to True. If "insecure" is set to False and ca_file is unset, the system
// root CAs will be used to verify the server certificate.
CaFile []string `structs:"ca_file,omitempty" yaml:"ca_file,omitempty"`
// If true, the NSX Manager server certificate is not verified. If false the
// CA bundle specified via "ca_file" will be used or if unset the default
// system root CAs will be used.
Insecure *bool `structs:"insecure,omitempty" yaml:"insecure,omitempty"`
// The time in seconds before aborting a HTTP connection to a NSX manager.
HTTPTimeout *int `structs:"http_timeout,omitempty" yaml:"http_timeout,omitempty"`
// The time in seconds before aborting a HTTP read response from a NSX
// manager.
HTTPReadTimeout *int `structs:"http_read_timeout,omitempty" yaml:"http_read_timeout,omitempty"`
// Maximum number of times to retry a HTTP connection.
HTTPRetries *int `structs:"http_retries,omitempty" yaml:"http_retries,omitempty"`
// Maximum concurrent connections to each NSX manager.
ConcurrentConnections *int `structs:"concurrent_connections,omitempty" yaml:"concurrent_connections,omitempty"`
// The amount of time in seconds to wait before ensuring connectivity to the
// NSX manager if no manager connection has been used.
ConnIdltTimeout *int `structs:"conn_idlt_timeout,omitempty" yaml:"conn_idlt_timeout,omitempty"`
// Number of times a HTTP redirect should be followed.
Redirects *int `structs:"redirects,omitempty" yaml:"redirects,omitempty"`
// Subnet prefix of IP block.
SubnetPrefix *int `structs:"subnet_prefix,omitempty" yaml:"subnet_prefix,omitempty"`
// Indicates whether distributed firewall DENY rules are logged.
LogDroppedTraffic *bool `structs:"log_dropped_traffic,omitempty" yaml:"log_dropped_traffic,omitempty"`
// Option to use native load balancer or not
UseNativeLoadbalancer *bool `structs:"use_native_loadbalancer,omitempty" yaml:"use_native_loadbalancer,omitempty"`
// Option to auto scale layer 4 load balancer or not. If set to True, NCP
// will create additional LB when necessary upon K8s Service of type LB
// creation/update.
L4LBAutoScaling *bool `structs:"l_4_lb_auto_scaling,omitempty" yaml:"l_4_lb_auto_scaling,omitempty"`
// Option to use native load balancer or not when ingress class annotation
// is missing. Only effective if use_native_loadbalancer is set to true
DefaultIngressClassNsx *bool `structs:"default_ingress_class_nsx,omitempty" yaml:"default_ingress_class_nsx,omitempty"`
// Path to the default certificate file for HTTPS load balancing. Must be
// specified along with lb_priv_key_path option
LBDefaultCertPath string `structs:"lb_default_cert_path,omitempty" yaml:"lb_default_cert_path,omitempty"`
// Path to the private key file for default certificate for HTTPS load
// balancing. Must be specified along with lb_default_cert_path option
LBPrivKeyPath string `structs:"lb_priv_key_path,omitempty" yaml:"lb_priv_key_path,omitempty"`
// Option to set load balancing algorithm in load balancer pool object.
// Choices: ROUND_ROBIN LEAST_CONNECTION IP_HASH WEIGHTED_ROUND_ROBIN
PoolAlgorithm string `structs:"pool_algorithm,omitempty" yaml:"pool_algorithm,omitempty"`
// Option to set load balancer service size. MEDIUM Edge VM (4 vCPU, 8GB)
// only supports SMALL LB. LARGE Edge VM (8 vCPU, 16GB) only supports MEDIUM
// and SMALL LB. Bare Metal Edge (IvyBridge, 2 socket, 128GB) supports
// LARGE, MEDIUM and SMALL LB
// Choices: SMALL MEDIUM LARGE
ServiceSize string `structs:"service_size,omitempty" yaml:"service_size,omitempty"`
// Option to set load balancer persistence option. If cookie is selected,
// cookie persistence will be offered.If source_ip is selected, source IP
// persistence will be offered for ingress traffic through L7 load balancer
// Choices: <None> cookie source_ip
L7Persistence string `structs:"l7_persistence,omitempty" yaml:"l7_persistence,omitempty"`
// An integer for LoadBalancer side timeout value in seconds on layer 7
// persistence profile, if the profile exists.
L7PersistenceTimeout *int `structs:"l7_persistence_timeout,omitempty" yaml:"l7_persistence_timeout,omitempty"`
// Option to set load balancer persistence option. If source_ip is selected,
// source IP persistence will be offered for ingress traffic through L4 load
// balancer
L4Persistence string `structs:"l4_persistence,omitempty" yaml:"l4_persistence,omitempty"`
// The interval to check VIF for node. It is a workaroud for bug 2006790.
// Old orphan LSP may not be removed on MP, so NCP will retrieve parent VIF
// back once in a while. NCP will use the last created LSP from the list
VIFCheckInterval *int `structs:"vif_check_interval,omitempty" yaml:"vif_check_interval,omitempty"`
// Name or UUID of the container ip blocks that will be used for creating
// subnets. If name, it must be unique. If policy_nsxapi is enabled, it also
// support automatically creating the IP blocks. The definition is a comma
// separated list: CIDR,CIDR,... Mixing different formats (e.g. UUID,CIDR)
// is not supported.
ContainerIPBlocks []string `structs:"container_ip_blocks,omitempty" yaml:"container_ip_blocks,omitempty"`
// Name or UUID of the container ip blocks that will be used for creating
// subnets for no-SNAT projects. If specified, no-SNAT projects will use
// these ip blocks ONLY. Otherwise they will use container_ip_blocks
NoSNATIPBlocks []string `structs:"no_snat_ip_blocks,omitempty" yaml:"no_snat_ip_blocks,omitempty"`
// Name or UUID of the external ip pools that will be used for allocating IP
// addresses which will be used for translating container IPs via SNAT
// rules. If policy_nsxapi is enabled, it also support automatically
// creating the ip pools. The definition is a comma separated list:
// CIDR,IP_1-IP_2,... Mixing different formats (e.g. UUID, CIDR&IP_Range) is
// not supported.
ExternalIPPools []string `structs:"external_ip_pools,omitempty" yaml:"external_ip_pools,omitempty"`
// Name or UUID of the top-tier router for the container cluster network,
// which could be either tier0 or tier1. When policy_nsxapi is enabled,
// single_tier_topology is True and tier0_gateway is defined,
// top_tier_router value can be empty and a tier1 gateway is automatically
// created for the cluster
TopTierRouter string `structs:"top_tier_router,omitempty" yaml:"top_tier_router,omitempty"`
// Name or UUID of the external ip pools that will be used only for
// allocating IP addresses for Ingress controller and LB service
ExternalIPPoolsLB []string `structs:"external_ip_pools_lb,omitempty" yaml:"external_ip_pools_lb,omitempty"`
// Name or UUID of the NSX overlay transport zone that will be used for
// creating logical switches for container networking. It must refer to an
// already existing resource on NSX and every transport node where VMs
// hosting containers are deployed must be enabled on this transport zone
OverlayTZ string `structs:"overlay_tz,omitempty" yaml:"overlay_tz,omitempty"`
// Enable X_forward_for for ingress. Available values are INSERT or REPLACE.
// When this config is set, if x_forwarded_for is missing, LB will add
// x_forwarded_for in the request header with value client ip. When
// x_forwarded_for is present and its set to REPLACE, LB will replace
// x_forwarded_for in the header to client_ip. When x_forwarded_for is
// present and its set to INSERT, LB will append client_ip to
// x_forwarded_for in the header. If not wanting to use x_forwarded_for,
// remove this config
// Choices: <None> INSERT REPLACE
XForwardedFor string `structs:"x_forwarded_for,omitempty" yaml:"x_forwarded_for,omitempty"`
// Name or UUID of the spoof guard switching profile that will be used by
// NCP for leader election
ElectionProfile string `structs:"election_profile,omitempty" yaml:"election_profile,omitempty"`
// Name or UUID of the firewall section that will be used to create firewall
// sections below this mark section
TopFirewallSectionMarker string `structs:"top_firewall_section_marker,omitempty" yaml:"top_firewall_section_marker,omitempty"`
// Name or UUID of the firewall section that will be used to create firewall
// sections above this mark section
BottomFirewallSectionMarker string `structs:"bottom_firewall_section_marker,omitempty" yaml:"bottom_firewall_section_marker,omitempty"`
// Replication mode of container logical switch, set SOURCE for cloud as it
// only supports head replication mode
// Choices: MTEP SOURCE
LSReplicationMode string `structs:"ls_replication_mode,omitempty" yaml:"ls_replication_mode,omitempty"`
// Allocate vlan ID for container interface or not. Set it to False for
// cloud mode.
AllocVlanTag string `structs:"alloc_vlan_tag,omitempty" yaml:"alloc_vlan_tag,omitempty"`
// The resource which NCP will search tag 'node_name' on, to get parent VIF
// or transport node uuid for container LSP API context field. For HOSTVM
// mode, it will search tag on LSP. For BM mode, it will search tag on LSP
// then search TN. For CLOUD mode, it will search tag on VM. For WCP_WORKER
// mode, it will search TN by hostname.
// Choices: tag_on_lsp tag_on_tn tag_on_vm hostname_on_tn
//search_node_tag_on = tag_on_lsp
SearchNodeTagOn string `structs:"search_node_tag_on,omitempty" yaml:"search_node_tag_on,omitempty"`
// Determines which kind of information to be used as VIF app_id. Defaults
// to pod_resource_key. In WCP mode, pod_uid is used.
// Choices: pod_resource_key pod_uid
VifAppIDType string `structs:"vif_app_id_type,omitempty" yaml:"vif_app_id_type,omitempty"`
// SNAT IP to secondary IPs mapping. In the cloud case, SNAT rules are
// created using the PCG public or link local IPs, local IPs which will be
// translated to PCG secondary IPs for on-prem traffic. The secondary IPs
// might be used by admstructs:strator to configure on-prem firewall or other
// physical network services.
SnatSecondaryIps []string `structs:"snat_secondary_ips,omitempty" yaml:"snat_secondary_ips,omitempty"`
// If this value is not empty, NCP will append it to nameserver list
DNSServers []string `structs:"dns_servers,omitempty" yaml:"dns_servers,omitempty"`
// Set this to True to enable NCP to report errors through NSXError CRD.
EnableNsxErrCrd *bool `structs:"enable_nsx_err_crd,omitempty" yaml:"enable_nsx_err_crd,omitempty"`
// Maximum number of virtual servers allowed to create in cluster for
// LoadBalancer type of services.
MaxAllowedVirtualServers *int `structs:"max_allowed_virtual_servers,omitempty" yaml:"max_allowed_virtual_servers,omitempty"`
// Edge cluster ID needed when creating Tier1 router for loadbalancer
// service. Information could be retrieved from Tier0 router
EdgeCluster string `structs:"edge_cluster,omitempty" yaml:"edge_cluster,omitempty"`
}
type OAuth2Proxy ¶
type OPA ¶
type OPA struct {
Disabled bool `yaml:"disabled,omitempty"`
NamespaceWhitelist []string `yaml:"namespaceWhitelist,omitempty"`
KubeMgmtVersion string `yaml:"kubeMgmtVersion,omitempty"`
Version string `yaml:"version,omitempty"`
BundleURL string `yaml:"bundleUrl,omitempty"`
BundlePrefix string `yaml:"bundlePrefix,omitempty"`
BundleServiceName string `yaml:"bundleServiceName,omitempty"`
LogFormat string `yaml:"logFormat,omitempty"`
SetDecisionLogs bool `yaml:"setDecisionLogs,omitempty"`
// Policies is a path to directory containing .rego policy files
Policies string `yaml:"policies,omitempty"`
// Log level for opa server, one of: `debug`,`info`,`error` (default: `error`)
LogLevel string `yaml:"logLevel,omitempty"`
E2E OPAE2E `yaml:"e2e,omitempty"`
}
type Persistence ¶
type Persistence struct {
// Enable persistence for Prometheus
Enabled bool `yaml:"enabled,omitempty"`
// Storage class to use. If not set default one will be used
StorageClass string `yaml:"storageClass,omitempty"`
// Capacity. Required if persistence is enabled
Capacity string `yaml:"capacity,omitempty"`
}
type PlatformConfig ¶
type PlatformConfig struct {
Brand Brand `yaml:"brand,omitempty"`
Version string `yaml:"version"`
Velero *Velero `yaml:"velero,omitempty"`
CA *CA `yaml:"ca"`
Calico Calico `yaml:"calico,omitempty"`
CertManager CertManager `yaml:"certmanager,omitempty"`
// The endpoint for an externally hosted consul cluster
// that is used for master discovery
Consul string `yaml:"consul"`
Dashboard Dashboard `yaml:"dashboard,omitempty"`
Datacenter string `yaml:"datacenter"`
DNS *DynamicDNS `yaml:"dns,omitempty"`
DockerRegistry string `yaml:"dockerRegistry,omitempty"`
// The wildcard domain that cluster will be available at
Domain string `yaml:"domain"`
EventRouter *Enabled `yaml:"eventRouter,omitempty"`
Harbor *Harbor `yaml:"harbor,omitempty"`
// A prefix to be added to VM hostnames.
HostPrefix string `yaml:"hostPrefix"`
ImportConfigs []string `yaml:"importConfigs,omitempty"`
IngressCA *CA `yaml:"ingressCA"`
GitOps []GitOps `yaml:"gitops,omitempty"`
Kubernetes Kubernetes `yaml:"kubernetes"`
Ldap *Ldap `yaml:"ldap,omitempty"`
LocalPath *Enabled `yaml:"localPath,omitempty"`
Master VM `yaml:"master,omitempty"`
Monitoring *Monitoring `yaml:"monitoring,omitempty"`
Name string `yaml:"name"`
NamespaceConfigurator *Enabled `yaml:"namespaceConfigurator,omitempty"`
NFS *NFS `yaml:"nfs,omitempty"`
Nodes map[string]VM `yaml:"workers,omitempty"`
NodeLocalDNS NodeLocalDNS `yaml:"nodeLocalDNS,omitempty"`
NSX *NSX `yaml:"nsx,omitempty"`
OAuth2Proxy *OAuth2Proxy `yaml:"oauth2Proxy,omitempty"`
OPA *OPA `yaml:"opa,omitempty"`
PostgresOperator *PostgresOperator `yaml:"postgresOperator,omitempty"`
PodSubnet string `yaml:"podSubnet"`
Policies []string `yaml:"policies,omitempty"`
// A list of strategic merge patches that will be applied to all resources created
Patches []string `yaml:"patches,omitempty"`
Quack *Enabled `yaml:"quack,omitempty"`
RegistryCredentials *RegistryCredentials `yaml:"registryCredentials,omitempty"`
Resources map[string]string `yaml:"resources,omitempty"`
S3 S3 `yaml:"s3,omitempty"`
SealedSecrets *SealedSecrets `yaml:"sealedSecrets,omitempty"`
ServiceSubnet string `yaml:"serviceSubnet"`
SMTP SMTP `yaml:"smtp,omitempty"`
Specs []string `yaml:"specs,omitempty"`
TrustedCA string `yaml:"trustedCA,omitempty"`
Versions map[string]string `yaml:"versions,omitempty"`
PlatformOperator *Enabled `yaml:"platformOperator,omitempty"`
Nginx *Nginx `yaml:"nginx,omitempty"`
Minio *Enabled `yaml:"minio,omitempty"`
FluentdOperator *FluentdOperator `yaml:"fluentd,omitempty"`
ECK *ECK `yaml:"eck,omitempty"`
Thanos *Thanos `yaml:"thanos,omitempty"`
Filebeat *Filebeat `yaml:"filebeat,omitempty"`
Vault *Vault `yaml:"vault,omitempty"`
ConfigMapReloader ConfigMapReloader `yaml:"configmapReloader,omitempty"`
Elasticsearch *Elasticsearch `yaml:"elasticsearch,omitempty"`
// If true, terminate operations will return an error. Used to
// protect stateful clusters
TerminationProtection bool `yaml:"terminationProtection,omitempty"`
BootstrapToken string `yaml:"-"`
DryRun bool `yaml:"-"`
Trace bool `yaml:"-"`
JoinEndpoint string `yaml:"-"`
Source string `yaml:"-"`
ControlPlaneEndpoint string `yaml:"-"`
// E2E is true if end to end tests are being run
E2E bool `yaml:"-"`
}
func DefaultPlatformConfig ¶
func DefaultPlatformConfig() PlatformConfig
func (PlatformConfig) GetImagePath ¶
func (p PlatformConfig) GetImagePath(image string) string
func (PlatformConfig) GetVMCount ¶
func (p PlatformConfig) GetVMCount() int
func (*PlatformConfig) String ¶
func (p *PlatformConfig) String() string
type PostgresOperator ¶
type PostgresOperator struct {
Disabled bool `yaml:"disabled,omitempty"`
Version string `yaml:"version"`
DBVersion string `yaml:"dbVersion,omitempty"`
BackupBucket string `yaml:"backupBucket,omitempty"`
BackupSchedule string `yaml:"backupSchedule,omitempty"`
SpiloImage string `yaml:"spiloImage,omitempty"`
BackupImage string `yaml:"backupImage,omitempty"`
}
type Prometheus ¶
type Prometheus struct {
Version string `yaml:"version,omitempty"`
Disabled bool `yaml:"disabled,omitempty"`
Persistence Persistence `yaml:"persistence,omitempty"`
}
type RegistryCredentials ¶
type RegistryCredentials struct {
Disabled bool `yaml:"disabled,omitempty"`
Version string `yaml:"version,omitempty"`
Namespace string `yaml:"namespace,omitempty"`
Aws RegistryCredentialsECR `yaml:"aws,omitempty"`
DockerPrivateRegistry RegistryCredentialsDPR `yaml:"dockerRegistry,omitempty"`
GCR RegistryCredentialsGCR `yaml:"gcr,omitempty"`
ACR RegistryCredentialsACR `yaml:"azure,omitempty"`
}
type RegistryCredentialsACR ¶
type RegistryCredentialsDPR ¶
type RegistryCredentialsECR ¶
type RegistryCredentialsECR struct {
Enabled bool `yaml:"enabled,omitempty"`
AccessKey string `yaml:"accessKey,omitempty"`
SecretKey string `yaml:"secretKey,omitempty"`
SessionToken string `yaml:"secretToken,omitempty"`
Account string `yaml:"account,omitempty"`
Region string `yaml:"region,omitempty"`
AssumeRole string `yaml:"assumeRole,omitempty"`
}
type RegistryCredentialsGCR ¶
type S3 ¶
type S3 struct {
AccessKey string `yaml:"access_key,omitempty"`
SecretKey string `yaml:"secret_key,omitempty"`
Bucket string `yaml:"bucket,omitempty"`
Region string `yaml:"region,omitempty"`
// The endpoint at which the S3-like object storage will be available from inside the cluster
// e.g. if minio is deployed inside the cluster, specify: `http://minio.minio.svc:9000`
Endpoint string `yaml:"endpoint,omitempty"`
// The endpoint at which S3 is accessible outside the cluster,
// When deploying locally on kind specify: *minio.127.0.0.1.nip.io*
ExternalEndpoint string `yaml:"externalEndpoint,omitempty"`
// Whether to enable the *s3* storage class that creates persistent volumes FUSE mounted to
// S3 buckets
CSIVolumes bool `yaml:"csiVolumes,omitempty"`
// Provide a KMS Master Key
KMSMasterKey string `yaml:"kmsMasterKey,omitempty"`
// UsePathStyle http://s3host/bucket instead of http://bucket.s3host
UsePathStyle bool `yaml:"usePathStyle"`
// Skip TLS verify when connecting to S3
SkipTLSVerify bool `yaml:"skipTLSVerify"`
E2E S3E2E `yaml:"e2e,omitempty"`
}
func (S3) GetExternalEndpoint ¶
type SealedSecrets ¶
type SealedSecrets struct {
Enabled
Version string `yaml:"version,omitempty"`
Certificate *certs.Certificate `yaml:"certificate,omitempty"`
}
type Thanos ¶
type Thanos struct {
Disabled bool `yaml:"disabled"`
Version string `yaml:"version"`
// Must be either `client` or `obeservability`.
Mode string `yaml:"mode,omitempty"`
// Bucket to store metrics. Must be the same across all environments
Bucket string `yaml:"bucket,omitempty"`
// Only for observability mode. List of client sidecars in `<hostname>:<port>“ format
ClientSidecars []string `yaml:"clientSidecars,omitempty"`
// Only for observability mode. Disable compactor singleton if there are multiple observability clusters
EnableCompactor bool `yaml:"enableCompactor,omitempty"`
E2E ThanosE2E `yaml:"e2e,omitempty"`
}
type VM ¶
type VM struct {
Name string `yaml:"name,omitempty"`
Prefix string `yaml:"prefix,omitempty"`
// Number of VM's to provision
Count int `yaml:"count"`
Template string `yaml:"template"`
Cluster string `yaml:"cluster,omitempty"`
Folder string `yaml:"folder,omitempty"`
Datastore string `yaml:"datastore,omitempty"`
ResourcePool string `yaml:"resourcePool,omitempty"`
CPUs int32 `yaml:"cpu"`
MemoryGB int64 `yaml:"memory"`
Network []string `yaml:"networks,omitempty"`
// Size in GB of the VM root volume
DiskGB int `yaml:"disk"`
// Tags to be applied to the VM
Tags map[string]string `yaml:"tags,omitempty"`
Commands []string `yaml:"commands,omitempty"`
// A path to a konfigadm specification used for configuring the VM on creation.
KonfigadmFile string `yaml:"konfigadm,omitempty"`
IP string `yaml:"-"`
}
VM captures the specifications of a virtual machine
type Vault ¶
type Vault struct {
Version string `yaml:"version"`
// A VAULT_TOKEN to use when authenticating with Vault
Token string `yaml:"token,omitempty"`
// A map of PKI secret roles to create/update See [pki](https://www.vaultproject.io/api-docs/secret/pki/#createupdate-role)
Roles map[string]map[string]interface{} `yaml:"roles,omitempty"`
Policies map[string]VaultPolicy `yaml:"policies,omitempty"`
GroupMappings map[string][]string `yaml:"groupMappings,omitempty"`
// ExtraConfig is an escape hatch that allows writing to arbritrary vault paths
ExtraConfig map[string]map[string]interface{} `yaml:"config,omitempty"`
Disabled bool `yaml:"disabled,omitempty"`
AccessKey string `yaml:"accessKey,omitempty"`
SecretKey string `yaml:"secretKey,omitempty"`
// The AWS KMS ARN Id to use to unseal vault
KmsKeyID string `yaml:"kmsKeyId,omitempty"`
Region string `yaml:"region,omitempty"`
Consul Consul `yaml:"consul,omitempty"`
}
type VaultClient ¶
type VaultClient struct {
// The address of a remote Vault server to use for signinig
Address string `yaml:"address"`
// The path to the PKI Role to use for signing ingress certificates e.g. /pki/role/ingress-ca
Path string `yaml:"path"`
// A VAULT_TOKEN to use when authenticating with Vault
Token string `yaml:"token"`
}
type VaultPolicy ¶
type VaultPolicy map[string]VaultPolicyPath
func (VaultPolicy) String ¶
func (vaultPolicy VaultPolicy) String() string
type VaultPolicyPath ¶
Source Files
Click to show internal directories.
Click to hide internal directories.