apiserverk8s.io/apiserver/pkg/server/options/encryptionconfig Index | Files | Directories

package encryptionconfig

import "k8s.io/apiserver/pkg/server/options/encryptionconfig"

Index

Variables

var (

	// The factory to create kmsv2 service.  Exported for integration tests.
	EnvelopeKMSv2ServiceFactory = envelopekmsv2.NewGRPCService
)

Types

type DynamicTransformers

type DynamicTransformers struct {
	// contains filtered or unexported fields
}

DynamicTransformers holds transformers that may be dynamically updated via a single external actor, likely a controller. This struct must avoid locks (even read write locks) as it is inline to all calls to storage.

func NewDynamicTransformers

func NewDynamicTransformers(
	transformerOverrides map[schema.GroupResource]value.Transformer,
	kmsPluginHealthzCheck healthz.HealthChecker,
	closeTransformers context.CancelFunc,
	kmsCloseGracePeriod time.Duration,
) *DynamicTransformers

NewDynamicTransformers returns transformers, health checks for kms providers and an ability to close transformers.

func (*DynamicTransformers) Check

func (d *DynamicTransformers) Check(req *http.Request) error

Check implements healthz.HealthChecker

func (*DynamicTransformers) Name

func (d *DynamicTransformers) Name() string

Name implements healthz.HealthChecker

func (*DynamicTransformers) Set

func (d *DynamicTransformers) Set(
	transformerOverrides map[schema.GroupResource]value.Transformer,
	closeTransformers context.CancelFunc,
	kmsPluginHealthzCheck healthz.HealthChecker,
	kmsCloseGracePeriod time.Duration,
)

Set sets the transformer overrides. This method is not go routine safe and must only be called by the same, single caller throughout the lifetime of this object.

func (*DynamicTransformers) TransformerForResource

func (d *DynamicTransformers) TransformerForResource(resource schema.GroupResource) value.Transformer

TransformerForResource returns the transformer for the given resource.

type EncryptionConfiguration

type EncryptionConfiguration struct {
	// Transformers is a list of value.Transformer that will be used to encrypt and decrypt data.
	Transformers map[schema.GroupResource]value.Transformer

	// HealthChecks is a list of healthz.HealthChecker that will be used to check the health of the encryption providers.
	HealthChecks []healthz.HealthChecker

	// EncryptionFileContentHash is the hash of the encryption config file.
	EncryptionFileContentHash string

	// KMSCloseGracePeriod is the duration we will wait before closing old transformers.
	// We wait for any in-flight requests to finish by using the duration which is longer than their timeout.
	KMSCloseGracePeriod time.Duration
}

EncryptionConfiguration represents the parsed and normalized encryption configuration for the apiserver.

func LoadEncryptionConfig

func LoadEncryptionConfig(filepath string, reload bool, stopCh <-chan struct{}) (*EncryptionConfiguration, error)

LoadEncryptionConfig parses and validates the encryption config specified by filepath. It may launch multiple go routines whose lifecycle is controlled by stopCh. If reload is true, or KMS v2 plugins are used with no KMS v1 plugins, the returned slice of health checkers will always be of length 1.

type ResourceTransformers

type ResourceTransformers interface {
	TransformerForResource(resource schema.GroupResource) value.Transformer
}

type StaticTransformers

type StaticTransformers map[schema.GroupResource]value.Transformer

func (StaticTransformers) TransformerForResource

func (s StaticTransformers) TransformerForResource(resource schema.GroupResource) value.Transformer

StaticTransformers

Source Files

config.go

Directories

PathSynopsis
pkg/server/options/encryptionconfig/controller
Version
v0.26.8
Published
Aug 24, 2023
Platform
linux/amd64
Imports
31 packages
Last checked
2 minutes ago

Tools for package owners.