apiserverk8s.io/apiserver/pkg/server/options/encryptionconfig Index | Files | Directories

package encryptionconfig

import "k8s.io/apiserver/pkg/server/options/encryptionconfig"

Index

Variables 

var (

	// The factory to create kmsv2 service.  Exported for integration tests.
	EnvelopeKMSv2ServiceFactory = envelopekmsv2.NewGRPCService
)

Types

type DynamicTransformers 

type DynamicTransformers struct {
	// contains filtered or unexported fields
}

DynamicTransformers holds transformers that may be dynamically updated via a single external actor, likely a controller. This struct must avoid locks (even read write locks) as it is inline to all calls to storage.

func NewDynamicTransformers 

func NewDynamicTransformers(
	transformerOverrides map[schema.GroupResource]value.Transformer,
	kmsPluginHealthzCheck healthz.HealthChecker,
	closeTransformers context.CancelFunc,
	kmsCloseGracePeriod time.Duration,
) *DynamicTransformers

NewDynamicTransformers returns transformers, health checks for kms providers and an ability to close transformers.

func (*DynamicTransformers) Check 

func (d *DynamicTransformers) Check(req *http.Request) error

Check implements healthz.HealthChecker

func (*DynamicTransformers) Name 

func (d *DynamicTransformers) Name() string

Name implements healthz.HealthChecker

func (*DynamicTransformers) Set 

func (d *DynamicTransformers) Set(
	transformerOverrides map[schema.GroupResource]value.Transformer,
	closeTransformers context.CancelFunc,
	kmsPluginHealthzCheck healthz.HealthChecker,
	kmsCloseGracePeriod time.Duration,
)

Set sets the transformer overrides. This method is not go routine safe and must only be called by the same, single caller throughout the lifetime of this object.

func (*DynamicTransformers) TransformerForResource 

func (d *DynamicTransformers) TransformerForResource(resource schema.GroupResource) value.Transformer

TransformerForResource returns the transformer for the given resource.

type EncryptionConfiguration 

type EncryptionConfiguration struct {
	// Transformers is a list of value.Transformer that will be used to encrypt and decrypt data.
	Transformers map[schema.GroupResource]value.Transformer

	// HealthChecks is a list of healthz.HealthChecker that will be used to check the health of the encryption providers.
	HealthChecks []healthz.HealthChecker

	// EncryptionFileContentHash is the hash of the encryption config file.
	EncryptionFileContentHash string

	// KMSCloseGracePeriod is the duration we will wait before closing old transformers.
	// We wait for any in-flight requests to finish by using the duration which is longer than their timeout.
	KMSCloseGracePeriod time.Duration
}

EncryptionConfiguration represents the parsed and normalized encryption configuration for the apiserver.

func LoadEncryptionConfig 

func LoadEncryptionConfig(ctx context.Context, filepath string, reload bool) (*EncryptionConfiguration, error)

LoadEncryptionConfig parses and validates the encryption config specified by filepath. It may launch multiple go routines whose lifecycle is controlled by ctx. In case of an error, the caller is responsible for canceling ctx to clean up any go routines that may have been launched. If reload is true, or KMS v2 plugins are used with no KMS v1 plugins, the returned slice of health checkers will always be of length 1.

type ResourceTransformers 

type ResourceTransformers interface {
	TransformerForResource(resource schema.GroupResource) value.Transformer
}

type StaticTransformers 

type StaticTransformers map[schema.GroupResource]value.Transformer

func (StaticTransformers) TransformerForResource 

func (s StaticTransformers) TransformerForResource(resource schema.GroupResource) value.Transformer

Source Files

config.go

Directories

PathSynopsis
pkg/server/options/encryptionconfig/controller
Version
v0.27.2
Published
May 18, 2023
Platform
js/wasm
Imports
35 packages
Last checked
4 seconds ago

Tools for package owners.