Skip to content

Commit 55c3ab1

Browse files
maelvlsmaelvls
committed
venconn: add support for VenafiConnection CRD with --venafi-connection=name
I've also added the flag --venafi-connection-namespace as well as the flag --install-namespace that is only needed when running the agent out-of-cluster (this is only useful for testing purposes).
1 parent 67efc9c commit 55c3ab1

File tree

6 files changed

+427
-5
lines changed

6 files changed

+427
-5
lines changed

cmd/agent.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,24 @@ func init() {
138138
os.Getenv("API_TOKEN"),
139139
"Token used for authentication when API tokens are in use on the backend",
140140
)
141+
agentCmd.PersistentFlags().StringVar(
142+
&agent.VenConnName,
143+
"venafi-connection",
144+
"",
145+
"Name of the VenafiConnection to be used. Using this flag will enable the VenafiConnection mode.",
146+
)
147+
agentCmd.PersistentFlags().StringVar(
148+
&agent.VenConnNS,
149+
"venafi-connection-namespace",
150+
"",
151+
"Namespace of the VenafiConnection to be used. It is only useful when the VenafiConnection isn't in the same namespace as the agent. The field `allowReferencesFrom` must be present on the cross-namespace VenafiConnection for the agent to use it.",
152+
)
153+
agentCmd.PersistentFlags().StringVar(
154+
&agent.InstallNS,
155+
"install-namespace",
156+
"",
157+
"Namespace in which the agent is running. Only needed when running the agent outside of Kubernetes.",
158+
)
141159
agentCmd.PersistentFlags().BoolVarP(
142160
&agent.Profiling,
143161
"enable-pprof",

deploy/charts/venafi-kubernetes-agent/templates/rbac.yaml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,32 @@
11
---
22
apiVersion: rbac.authorization.k8s.io/v1
3+
kind: ClusterRole
4+
metadata:
5+
name: {{ include "venafi-kubernetes-agent.fullname" . }}-venaficonnection
6+
labels:
7+
{{- include "venafi-kubernetes-agent.labels" . | nindent 4 }}
8+
rules:
9+
- apiGroups: ["jetstack.io"]
10+
resources:
11+
- venaficonnections
12+
verbs: ["get", "list", "watch", "update"]
13+
---
14+
apiVersion: rbac.authorization.k8s.io/v1
15+
kind: ClusterRoleBinding
16+
metadata:
17+
name: {{ include "venafi-kubernetes-agent.fullname" . }}-venaficonnection
18+
labels:
19+
{{- include "venafi-kubernetes-agent.labels" . | nindent 4 }}
20+
roleRef:
21+
kind: ClusterRole
22+
name: {{ include "venafi-kubernetes-agent.fullname" . }}-venaficonnection
23+
apiGroup: rbac.authorization.k8s.io
24+
subjects:
25+
- kind: ServiceAccount
26+
name: {{ include "venafi-kubernetes-agent.serviceAccountName" . }}
27+
namespace: {{ .Release.Namespace }}
28+
---
29+
apiVersion: rbac.authorization.k8s.io/v1
330
kind: ClusterRoleBinding
431
metadata:
532
name: {{ include "venafi-kubernetes-agent.fullname" . }}-cluster-viewer

go.mod

Lines changed: 26 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
module github.com/jetstack/preflight
22

3-
go 1.22.0
4-
5-
toolchain go1.22.3
3+
go 1.22
64

75
require (
86
github.com/Jeffail/gabs/v2 v2.7.0
@@ -26,16 +24,40 @@ require (
2624
k8s.io/api v0.30.0
2725
k8s.io/apimachinery v0.30.0
2826
k8s.io/client-go v0.30.0
27+
sigs.k8s.io/controller-runtime v0.18.2
2928
sigs.k8s.io/yaml v1.4.0
3029
)
3130

3231
require (
32+
github.com/Venafi/vcert/v5 v5.6.5-0.20240430163638-86272e17ec45 // indirect
33+
github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
34+
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
3335
github.com/aymerick/douceur v0.2.0 // indirect
36+
github.com/blang/semver/v4 v4.0.0 // indirect
37+
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
38+
github.com/fsnotify/fsnotify v1.7.0 // indirect
39+
github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a // indirect
40+
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
41+
github.com/google/cel-go v0.17.8 // indirect
3442
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
3543
github.com/gorilla/css v1.0.0 // indirect
36-
github.com/jetstack/venafi-connection-lib v0.1.0 // indirect
3744
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
45+
github.com/sosodev/duration v1.2.0 // indirect
46+
github.com/stoewer/go-strcase v1.3.0 // indirect
47+
github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
48+
go.uber.org/multierr v1.11.0 // indirect
49+
go.uber.org/zap v1.26.0 // indirect
50+
golang.org/x/crypto v0.22.0 // indirect
51+
golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
3852
golang.org/x/net v0.24.0 // indirect
53+
golang.org/x/sync v0.7.0 // indirect
54+
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
55+
google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
56+
google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect
57+
gopkg.in/ini.v1 v1.67.0 // indirect
58+
k8s.io/apiextensions-apiserver v0.30.0 // indirect
59+
k8s.io/apiserver v0.30.0 // indirect
60+
k8s.io/component-base v0.30.0 // indirect
3961
)
4062

4163
require (

0 commit comments

Comments
 (0)