Documentation ¶
Index ¶
- Constants
- func IsNamespacedIdentity(azureID *AzureIdentity) bool
- type AssignedIDState
- type AzureAssignedIdentity
- type AzureAssignedIdentityList
- type AzureAssignedIdentitySpec
- type AzureAssignedIdentityStatus
- type AzureIdentity
- type AzureIdentityBinding
- type AzureIdentityBindingList
- type AzureIdentityBindingSpec
- type AzureIdentityBindingStatus
- type AzureIdentityList
- type AzureIdentitySpec
- type AzureIdentityStatus
- type AzurePodIdentityException
- type AzurePodIdentityExceptionList
- type AzurePodIdentityExceptionSpec
- type AzurePodIdentityExceptionStatus
- type EventType
- type IdentityType
Constants ¶
const ( // CRDGroup is the group name of aad-pod-identity CRDs. CRDGroup = "aadpodidentity.k8s.io" // CRDVersion is the version of the CRD group. CRDVersion = "v1" // CRDLabelKey is the static label that is used in pods. CRDLabelKey = "aadpodidbinding" // BehaviorKey is the key that describes the behavior of aad-pod-identity. // Supported values: // namespaced - used for running in namespaced mode. AzureIdentity, // AzureIdentityBinding and pod in the same namespace // will only be matched for this behavior. BehaviorKey = "aadpodidentity.k8s.io/Behavior" // BehaviorNamespaced indicates that aad-pod-identity is behaving in namespaced mode. BehaviorNamespaced = "namespaced" // AssignedIDCreated indicates that an AzureAssignedIdentity is created. AssignedIDCreated = "Created" // AssignedIDAssigned indicates that an identity has been assigned to the node. AssignedIDAssigned = "Assigned" // AssignedIDUnAssigned indicates that an identity has been unassigned from the node. AssignedIDUnAssigned = "Unassigned" )
const ( // AzureIDResource is the name of AzureIdentity. AzureIDResource = "azureidentities" // AzureIDBindingResource is the name of AzureIdentityBinding. AzureIDBindingResource = "azureidentitybindings" // AzureAssignedIDResource is the name of AzureAssignedIdentity. AzureAssignedIDResource = "azureassignedidentities" // AzurePodIdentityExceptionResource is the name of AzureIdentityException. AzurePodIdentityExceptionResource = "azurepodidentityexceptions" )
Variables ¶
This section is empty.
Functions ¶
func IsNamespacedIdentity ¶
func IsNamespacedIdentity(azureID *AzureIdentity) bool
IsNamespacedIdentity returns true if azureID is a namespaced identity.
Types ¶
type AssignedIDState ¶
type AssignedIDState int
AssignedIDState represents the state of an AzureAssignedIdentity
const ( // Created - Default state of the assigned identity Created AssignedIDState = 0 // Assigned - When the underlying platform assignment of // managed identity is complete, the state moves to assigned Assigned AssignedIDState = 1 )
type AzureAssignedIdentity ¶
type AzureAssignedIdentity struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AzureAssignedIdentitySpec `json:"spec"` Status AzureAssignedIdentityStatus `json:"Status"` }
AzureAssignedIdentity contains the identity <-> pod mapping which is matched. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzureAssignedIdentity) DeepCopy ¶
func (in *AzureAssignedIdentity) DeepCopy() *AzureAssignedIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAssignedIdentity.
func (*AzureAssignedIdentity) DeepCopyInto ¶
func (in *AzureAssignedIdentity) DeepCopyInto(out *AzureAssignedIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureAssignedIdentity) DeepCopyObject ¶
func (in *AzureAssignedIdentity) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureAssignedIdentityList ¶
type AzureAssignedIdentityList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []AzureAssignedIdentity `json:"items"` }
AzureAssignedIdentityList contains a list of AzureAssignedIdentities. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzureAssignedIdentityList) DeepCopy ¶
func (in *AzureAssignedIdentityList) DeepCopy() *AzureAssignedIdentityList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAssignedIdentityList.
func (*AzureAssignedIdentityList) DeepCopyInto ¶
func (in *AzureAssignedIdentityList) DeepCopyInto(out *AzureAssignedIdentityList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureAssignedIdentityList) DeepCopyObject ¶
func (in *AzureAssignedIdentityList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureAssignedIdentitySpec ¶
type AzureAssignedIdentitySpec struct { metav1.ObjectMeta `json:"metadata,omitempty"` AzureIdentityRef *AzureIdentity `json:"azureidentityref"` AzureBindingRef *AzureIdentityBinding `json:"azurebindingref"` Pod string `json:"pod"` PodNamespace string `json:"podnamespace"` NodeName string `json:"nodename"` Replicas *int32 `json:"replicas"` }
AzureAssignedIdentitySpec contains the relationship between an AzureIdentity and an AzureIdentityBinding.
func (*AzureAssignedIdentitySpec) DeepCopy ¶
func (in *AzureAssignedIdentitySpec) DeepCopy() *AzureAssignedIdentitySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAssignedIdentitySpec.
func (*AzureAssignedIdentitySpec) DeepCopyInto ¶
func (in *AzureAssignedIdentitySpec) DeepCopyInto(out *AzureAssignedIdentitySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAssignedIdentityStatus ¶
type AzureAssignedIdentityStatus struct { metav1.ObjectMeta `json:"metadata,omitempty"` Status string `json:"status"` AvailableReplicas int32 `json:"availableReplicas"` }
AzureAssignedIdentityStatus contains the replica status of the resource.
func (*AzureAssignedIdentityStatus) DeepCopy ¶
func (in *AzureAssignedIdentityStatus) DeepCopy() *AzureAssignedIdentityStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAssignedIdentityStatus.
func (*AzureAssignedIdentityStatus) DeepCopyInto ¶
func (in *AzureAssignedIdentityStatus) DeepCopyInto(out *AzureAssignedIdentityStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureIdentity ¶
type AzureIdentity struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AzureIdentitySpec `json:"spec"` Status AzureIdentityStatus `json:"status"` }
AzureIdentity is the specification of the identity data structure. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzureIdentity) DeepCopy ¶
func (in *AzureIdentity) DeepCopy() *AzureIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentity.
func (*AzureIdentity) DeepCopyInto ¶
func (in *AzureIdentity) DeepCopyInto(out *AzureIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureIdentity) DeepCopyObject ¶
func (in *AzureIdentity) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureIdentityBinding ¶
type AzureIdentityBinding struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AzureIdentityBindingSpec `json:"spec"` Status AzureIdentityBindingStatus `json:"status"` }
AzureIdentityBinding brings together the spec of matching pods and the identity which they can use. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzureIdentityBinding) DeepCopy ¶
func (in *AzureIdentityBinding) DeepCopy() *AzureIdentityBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentityBinding.
func (*AzureIdentityBinding) DeepCopyInto ¶
func (in *AzureIdentityBinding) DeepCopyInto(out *AzureIdentityBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureIdentityBinding) DeepCopyObject ¶
func (in *AzureIdentityBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureIdentityBindingList ¶
type AzureIdentityBindingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []AzureIdentityBinding `json:"items"` }
AzureIdentityBindingList contains a list of AzureIdentityBindings. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzureIdentityBindingList) DeepCopy ¶
func (in *AzureIdentityBindingList) DeepCopy() *AzureIdentityBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentityBindingList.
func (*AzureIdentityBindingList) DeepCopyInto ¶
func (in *AzureIdentityBindingList) DeepCopyInto(out *AzureIdentityBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureIdentityBindingList) DeepCopyObject ¶
func (in *AzureIdentityBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureIdentityBindingSpec ¶
type AzureIdentityBindingSpec struct { metav1.ObjectMeta `json:"metadata,omitempty"` AzureIdentity string `json:"azureidentity"` Selector string `json:"selector"` // Weight is used to figure out which of the matching identities would be selected. Weight int `json:"weight"` }
AzureIdentityBindingSpec matches the pod with the Identity. Used to indicate the potential matches to look for between the pod/deployment and the identities present.
func (*AzureIdentityBindingSpec) DeepCopy ¶
func (in *AzureIdentityBindingSpec) DeepCopy() *AzureIdentityBindingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentityBindingSpec.
func (*AzureIdentityBindingSpec) DeepCopyInto ¶
func (in *AzureIdentityBindingSpec) DeepCopyInto(out *AzureIdentityBindingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureIdentityBindingStatus ¶
type AzureIdentityBindingStatus struct { metav1.ObjectMeta `json:"metadata,omitempty"` AvailableReplicas int32 `json:"availableReplicas"` }
AzureIdentityBindingStatus contains the status of an AzureIdentityBinding.
func (*AzureIdentityBindingStatus) DeepCopy ¶
func (in *AzureIdentityBindingStatus) DeepCopy() *AzureIdentityBindingStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentityBindingStatus.
func (*AzureIdentityBindingStatus) DeepCopyInto ¶
func (in *AzureIdentityBindingStatus) DeepCopyInto(out *AzureIdentityBindingStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureIdentityList ¶
type AzureIdentityList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []AzureIdentity `json:"items"` }
AzureIdentityList contains a list of AzureIdentities. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzureIdentityList) DeepCopy ¶
func (in *AzureIdentityList) DeepCopy() *AzureIdentityList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentityList.
func (*AzureIdentityList) DeepCopyInto ¶
func (in *AzureIdentityList) DeepCopyInto(out *AzureIdentityList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureIdentityList) DeepCopyObject ¶
func (in *AzureIdentityList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureIdentitySpec ¶
type AzureIdentitySpec struct { metav1.ObjectMeta `json:"metadata,omitempty"` // UserAssignedMSI or Service Principal Type IdentityType `json:"type"` // User assigned MSI resource id. ResourceID string `json:"resourceid"` // Both User Assigned MSI and SP can use this field. ClientID string `json:"clientid"` // Used for service principal ClientPassword api.SecretReference `json:"clientpassword"` // Service principal primary tenant id. TenantID string `json:"tenantid"` // Service principal auxiliary tenant ids AuxiliaryTenantIDs []string `json:"auxiliarytenantids"` // For service principal. Option param for specifying the AD details. ADResourceID string `json:"adresourceid"` ADEndpoint string `json:"adendpoint"` Replicas *int32 `json:"replicas"` }
AzureIdentitySpec describes the credential specifications of an identity on Azure.
func (*AzureIdentitySpec) DeepCopy ¶
func (in *AzureIdentitySpec) DeepCopy() *AzureIdentitySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentitySpec.
func (*AzureIdentitySpec) DeepCopyInto ¶
func (in *AzureIdentitySpec) DeepCopyInto(out *AzureIdentitySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureIdentityStatus ¶
type AzureIdentityStatus struct { metav1.ObjectMeta `json:"metadata,omitempty"` AvailableReplicas int32 `json:"availableReplicas"` }
AzureIdentityStatus contains the replica status of the resource.
func (*AzureIdentityStatus) DeepCopy ¶
func (in *AzureIdentityStatus) DeepCopy() *AzureIdentityStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureIdentityStatus.
func (*AzureIdentityStatus) DeepCopyInto ¶
func (in *AzureIdentityStatus) DeepCopyInto(out *AzureIdentityStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzurePodIdentityException ¶
type AzurePodIdentityException struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AzurePodIdentityExceptionSpec `json:"spec"` Status AzurePodIdentityExceptionStatus `json:"Status"` }
AzurePodIdentityException contains the pod selectors for all pods that don't require NMI to process and request token on their behalf. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzurePodIdentityException) DeepCopy ¶
func (in *AzurePodIdentityException) DeepCopy() *AzurePodIdentityException
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePodIdentityException.
func (*AzurePodIdentityException) DeepCopyInto ¶
func (in *AzurePodIdentityException) DeepCopyInto(out *AzurePodIdentityException)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzurePodIdentityException) DeepCopyObject ¶
func (in *AzurePodIdentityException) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzurePodIdentityExceptionList ¶
type AzurePodIdentityExceptionList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []AzurePodIdentityException `json:"items"` }
AzurePodIdentityExceptionList contains a list of AzurePodIdentityExceptions. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*AzurePodIdentityExceptionList) DeepCopy ¶
func (in *AzurePodIdentityExceptionList) DeepCopy() *AzurePodIdentityExceptionList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePodIdentityExceptionList.
func (*AzurePodIdentityExceptionList) DeepCopyInto ¶
func (in *AzurePodIdentityExceptionList) DeepCopyInto(out *AzurePodIdentityExceptionList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzurePodIdentityExceptionList) DeepCopyObject ¶
func (in *AzurePodIdentityExceptionList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzurePodIdentityExceptionSpec ¶
type AzurePodIdentityExceptionSpec struct { metav1.ObjectMeta `json:"metadata,omitempty"` PodLabels map[string]string `json:"podLabels"` }
AzurePodIdentityExceptionSpec matches pods with the selector defined. If request originates from a pod that matches the selector, nmi will proxy the request and send response back without any validation.
func (*AzurePodIdentityExceptionSpec) DeepCopy ¶
func (in *AzurePodIdentityExceptionSpec) DeepCopy() *AzurePodIdentityExceptionSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePodIdentityExceptionSpec.
func (*AzurePodIdentityExceptionSpec) DeepCopyInto ¶
func (in *AzurePodIdentityExceptionSpec) DeepCopyInto(out *AzurePodIdentityExceptionSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzurePodIdentityExceptionStatus ¶
type AzurePodIdentityExceptionStatus struct { metav1.ObjectMeta `json:"metadata,omitempty"` Status string `json:"status"` }
AzurePodIdentityExceptionStatus contains the status of an AzurePodIdentityException.
func (*AzurePodIdentityExceptionStatus) DeepCopy ¶
func (in *AzurePodIdentityExceptionStatus) DeepCopy() *AzurePodIdentityExceptionStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePodIdentityExceptionStatus.
func (*AzurePodIdentityExceptionStatus) DeepCopyInto ¶
func (in *AzurePodIdentityExceptionStatus) DeepCopyInto(out *AzurePodIdentityExceptionStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EventType ¶
type EventType int
EventType is a type that represents critical events that are sent to MIC.
const ( // PodCreated is an event that is sent to the event channel when a pod is created. PodCreated EventType = 0 // PodDeleted is an event that is sent to the event channel when a pod is deleted. PodDeleted EventType = 1 // PodUpdated is an event that is sent to the event channel when a pod is updated. PodUpdated EventType = 2 // IdentityCreated is an event that is sent to the event channel when an AzureIdentity is created. IdentityCreated EventType = 3 // IdentityDeleted is an event that is sent to the event channel when an AzureIdentity is deleted. IdentityDeleted EventType = 4 // IdentityUpdated is an event that is sent to the event channel when an AzureIdentity is updated. IdentityUpdated EventType = 5 // BindingCreated is an event that is sent to the event channel when an AzureIdentityBinding is created. BindingCreated EventType = 6 // BindingDeleted is an event that is sent to the event channel when an AzureIdentityBinding is deleted. BindingDeleted EventType = 7 // BindingUpdated is an event that is sent to the event channel when an AzureIdentityBinding is updated. BindingUpdated EventType = 8 // Exit is an event that is sent to the event channel when the program exits. Exit EventType = 9 )
type IdentityType ¶
type IdentityType int
IdentityType represents different types of identities. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
const ( // UserAssignedMSI represents a user-assigned identity. UserAssignedMSI IdentityType = 0 // ServicePrincipal represents a service principal. ServicePrincipal IdentityType = 1 // ServicePrincipalCertificate represents a service principal certificate. ServicePrincipalCertificate IdentityType = 2 )