v2

package
v3.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2025 License: AGPL-3.0 Imports: 18 Imported by: 3

Documentation

Overview

Package v2 contains API Schema definitions for the k8s v2 API group +kubebuilder:object:generate=true +groupName=k8s.cloudogu.com

Index

Constants

View Source 
const (
	// RequeueTimeMultiplerForEachRequeue defines the factor to multiple the requeue time of a failed dogu crd operation
	RequeueTimeMultiplerForEachRequeue = 2
	// RequeueTimeInitialRequeueTime defines the initial value of the requeue time
	RequeueTimeInitialRequeueTime = time.Second * 5
	// RequeueTimeMaxRequeueTime defines the maximum amount of time to wait for a requeue of a dogu resource
	RequeueTimeMaxRequeueTime = time.Hour * 6
	// DefaultVolumeSize is the default size of a new dogu volume if no volume size is specified in the dogu resource.
	DefaultVolumeSize = "2Gi"
)
View Source 
const (
	// DoguLabelName is used to select a dogu pod by name.
	DoguLabelName = "dogu.name"
	// DoguLabelVersion is used to select a dogu pod by version.
	DoguLabelVersion = "dogu.version"
)
View Source 
const (
	DoguStatusNotInstalled = ""
	DoguStatusInstalling   = "installing"
	DoguStatusUpgrading    = "upgrading"
	DoguStatusDeleting     = "deleting"
	DoguStatusInstalled    = "installed"
	DoguStatusPVCResizing  = "resizing PVC"
	DoguStatusStarting     = "starting"
	DoguStatusStopping     = "stopping"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "k8s.cloudogu.com", Version: "v2"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func GetPodForLabels 

func GetPodForLabels(ctx context.Context, cli client.Client, doguLabels CesMatchingLabels) (*v1.Pod, error)

GetPodForLabels returns a pod for the given dogu labels. An error is returned if either no pod or more than one pod is found.

Types

type AppArmorProfile added in v3.2.0 

type AppArmorProfile struct {
	// Type indicates which kind of AppArmor profile will be applied.
	// Valid options are:
	//   Localhost - a profile pre-loaded on the node.
	//   RuntimeDefault - the container runtime's default profile.
	//   Unconfined - no AppArmor enforcement.
	// +unionDiscriminator
	Type AppArmorProfileType `json:"type"`

	// LocalhostProfile indicates a profile loaded on the node that should be used.
	// The profile must be preconfigured on the node to work.
	// Must match the loaded name of the profile.
	// Must be set if and only if type is "Localhost".
	// +optional
	LocalhostProfile *string `json:"localhostProfile,omitempty"`
}

AppArmorProfile defines a pod or container's AppArmor settings. +union

func (*AppArmorProfile) DeepCopy added in v3.2.0 

func (in *AppArmorProfile) DeepCopy() *AppArmorProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppArmorProfile.

func (*AppArmorProfile) DeepCopyInto added in v3.2.0 

func (in *AppArmorProfile) DeepCopyInto(out *AppArmorProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AppArmorProfileType added in v3.2.0 

type AppArmorProfileType string

AppArmorProfileType references which type of AppArmor profile should be used. +enum 

const (
	// AppArmorProfileTypeUnconfined indicates that no AppArmor profile should be enforced.
	AppArmorProfileTypeUnconfined AppArmorProfileType = "Unconfined"
	// AppArmorProfileTypeRuntimeDefault indicates that the container runtime's default AppArmor
	// profile should be used.
	AppArmorProfileTypeRuntimeDefault AppArmorProfileType = "RuntimeDefault"
	// AppArmorProfileTypeLocalhost indicates that a profile pre-loaded on the node should be used.
	AppArmorProfileTypeLocalhost AppArmorProfileType = "Localhost"
)

type Capabilities added in v3.2.0 

type Capabilities struct {
	// Add contains the capabilities that should be allowed to be used in a container. This list is optional.
	// +optional
	// +listType=atomic
	Add []core.Capability `json:"add,omitempty"`
	// Drop contains the capabilities that should be blocked from being used in a container. This list is optional.
	// +optional
	// +listType=atomic
	Drop []core.Capability `json:"drop,omitempty"`
}

Capabilities represent POSIX capabilities that can be added to or removed from a dogu.

The fields Add and Drop will modify the capabilities as provided by the dogu descriptor. Add will append further capabilities while Drop will remove capabilities. The capability All can be used to add or remove all available capabilities.

If the dogu descriptor only allows Fowner and Chown, this example will result in the following capability list: Fowner, Syslog 

"Capabilities": {
   "Drop": "Chown"
   "Add": "Syslog"
}

This example will always result in the following capability list: NetBindService 

"Capabilities": {
   "Drop": ["All"],
   "Add": ["NetBindService", "Kill"]
}

func (*Capabilities) DeepCopy added in v3.2.0 

func (in *Capabilities) DeepCopy() *Capabilities

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Capabilities.

func (*Capabilities) DeepCopyInto added in v3.2.0 

func (in *Capabilities) DeepCopyInto(out *Capabilities)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CesMatchingLabels 

type CesMatchingLabels client.MatchingLabels

CesMatchingLabels provides a convenient way to handle multiple labels for resource selection.

func (CesMatchingLabels) Add 

func (cml CesMatchingLabels) Add(moreLabels CesMatchingLabels) CesMatchingLabels

Add takes the currently existing labels from this object and returns a sum of all provided labels as a new object.

func (CesMatchingLabels) DeepCopy 

func (in CesMatchingLabels) DeepCopy() CesMatchingLabels

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CesMatchingLabels.

func (CesMatchingLabels) DeepCopyInto 

func (in CesMatchingLabels) DeepCopyInto(out *CesMatchingLabels)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevelopmentDoguMap 

type DevelopmentDoguMap corev1.ConfigMap

DevelopmentDoguMap is a config map that is especially used to when developing a dogu. The map contains a custom dogu.json in the data filed with the "dogu.json" identifier.

func (*DevelopmentDoguMap) DeepCopy 

func (in *DevelopmentDoguMap) DeepCopy() *DevelopmentDoguMap

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevelopmentDoguMap.

func (*DevelopmentDoguMap) DeepCopyInto 

func (in *DevelopmentDoguMap) DeepCopyInto(out *DevelopmentDoguMap)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DevelopmentDoguMap) DeleteFromCluster 

func (ddm *DevelopmentDoguMap) DeleteFromCluster(ctx context.Context, client client.Client) error

DeleteFromCluster deletes this development config map from the cluster.

func (*DevelopmentDoguMap) ToConfigMap 

func (ddm *DevelopmentDoguMap) ToConfigMap() *corev1.ConfigMap

ToConfigMap returns the development dogu map as config map pointer.

type Dogu 

type Dogu struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DoguSpec   `json:"spec,omitempty"`
	Status DoguStatus `json:"status,omitempty"`
}

Dogu is the Schema for the dogus API

func (*Dogu) ChangeRequeuePhaseWithRetry 

func (d *Dogu) ChangeRequeuePhaseWithRetry(ctx context.Context, client client.Client, phase string) error

ChangeRequeuePhaseWithRetry refreshes the dogu resource and tries to set the requeue phase. If a conflict error occurs this method will retry the operation.

func (*Dogu) ChangeStateWithRetry 

func (d *Dogu) ChangeStateWithRetry(ctx context.Context, client client.Client, newStatus string) error

ChangeStateWithRetry refreshes the dogu resource and tries to set the state. If a conflict error occurs this method will retry the operation.

func (*Dogu) DeepCopy 

func (in *Dogu) DeepCopy() *Dogu

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Dogu.

func (*Dogu) DeepCopyInto 

func (in *Dogu) DeepCopyInto(out *Dogu)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Dogu) DeepCopyObject 

func (in *Dogu) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Dogu) GetDataPVC 

func (d *Dogu) GetDataPVC(ctx context.Context, cli client.Client) (*corev1.PersistentVolumeClaim, error)

GetDataPVC returns the data pvc for this dogu.

func (*Dogu) GetDataVolumeName 

func (d *Dogu) GetDataVolumeName() string

GetDataVolumeName returns the data volume name for the dogu resource for volumes with backup

func (*Dogu) GetDataVolumeSize 

func (d *Dogu) GetDataVolumeSize() resource.Quantity

GetDataVolumeSize returns the dataVolumeSize of the dogu. If no size is set the default size will be returned.

func (*Dogu) GetDeployment 

func (d *Dogu) GetDeployment(ctx context.Context, cli client.Client) (*appsv1.Deployment, error)

GetDeployment returns the deployment for this dogu.

func (*Dogu) GetDevelopmentDoguMapKey 

func (d *Dogu) GetDevelopmentDoguMapKey() client.ObjectKey

GetDevelopmentDoguMapKey returns the object key for the custom dogu descriptor with the actual name and namespace from the dogu resource.

func (*Dogu) GetDoguNameLabel 

func (d *Dogu) GetDoguNameLabel() CesMatchingLabels

GetDoguNameLabel returns labels that select any resource being associated with this dogu.

func (*Dogu) GetEphemeralDataVolumeName 

func (d *Dogu) GetEphemeralDataVolumeName() string

GetEphemeralDataVolumeName returns the data volume name for the dogu resource for volumes without backup

func (*Dogu) GetObjectKey 

func (d *Dogu) GetObjectKey() client.ObjectKey

GetObjectKey returns the object key with the actual name and namespace from the dogu resource

func (*Dogu) GetObjectMeta 

func (d *Dogu) GetObjectMeta() *metav1.ObjectMeta

GetObjectMeta return the object meta with the actual name and namespace from the dogu resource

func (*Dogu) GetPod 

func (d *Dogu) GetPod(ctx context.Context, cli client.Client) (*corev1.Pod, error)

GetPod returns a pod for this dogu. An error is returned if either no pod or more than one pod is found.

func (*Dogu) GetPodLabels 

func (d *Dogu) GetPodLabels() CesMatchingLabels

GetPodLabels returns labels that select a pod being associated with this dogu.

func (*Dogu) GetPrivateKeyObjectKey 

func (d *Dogu) GetPrivateKeyObjectKey() client.ObjectKey

GetPrivateKeyObjectKey returns the object key for the secret containing the private key for the dogu.

func (*Dogu) GetPrivateKeySecret 

func (d *Dogu) GetPrivateKeySecret(ctx context.Context, cli client.Client) (*corev1.Secret, error)

GetPrivateKeySecret returns the private key secret for this dogu.

func (*Dogu) GetPrivateKeySecretName 

func (d *Dogu) GetPrivateKeySecretName() string

GetPrivateKeySecretName returns the name of the dogus secret resource.

func (*Dogu) GetSecretObjectKey 

func (d *Dogu) GetSecretObjectKey() client.ObjectKey

GetSecretObjectKey returns the object key for the config map containing values that should be encrypted for the dogu

func (*Dogu) GetSimpleDoguName added in v3.2.0 

func (d *Dogu) GetSimpleDoguName() cescommons.SimpleName

GetSimpleDoguName returns the name of the dogu as a dogu.SimpleName.

func (*Dogu) NextRequeueWithRetry 

func (d *Dogu) NextRequeueWithRetry(ctx context.Context, client client.Client) (time.Duration, error)

func (*Dogu) Update 

func (d *Dogu) Update(ctx context.Context, client client.Client) error

Update updates the dogu's status property in the cluster state.

func (*Dogu) ValidateSecurity added in v3.2.0 

func (d *Dogu) ValidateSecurity() error

ValidateSecurity checks the dogu's Security section for configuration errors.

type DoguList 

type DoguList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Dogu `json:"items"`
}

DoguList contains a list of Dogu

func (*DoguList) DeepCopy 

func (in *DoguList) DeepCopy() *DoguList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguList.

func (*DoguList) DeepCopyInto 

func (in *DoguList) DeepCopyInto(out *DoguList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DoguList) DeepCopyObject 

func (in *DoguList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DoguResources 

type DoguResources struct {
	// DataVolumeSize represents the current size of the volume. Increasing this value leads to an automatic volume
	// expansion. This includes a downtime for the respective dogu. The default size for volumes is "2Gi".
	// It is not possible to lower the volume size after an expansion. This will introduce an inconsistent state for the
	// dogu.
	DataVolumeSize string `json:"dataVolumeSize,omitempty"`
}

DoguResources defines the physical resources used by the dogu.

func (*DoguResources) DeepCopy 

func (in *DoguResources) DeepCopy() *DoguResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguResources.

func (*DoguResources) DeepCopyInto 

func (in *DoguResources) DeepCopyInto(out *DoguResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DoguRestart 

type DoguRestart struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DoguRestartSpec   `json:"spec,omitempty"`
	Status DoguRestartStatus `json:"status,omitempty"`
}

DoguRestart is the Schema for the dogurestarts API

func (*DoguRestart) DeepCopy 

func (in *DoguRestart) DeepCopy() *DoguRestart

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguRestart.

func (*DoguRestart) DeepCopyInto 

func (in *DoguRestart) DeepCopyInto(out *DoguRestart)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DoguRestart) DeepCopyObject 

func (in *DoguRestart) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DoguRestartList 

type DoguRestartList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DoguRestart `json:"items"`
}

DoguRestartList contains a list of DoguRestart

func (*DoguRestartList) DeepCopy 

func (in *DoguRestartList) DeepCopy() *DoguRestartList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguRestartList.

func (*DoguRestartList) DeepCopyInto 

func (in *DoguRestartList) DeepCopyInto(out *DoguRestartList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DoguRestartList) DeepCopyObject 

func (in *DoguRestartList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DoguRestartSpec 

type DoguRestartSpec struct {
	// DoguName references the dogu that should get restarted.
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Dogu name is immutable"
	DoguName string `json:"doguName"`
}

DoguRestartSpec defines the desired state of DoguRestart

func (*DoguRestartSpec) DeepCopy 

func (in *DoguRestartSpec) DeepCopy() *DoguRestartSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguRestartSpec.

func (*DoguRestartSpec) DeepCopyInto 

func (in *DoguRestartSpec) DeepCopyInto(out *DoguRestartSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DoguRestartStatus 

type DoguRestartStatus struct {
	// Phase tracks the state of the restart process.
	Phase RestartStatusPhase `json:"phase,omitempty"`
}

DoguRestartStatus defines the observed state of DoguRestart

func (*DoguRestartStatus) DeepCopy 

func (in *DoguRestartStatus) DeepCopy() *DoguRestartStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguRestartStatus.

func (*DoguRestartStatus) DeepCopyInto 

func (in *DoguRestartStatus) DeepCopyInto(out *DoguRestartStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DoguSpec 

type DoguSpec struct {
	// Name of the dogu (e.g. official/ldap)
	Name string `json:"name,omitempty"`
	// Version of the dogu (e.g. 2.4.48-3)
	Version string `json:"version,omitempty"`
	// Resources of the dogu (e.g. dataVolumeSize)
	Resources DoguResources `json:"resources,omitempty"`
	// Security overrides security policies defined in the dogu descriptor. These fields can be used to further reduce a dogu's attack surface.
	// +optional
	Security Security `json:"security,omitempty"`
	// SupportMode indicates whether the dogu should be restarted in the support mode (f. e. to recover manually from
	// a crash loop).
	SupportMode bool `json:"supportMode,omitempty"`
	// Stopped indicates whether the dogu should be running (stopped=false) or not (stopped=true).
	Stopped bool `json:"stopped,omitempty"`
	// UpgradeConfig contains options to manipulate the upgrade process.
	UpgradeConfig UpgradeConfig `json:"upgradeConfig,omitempty"`
	// AdditionalIngressAnnotations provides additional annotations that get included into the dogu's ingress rules.
	AdditionalIngressAnnotations IngressAnnotations `json:"additionalIngressAnnotations,omitempty"`
}

DoguSpec defines the desired state of a Dogu

func (*DoguSpec) DeepCopy 

func (in *DoguSpec) DeepCopy() *DoguSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguSpec.

func (*DoguSpec) DeepCopyInto 

func (in *DoguSpec) DeepCopyInto(out *DoguSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DoguStatus 

type DoguStatus struct {
	// Status represents the state of the Dogu in the ecosystem
	Status string `json:"status"`
	// RequeueTime contains time necessary to perform the next requeue
	RequeueTime time.Duration `json:"requeueTime"`
	// RequeuePhase is the actual phase of the dogu resource used for a currently running async process.
	RequeuePhase string `json:"requeuePhase"`
	// Health describes the health status of the dogu
	Health HealthStatus `json:"health,omitempty"`
	// InstalledVersion of the dogu (e.g. 2.4.48-3)
	InstalledVersion string `json:"installedVersion,omitempty"`
	// Stopped shows if the dogu has been stopped or not.
	Stopped bool `json:"stopped,omitempty"`
}

DoguStatus defines the observed state of a Dogu.

func (*DoguStatus) DeepCopy 

func (in *DoguStatus) DeepCopy() *DoguStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DoguStatus.

func (*DoguStatus) DeepCopyInto 

func (in *DoguStatus) DeepCopyInto(out *DoguStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DoguStatus) NextRequeue 

func (ds *DoguStatus) NextRequeue() time.Duration

NextRequeue increases the requeue time of the dogu status and returns the new requeue time

func (*DoguStatus) ResetRequeueTime 

func (ds *DoguStatus) ResetRequeueTime()

ResetRequeueTime resets the requeue timer to the initial value

type HealthStatus 

type HealthStatus string
const (
	PendingHealthStatus     HealthStatus = ""
	AvailableHealthStatus   HealthStatus = "available"
	UnavailableHealthStatus HealthStatus = "unavailable"
	UnknownHealthStatus     HealthStatus = "unknown"
)

type IngressAnnotations 

type IngressAnnotations map[string]string

IngressAnnotations are annotations of nginx-ingress rules.

func (IngressAnnotations) DeepCopy 

func (in IngressAnnotations) DeepCopy() IngressAnnotations

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressAnnotations.

func (IngressAnnotations) DeepCopyInto 

func (in IngressAnnotations) DeepCopyInto(out *IngressAnnotations)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RestartStatusPhase 

type RestartStatusPhase string
const (
	RestartStatusPhaseNew           RestartStatusPhase = ""
	RestartStatusPhaseStopping      RestartStatusPhase = "stopping"
	RestartStatusPhaseStopped       RestartStatusPhase = "stopped"
	RestartStatusPhaseStarting      RestartStatusPhase = "starting"
	RestartStatusPhaseCompleted     RestartStatusPhase = "completed"
	RestartStatusPhaseDoguNotFound  RestartStatusPhase = "dogu not found"
	RestartStatusPhaseFailedGetDogu RestartStatusPhase = "failed getting dogu"
	RestartStatusPhaseFailedStop    RestartStatusPhase = "stop failed"
	RestartStatusPhaseFailedStart   RestartStatusPhase = "start failed"
)

func (RestartStatusPhase) IsFailed 

func (rsp RestartStatusPhase) IsFailed() bool

type SELinuxOptions added in v3.2.0 

type SELinuxOptions struct {
	// User is a SELinux user label that applies to the container.
	// +optional
	User string `json:"user,omitempty"`
	// Role is a SELinux role label that applies to the container.
	// +optional
	Role string `json:"role,omitempty"`
	// Type is a SELinux type label that applies to the container.
	// +optional
	Type string `json:"type,omitempty"`
	// Level is SELinux level label that applies to the container.
	// +optional
	Level string `json:"level,omitempty"`
}

SELinuxOptions are the labels to be applied to the container

func (*SELinuxOptions) DeepCopy added in v3.2.0 

func (in *SELinuxOptions) DeepCopy() *SELinuxOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxOptions.

func (*SELinuxOptions) DeepCopyInto added in v3.2.0 

func (in *SELinuxOptions) DeepCopyInto(out *SELinuxOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SeccompProfile added in v3.2.0 

type SeccompProfile struct {
	// Type indicates which kind of seccomp profile will be applied.
	// Valid options are:
	//
	// Localhost - a profile defined in a file on the node should be used.
	// RuntimeDefault - the container runtime default profile should be used.
	// Unconfined - no profile should be applied.
	// +unionDiscriminator
	Type SeccompProfileType `json:"type"`
	// LocalhostProfile indicates a profile defined in a file on the node should be used.
	// The profile must be preconfigured on the node to work.
	// Must be a descending path, relative to the kubelet's configured seccomp profile location.
	// Must be set if type is "Localhost". Must NOT be set for any other type.
	// +optional
	LocalhostProfile *string `json:"localhostProfile,omitempty"`
}

SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set. +union

func (*SeccompProfile) DeepCopy added in v3.2.0 

func (in *SeccompProfile) DeepCopy() *SeccompProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompProfile.

func (*SeccompProfile) DeepCopyInto added in v3.2.0 

func (in *SeccompProfile) DeepCopyInto(out *SeccompProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SeccompProfileType added in v3.2.0 

type SeccompProfileType string

SeccompProfileType defines the supported seccomp profile types. +enum 

const (
	// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined).
	SeccompProfileTypeUnconfined SeccompProfileType = "Unconfined"
	// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile.
	SeccompProfileTypeRuntimeDefault SeccompProfileType = "RuntimeDefault"
	// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used.
	// The file's location relative to <kubelet-root-dir>/seccomp.
	SeccompProfileTypeLocalhost SeccompProfileType = "Localhost"
)

type Security added in v3.2.0 

type Security struct {
	// Capabilities sets the allowed and dropped capabilities for the dogu. The dogu should not use more than the
	// configured capabilities here, otherwise failure may occur at start-up or at run-time.
	// +optional
	Capabilities Capabilities `json:"capabilities,omitempty"`
	// RunAsNonRoot indicates that the container must run as a non-root user. The dogu must support running as non-root
	// user otherwise the dogu start may fail. This flag is optional and defaults to nil.
	// If nil, the value defined in the dogu descriptor is used.
	// +optional
	RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"`
	// ReadOnlyRootFileSystem mounts the container's root filesystem as read-only. The dogu must support accessing the
	// root file system by only reading otherwise the dogu start may fail. This flag is optional and defaults to nil.
	// If nil, the value defined in the dogu descriptor is used.
	// +optional
	ReadOnlyRootFileSystem *bool `json:"readOnlyRootFileSystem,omitempty"`
	// SELinuxOptions is the SELinux context to be applied to the container.
	// If unspecified, the container runtime will allocate a random SELinux context for each
	// container, which is kubernetes default behaviour.
	// +optional
	SELinuxOptions *SELinuxOptions `json:"seLinuxOptions,omitempty"`
	// SeccompProfile is the seccomp options to use by this container.
	// +optional
	SeccompProfile *SeccompProfile `json:"seccompProfile,omitempty"`
	// AppArmorProfile is the AppArmor options to use by this container.
	// +optional
	AppArmorProfile *AppArmorProfile `json:"appArmorProfile,omitempty"`
}

Security overrides security policies defined in the dogu descriptor. These fields can be used to further reduce a dogu's attack surface.

func (*Security) DeepCopy added in v3.2.0 

func (in *Security) DeepCopy() *Security

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Security.

func (*Security) DeepCopyInto added in v3.2.0 

func (in *Security) DeepCopyInto(out *Security)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UpgradeConfig 

type UpgradeConfig struct {
	// AllowNamespaceSwitch lets a dogu switch its dogu namespace during an upgrade. The dogu must be technically the
	// same dogu which did reside in a different namespace. The remote dogu's version must be equal to or greater than
	// the version of the local dogu.
	AllowNamespaceSwitch bool `json:"allowNamespaceSwitch,omitempty"`
	// ForceUpgrade allows to install the same or even lower dogu version than already is installed. Please note, that
	// possible data loss may occur by inappropriate dogu downgrading.
	ForceUpgrade bool `json:"forceUpgrade,omitempty"`
}

UpgradeConfig contains configuration hints for the dogu operator regarding aspects during the upgrade of dogus.

func (*UpgradeConfig) DeepCopy 

func (in *UpgradeConfig) DeepCopy() *UpgradeConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpgradeConfig.

func (*UpgradeConfig) DeepCopyInto 

func (in *UpgradeConfig) DeepCopyInto(out *UpgradeConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.