Documentation ¶
Overview ¶
Package v1 is the v1 version of the API.
Index ¶
- Constants
- Variables
- func RegisterDefaults(scheme *runtime.Scheme) error
- func SetDefaults_ClientConnectionOverrides(overrides *ClientConnectionOverrides)
- func SetDefaults_DNSConfig(obj *DNSConfig)
- func SetDefaults_DockerConfig(obj *DockerConfig)
- func SetDefaults_EtcdStorageConfig(obj *EtcdStorageConfig)
- func SetDefaults_GrantConfig(obj *GrantConfig)
- func SetDefaults_IdentityProvider(obj *IdentityProvider)
- func SetDefaults_ImagePolicyConfig(obj *ImagePolicyConfig)
- func SetDefaults_KubernetesMasterConfig(obj *KubernetesMasterConfig)
- func SetDefaults_MasterConfig(obj *MasterConfig)
- func SetDefaults_NodeConfig(obj *NodeConfig)
- func SetDefaults_SecurityAllocator(obj *SecurityAllocator)
- func SetDefaults_ServingInfo(obj *ServingInfo)
- func SetObjectDefaults_MasterConfig(in *MasterConfig)
- func SetObjectDefaults_NodeConfig(in *NodeConfig)
- type ActiveDirectoryConfig
- type AdmissionConfig
- type AdmissionPluginConfig
- type AggregatorConfig
- type AllowAllPasswordIdentityProvider
- type AllowedRegistries
- type AssetConfig
- type AssetExtensionsConfig
- type AuditConfig
- type AugmentedActiveDirectoryConfig
- type BasicAuthPasswordIdentityProvider
- type CertInfo
- type ClientConnectionOverrides
- type ControllerConfig
- type ControllerElectionConfig
- type DNSConfig
- type DefaultAdmissionConfig
- type DenyAllPasswordIdentityProvider
- type DockerConfig
- type DockerExecHandlerType
- type EtcdConfig
- type EtcdConnectionInfo
- type EtcdStorageConfig
- type ExtendedArguments
- type FeatureList
- type GitHubIdentityProvider
- type GitLabIdentityProvider
- type GoogleIdentityProvider
- type GrantConfig
- type GrantHandlerType
- type GroupResource
- type HTPasswdPasswordIdentityProvider
- type HTTPServingInfo
- type IdentityProvider
- type ImageConfig
- type ImagePolicyConfig
- type JenkinsPipelineConfig
- type KeystonePasswordIdentityProvider
- type KubeletConnectionInfo
- type KubernetesMasterConfig
- type LDAPAttributeMapping
- type LDAPPasswordIdentityProvider
- type LDAPQuery
- type LDAPSyncConfig
- type LocalQuota
- type MasterAuthConfig
- type MasterClients
- type MasterConfig
- type MasterNetworkConfig
- type MasterVolumeConfig
- type NamedCertificate
- type NodeAuthConfig
- type NodeConfig
- type NodeNetworkConfig
- type NodeVolumeConfig
- type OAuthConfig
- type OAuthTemplates
- type OpenIDClaims
- type OpenIDIdentityProvider
- type OpenIDURLs
- type PodManifestConfig
- type PolicyConfig
- type ProjectConfig
- type RFC2307Config
- type RegistryLocation
- type RemoteConnectionInfo
- type RequestHeaderAuthenticationOptions
- type RequestHeaderIdentityProvider
- type RoutingConfig
- type SecurityAllocator
- type ServiceAccountConfig
- type ServiceServingCert
- type ServingInfo
- type SessionConfig
- type SessionSecret
- type SessionSecrets
- type StringSource
- type StringSourceSpec
- type TokenConfig
- type UserAgentDenyRule
- type UserAgentMatchRule
- type UserAgentMatchingConfig
Constants ¶
const ( // DockerExecHandlerNative uses Docker's exec API for executing commands in containers. DockerExecHandlerNative DockerExecHandlerType = "native" // DockerExecHandlerNsenter uses nsenter for executing commands in containers. DockerExecHandlerNsenter DockerExecHandlerType = "nsenter" // ControllersDisabled indicates no controllers should be enabled. ControllersDisabled = "none" // ControllersAll indicates all controllers should be started. ControllersAll = "*" )
const GroupName = ""
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, addConversionFuncs, addDefaultingFuncs) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func SetDefaults_ClientConnectionOverrides ¶
func SetDefaults_ClientConnectionOverrides(overrides *ClientConnectionOverrides)
SetDefaults_ClientConnectionOverrides defaults a client connection to the pre-1.3 settings of being JSON only. Callers must explicitly opt-in to Protobuf support in 1.3+.
func SetDefaults_DNSConfig ¶
func SetDefaults_DNSConfig(obj *DNSConfig)
func SetDefaults_DockerConfig ¶
func SetDefaults_DockerConfig(obj *DockerConfig)
func SetDefaults_EtcdStorageConfig ¶
func SetDefaults_EtcdStorageConfig(obj *EtcdStorageConfig)
func SetDefaults_GrantConfig ¶
func SetDefaults_GrantConfig(obj *GrantConfig)
func SetDefaults_IdentityProvider ¶
func SetDefaults_IdentityProvider(obj *IdentityProvider)
func SetDefaults_ImagePolicyConfig ¶
func SetDefaults_ImagePolicyConfig(obj *ImagePolicyConfig)
func SetDefaults_KubernetesMasterConfig ¶
func SetDefaults_KubernetesMasterConfig(obj *KubernetesMasterConfig)
func SetDefaults_MasterConfig ¶
func SetDefaults_MasterConfig(obj *MasterConfig)
func SetDefaults_NodeConfig ¶
func SetDefaults_NodeConfig(obj *NodeConfig)
func SetDefaults_SecurityAllocator ¶
func SetDefaults_SecurityAllocator(obj *SecurityAllocator)
func SetDefaults_ServingInfo ¶
func SetDefaults_ServingInfo(obj *ServingInfo)
func SetObjectDefaults_MasterConfig ¶
func SetObjectDefaults_MasterConfig(in *MasterConfig)
func SetObjectDefaults_NodeConfig ¶
func SetObjectDefaults_NodeConfig(in *NodeConfig)
Types ¶
type ActiveDirectoryConfig ¶ added in v1.0.7
type ActiveDirectoryConfig struct { // AllUsersQuery holds the template for an LDAP query that returns user entries. AllUsersQuery LDAPQuery `json:"usersQuery"` // UserNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name. UserNameAttributes []string `json:"userNameAttributes"` // GroupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted // as the groups it is a member of GroupMembershipAttributes []string `json:"groupMembershipAttributes"` }
ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema
func (ActiveDirectoryConfig) SwaggerDoc ¶ added in v1.1.4
func (ActiveDirectoryConfig) SwaggerDoc() map[string]string
type AdmissionConfig ¶ added in v1.1.2
type AdmissionConfig struct { // PluginConfig allows specifying a configuration file per admission control plugin PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig"` // PluginOrderOverride is a list of admission control plugin names that will be installed // on the master. Order is significant. If empty, a default list of plugins is used. PluginOrderOverride []string `json:"pluginOrderOverride,omitempty"` }
AdmissionConfig holds the necessary configuration options for admission
func (AdmissionConfig) SwaggerDoc ¶ added in v1.1.4
func (AdmissionConfig) SwaggerDoc() map[string]string
type AdmissionPluginConfig ¶ added in v1.1.2
type AdmissionPluginConfig struct { // Location is the path to a configuration file that contains the plugin's // configuration Location string `json:"location"` // Configuration is an embedded configuration object to be used as the plugin's // configuration. If present, it will be used instead of the path to the configuration file. Configuration runtime.RawExtension `json:"configuration"` }
AdmissionPluginConfig holds the necessary configuration options for admission plugins
func (AdmissionPluginConfig) SwaggerDoc ¶ added in v1.1.4
func (AdmissionPluginConfig) SwaggerDoc() map[string]string
type AggregatorConfig ¶
type AggregatorConfig struct { // ProxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers ProxyClientInfo CertInfo `json:"proxyClientInfo"` }
AggregatorConfig holds information required to make the aggregator function.
func (AggregatorConfig) SwaggerDoc ¶
func (AggregatorConfig) SwaggerDoc() map[string]string
type AllowAllPasswordIdentityProvider ¶ added in v0.4.3
AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords
func (AllowAllPasswordIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (AllowAllPasswordIdentityProvider) SwaggerDoc() map[string]string
type AllowedRegistries ¶
type AllowedRegistries []RegistryLocation
AllowedRegistries represents a list of registries allowed for the image import.
type AssetConfig ¶
type AssetConfig struct { // ServingInfo is the HTTP serving information for these assets ServingInfo HTTPServingInfo `json:"servingInfo"` // PublicURL is where you can find the asset server (TODO do we really need this?) PublicURL string `json:"publicURL"` // LogoutURL is an optional, absolute URL to redirect web browsers to after logging out of the web console. // If not specified, the built-in logout page is shown. LogoutURL string `json:"logoutURL"` // MasterPublicURL is how the web console can access the OpenShift v1 server MasterPublicURL string `json:"masterPublicURL"` // LoggingPublicURL is the public endpoint for logging (optional) LoggingPublicURL string `json:"loggingPublicURL"` // MetricsPublicURL is the public endpoint for metrics (optional) MetricsPublicURL string `json:"metricsPublicURL"` // ExtensionScripts are file paths on the asset server files to load as scripts when the Web // Console loads ExtensionScripts []string `json:"extensionScripts"` // ExtensionProperties are key(string) and value(string) pairs that will be injected into the console under // the global variable OPENSHIFT_EXTENSION_PROPERTIES ExtensionProperties map[string]string `json:"extensionProperties"` // ExtensionStylesheets are file paths on the asset server files to load as stylesheets when // the Web Console loads ExtensionStylesheets []string `json:"extensionStylesheets"` // Extensions are files to serve from the asset server filesystem under a subcontext Extensions []AssetExtensionsConfig `json:"extensions"` // ExtensionDevelopment when true tells the asset server to reload extension scripts and // stylesheets for every request rather than only at startup. It lets you develop extensions // without having to restart the server for every change. ExtensionDevelopment bool `json:"extensionDevelopment"` }
AssetConfig holds the necessary configuration options for serving assets
func (AssetConfig) SwaggerDoc ¶ added in v1.1.4
func (AssetConfig) SwaggerDoc() map[string]string
type AssetExtensionsConfig ¶ added in v1.0.6
type AssetExtensionsConfig struct { // SubContext is the path under /<context>/extensions/ to serve files from SourceDirectory Name string `json:"name"` // SourceDirectory is a directory on the asset server to serve files under Name in the Web // Console. It may have nested folders. SourceDirectory string `json:"sourceDirectory"` // HTML5Mode determines whether to redirect to the root index.html when a file is not found. // This is needed for apps that use the HTML5 history API like AngularJS apps with HTML5 // mode enabled. If HTML5Mode is true, also rewrite the base element in index.html with the // Web Console's context root. Defaults to false. HTML5Mode bool `json:"html5Mode"` }
AssetExtensionsConfig holds the necessary configuration options for asset extensions
func (AssetExtensionsConfig) SwaggerDoc ¶ added in v1.1.4
func (AssetExtensionsConfig) SwaggerDoc() map[string]string
type AuditConfig ¶ added in v1.3.0
type AuditConfig struct { // If this flag is set, audit log will be printed in the logs. // The logs contains, method, user and a requested URL. Enabled bool `json:"enabled"` // All requests coming to the apiserver will be logged to this file. AuditFilePath string `json:"auditFilePath"` // Maximum number of days to retain old log files based on the timestamp encoded in their filename. MaximumFileRetentionDays int `json:"maximumFileRetentionDays"` // Maximum number of old log files to retain. MaximumRetainedFiles int `json:"maximumRetainedFiles"` // Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB. MaximumFileSizeMegabytes int `json:"maximumFileSizeMegabytes"` }
AuditConfig holds configuration for the audit capabilities
func (AuditConfig) SwaggerDoc ¶ added in v1.3.0
func (AuditConfig) SwaggerDoc() map[string]string
type AugmentedActiveDirectoryConfig ¶ added in v1.0.7
type AugmentedActiveDirectoryConfig struct { // AllUsersQuery holds the template for an LDAP query that returns user entries. AllUsersQuery LDAPQuery `json:"usersQuery"` // UserNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name. UserNameAttributes []string `json:"userNameAttributes"` // GroupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted // as the groups it is a member of GroupMembershipAttributes []string `json:"groupMembershipAttributes"` // AllGroupsQuery holds the template for an LDAP query that returns group entries. AllGroupsQuery LDAPQuery `json:"groupsQuery"` // GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. // (ldapGroupUID) GroupUIDAttribute string `json:"groupUIDAttribute"` // GroupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for // an OpenShift group GroupNameAttributes []string `json:"groupNameAttributes"` }
AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema
func (AugmentedActiveDirectoryConfig) SwaggerDoc ¶ added in v1.1.4
func (AugmentedActiveDirectoryConfig) SwaggerDoc() map[string]string
type BasicAuthPasswordIdentityProvider ¶ added in v0.4.3
type BasicAuthPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // RemoteConnectionInfo contains information about how to connect to the external basic auth server RemoteConnectionInfo `json:",inline"` }
BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials
func (BasicAuthPasswordIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (BasicAuthPasswordIdentityProvider) SwaggerDoc() map[string]string
type CertInfo ¶
type CertInfo struct { // CertFile is a file containing a PEM-encoded certificate CertFile string `json:"certFile"` // KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile KeyFile string `json:"keyFile"` }
CertInfo relates a certificate with a private key
func (CertInfo) SwaggerDoc ¶ added in v1.1.4
type ClientConnectionOverrides ¶ added in v1.3.0
type ClientConnectionOverrides struct { // AcceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the // default value of 'application/json'. This field will control all connections to the server used by a particular // client. AcceptContentTypes string `json:"acceptContentTypes"` // ContentType is the content type used when sending data to the server from this client. ContentType string `json:"contentType"` // QPS controls the number of queries per second allowed for this connection. QPS float32 `json:"qps"` // Burst allows extra queries to accumulate when a client is exceeding its rate. Burst int32 `json:"burst"` }
ClientConnectionOverrides are a set of overrides to the default client connection settings.
func (ClientConnectionOverrides) SwaggerDoc ¶ added in v1.3.0
func (ClientConnectionOverrides) SwaggerDoc() map[string]string
type ControllerConfig ¶ added in v1.3.0
type ControllerConfig struct { // Election defines the configuration for electing a controller instance to make changes to // the cluster. If unspecified, the ControllerTTL value is checked to determine whether the // legacy direct etcd election code will be used. Election *ControllerElectionConfig `json:"election"` // ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for // pods fulfilling a service to serve with. ServiceServingCert ServiceServingCert `json:"serviceServingCert"` }
ControllerConfig holds configuration values for controllers
func (ControllerConfig) SwaggerDoc ¶ added in v1.3.0
func (ControllerConfig) SwaggerDoc() map[string]string
type ControllerElectionConfig ¶
type ControllerElectionConfig struct { // LockName is the resource name used to act as the lock for determining which controller // instance should lead. LockName string `json:"lockName"` // LockNamespace is the resource namespace used to act as the lock for determining which // controller instance should lead. It defaults to "kube-system" LockNamespace string `json:"lockNamespace"` // LockResource is the group and resource name to use to coordinate for the controller lock. // If unset, defaults to "configmaps". LockResource GroupResource `json:"lockResource"` }
ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.
func (ControllerElectionConfig) SwaggerDoc ¶
func (ControllerElectionConfig) SwaggerDoc() map[string]string
type DNSConfig ¶
type DNSConfig struct { // BindAddress is the ip:port to serve DNS on BindAddress string `json:"bindAddress"` // BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp", // "tcp4", and "tcp6" BindNetwork string `json:"bindNetwork"` // AllowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open // resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible // to public networks. AllowRecursiveQueries bool `json:"allowRecursiveQueries"` }
DNSConfig holds the necessary configuration options for DNS
func (DNSConfig) SwaggerDoc ¶ added in v1.1.4
type DefaultAdmissionConfig ¶ added in v1.3.0
type DefaultAdmissionConfig struct { metav1.TypeMeta `json:",inline"` // Disable turns off an admission plugin that is enabled by default. Disable bool `json:"disable"` }
DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an "off by default" admission plugin to be enabled
func (DefaultAdmissionConfig) SwaggerDoc ¶ added in v1.3.0
func (DefaultAdmissionConfig) SwaggerDoc() map[string]string
type DenyAllPasswordIdentityProvider ¶ added in v0.4.3
DenyAllPasswordIdentityProvider provides no identities for users
func (DenyAllPasswordIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (DenyAllPasswordIdentityProvider) SwaggerDoc() map[string]string
type DockerConfig ¶ added in v0.5.4
type DockerConfig struct { // ExecHandlerName is the name of the handler to use for executing // commands in Docker containers. ExecHandlerName DockerExecHandlerType `json:"execHandlerName"` // DockerShimSocket is the location of the dockershim socket the kubelet uses. DockerShimSocket string `json:"dockerShimSocket"` // DockershimRootDirectory is the dockershim root directory. DockershimRootDirectory string `json:"dockerShimRootDirectory"` }
DockerConfig holds Docker related configuration options.
func (DockerConfig) SwaggerDoc ¶ added in v1.1.4
func (DockerConfig) SwaggerDoc() map[string]string
type DockerExecHandlerType ¶ added in v0.5.4
type DockerExecHandlerType string
type EtcdConfig ¶
type EtcdConfig struct { // ServingInfo describes how to start serving the etcd master ServingInfo ServingInfo `json:"servingInfo"` // Address is the advertised host:port for client connections to etcd Address string `json:"address"` // PeerServingInfo describes how to start serving the etcd peer PeerServingInfo ServingInfo `json:"peerServingInfo"` // PeerAddress is the advertised host:port for peer connections to etcd PeerAddress string `json:"peerAddress"` // StorageDir is the path to the etcd storage directory StorageDir string `json:"storageDirectory"` }
EtcdConfig holds the necessary configuration options for connecting with an etcd database
func (EtcdConfig) SwaggerDoc ¶ added in v1.1.4
func (EtcdConfig) SwaggerDoc() map[string]string
type EtcdConnectionInfo ¶ added in v0.4.3
type EtcdConnectionInfo struct { // URLs are the URLs for etcd URLs []string `json:"urls"` // CA is a file containing trusted roots for the etcd server certificates CA string `json:"ca"` // CertInfo is the TLS client cert information for securing communication to etcd // this is anonymous so that we can inline it for serialization CertInfo `json:",inline"` }
EtcdConnectionInfo holds information necessary for connecting to an etcd server
func (EtcdConnectionInfo) SwaggerDoc ¶ added in v1.1.4
func (EtcdConnectionInfo) SwaggerDoc() map[string]string
type EtcdStorageConfig ¶ added in v0.4.4
type EtcdStorageConfig struct { // KubernetesStorageVersion is the API version that Kube resources in etcd should be // serialized to. This value should *not* be advanced until all clients in the // cluster that read from etcd have code that allows them to read the new version. KubernetesStorageVersion string `json:"kubernetesStorageVersion"` // KubernetesStoragePrefix is the path within etcd that the Kubernetes resources will // be rooted under. This value, if changed, will mean existing objects in etcd will // no longer be located. The default value is 'kubernetes.io'. KubernetesStoragePrefix string `json:"kubernetesStoragePrefix"` // OpenShiftStorageVersion is the API version that OS resources in etcd should be // serialized to. This value should *not* be advanced until all clients in the // cluster that read from etcd have code that allows them to read the new version. OpenShiftStorageVersion string `json:"openShiftStorageVersion"` // OpenShiftStoragePrefix is the path within etcd that the OpenShift resources will // be rooted under. This value, if changed, will mean existing objects in etcd will // no longer be located. The default value is 'openshift.io'. OpenShiftStoragePrefix string `json:"openShiftStoragePrefix"` }
EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes
func (EtcdStorageConfig) SwaggerDoc ¶ added in v1.1.4
func (EtcdStorageConfig) SwaggerDoc() map[string]string
type ExtendedArguments ¶ added in v0.5.4
type GitHubIdentityProvider ¶ added in v0.4.4
type GitHubIdentityProvider struct { metav1.TypeMeta `json:",inline"` // ClientID is the oauth client ID ClientID string `json:"clientID"` // ClientSecret is the oauth client secret ClientSecret StringSource `json:"clientSecret"` // Organizations optionally restricts which organizations are allowed to log in Organizations []string `json:"organizations"` // Teams optionally restricts which teams are allowed to log in. Format is <org>/<team>. Teams []string `json:"teams"` }
GitHubIdentityProvider provides identities for users authenticating using GitHub credentials
func (GitHubIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (GitHubIdentityProvider) SwaggerDoc() map[string]string
type GitLabIdentityProvider ¶ added in v1.1.2
type GitLabIdentityProvider struct { metav1.TypeMeta `json:",inline"` // CA is the optional trusted certificate authority bundle to use when making requests to the server // If empty, the default system roots are used CA string `json:"ca"` // URL is the oauth server base URL URL string `json:"url"` // ClientID is the oauth client ID ClientID string `json:"clientID"` // ClientSecret is the oauth client secret ClientSecret StringSource `json:"clientSecret"` }
GitLabIdentityProvider provides identities for users authenticating using GitLab credentials
func (GitLabIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (GitLabIdentityProvider) SwaggerDoc() map[string]string
type GoogleIdentityProvider ¶ added in v0.4.4
type GoogleIdentityProvider struct { metav1.TypeMeta `json:",inline"` // ClientID is the oauth client ID ClientID string `json:"clientID"` // ClientSecret is the oauth client secret ClientSecret StringSource `json:"clientSecret"` // HostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to HostedDomain string `json:"hostedDomain"` }
GoogleIdentityProvider provides identities for users authenticating using Google credentials
func (GoogleIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (GoogleIdentityProvider) SwaggerDoc() map[string]string
type GrantConfig ¶ added in v0.4.3
type GrantConfig struct { // Method determines the default strategy to use when an OAuth client requests a grant. // This method will be used only if the specific OAuth client doesn't provide a strategy // of their own. Valid grant handling methods are: // - auto: always approves grant requests, useful for trusted clients // - prompt: prompts the end user for approval of grant requests, useful for third-party clients // - deny: always denies grant requests, useful for black-listed clients Method GrantHandlerType `json:"method"` // ServiceAccountMethod is used for determining client authorization for service account oauth client. // It must be either: deny, prompt ServiceAccountMethod GrantHandlerType `json:"serviceAccountMethod"` }
GrantConfig holds the necessary configuration options for grant handlers
func (GrantConfig) SwaggerDoc ¶ added in v1.1.4
func (GrantConfig) SwaggerDoc() map[string]string
type GrantHandlerType ¶ added in v0.4.3
type GrantHandlerType string
const ( // GrantHandlerAuto auto-approves client authorization grant requests GrantHandlerAuto GrantHandlerType = "auto" // GrantHandlerPrompt prompts the user to approve new client authorization grant requests GrantHandlerPrompt GrantHandlerType = "prompt" // GrantHandlerDeny auto-denies client authorization grant requests GrantHandlerDeny GrantHandlerType = "deny" )
type GroupResource ¶
type GroupResource struct { // Group is the name of an API group Group string `json:"group"` // Resource is the name of a resource. Resource string `json:"resource"` }
GroupResource points to a resource by its name and API group.
func (GroupResource) SwaggerDoc ¶
func (GroupResource) SwaggerDoc() map[string]string
type HTPasswdPasswordIdentityProvider ¶ added in v0.4.3
type HTPasswdPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // File is a reference to your htpasswd file File string `json:"file"` }
HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials
func (HTPasswdPasswordIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (HTPasswdPasswordIdentityProvider) SwaggerDoc() map[string]string
type HTTPServingInfo ¶ added in v0.6.1
type HTTPServingInfo struct { // ServingInfo is the HTTP serving information ServingInfo `json:",inline"` // MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit. MaxRequestsInFlight int `json:"maxRequestsInFlight"` // RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if // -1 there is no limit on requests. RequestTimeoutSeconds int `json:"requestTimeoutSeconds"` }
HTTPServingInfo holds configuration for serving HTTP
func (HTTPServingInfo) SwaggerDoc ¶ added in v1.1.4
func (HTTPServingInfo) SwaggerDoc() map[string]string
type IdentityProvider ¶ added in v0.4.3
type IdentityProvider struct { // Name is used to qualify the identities returned by this provider Name string `json:"name"` // UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider UseAsChallenger bool `json:"challenge"` // UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against UseAsLogin bool `json:"login"` // MappingMethod determines how identities from this provider are mapped to users MappingMethod string `json:"mappingMethod"` // Provider contains the information about how to set up a specific identity provider Provider runtime.RawExtension `json:"provider"` }
IdentityProvider provides identities for users authenticating using credentials
func (IdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (IdentityProvider) SwaggerDoc() map[string]string
type ImageConfig ¶
type ImageConfig struct { // Format is the format of the name to be built for the system component Format string `json:"format"` // Latest determines if the latest tag will be pulled from the registry Latest bool `json:"latest"` }
ImageConfig holds the necessary configuration options for building image names for system components
func (ImageConfig) SwaggerDoc ¶ added in v1.1.4
func (ImageConfig) SwaggerDoc() map[string]string
type ImagePolicyConfig ¶ added in v1.1.2
type ImagePolicyConfig struct { // MaxImagesBulkImportedPerRepository controls the number of images that are imported when a user // does a bulk import of a Docker repository. This number defaults to 5 to prevent users from // importing large numbers of images accidentally. Set -1 for no limit. MaxImagesBulkImportedPerRepository int `json:"maxImagesBulkImportedPerRepository"` // DisableScheduledImport allows scheduled background import of images to be disabled. DisableScheduledImport bool `json:"disableScheduledImport"` // ScheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams // scheduled for background import are checked against the upstream repository. The default value is 15 minutes. ScheduledImageImportMinimumIntervalSeconds int `json:"scheduledImageImportMinimumIntervalSeconds"` // MaxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the // background per minute. The default value is 60. Set to -1 for unlimited. MaxScheduledImageImportsPerMinute int `json:"maxScheduledImageImportsPerMinute"` // AllowedRegistriesForImport limits the docker registries that normal users may import // images from. Set this list to the registries that you trust to contain valid Docker // images and that you want applications to be able to import from. Users with // permission to create Images or ImageStreamMappings via the API are not affected by // this policy - typically only administrators or system integrations will have those // permissions. AllowedRegistriesForImport *AllowedRegistries `json:"allowedRegistriesForImport,omitempty"` }
ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images
func (ImagePolicyConfig) SwaggerDoc ¶ added in v1.1.4
func (ImagePolicyConfig) SwaggerDoc() map[string]string
type JenkinsPipelineConfig ¶ added in v1.3.0
type JenkinsPipelineConfig struct { // AutoProvisionEnabled determines whether a Jenkins server will be spawned from the provided // template when the first build config in the project with type JenkinsPipeline // is created. When not specified this option defaults to true. AutoProvisionEnabled *bool `json:"autoProvisionEnabled"` // TemplateNamespace contains the namespace name where the Jenkins template is stored TemplateNamespace string `json:"templateNamespace"` // TemplateName is the name of the default Jenkins template TemplateName string `json:"templateName"` // ServiceName is the name of the Jenkins service OpenShift uses to detect // whether a Jenkins pipeline handler has already been installed in a project. // This value *must* match a service name in the provided template. ServiceName string `json:"serviceName"` // Parameters specifies a set of optional parameters to the Jenkins template. Parameters map[string]string `json:"parameters"` }
JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy
func (JenkinsPipelineConfig) SwaggerDoc ¶ added in v1.3.0
func (JenkinsPipelineConfig) SwaggerDoc() map[string]string
type KeystonePasswordIdentityProvider ¶ added in v1.0.7
type KeystonePasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // RemoteConnectionInfo contains information about how to connect to the keystone server RemoteConnectionInfo `json:",inline"` // Domain Name is required for keystone v3 DomainName string `json:"domainName"` }
KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials
func (KeystonePasswordIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (KeystonePasswordIdentityProvider) SwaggerDoc() map[string]string
type KubeletConnectionInfo ¶ added in v0.4.3
type KubeletConnectionInfo struct { // Port is the port to connect to kubelets on Port uint `json:"port"` // CA is the CA for verifying TLS connections to kubelets CA string `json:"ca"` // CertInfo is the TLS client cert information for securing communication to kubelets // this is anonymous so that we can inline it for serialization CertInfo `json:",inline"` }
KubeletConnectionInfo holds information necessary for connecting to a kubelet
func (KubeletConnectionInfo) SwaggerDoc ¶ added in v1.1.4
func (KubeletConnectionInfo) SwaggerDoc() map[string]string
type KubernetesMasterConfig ¶
type KubernetesMasterConfig struct { // APILevels is a list of API levels that should be enabled on startup: v1 as examples APILevels []string `json:"apiLevels"` // DisabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled. DisabledAPIGroupVersions map[string][]string `json:"disabledAPIGroupVersions"` // MasterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used. MasterIP string `json:"masterIP"` // MasterCount is the number of expected masters that should be running. This value defaults to 1 and may be set to a positive integer, // or if set to -1, indicates this is part of a cluster. MasterCount int `json:"masterCount"` // MasterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked // at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to // reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and // out of the kubernetes service record. It is not recommended to set this value below 15s. MasterEndpointReconcileTTL int `json:"masterEndpointReconcileTTL"` // ServicesSubnet is the subnet to use for assigning service IPs ServicesSubnet string `json:"servicesSubnet"` // ServicesNodePortRange is the range to use for assigning service public ports on a host. ServicesNodePortRange string `json:"servicesNodePortRange"` // StaticNodeNames is the list of nodes that are statically known StaticNodeNames []string `json:"staticNodeNames"` // SchedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules. SchedulerConfigFile string `json:"schedulerConfigFile"` // PodEvictionTimeout controls grace period for deleting pods on failed nodes. // It takes valid time duration string. If empty, you get the default pod eviction timeout. PodEvictionTimeout string `json:"podEvictionTimeout"` // ProxyClientInfo specifies the client cert/key to use when proxying to pods ProxyClientInfo CertInfo `json:"proxyClientInfo"` // AdmissionConfig contains admission control plugin configuration. AdmissionConfig AdmissionConfig `json:"admissionConfig"` // APIServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's // command line arguments. These are not migrated, but if you reference a value that does not exist the server will not // start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations. APIServerArguments ExtendedArguments `json:"apiServerArguments"` // ControllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the // controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist // the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid // configurations. ControllerArguments ExtendedArguments `json:"controllerArguments"` // SchedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's // command line arguments. These are not migrated, but if you reference a value that does not exist the server will not // start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations. SchedulerArguments ExtendedArguments `json:"schedulerArguments"` }
KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master
func (KubernetesMasterConfig) SwaggerDoc ¶ added in v1.1.4
func (KubernetesMasterConfig) SwaggerDoc() map[string]string
type LDAPAttributeMapping ¶ added in v1.0.6
type LDAPAttributeMapping struct { // ID is the list of attributes whose values should be used as the user ID. Required. // LDAP standard identity attribute is "dn" ID []string `json:"id"` // PreferredUsername is the list of attributes whose values should be used as the preferred username. // LDAP standard login attribute is "uid" PreferredUsername []string `json:"preferredUsername"` // Name is the list of attributes whose values should be used as the display name. Optional. // If unspecified, no display name is set for the identity // LDAP standard display name attribute is "cn" Name []string `json:"name"` // Email is the list of attributes whose values should be used as the email address. Optional. // If unspecified, no email is set for the identity Email []string `json:"email"` }
LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields
func (LDAPAttributeMapping) SwaggerDoc ¶ added in v1.1.4
func (LDAPAttributeMapping) SwaggerDoc() map[string]string
type LDAPPasswordIdentityProvider ¶ added in v1.0.2
type LDAPPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // URL is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is // ldap://host:port/basedn?attribute?scope?filter URL string `json:"url"` // BindDN is an optional DN to bind with during the search phase. BindDN string `json:"bindDN"` // BindPassword is an optional password to bind with during the search phase. BindPassword StringSource `json:"bindPassword"` // Insecure, if true, indicates the connection should not use TLS. // Cannot be set to true with a URL scheme of "ldaps://" // If false, "ldaps://" URLs connect using TLS, and "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830 Insecure bool `json:"insecure"` // CA is the optional trusted certificate authority bundle to use when making requests to the server // If empty, the default system roots are used CA string `json:"ca"` // Attributes maps LDAP attributes to identities Attributes LDAPAttributeMapping `json:"attributes"` }
LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials
func (LDAPPasswordIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (LDAPPasswordIdentityProvider) SwaggerDoc() map[string]string
type LDAPQuery ¶ added in v1.0.7
type LDAPQuery struct { // The DN of the branch of the directory where all searches should start from BaseDN string `json:"baseDN"` // The (optional) scope of the search. Can be: // base: only the base object, // one: all object on the base level, // sub: the entire subtree // Defaults to the entire subtree if not set Scope string `json:"scope"` // The (optional) behavior of the search with regards to alisases. Can be: // never: never dereference aliases, // search: only dereference in searching, // base: only dereference in finding the base object, // always: always dereference // Defaults to always dereferencing if not set DerefAliases string `json:"derefAliases"` // TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding // before the wait for a response is given up. If this is 0, no client-side limit is imposed TimeLimit int `json:"timeout"` // Filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN Filter string `json:"filter"` // PageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done. PageSize int `json:"pageSize"` }
LDAPQuery holds the options necessary to build an LDAP query
func (LDAPQuery) SwaggerDoc ¶ added in v1.1.4
type LDAPSyncConfig ¶ added in v1.0.7
type LDAPSyncConfig struct { metav1.TypeMeta `json:",inline"` // Host is the scheme, host and port of the LDAP server to connect to: // scheme://host:port URL string `json:"url"` // BindDN is an optional DN to bind to the LDAP server with BindDN string `json:"bindDN"` // BindPassword is an optional password to bind with during the search phase. BindPassword StringSource `json:"bindPassword"` // Insecure, if true, indicates the connection should not use TLS. // Cannot be set to true with a URL scheme of "ldaps://" // If false, "ldaps://" URLs connect using TLS, and "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830 Insecure bool `json:"insecure"` // CA is the optional trusted certificate authority bundle to use when making requests to the server // If empty, the default system roots are used CA string `json:"ca"` // LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to // OpenShift Group names LDAPGroupUIDToOpenShiftGroupNameMapping map[string]string `json:"groupUIDNameMapping"` // RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion // similar to RFC2307: first-class group and user entries, with group membership determined by a // multi-valued attribute on the group entry listing its members RFC2307Config *RFC2307Config `json:"rfc2307,omitempty"` // ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a // fashion similar to that used in Active Directory: first-class user entries, with group membership // determined by a multi-valued attribute on members listing groups they are a member of ActiveDirectoryConfig *ActiveDirectoryConfig `json:"activeDirectory,omitempty"` // AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server // set up in a fashion similar to that used in Active Directory as described above, with one addition: // first-class group entries exist and are used to hold metadata but not group membership AugmentedActiveDirectoryConfig *AugmentedActiveDirectoryConfig `json:"augmentedActiveDirectory,omitempty"` }
LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync
func (LDAPSyncConfig) SwaggerDoc ¶ added in v1.1.4
func (LDAPSyncConfig) SwaggerDoc() map[string]string
type LocalQuota ¶ added in v1.1.5
type LocalQuota struct { // FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. // At present this is only implemented for emptyDir volumes, and if the underlying // volumeDirectory is on an XFS filesystem. PerFSGroup *resource.Quantity `json:"perFSGroup"` }
LocalQuota contains options for controlling local volume quota on the node.
func (LocalQuota) SwaggerDoc ¶ added in v1.1.5
func (LocalQuota) SwaggerDoc() map[string]string
type MasterAuthConfig ¶
type MasterAuthConfig struct { // RequestHeader holds options for setting up a front proxy against the the API. It is optional. RequestHeader *RequestHeaderAuthenticationOptions `json:"requestHeader"` }
MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators
func (MasterAuthConfig) SwaggerDoc ¶
func (MasterAuthConfig) SwaggerDoc() map[string]string
type MasterClients ¶
type MasterClients struct { // OpenShiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master OpenShiftLoopbackKubeConfig string `json:"openshiftLoopbackKubeConfig"` // ExternalKubernetesKubeConfig is a .kubeconfig filename for proxying to Kubernetes ExternalKubernetesKubeConfig string `json:"externalKubernetesKubeConfig"` // OpenShiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master. OpenShiftLoopbackClientConnectionOverrides *ClientConnectionOverrides `json:"openshiftLoopbackClientConnectionOverrides"` // ExternalKubernetesClientConnectionOverrides specifies client overrides for proxying to Kubernetes. ExternalKubernetesClientConnectionOverrides *ClientConnectionOverrides `json:"externalKubernetesClientConnectionOverrides"` }
MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes
func (MasterClients) SwaggerDoc ¶ added in v1.1.4
func (MasterClients) SwaggerDoc() map[string]string
type MasterConfig ¶
type MasterConfig struct { metav1.TypeMeta `json:",inline"` // ServingInfo describes how to start serving ServingInfo HTTPServingInfo `json:"servingInfo"` // AuthConfig configures authentication options in addition to the standard // oauth token and client certificate authenticators AuthConfig MasterAuthConfig `json:"authConfig"` // AggregatorConfig has options for configuring the aggregator component of the API server. AggregatorConfig AggregatorConfig `json:"aggregatorConfig"` // CORSAllowedOrigins CORSAllowedOrigins []string `json:"corsAllowedOrigins"` // APILevels is a list of API levels that should be enabled on startup: v1 as examples APILevels []string `json:"apiLevels"` // MasterPublicURL is how clients can access the OpenShift API server MasterPublicURL string `json:"masterPublicURL"` // Controllers is a list of the controllers that should be started. If set to "none", no controllers // will start automatically. The default value is "*" which will start all controllers. When // using "*", you may exclude controllers by prepending a "-" in front of their name. No other // values are recognized at this time. Controllers string `json:"controllers"` // PauseControllers instructs the master to not automatically start controllers, but instead // to wait until a notification to the server is received before launching them. This field is // ignored if controllerConfig.lockServiceName is specified. // Deprecated: Will be removed in 3.7. PauseControllers bool `json:"pauseControllers"` // ControllerLeaseTTL enables controller election against etcd, instructing the master to attempt to // acquire a lease before controllers start and renewing it within a number of seconds defined by this // value. Setting this value non-negative forces pauseControllers=true. This value defaults off (0, or // omitted) and controller election can be disabled with -1. This field is ignored if // controllerConfig.lockServiceName is specified. // Deprecated: use controllerConfig.lockServiceName to force leader election via config, and the // appropriate leader election flags in controllerArguments. Will be removed in 3.9. ControllerLeaseTTL int `json:"controllerLeaseTTL"` // AdmissionConfig contains admission control plugin configuration. AdmissionConfig AdmissionConfig `json:"admissionConfig"` // ControllerConfig holds configuration values for controllers ControllerConfig ControllerConfig `json:"controllerConfig"` // DisabledFeatures is a list of features that should not be started. We // omitempty here because its very unlikely that anyone will want to // manually disable features and we don't want to encourage it. DisabledFeatures FeatureList `json:"disabledFeatures"` // EtcdStorageConfig contains information about how API resources are // stored in Etcd. These values are only relevant when etcd is the // backing store for the cluster. EtcdStorageConfig EtcdStorageConfig `json:"etcdStorageConfig"` // EtcdClientInfo contains information about how to connect to etcd EtcdClientInfo EtcdConnectionInfo `json:"etcdClientInfo"` // KubeletClientInfo contains information about how to connect to kubelets KubeletClientInfo KubeletConnectionInfo `json:"kubeletClientInfo"` // KubernetesMasterConfig, if present start the kubernetes master in this process KubernetesMasterConfig *KubernetesMasterConfig `json:"kubernetesMasterConfig"` // EtcdConfig, if present start etcd in this process EtcdConfig *EtcdConfig `json:"etcdConfig"` // OAuthConfig, if present start the /oauth endpoint in this process OAuthConfig *OAuthConfig `json:"oauthConfig"` // AssetConfig, if present start the asset server in this process AssetConfig *AssetConfig `json:"assetConfig"` // DNSConfig, if present start the DNS server in this process DNSConfig *DNSConfig `json:"dnsConfig"` // ServiceAccountConfig holds options related to service accounts ServiceAccountConfig ServiceAccountConfig `json:"serviceAccountConfig"` // MasterClients holds all the client connection information for controllers and other system components MasterClients MasterClients `json:"masterClients"` // ImageConfig holds options that describe how to build image names for system components ImageConfig ImageConfig `json:"imageConfig"` // ImagePolicyConfig controls limits and behavior for importing images ImagePolicyConfig ImagePolicyConfig `json:"imagePolicyConfig"` // PolicyConfig holds information about where to locate critical pieces of bootstrapping policy PolicyConfig PolicyConfig `json:"policyConfig"` // ProjectConfig holds information about project creation and defaults ProjectConfig ProjectConfig `json:"projectConfig"` // RoutingConfig holds information about routing and route generation RoutingConfig RoutingConfig `json:"routingConfig"` // NetworkConfig to be passed to the compiled in network plugin NetworkConfig MasterNetworkConfig `json:"networkConfig"` // MasterVolumeConfig contains options for configuring volume plugins in the master node. VolumeConfig MasterVolumeConfig `json:"volumeConfig"` // JenkinsPipelineConfig holds information about the default Jenkins template // used for JenkinsPipeline build strategy. JenkinsPipelineConfig JenkinsPipelineConfig `json:"jenkinsPipelineConfig"` // AuditConfig holds information related to auditing capabilities. AuditConfig AuditConfig `json:"auditConfig"` // DisableOpenAPI avoids starting the openapi endpoint because it is very expensive. // This option will be removed at a later time. It is never serialized. DisableOpenAPI bool `json:"-"` }
MasterConfig holds the necessary configuration options for the OpenShift master
func (*MasterConfig) DecodeNestedObjects ¶ added in v1.3.0
func (c *MasterConfig) DecodeNestedObjects(d runtime.Decoder) error
DecodeNestedObjects handles encoding RawExtensions on the MasterConfig, ensuring the objects are decoded with the provided decoder.
func (*MasterConfig) EncodeNestedObjects ¶ added in v1.3.0
func (c *MasterConfig) EncodeNestedObjects(e runtime.Encoder) error
EncodeNestedObjects handles encoding RawExtensions on the MasterConfig, ensuring the objects are encoded with the provided encoder.
func (MasterConfig) SwaggerDoc ¶ added in v1.1.4
func (MasterConfig) SwaggerDoc() map[string]string
type MasterNetworkConfig ¶ added in v1.0.6
type MasterNetworkConfig struct { // NetworkPluginName is the name of the network plugin to use NetworkPluginName string `json:"networkPluginName"` // ClusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space ClusterNetworkCIDR string `json:"clusterNetworkCIDR"` // HostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host HostSubnetLength uint32 `json:"hostSubnetLength"` // ServiceNetwork is the CIDR string to specify the service networks ServiceNetworkCIDR string `json:"serviceNetworkCIDR"` // ExternalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP // may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that // CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You // should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons. ExternalIPNetworkCIDRs []string `json:"externalIPNetworkCIDRs"` // IngressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare // metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. // For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, // nodes, pods, or services. IngressIPNetworkCIDR string `json:"ingressIPNetworkCIDR"` }
MasterNetworkConfig to be passed to the compiled in network plugin
func (MasterNetworkConfig) SwaggerDoc ¶ added in v1.1.4
func (MasterNetworkConfig) SwaggerDoc() map[string]string
type MasterVolumeConfig ¶ added in v1.2.0
type MasterVolumeConfig struct { // DynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true DynamicProvisioningEnabled *bool `json:"dynamicProvisioningEnabled"` }
MasterVolumeConfig contains options for configuring volume plugins in the master node.
func (MasterVolumeConfig) SwaggerDoc ¶ added in v1.2.0
func (MasterVolumeConfig) SwaggerDoc() map[string]string
type NamedCertificate ¶ added in v1.0.7
type NamedCertificate struct { // Names is a list of DNS names this certificate should be used to secure // A name can be a normal DNS name, or can contain leading wildcard segments. Names []string `json:"names"` // CertInfo is the TLS cert info for serving secure traffic CertInfo `json:",inline"` }
NamedCertificate specifies a certificate/key, and the names it should be served for
func (NamedCertificate) SwaggerDoc ¶ added in v1.1.4
func (NamedCertificate) SwaggerDoc() map[string]string
type NodeAuthConfig ¶ added in v1.0.7
type NodeAuthConfig struct { // AuthenticationCacheTTL indicates how long an authentication result should be cached. // It takes a valid time duration string (e.g. "5m"). If empty, you get the default timeout. If zero (e.g. "0m"), caching is disabled AuthenticationCacheTTL string `json:"authenticationCacheTTL"` // AuthenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used. AuthenticationCacheSize int `json:"authenticationCacheSize"` // AuthorizationCacheTTL indicates how long an authorization result should be cached. // It takes a valid time duration string (e.g. "5m"). If empty, you get the default timeout. If zero (e.g. "0m"), caching is disabled AuthorizationCacheTTL string `json:"authorizationCacheTTL"` // AuthorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used. AuthorizationCacheSize int `json:"authorizationCacheSize"` }
NodeAuthConfig holds authn/authz configuration options
func (NodeAuthConfig) SwaggerDoc ¶ added in v1.1.4
func (NodeAuthConfig) SwaggerDoc() map[string]string
type NodeConfig ¶
type NodeConfig struct { metav1.TypeMeta `json:",inline"` // NodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. // If you're describing a set of static nodes to the master, this value must match one of the values in the list NodeName string `json:"nodeName"` // Node may have multiple IPs, specify the IP to use for pod traffic routing // If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used NodeIP string `json:"nodeIP"` // ServingInfo describes how to start serving ServingInfo ServingInfo `json:"servingInfo"` // MasterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master MasterKubeConfig string `json:"masterKubeConfig"` // MasterClientConnectionOverrides provides overrides to the client connection used to connect to the master. MasterClientConnectionOverrides *ClientConnectionOverrides `json:"masterClientConnectionOverrides"` // DNSDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to // 'cluster.local'. DNSDomain string `json:"dnsDomain"` // DNSIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes // master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured // to resolve names from any other port). When running more complex local DNS configurations, this is often set // to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see // dnsBindAddress) or the master DNS. DNSIP string `json:"dnsIP"` // DNSBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. // Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need // a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured // on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other // queries to the host environments nameservers. DNSBindAddress string `json:"dnsBindAddress"` // DNSNameservers is a list of ip:port values of recursive nameservers to forward queries to when running // a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to // the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the // system, this value should be set to the upstream nameservers dnsmasq resolves with. DNSNameservers []string `json:"dnsNameservers"` // DNSRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. // Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra // nameservers to DNSNameservers if set. DNSRecursiveResolvConf string `json:"dnsRecursiveResolvConf"` // Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead DeprecatedNetworkPluginName string `json:"networkPluginName,omitempty"` // NetworkConfig provides network options for the node NetworkConfig NodeNetworkConfig `json:"networkConfig"` // VolumeDirectory is the directory that volumes will be stored under VolumeDirectory string `json:"volumeDirectory"` // ImageConfig holds options that describe how to build image names for system components ImageConfig ImageConfig `json:"imageConfig"` // AllowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started. AllowDisabledDocker bool `json:"allowDisabledDocker"` // PodManifestConfig holds the configuration for enabling the Kubelet to // create pods based from a manifest file(s) placed locally on the node PodManifestConfig *PodManifestConfig `json:"podManifestConfig"` // AuthConfig holds authn/authz configuration options AuthConfig NodeAuthConfig `json:"authConfig"` // DockerConfig holds Docker related configuration options. DockerConfig DockerConfig `json:"dockerConfig"` // KubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's // command line arguments. These are not migrated or validated, so if you use them they may become invalid. // These values override other settings in NodeConfig which may cause invalid configurations. KubeletArguments ExtendedArguments `json:"kubeletArguments,omitempty"` // ProxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's // command line arguments. These are not migrated or validated, so if you use them they may become invalid. // These values override other settings in NodeConfig which may cause invalid configurations. ProxyArguments ExtendedArguments `json:"proxyArguments,omitempty"` // IPTablesSyncPeriod is how often iptable rules are refreshed IPTablesSyncPeriod string `json:"iptablesSyncPeriod"` // EnableUnidling controls whether or not the hybrid unidling proxy will be set up EnableUnidling *bool `json:"enableUnidling"` // VolumeConfig contains options for configuring volumes on the node. VolumeConfig NodeVolumeConfig `json:"volumeConfig"` }
NodeConfig is the fully specified config starting an OpenShift node
func (NodeConfig) SwaggerDoc ¶ added in v1.1.4
func (NodeConfig) SwaggerDoc() map[string]string
type NodeNetworkConfig ¶ added in v1.0.6
type NodeNetworkConfig struct { // NetworkPluginName is a string specifying the networking plugin NetworkPluginName string `json:"networkPluginName"` // Maximum transmission unit for the network packets MTU uint32 `json:"mtu"` }
NodeNetworkConfig provides network options for the node
func (NodeNetworkConfig) SwaggerDoc ¶ added in v1.1.4
func (NodeNetworkConfig) SwaggerDoc() map[string]string
type NodeVolumeConfig ¶ added in v1.2.0
type NodeVolumeConfig struct { // LocalQuota contains options for controlling local volume quota on the node. LocalQuota LocalQuota `json:"localQuota"` }
NodeVolumeConfig contains options for configuring volumes on the node.
func (NodeVolumeConfig) SwaggerDoc ¶ added in v1.2.0
func (NodeVolumeConfig) SwaggerDoc() map[string]string
type OAuthConfig ¶
type OAuthConfig struct { // MasterCA is the CA for verifying the TLS connection back to the MasterURL. MasterCA *string `json:"masterCA"` // MasterURL is used for making server-to-server calls to exchange authorization codes for access tokens MasterURL string `json:"masterURL"` // MasterPublicURL is used for building valid client redirect URLs for external access MasterPublicURL string `json:"masterPublicURL"` // AssetPublicURL is used for building valid client redirect URLs for external access AssetPublicURL string `json:"assetPublicURL"` // AlwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider. AlwaysShowProviderSelection bool `json:"alwaysShowProviderSelection"` //IdentityProviders is an ordered list of ways for a user to identify themselves IdentityProviders []IdentityProvider `json:"identityProviders"` // GrantConfig describes how to handle grants GrantConfig GrantConfig `json:"grantConfig"` // SessionConfig hold information about configuring sessions. SessionConfig *SessionConfig `json:"sessionConfig"` // TokenConfig contains options for authorization and access tokens TokenConfig TokenConfig `json:"tokenConfig"` // Templates allow you to customize pages like the login page. Templates *OAuthTemplates `json:"templates"` }
OAuthConfig holds the necessary configuration options for OAuth authentication
func (OAuthConfig) SwaggerDoc ¶ added in v1.1.4
func (OAuthConfig) SwaggerDoc() map[string]string
type OAuthTemplates ¶ added in v1.0.6
type OAuthTemplates struct { // Login is a path to a file containing a go template used to render the login page. // If unspecified, the default login page is used. Login string `json:"login"` // ProviderSelection is a path to a file containing a go template used to render the provider selection page. // If unspecified, the default provider selection page is used. ProviderSelection string `json:"providerSelection"` // Error is a path to a file containing a go template used to render error pages during the authentication or grant flow // If unspecified, the default error page is used. Error string `json:"error"` }
OAuthTemplates allow for customization of pages like the login page
func (OAuthTemplates) SwaggerDoc ¶ added in v1.1.4
func (OAuthTemplates) SwaggerDoc() map[string]string
type OpenIDClaims ¶ added in v0.4.4
type OpenIDClaims struct { // ID is the list of claims whose values should be used as the user ID. Required. // OpenID standard identity claim is "sub" ID []string `json:"id"` // PreferredUsername is the list of claims whose values should be used as the preferred username. // If unspecified, the preferred username is determined from the value of the id claim PreferredUsername []string `json:"preferredUsername"` // Name is the list of claims whose values should be used as the display name. Optional. // If unspecified, no display name is set for the identity Name []string `json:"name"` // Email is the list of claims whose values should be used as the email address. Optional. // If unspecified, no email is set for the identity Email []string `json:"email"` }
OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider
func (OpenIDClaims) SwaggerDoc ¶ added in v1.1.4
func (OpenIDClaims) SwaggerDoc() map[string]string
type OpenIDIdentityProvider ¶ added in v0.4.4
type OpenIDIdentityProvider struct { metav1.TypeMeta `json:",inline"` // CA is the optional trusted certificate authority bundle to use when making requests to the server // If empty, the default system roots are used CA string `json:"ca"` // ClientID is the oauth client ID ClientID string `json:"clientID"` // ClientSecret is the oauth client secret ClientSecret StringSource `json:"clientSecret"` // ExtraScopes are any scopes to request in addition to the standard "openid" scope. ExtraScopes []string `json:"extraScopes"` // ExtraAuthorizeParameters are any custom parameters to add to the authorize request. ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters"` // URLs to use to authenticate URLs OpenIDURLs `json:"urls"` // Claims mappings Claims OpenIDClaims `json:"claims"` }
OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials
func (OpenIDIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (OpenIDIdentityProvider) SwaggerDoc() map[string]string
type OpenIDURLs ¶ added in v0.4.4
type OpenIDURLs struct { // Authorize is the oauth authorization URL Authorize string `json:"authorize"` // Token is the oauth token granting URL Token string `json:"token"` // UserInfo is the optional userinfo URL. // If present, a granted access_token is used to request claims // If empty, a granted id_token is parsed for claims UserInfo string `json:"userInfo"` }
OpenIDURLs are URLs to use when authenticating with an OpenID identity provider
func (OpenIDURLs) SwaggerDoc ¶ added in v1.1.4
func (OpenIDURLs) SwaggerDoc() map[string]string
type PodManifestConfig ¶ added in v0.4.4
type PodManifestConfig struct { // Path specifies the path for the pod manifest file or directory // If its a directory, its expected to contain on or more manifest files // This is used by the Kubelet to create pods on the node Path string `json:"path"` // FileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data // The interval needs to be a positive value FileCheckIntervalSeconds int64 `json:"fileCheckIntervalSeconds"` }
PodManifestConfig holds the necessary configuration options for using pod manifests
func (PodManifestConfig) SwaggerDoc ¶ added in v1.1.4
func (PodManifestConfig) SwaggerDoc() map[string]string
type PolicyConfig ¶
type PolicyConfig struct { // BootstrapPolicyFile points to a template that contains roles and rolebindings that will be created if no policy object exists in the master namespace BootstrapPolicyFile string `json:"bootstrapPolicyFile"` OpenShiftSharedResourcesNamespace string `json:"openshiftSharedResourcesNamespace"` // OpenShiftInfrastructureNamespace is the namespace where OpenShift infrastructure resources live (like controller service accounts) OpenShiftInfrastructureNamespace string `json:"openshiftInfrastructureNamespace"` // UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS! UserAgentMatchingConfig UserAgentMatchingConfig `json:"userAgentMatchingConfig"` }
holds the necessary configuration options for
func (PolicyConfig) SwaggerDoc ¶ added in v1.1.4
func (PolicyConfig) SwaggerDoc() map[string]string
type ProjectConfig ¶ added in v0.5.3
type ProjectConfig struct { // DefaultNodeSelector holds default project node label selector DefaultNodeSelector string `json:"defaultNodeSelector"` // ProjectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint ProjectRequestMessage string `json:"projectRequestMessage"` // ProjectRequestTemplate is the template to use for creating projects in response to projectrequest. // It is in the format namespace/template and it is optional. // If it is not specified, a default template is used. ProjectRequestTemplate string `json:"projectRequestTemplate"` // SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled. SecurityAllocator *SecurityAllocator `json:"securityAllocator"` }
holds the necessary configuration options for
func (ProjectConfig) SwaggerDoc ¶ added in v1.1.4
func (ProjectConfig) SwaggerDoc() map[string]string
type RFC2307Config ¶ added in v1.0.7
type RFC2307Config struct { // AllGroupsQuery holds the template for an LDAP query that returns group entries. AllGroupsQuery LDAPQuery `json:"groupsQuery"` // GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. // (ldapGroupUID) GroupUIDAttribute string `json:"groupUIDAttribute"` // GroupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for // an OpenShift group GroupNameAttributes []string `json:"groupNameAttributes"` // GroupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. // The values contained in those attributes must be queryable by your UserUIDAttribute GroupMembershipAttributes []string `json:"groupMembershipAttributes"` // AllUsersQuery holds the template for an LDAP query that returns user entries. AllUsersQuery LDAPQuery `json:"usersQuery"` // UserUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. // It must correspond to values that will be found from the GroupMembershipAttributes UserUIDAttribute string `json:"userUIDAttribute"` // UserNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. // The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider UserNameAttributes []string `json:"userNameAttributes"` // TolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are // encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only // and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find // any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause // group membership to be removed, so it is recommended to use this flag with caution. TolerateMemberNotFoundErrors bool `json:"tolerateMemberNotFoundErrors"` // TolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries // are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all // user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail // if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP // sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use // this flag with caution. TolerateMemberOutOfScopeErrors bool `json:"tolerateMemberOutOfScopeErrors"` }
RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema
func (RFC2307Config) SwaggerDoc ¶ added in v1.1.4
func (RFC2307Config) SwaggerDoc() map[string]string
type RegistryLocation ¶
type RegistryLocation struct { // DomainName specifies a domain name for the registry // In case the registry use non-standard (80 or 443) port, the port should be included // in the domain name as well. DomainName string `json:"domainName"` // Insecure indicates whether the registry is secure (https) or insecure (http) // By default (if not specified) the registry is assumed as secure. Insecure bool `json:"insecure,omitempty"` }
RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.
func (RegistryLocation) SwaggerDoc ¶
func (RegistryLocation) SwaggerDoc() map[string]string
type RemoteConnectionInfo ¶
type RemoteConnectionInfo struct { // URL is the remote URL to connect to URL string `json:"url"` // CA is the CA for verifying TLS connections CA string `json:"ca"` // CertInfo is the TLS client cert information to present // this is anonymous so that we can inline it for serialization CertInfo `json:",inline"` }
RemoteConnectionInfo holds information necessary for establishing a remote connection
func (RemoteConnectionInfo) SwaggerDoc ¶ added in v1.1.4
func (RemoteConnectionInfo) SwaggerDoc() map[string]string
type RequestHeaderAuthenticationOptions ¶
type RequestHeaderAuthenticationOptions struct { // ClientCA is a file with the trusted signer certs. It is required. ClientCA string `json:"clientCA"` // ClientCommonNames is a required list of common names to require a match from. ClientCommonNames []string `json:"clientCommonNames"` // UsernameHeaders is the list of headers to check for user information. First hit wins. UsernameHeaders []string `json:"usernameHeaders"` // GroupNameHeader is the set of headers to check for group information. All are unioned. GroupHeaders []string `json:"groupHeaders"` // ExtraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested. ExtraHeaderPrefixes []string `json:"extraHeaderPrefixes"` }
RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.
func (RequestHeaderAuthenticationOptions) SwaggerDoc ¶
func (RequestHeaderAuthenticationOptions) SwaggerDoc() map[string]string
type RequestHeaderIdentityProvider ¶ added in v0.4.3
type RequestHeaderIdentityProvider struct { metav1.TypeMeta `json:",inline"` // LoginURL is a URL to redirect unauthenticated /authorize requests to // Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here // ${url} is replaced with the current URL, escaped to be safe in a query parameter // https://www.example.com/sso-login?then=${url} // ${query} is replaced with the current query string // https://www.example.com/auth-proxy/oauth/authorize?${query} LoginURL string `json:"loginURL"` // ChallengeURL is a URL to redirect unauthenticated /authorize requests to // Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here // ${url} is replaced with the current URL, escaped to be safe in a query parameter // https://www.example.com/sso-login?then=${url} // ${query} is replaced with the current query string // https://www.example.com/auth-proxy/oauth/authorize?${query} ChallengeURL string `json:"challengeURL"` // ClientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header. ClientCA string `json:"clientCA"` // ClientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative. ClientCommonNames []string `json:"clientCommonNames"` // Headers is the set of headers to check for identity information Headers []string `json:"headers"` // PreferredUsernameHeaders is the set of headers to check for the preferred username PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"` // NameHeaders is the set of headers to check for the display name NameHeaders []string `json:"nameHeaders"` // EmailHeaders is the set of headers to check for the email address EmailHeaders []string `json:"emailHeaders"` }
RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials
func (RequestHeaderIdentityProvider) SwaggerDoc ¶ added in v1.1.4
func (RequestHeaderIdentityProvider) SwaggerDoc() map[string]string
type RoutingConfig ¶ added in v0.6.1
type RoutingConfig struct { // Subdomain is the suffix appended to $service.$namespace. to form the default route hostname // DEPRECATED: This field is being replaced by routers setting their own defaults. This is the // "default" route. Subdomain string `json:"subdomain"` }
RoutingConfig holds the necessary configuration options for routing to subdomains
func (RoutingConfig) SwaggerDoc ¶ added in v1.1.4
func (RoutingConfig) SwaggerDoc() map[string]string
type SecurityAllocator ¶ added in v0.6.1
type SecurityAllocator struct { // UIDAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the // block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks // before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the // ranges Docker images will use once user namespaces are started). UIDAllocatorRange string `json:"uidAllocatorRange"` // MCSAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is // "<prefix>/<numberOfLabels>[,<maxCategory>]". The default is "s0/2" and will allocate from c0 -> c1023, which means a total of 535k labels // are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated // to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default // will allow the server to set them automatically. // // Examples: // * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 // * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511 // MCSAllocatorRange string `json:"mcsAllocatorRange"` // MCSLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS // ranges (100k namespaces, 535k/5 labels). MCSLabelsPerProject int `json:"mcsLabelsPerProject"` }
SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.
func (SecurityAllocator) SwaggerDoc ¶ added in v1.1.4
func (SecurityAllocator) SwaggerDoc() map[string]string
type ServiceAccountConfig ¶ added in v0.5.3
type ServiceAccountConfig struct { // ManagedNames is a list of service account names that will be auto-created in every namespace. // If no names are specified, the ServiceAccountsController will not be started. ManagedNames []string `json:"managedNames"` // LimitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace // without explicitly referencing them LimitSecretReferences bool `json:"limitSecretReferences"` // PrivateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. // If no private key is specified, the service account TokensController will not be started. PrivateKeyFile string `json:"privateKeyFile"` // PublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. // (If any file contains a private key, the public portion of the key is used) // The list of public keys is used to verify presented service account tokens. // Each key is tried in order until the list is exhausted or verification succeeds. // If no keys are specified, no service account authentication will be available. PublicKeyFiles []string `json:"publicKeyFiles"` // MasterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically // inject the contents of this file into pods so they can verify connections to the master. MasterCA string `json:"masterCA"` }
ServiceAccountConfig holds the necessary configuration options for a service account
func (ServiceAccountConfig) SwaggerDoc ¶ added in v1.1.4
func (ServiceAccountConfig) SwaggerDoc() map[string]string
type ServiceServingCert ¶ added in v1.3.0
type ServiceServingCert struct { // Signer holds the signing information used to automatically sign serving certificates. // If this value is nil, then certs are not signed automatically. Signer *CertInfo `json:"signer"` }
ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.
func (ServiceServingCert) SwaggerDoc ¶ added in v1.3.0
func (ServiceServingCert) SwaggerDoc() map[string]string
type ServingInfo ¶
type ServingInfo struct { // BindAddress is the ip:port to serve on BindAddress string `json:"bindAddress"` // BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp", // "tcp4", and "tcp6" BindNetwork string `json:"bindNetwork"` // CertInfo is the TLS cert info for serving secure traffic. // this is anonymous so that we can inline it for serialization CertInfo `json:",inline"` // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates ClientCA string `json:"clientCA"` // NamedCertificates is a list of certificates to use to secure requests to specific hostnames NamedCertificates []NamedCertificate `json:"namedCertificates"` // MinTLSVersion is the minimum TLS version supported. // Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants MinTLSVersion string `json:"minTLSVersion,omitempty"` // CipherSuites contains an overridden list of ciphers for the server to support. // Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants CipherSuites []string `json:"cipherSuites,omitempty"` }
ServingInfo holds information about serving web pages
func (ServingInfo) SwaggerDoc ¶ added in v1.1.4
func (ServingInfo) SwaggerDoc() map[string]string
type SessionConfig ¶ added in v0.4.3
type SessionConfig struct { // SessionSecretsFile is a reference to a file containing a serialized SessionSecrets object // If no file is specified, a random signing and encryption key are generated at each server start SessionSecretsFile string `json:"sessionSecretsFile"` // SessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession SessionMaxAgeSeconds int32 `json:"sessionMaxAgeSeconds"` // SessionName is the cookie name used to store the session SessionName string `json:"sessionName"` }
SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession
func (SessionConfig) SwaggerDoc ¶ added in v1.1.4
func (SessionConfig) SwaggerDoc() map[string]string
type SessionSecret ¶ added in v0.4.3
type SessionSecret struct { // Authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes. Authentication string `json:"authentication"` // Encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES- Encryption string `json:"encryption"` }
SessionSecret is a secret used to authenticate/decrypt cookie-based sessions
func (SessionSecret) SwaggerDoc ¶ added in v1.1.4
func (SessionSecret) SwaggerDoc() map[string]string
type SessionSecrets ¶ added in v0.4.3
type SessionSecrets struct { metav1.TypeMeta `json:",inline"` // Secrets is a list of secrets // New sessions are signed and encrypted using the first secret. // Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets. Secrets []SessionSecret `json:"secrets"` }
SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.
func (SessionSecrets) SwaggerDoc ¶ added in v1.1.4
func (SessionSecrets) SwaggerDoc() map[string]string
type StringSource ¶ added in v1.1.4
type StringSource struct { // StringSourceSpec specifies the string value, or external location StringSourceSpec `json:",inline"` }
StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.
func (StringSource) MarshalJSON ¶ added in v1.1.4
func (s StringSource) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface. If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string. Otherwise, the StringSourceSpec struct is marshaled as a JSON object.
func (StringSource) SwaggerDoc ¶ added in v1.1.4
func (StringSource) SwaggerDoc() map[string]string
func (*StringSource) UnmarshalJSON ¶ added in v1.1.4
func (s *StringSource) UnmarshalJSON(value []byte) error
UnmarshalJSON implements the json.Unmarshaller interface. If the value is a string, it sets the Value field of the StringSource. Otherwise, it is unmarshaled into the StringSourceSpec struct
type StringSourceSpec ¶ added in v1.1.4
type StringSourceSpec struct { // Value specifies the cleartext value, or an encrypted value if keyFile is specified. Value string `json:"value"` // Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified. Env string `json:"env"` // File references a file containing the cleartext value, or an encrypted value if a keyFile is specified. File string `json:"file"` // KeyFile references a file containing the key to use to decrypt the value. KeyFile string `json:"keyFile"` }
StringSourceSpec specifies a string value, or external location
func (StringSourceSpec) SwaggerDoc ¶ added in v1.1.4
func (StringSourceSpec) SwaggerDoc() map[string]string
type TokenConfig ¶ added in v0.4.3
type TokenConfig struct { // AuthorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens AuthorizeTokenMaxAgeSeconds int32 `json:"authorizeTokenMaxAgeSeconds"` // AccessTokenMaxAgeSeconds defines the maximum age of access tokens AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"` }
TokenConfig holds the necessary configuration options for authorization and access tokens
func (TokenConfig) SwaggerDoc ¶ added in v1.1.4
func (TokenConfig) SwaggerDoc() map[string]string
type UserAgentDenyRule ¶ added in v1.1.5
type UserAgentDenyRule struct { UserAgentMatchRule `json:", inline"` // RejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used. RejectionMessage string `json:"rejectionMessage"` }
UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client
func (UserAgentDenyRule) SwaggerDoc ¶ added in v1.1.5
func (UserAgentDenyRule) SwaggerDoc() map[string]string
type UserAgentMatchRule ¶ added in v1.1.5
type UserAgentMatchRule struct { // UserAgentRegex is a regex that is checked against the User-Agent. // Known variants of oc clients // 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d // 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f // 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d // 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f // 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d // 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f // 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d // 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f Regex string `json:"regex"` // HTTPVerbs specifies which HTTP verbs should be matched. An empty list means "match all verbs". HTTPVerbs []string `json:"httpVerbs"` }
UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb
func (UserAgentMatchRule) SwaggerDoc ¶ added in v1.1.5
func (UserAgentMatchRule) SwaggerDoc() map[string]string
type UserAgentMatchingConfig ¶ added in v1.1.5
type UserAgentMatchingConfig struct { // If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed RequiredClients []UserAgentMatchRule `json:"requiredClients"` // If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes DeniedClients []UserAgentDenyRule `json:"deniedClients"` // DefaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given. DefaultRejectionMessage string `json:"defaultRejectionMessage"` }
UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!
func (UserAgentMatchingConfig) SwaggerDoc ¶ added in v1.1.5
func (UserAgentMatchingConfig) SwaggerDoc() map[string]string