constants

package
v1.7.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 8, 2023 License: Apache-2.0 Imports: 0 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// KubeCube all the begin
	KubeCube = "kubecube"

	// Warden is willing to kubecube
	Warden = "warden"

	// ApiPathRoot the root api route
	ApiPathRoot = "/api/v1/cube"

	// LocalCluster the internal cluster where program stand with
	LocalCluster = "_local_cluster"

	// DefaultPivotCubeClusterIPSvc default pivot cube svc
	DefaultPivotCubeClusterIPSvc = "kubecube:7443"

	DefaultAuditURL = "http://audit:8888/api/v1/cube/audit/cube"
)
View Source
const (
	HttpHeaderContentType        = "Content-type"
	HttpHeaderContentDisposition = "Content-Disposition"
	HttpHeaderContentTypeOctet   = "application/octet-stream"

	ImpersonateUserKey  = "Impersonate-User"
	ImpersonateGroupKey = "Impersonate-Group"
)

http content

View Source
const (
	EventName          = "event"
	EventTypeUserWrite = "userwrite"
	EventResourceType  = "resourceType"
	EventAccountId     = "accountId"
	EventObjectName    = "objectName"
	EventRespBody      = "responseBody"

	AuthorizationHeader        = "Authorization"
	DefaultTokenExpireDuration = 3600 // 1 hour
	UserName                   = "userName"
)

audit and user constant

View Source
const (
	K8sResourceVersion   = "v1"
	K8sResourceNamespace = "namespaces"
	K8sResourcePod       = "pods"

	K8sKindClusterRole    = "ClusterRole"
	K8sKindRole           = "Role"
	K8sKindServiceAccount = "ServiceAccount"

	K8sGroupRBAC = "rbac.authorization.k8s.io"
)

k8s api resources

View Source
const (
	PlatformAdmin = "platform-admin"
	TenantAdmin   = "tenant-admin"
	ProjectAdmin  = "project-admin"
	Reviewer      = "reviewer"

	TenantAdminCluster  = "tenant-admin-cluster"
	ProjectAdminCluster = "project-admin-cluster"
	ReviewerCluster     = "reviewer-cluster"

	PlatformAdminAgLabel = "rbac.authorization.k8s.io/aggregate-to-platform-admin"
	TenantAdminAgLabel   = "rbac.authorization.k8s.io/aggregate-to-tenant-admin"
	ProjectAdminAgLabel  = "rbac.authorization.k8s.io/aggregate-to-project-admin"
	ReviewerAgLabel      = "rbac.authorization.k8s.io/aggregate-to-reviewer"
)

rbac related constant

View Source
const (
	// ClusterLabel indicates the resource which cluster relate with
	ClusterLabel = "kubecube.io/cluster"

	// TenantLabel represent which tenant resource relate with
	TenantLabel = "kubecube.io/tenant"

	// ProjectLabel represent which project resource relate with
	ProjectLabel = "kubecube.io/project"

	// TenantNsPrefix represent the namespace which relate with tenant
	TenantNsPrefix = "kubecube-tenant-"

	// ProjectNsPrefix represent the namespace which relate with project
	ProjectNsPrefix = "kubecube-project-"

	// CubeQuotaLabel point to CubeResourceQuota
	CubeQuotaLabel = "kubecube.io/quota"

	// RbacLabel indicates the resource of rbac is related with kubecube
	RbacLabel = "kubecube.io/rbac"
	// RoleLabel indicates the role of rbac policy
	RoleLabel = "kubecube.io/role"

	// CrdLabel indicates the crds kubecube need to dispatch
	CrdLabel = "kubecube.io/crds"

	// SyncAnnotation use for sync logic of warden
	SyncAnnotation = "kubecube.io/sync"

	// ForceDeleteAnnotation used to force deletion of some resources that are not allowed to be deleted
	ForceDeleteAnnotation = "kubecube.io/force-delete"
)
View Source
const (
	// CubeNodeTaint is node taint that managed by KubeCube
	CubeNodeTaint = "node.kubecube.io"

	// CubeCnAnnotation is the annotation of cluster contains cluster cn name
	CubeCnAnnotation = "cluster.kubecube.io/cn-name"
)
View Source
const (
	// HncInherited means resource is inherited form upon namespace by hnc
	HncInherited = "hnc.x-k8s.io/inherited-from"

	HncTenantLabel = "kubecube.hnc.x-k8s.io/tenant"

	HncProjectLabel = "kubecube.hnc.x-k8s.io/project"

	HncIncludedNsLabel = "hnc.x-k8s.io/included-namespace"

	/*
		Namespace depth is relative to current namespace depth.
		Example:
		tenant-1
		└── [s] project-1
			   └── [s] ns-1
		ns-1 namespace has three depth label:
		1. ns-1.tree.hnc.x-k8s.io/depth: "0"
		2. project-1.tree.hnc.x-k8s.io/depth: "1"
		3. tenant-1.tree.hnc.x-k8s.io/depth: "2"
	*/
	HncCurrentDepth = "0"
	HncProjectDepth = "1"
	HncTenantDepth  = "2"

	// HncSuffix record depth of namespace in HNC
	HncSuffix = ".tree.hnc.x-k8s.io/depth"

	// HncAnnotation must exist in sub namespace
	HncAnnotation = "hnc.x-k8s.io/subnamespace-of"
)

hnc related const

View Source
const (
	// AllVerb all verbs
	AllVerb = "*"
	// CreateVerb create resource
	CreateVerb = "create"
	// GetVerb get resource
	GetVerb = "get"
	// UpdateVerb update resource
	UpdateVerb = "update"
	// DeleteVerb delete resource
	DeleteVerb = "delete"
	// ListVerb list resource
	ListVerb = "list"
)

rbac role verbs

View Source
const (
	SubjectUser  = "User"
	SubjectGroup = "Group"
	SubjectSA    = "ServiceAccount"
)

rbac binding subjects

View Source
const (
	Writable = "writable"
	Readable = "readable"
)
View Source
const (
	LabelNodeTenant = "node.kubecube.io/tenant"
	LabelNodeStatus = "node.kubecube.io/status"
	LabelNodeNs     = "node.kubecube.io/ns"

	ValueNodeShare      = "share"
	ValueNodeAssigned   = "assigned"
	ValueNodeUnassigned = "unassigned"
)

node labels and values

View Source
const (
	ResourceNamespaces = "namespaces"
	ResourceNode       = "nodes"
)
View Source
const (
	FieldManager = "fieldManager"
)
View Source
const (
	KindClusterRole = "ClusterRole"
)

Variables

This section is empty.

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL