Documentation ¶
Overview ¶
Package v1 contains API Schema definitions for the nais.io v1 API group +kubebuilder:object:generate=true +groupName=nais.io +versionName=v1
Index ¶
- Constants
- Variables
- type AccessPolicy
- type AccessPolicyBaseRules
- type AccessPolicyExternalRule
- type AccessPolicyInbound
- type AccessPolicyInboundRule
- type AccessPolicyInboundRules
- type AccessPolicyOutbound
- type AccessPolicyPermission
- type AccessPolicyPermissions
- type AccessPolicyPortRule
- type AccessPolicyRule
- type AccessPolicyRules
- type AutoInstrumentation
- type Azure
- type AzureAdApplication
- func (in *AzureAdApplication) DeepCopy() *AzureAdApplication
- func (in *AzureAdApplication) DeepCopyInto(out *AzureAdApplication)
- func (in *AzureAdApplication) DeepCopyObject() runtime.Object
- func (in *AzureAdApplication) GetClientId() string
- func (in *AzureAdApplication) GetObjectId() string
- func (in *AzureAdApplication) GetServicePrincipalId() string
- func (in *AzureAdApplication) Hash() (string, error)
- type AzureAdApplicationList
- type AzureAdApplicationSpec
- type AzureAdApplicationStatus
- type AzureAdClaims
- type AzureAdExtraClaim
- type AzureAdGroup
- type AzureAdPreAuthorizedApp
- type AzureAdPreAuthorizedAppsStatus
- type AzureAdReplyUrl
- type AzureAdReplyUrlString
- type AzureApplication
- type AzureInterface
- type AzureNaisJob
- type AzureSidecar
- type BigQueryPermission
- type CloudBigQueryDataset
- type CloudIAMPermission
- type CloudIAMResource
- type CloudSqlDatabase
- type CloudSqlDatabaseUser
- type CloudSqlFlag
- type CloudSqlInstance
- type CloudSqlInstanceDiskType
- type CloudSqlInstanceType
- type CloudStorageBucket
- type ConsumedScope
- type CpuScaling
- type DigdiratorStatus
- func (in *DigdiratorStatus) DeepCopy() *DigdiratorStatus
- func (in *DigdiratorStatus) DeepCopyInto(out *DigdiratorStatus)
- func (in *DigdiratorStatus) GetClientID() string
- func (in *DigdiratorStatus) GetKeyIDs() []string
- func (in *DigdiratorStatus) GetSynchronizationHash() string
- func (in *DigdiratorStatus) GetSynchronizationSecretName() string
- func (in *DigdiratorStatus) SetClientID(clientID string)
- func (in *DigdiratorStatus) SetCorrelationID(correlationID string)
- func (in *DigdiratorStatus) SetHash(hash string)
- func (in *DigdiratorStatus) SetKeyIDs(keyIDs []string)
- func (in *DigdiratorStatus) SetStateSynchronized()
- func (in *DigdiratorStatus) SetSynchronizationSecretName(name string)
- func (in *DigdiratorStatus) SetSynchronizationState(state string)
- type EmptyDir
- type EnvFrom
- type EnvVar
- type EnvVarSource
- type EnvVars
- type ExecAction
- type ExposedScope
- type ExposedScopeConsumer
- type FilesFrom
- type Frontend
- type FrontendGeneratedConfig
- type GCP
- type HttpGetAction
- type IDPorten
- type IDPortenClient
- func (in *IDPortenClient) DeepCopy() *IDPortenClient
- func (in *IDPortenClient) DeepCopyInto(out *IDPortenClient)
- func (in *IDPortenClient) DeepCopyObject() runtime.Object
- func (in *IDPortenClient) GetStatus() *DigdiratorStatus
- func (in *IDPortenClient) Hash() (string, error)
- func (in *IDPortenClient) SetStatus(new DigdiratorStatus)
- type IDPortenClientList
- type IDPortenClientSpec
- type IDPortenSidecar
- type IDPortenURI
- type Influx
- type Ingress
- type InsightsConfiguration
- type Jwker
- type JwkerList
- type JwkerSpec
- type JwkerStatus
- type Kafka
- type KafkaScaling
- type LifecycleCondition
- type LogDestination
- type Logging
- type Maintenance
- type Maskinporten
- type MaskinportenClient
- func (in *MaskinportenClient) DeepCopy() *MaskinportenClient
- func (in *MaskinportenClient) DeepCopyInto(out *MaskinportenClient)
- func (in *MaskinportenClient) DeepCopyObject() runtime.Object
- func (in *MaskinportenClient) GetConsumedScopes() []string
- func (in *MaskinportenClient) GetExposedScopes() map[string]ExposedScope
- func (in *MaskinportenClient) GetStatus() *DigdiratorStatus
- func (in *MaskinportenClient) Hash() (string, error)
- func (in *MaskinportenClient) SetStatus(new DigdiratorStatus)
- type MaskinportenClientList
- type MaskinportenClientSpec
- type MaskinportenScope
- type MediumType
- type Naisjob
- func (job *Naisjob) ApplyDefaults() error
- func (in *Naisjob) ClientID(cluster string) string
- func (in *Naisjob) CorrelationID() string
- func (in *Naisjob) DeepCopy() *Naisjob
- func (in *Naisjob) DeepCopyInto(out *Naisjob)
- func (in *Naisjob) DeepCopyObject() runtime.Object
- func (in *Naisjob) DefaultSecretPath(base string) SecretPath
- func (in *Naisjob) EnsureCorrelationID() error
- func (in *Naisjob) GetAccessPolicy() *AccessPolicy
- func (in *Naisjob) GetAzure() AzureInterface
- func (in *Naisjob) GetConcurrencyPolicy() string
- func (in *Naisjob) GetGCP() *GCP
- func (in *Naisjob) GetIDPorten() *IDPorten
- func (in *Naisjob) GetImage() string
- func (in *Naisjob) GetInflux() *Influx
- func (in *Naisjob) GetIngress() []Ingress
- func (in *Naisjob) GetKafka() *Kafka
- func (in *Naisjob) GetLeaderElection() bool
- func (in *Naisjob) GetLiveness() *Probe
- func (in *Naisjob) GetMaskinporten() *Maskinporten
- func (in *Naisjob) GetObjectKind() schema.ObjectKind
- func (in *Naisjob) GetObjectReference() corev1.ObjectReference
- func (in *Naisjob) GetObservability() *Observability
- func (in *Naisjob) GetOpenSearch() *OpenSearch
- func (in *Naisjob) GetOwnerReference() metav1.OwnerReference
- func (in *Naisjob) GetPort() int
- func (in *Naisjob) GetPrometheus() *PrometheusConfig
- func (in *Naisjob) GetReadiness() *Probe
- func (in *Naisjob) GetRedis() []Redis
- func (in *Naisjob) GetSecureLogs() *SecureLogs
- func (in *Naisjob) GetSkipCABundle() bool
- func (in *Naisjob) GetStatus() *Status
- func (in *Naisjob) GetTerminationGracePeriodSeconds() *int64
- func (in *Naisjob) GetVault() *Vault
- func (in *Naisjob) GetWebProxy() bool
- func (in *Naisjob) Hash() (string, error)
- func (in *Naisjob) LogFields() log.Fields
- func (in *Naisjob) SetDeploymentRolloutStatus(rolloutStatus string)
- func (in *Naisjob) SetStatus(status *Status)
- func (in *Naisjob) SkipDeploymentMessage() bool
- type NaisjobList
- type NaisjobSpec
- type ObjectFieldSelector
- type Observability
- type OpenSearch
- type PreStopHook
- type Probe
- type PrometheusConfig
- type Redis
- type Replicas
- type ResourceRequirements
- type ResourceSpec
- type ScalingStrategy
- type SecretPath
- type SecureLogs
- type Service
- type Status
- type Strategy
- type TokenX
- type Tracing
- type Vault
- type Wonderwall
- type WonderwallIgnorePaths
Constants ¶
const ( EventCreatedInAzure = "CreatedInAzure" EventUpdatedInAzure = "UpdatedInAzure" EventRotatedInAzure = "RotatedInAzure" EventDeletedInAzure = "DeletedInAzure" EventNotInTeamNamespace = "NotInTeamNamespace" EventSkipped = "Skipped" )
Machine readable event "Reason" fields, used for determining synchronization state.
const ( DeploymentCorrelationIDAnnotation = "nais.io/deploymentCorrelationID" SkipDeploymentMessageAnnotation = "nais.io/skipDeploymentMessage" DefaultVaultMountPath = "/var/run/secrets/nais.io/vault" )
const ( DefaultBackoffLimit = 6 DefaultFailedJobsHistoryLimit = 1 DefaultProbePeriodSeconds = 10 DefaultProbeTimeoutSeconds = 1 DefaultProbeFailureThreshold = 3 DefaultSuccessfulJobsHistoryLimit = 3 )
Application spec default values
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "nais.io", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type AccessPolicy ¶
type AccessPolicy struct { // Configures inbound access for your application. Inbound *AccessPolicyInbound `json:"inbound,omitempty"` // Configures outbound access for your application. Outbound *AccessPolicyOutbound `json:"outbound,omitempty"` }
func (*AccessPolicy) DeepCopy ¶
func (in *AccessPolicy) DeepCopy() *AccessPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicy.
func (*AccessPolicy) DeepCopyInto ¶
func (in *AccessPolicy) DeepCopyInto(out *AccessPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyBaseRules ¶
type AccessPolicyBaseRules interface {
GetRules() []AccessPolicyRule
}
+k8s:deepcopy-gen=false
type AccessPolicyExternalRule ¶
type AccessPolicyExternalRule struct { // The _host_ that your application should be able to reach, i.e. without the protocol (e.g. `https://`). "Host" and "IPv4" are mutually exclusive // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` Host string `json:"host,omitempty"` // The IPv4 address that your application should be able to reach. "IPv4" and "Host" are mutually exclusive // +kubebuilder:validation:Pattern=`^(([0-9])|([1-9][0-9])|(1([0-9]{2}))|(2[0-4][0-9])|(25[0-5]))((\.(([0-9])|([1-9][0-9])|(1([0-9]{2}))|(2[0-4][0-9])|(25[0-5]))){3})$` IPv4 string `json:"ipv4,omitempty"` // List of port rules for external communication. Must be specified if using protocols other than HTTPS. Ports []AccessPolicyPortRule `json:"ports,omitempty"` }
func (*AccessPolicyExternalRule) DeepCopy ¶
func (in *AccessPolicyExternalRule) DeepCopy() *AccessPolicyExternalRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyExternalRule.
func (*AccessPolicyExternalRule) DeepCopyInto ¶
func (in *AccessPolicyExternalRule) DeepCopyInto(out *AccessPolicyExternalRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyInbound ¶
type AccessPolicyInbound struct { // List of NAIS applications that may access your application. // These settings apply both to Zero Trust network connectivity and token validity for Azure AD and TokenX tokens. Rules AccessPolicyInboundRules `json:"rules"` }
func (*AccessPolicyInbound) DeepCopy ¶
func (in *AccessPolicyInbound) DeepCopy() *AccessPolicyInbound
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyInbound.
func (*AccessPolicyInbound) DeepCopyInto ¶
func (in *AccessPolicyInbound) DeepCopyInto(out *AccessPolicyInbound)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyInboundRule ¶
type AccessPolicyInboundRule struct { AccessPolicyRule `json:",inline"` // Permissions contains a set of permissions that are granted to the given application. // Currently only applicable for Azure AD clients. // +nais:doc:Link="https://doc.nais.io/security/auth/azure-ad/configuration#fine-grained-access-control" Permissions *AccessPolicyPermissions `json:"permissions,omitempty"` }
func (*AccessPolicyInboundRule) DeepCopy ¶
func (in *AccessPolicyInboundRule) DeepCopy() *AccessPolicyInboundRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyInboundRule.
func (*AccessPolicyInboundRule) DeepCopyInto ¶
func (in *AccessPolicyInboundRule) DeepCopyInto(out *AccessPolicyInboundRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyInboundRules ¶
type AccessPolicyInboundRules []AccessPolicyInboundRule
func (AccessPolicyInboundRules) DeepCopy ¶
func (in AccessPolicyInboundRules) DeepCopy() AccessPolicyInboundRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyInboundRules.
func (AccessPolicyInboundRules) DeepCopyInto ¶
func (in AccessPolicyInboundRules) DeepCopyInto(out *AccessPolicyInboundRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AccessPolicyInboundRules) GetRules ¶
func (in AccessPolicyInboundRules) GetRules() []AccessPolicyRule
type AccessPolicyOutbound ¶
type AccessPolicyOutbound struct { // List of NAIS applications that your application needs to access. // These settings apply to Zero Trust network connectivity. Rules AccessPolicyRules `json:"rules,omitempty"` // List of external resources that your applications should be able to reach. // +nais:doc:Availability=GCP External []AccessPolicyExternalRule `json:"external,omitempty"` }
func (*AccessPolicyOutbound) DeepCopy ¶
func (in *AccessPolicyOutbound) DeepCopy() *AccessPolicyOutbound
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyOutbound.
func (*AccessPolicyOutbound) DeepCopyInto ¶
func (in *AccessPolicyOutbound) DeepCopyInto(out *AccessPolicyOutbound)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyPermission ¶
type AccessPolicyPermission string
+kubebuilder:validation:Pattern=`^[a-z0-9-_./]+$`
type AccessPolicyPermissions ¶
type AccessPolicyPermissions struct { // Scopes is a set of custom permission scopes that are granted to a given application. // +nais:doc:Link="https://doc.nais.io/security/auth/azure-ad/configuration#custom-scopes" Scopes []AccessPolicyPermission `json:"scopes,omitempty"` // Roles is a set of custom permission roles that are granted to a given application. // +nais:doc:Link="https://doc.nais.io/security/auth/azure-ad/configuration#custom-roles" Roles []AccessPolicyPermission `json:"roles,omitempty"` }
func (*AccessPolicyPermissions) DeepCopy ¶
func (in *AccessPolicyPermissions) DeepCopy() *AccessPolicyPermissions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyPermissions.
func (*AccessPolicyPermissions) DeepCopyInto ¶
func (in *AccessPolicyPermissions) DeepCopyInto(out *AccessPolicyPermissions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyPortRule ¶
type AccessPolicyPortRule struct { // The port used for communication. Port uint32 `json:"port"` }
func (*AccessPolicyPortRule) DeepCopy ¶
func (in *AccessPolicyPortRule) DeepCopy() *AccessPolicyPortRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyPortRule.
func (*AccessPolicyPortRule) DeepCopyInto ¶
func (in *AccessPolicyPortRule) DeepCopyInto(out *AccessPolicyPortRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyRule ¶
type AccessPolicyRule struct { // The application's name. Application string `json:"application"` // The application's namespace. May be omitted if it should be in the same namespace as your application. Namespace string `json:"namespace,omitempty"` // The application's cluster. May be omitted if it should be in the same cluster as your application. Cluster string `json:"cluster,omitempty"` }
func (*AccessPolicyRule) DeepCopy ¶
func (in *AccessPolicyRule) DeepCopy() *AccessPolicyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyRule.
func (*AccessPolicyRule) DeepCopyInto ¶
func (in *AccessPolicyRule) DeepCopyInto(out *AccessPolicyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AccessPolicyRule) MatchesCluster ¶
func (in AccessPolicyRule) MatchesCluster(clusterName string) bool
type AccessPolicyRules ¶
type AccessPolicyRules []AccessPolicyRule
func (AccessPolicyRules) DeepCopy ¶
func (in AccessPolicyRules) DeepCopy() AccessPolicyRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyRules.
func (AccessPolicyRules) DeepCopyInto ¶
func (in AccessPolicyRules) DeepCopyInto(out *AccessPolicyRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AccessPolicyRules) GetRules ¶
func (in AccessPolicyRules) GetRules() []AccessPolicyRule
type AutoInstrumentation ¶
type AutoInstrumentation struct { // Enable automatic instrumentation of your application using OpenTelemetry Agent. Enabled bool `json:"enabled,omitempty"` // Application runtime. Supported runtimes are `java`, `nodejs`, `python`, `sdk`. // +kubebuilder:validation:Enum=java;nodejs;python;sdk Runtime string `json:"runtime,omitempty"` }
func (*AutoInstrumentation) DeepCopy ¶
func (in *AutoInstrumentation) DeepCopy() *AutoInstrumentation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoInstrumentation.
func (*AutoInstrumentation) DeepCopyInto ¶
func (in *AutoInstrumentation) DeepCopyInto(out *AutoInstrumentation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Azure ¶
type Azure struct { // Configures an Entra ID client for this application. // +nais:doc:Link="https://doc.nais.io/auth/entra-id/" Application *AzureApplication `json:"application"` // Sidecar configures a sidecar that intercepts every HTTP request, and performs the OIDC flow if necessary. // All requests to ingress + `/oauth2` will be processed only by the sidecar, whereas all other requests // will be proxied to the application. // // If the user is authenticated with Entra ID, the `Authorization` header will be set to `Bearer <JWT>`. // +nais:doc:Link="https://doc.nais.io/auth/explanations/#login-proxy" // +nais:doc:Link="https://doc.nais.io/auth/entra-id/how-to/login/" // +nais:doc:Availability="GCP" Sidecar *AzureSidecar `json:"sidecar,omitempty"` }
func (*Azure) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Azure.
func (*Azure) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Azure) GetApplication ¶
func (in *Azure) GetApplication() *AzureApplication
func (*Azure) GetSidecar ¶
func (in *Azure) GetSidecar() *AzureSidecar
type AzureAdApplication ¶
type AzureAdApplication struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AzureAdApplicationSpec `json:"spec,omitempty"` Status AzureAdApplicationStatus `json:"status,omitempty"` }
AzureAdApplication is the Schema for the AzureAdApplications API +kubebuilder:printcolumn:name="Client ID",type=string,JSONPath=`.status.clientId` +kubebuilder:printcolumn:name="Tenant",type=string,JSONPath=`.status.synchronizationTenantName` +kubebuilder:printcolumn:name="Tenant ID",type=string,JSONPath=`.status.synchronizationTenant`,priority=1 +kubebuilder:printcolumn:name="Secret Ref",type=string,JSONPath=`.spec.secretName`,priority=2 +kubebuilder:printcolumn:name="Created",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Synchronized",type="date",JSONPath=".status.synchronizationTime" +kubebuilder:printcolumn:name="Assigned",type=integer,description="Number of assigned pre-authorized apps",JSONPath=`.status.preAuthorizedApps.assignedCount` +kubebuilder:printcolumn:name="Unassigned",type=integer,description="Number of unassigned pre-authorized apps",JSONPath=`.status.preAuthorizedApps.unassignedCount`
func (*AzureAdApplication) DeepCopy ¶
func (in *AzureAdApplication) DeepCopy() *AzureAdApplication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdApplication.
func (*AzureAdApplication) DeepCopyInto ¶
func (in *AzureAdApplication) DeepCopyInto(out *AzureAdApplication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureAdApplication) DeepCopyObject ¶
func (in *AzureAdApplication) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AzureAdApplication) GetClientId ¶
func (in *AzureAdApplication) GetClientId() string
func (*AzureAdApplication) GetObjectId ¶
func (in *AzureAdApplication) GetObjectId() string
func (*AzureAdApplication) GetServicePrincipalId ¶
func (in *AzureAdApplication) GetServicePrincipalId() string
func (*AzureAdApplication) Hash ¶
func (in *AzureAdApplication) Hash() (string, error)
type AzureAdApplicationList ¶
type AzureAdApplicationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []AzureAdApplication `json:"items"` }
AzureAdApplicationList contains a list of AzureAdApplication
func (*AzureAdApplicationList) DeepCopy ¶
func (in *AzureAdApplicationList) DeepCopy() *AzureAdApplicationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdApplicationList.
func (*AzureAdApplicationList) DeepCopyInto ¶
func (in *AzureAdApplicationList) DeepCopyInto(out *AzureAdApplicationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureAdApplicationList) DeepCopyObject ¶
func (in *AzureAdApplicationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AzureAdApplicationSpec ¶
type AzureAdApplicationSpec struct { // AllowAllUsers denotes whether all users within the tenant should be allowed to access this AzureAdApplication. Defaults to false. AllowAllUsers *bool `json:"allowAllUsers,omitempty"` Claims *AzureAdClaims `json:"claims,omitempty"` // LogoutUrl is the URL where Azure AD sends a request to have the application clear the user's session data. // This is required if single sign-out should work correctly. Must start with 'https' LogoutUrl string `json:"logoutUrl,omitempty"` PreAuthorizedApplications []AccessPolicyInboundRule `json:"preAuthorizedApplications,omitempty"` ReplyUrls []AzureAdReplyUrl `json:"replyUrls,omitempty"` // SecretName is the name of the resulting Secret resource to be created SecretName string `json:"secretName"` // SecretKeyPrefix is an optional user-defined prefix applied to the keys in the secret output, replacing the default prefix. SecretKeyPrefix string `json:"secretKeyPrefix,omitempty"` // SecretProtected protects the secret's credentials from being revoked by the janitor even when not in use. SecretProtected bool `json:"secretProtected,omitempty"` // SinglePageApplication denotes whether or not this Azure AD application should be registered as a single-page-application for usage in client-side applications without access to secrets. SinglePageApplication *bool `json:"singlePageApplication,omitempty"` // Tenant is an optional alias for targeting a tenant matching an instance of Azurerator that targets said tenant. // Can be omitted if only running a single instance or targeting the default tenant. Tenant string `json:"tenant,omitempty"` }
AzureAdApplicationSpec defines the desired state of AzureAdApplication
func (*AzureAdApplicationSpec) DeepCopy ¶
func (in *AzureAdApplicationSpec) DeepCopy() *AzureAdApplicationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdApplicationSpec.
func (*AzureAdApplicationSpec) DeepCopyInto ¶
func (in *AzureAdApplicationSpec) DeepCopyInto(out *AzureAdApplicationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdApplicationStatus ¶
type AzureAdApplicationStatus struct { // CertificateKeyIds is the list of key IDs for the latest valid certificate credentials in use CertificateKeyIds []string `json:"certificateKeyIds,omitempty"` // ClientId is the Azure application client ID ClientId string `json:"clientId,omitempty"` // CorrelationId is the ID referencing the processing transaction last performed on this resource CorrelationId string `json:"correlationId,omitempty"` // ObjectId is the Azure AD Application object ID ObjectId string `json:"objectId,omitempty"` // PasswordKeyIds is the list of key IDs for the latest valid password credentials in use PasswordKeyIds []string `json:"passwordKeyIds,omitempty"` // ServicePrincipalId is the Azure applications service principal object ID ServicePrincipalId string `json:"servicePrincipalId,omitempty"` // SynchronizationHash is the hash of the AzureAdApplication object SynchronizationHash string `json:"synchronizationHash,omitempty"` // SynchronizationSecretName is the SecretName set in the last successful synchronization SynchronizationSecretName string `json:"synchronizationSecretName,omitempty"` // SynchronizationSecretRotationTime is the last time the AzureAdApplication had its keys rotated. SynchronizationSecretRotationTime *metav1.Time `json:"synchronizationSecretRotationTime,omitempty"` // SynchronizationState denotes whether the provisioning of the AzureAdApplication has been successfully completed or not SynchronizationState string `json:"synchronizationState,omitempty"` // SynchronizationTenant is the ID of the tenant that the AzureAdApplication was synchronized to. SynchronizationTenant string `json:"synchronizationTenant,omitempty"` // SynchronizationTenantName is the an alias that identifies the tenant that the AzureAdApplication was synchronized to. SynchronizationTenantName string `json:"synchronizationTenantName,omitempty"` // SynchronizationTime is the last time the Status subresource was updated SynchronizationTime *metav1.Time `json:"synchronizationTime,omitempty"` // PreAuthorizedApps contains the list of desired pre-authorized apps defined in the spec, separated by their actual status in Azure AD. PreAuthorizedApps *AzureAdPreAuthorizedAppsStatus `json:"preAuthorizedApps,omitempty"` }
AzureAdApplicationStatus defines the observed state of AzureAdApplication
func (*AzureAdApplicationStatus) DeepCopy ¶
func (in *AzureAdApplicationStatus) DeepCopy() *AzureAdApplicationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdApplicationStatus.
func (*AzureAdApplicationStatus) DeepCopyInto ¶
func (in *AzureAdApplicationStatus) DeepCopyInto(out *AzureAdApplicationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdClaims ¶
type AzureAdClaims struct { // Deprecated, do not use. // +nais:doc:Deprecated=true // +nais:doc:Hidden=true Extra []AzureAdExtraClaim `json:"extra,omitempty"` // Groups is a list of Azure AD group IDs to be emitted in the `groups` claim in tokens issued by Azure AD. // This also assigns groups to the application for access control. Only direct members of the groups are granted access. // +nais:doc:Link="https://doc.nais.io/security/auth/azure-ad/configuration/#groups" Groups []AzureAdGroup `json:"groups,omitempty"` }
Claims defines additional configuration of the emitted claims in tokens returned to the Azure AD application.
func (*AzureAdClaims) DeepCopy ¶
func (in *AzureAdClaims) DeepCopy() *AzureAdClaims
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdClaims.
func (*AzureAdClaims) DeepCopyInto ¶
func (in *AzureAdClaims) DeepCopyInto(out *AzureAdClaims)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdExtraClaim ¶
type AzureAdExtraClaim string
+kubebuilder:validation:Enum=NAVident;azp_name
type AzureAdGroup ¶
type AzureAdGroup struct { // ID is the actual `object ID` associated with the given group in Azure AD. ID string `json:"id,omitempty"` }
func (*AzureAdGroup) DeepCopy ¶
func (in *AzureAdGroup) DeepCopy() *AzureAdGroup
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdGroup.
func (*AzureAdGroup) DeepCopyInto ¶
func (in *AzureAdGroup) DeepCopyInto(out *AzureAdGroup)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdPreAuthorizedApp ¶
type AzureAdPreAuthorizedApp struct { // AccessPolicyRule is the desired nais_io_v1.AccessPolicyRule matching the definition in AzureAdApplicationSpec.PreAuthorizedApplications. AccessPolicyRule *AccessPolicyRule `json:"accessPolicyRule,omitempty"` // Client ID is the actual client ID of the application found in Azure AD, if it exists. ClientID string `json:"clientId,omitempty"` // Object ID is the actual object ID of the service principal belonging to the application found in Azure AD, if it exists. ServicePrincipalObjectID string `json:"servicePrincipalObjectId,omitempty"` // Reason is a human-readable message that provides detailed information about the application and its status. Reason string `json:"reason,omitempty"` }
func (*AzureAdPreAuthorizedApp) DeepCopy ¶
func (in *AzureAdPreAuthorizedApp) DeepCopy() *AzureAdPreAuthorizedApp
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdPreAuthorizedApp.
func (*AzureAdPreAuthorizedApp) DeepCopyInto ¶
func (in *AzureAdPreAuthorizedApp) DeepCopyInto(out *AzureAdPreAuthorizedApp)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdPreAuthorizedAppsStatus ¶
type AzureAdPreAuthorizedAppsStatus struct { // Assigned is the list of desired pre-authorized apps that have been pre-authorized to access this application. Assigned []AzureAdPreAuthorizedApp `json:"assigned,omitempty"` // AssignedCount is the size of the list in Assigned. AssignedCount *int `json:"assignedCount,omitempty"` // Unassigned is the list of desired pre-authorized apps that have _not_ been pre-authorized to access this application. Unassigned []AzureAdPreAuthorizedApp `json:"unassigned,omitempty"` // UnassignedCount is the size of the list in Unassigned. UnassignedCount *int `json:"unassignedCount,omitempty"` }
func (*AzureAdPreAuthorizedAppsStatus) DeepCopy ¶
func (in *AzureAdPreAuthorizedAppsStatus) DeepCopy() *AzureAdPreAuthorizedAppsStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdPreAuthorizedAppsStatus.
func (*AzureAdPreAuthorizedAppsStatus) DeepCopyInto ¶
func (in *AzureAdPreAuthorizedAppsStatus) DeepCopyInto(out *AzureAdPreAuthorizedAppsStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdReplyUrl ¶
type AzureAdReplyUrl struct {
Url AzureAdReplyUrlString `json:"url,omitempty"`
}
AzureAdReplyUrl defines the valid reply URLs for callbacks after OIDC flows for this application
func (*AzureAdReplyUrl) DeepCopy ¶
func (in *AzureAdReplyUrl) DeepCopy() *AzureAdReplyUrl
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAdReplyUrl.
func (*AzureAdReplyUrl) DeepCopyInto ¶
func (in *AzureAdReplyUrl) DeepCopyInto(out *AzureAdReplyUrl)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAdReplyUrlString ¶
type AzureAdReplyUrlString string
+kubebuilder:validation:Pattern=`^https?:\/\/.+$`
type AzureApplication ¶
type AzureApplication struct { // If enabled, provisions an Entra ID application. Enabled bool `json:"enabled"` // Deprecated. Only use if you're implementing logins _without_ using sidecar. // +nais:doc:Deprecated=true // +nais:doc:Hidden=true ReplyURLs []AzureAdReplyUrlString `json:"replyURLs,omitempty"` // Tenant targets a specific tenant for the Entra ID application. // Only works in the development clusters. Only use this if you have a specific reason to do so. // Using this will _isolate_ your application from all other applications that are not using the same tenant. // +nais:doc:Link="https://doc.nais.io/auth/entra-id/explanations/#tenants" // +kubebuilder:validation:Enum=nav.no;trygdeetaten.no Tenant string `json:"tenant,omitempty"` Claims *AzureAdClaims `json:"claims,omitempty"` // Deprecated, do not use. // +nais:doc:Deprecated=true // +nais:doc:Hidden=true SinglePageApplication *bool `json:"singlePageApplication,omitempty"` // AllowAllUsers grants all users within the tenant access to this application. // +nais:doc:Default="false" // +nais:doc:Link="https://doc.nais.io/auth/entra-id/how-to/secure/#all-users" AllowAllUsers *bool `json:"allowAllUsers,omitempty"` }
func (*AzureApplication) DeepCopy ¶
func (in *AzureApplication) DeepCopy() *AzureApplication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureApplication.
func (*AzureApplication) DeepCopyInto ¶
func (in *AzureApplication) DeepCopyInto(out *AzureApplication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureInterface ¶
type AzureInterface interface { GetApplication() *AzureApplication GetSidecar() *AzureSidecar }
+kubebuilder:object:generate=false
type AzureNaisJob ¶
type AzureNaisJob struct { // Configures an Entra ID client for this application. // +nais:doc:Link="https://doc.nais.io/auth/entra-id/" Application *AzureApplication `json:"application"` }
func (*AzureNaisJob) DeepCopy ¶
func (in *AzureNaisJob) DeepCopy() *AzureNaisJob
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureNaisJob.
func (*AzureNaisJob) DeepCopyInto ¶
func (in *AzureNaisJob) DeepCopyInto(out *AzureNaisJob)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AzureNaisJob) GetApplication ¶
func (in *AzureNaisJob) GetApplication() *AzureApplication
func (*AzureNaisJob) GetSidecar ¶
func (in *AzureNaisJob) GetSidecar() *AzureSidecar
type AzureSidecar ¶
type AzureSidecar struct {
Wonderwall `json:",inline"`
}
func (*AzureSidecar) DeepCopy ¶
func (in *AzureSidecar) DeepCopy() *AzureSidecar
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSidecar.
func (*AzureSidecar) DeepCopyInto ¶
func (in *AzureSidecar) DeepCopyInto(out *AzureSidecar)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BigQueryPermission ¶
type BigQueryPermission string
BigQueryPermission defines access level
const ( BigQueryPermissionRead BigQueryPermission = "READ" BigQueryPermissionReadWrite BigQueryPermission = "READWRITE" )
func (BigQueryPermission) GoogleType ¶
func (b BigQueryPermission) GoogleType() string
func (BigQueryPermission) String ¶
func (b BigQueryPermission) String() string
type CloudBigQueryDataset ¶
type CloudBigQueryDataset struct { // Name of the BigQuery Dataset. // The canonical name of the dataset will be `<TEAM_PROJECT_ID>:<NAME>`. // +kubebuilder:validation:Required // +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9_]+$` // +nais:doc:Immutable=true Name string `json:"name" nais:"immutable,key"` // Permission level given to application. // +kubebuilder:validation:Required // +kubebuilder:validation:Enum=READ;READWRITE // +nais:doc:Immutable=true Permission BigQueryPermission `json:"permission" nais:"immutable"` // When set to true will delete the dataset, when the application resource is deleted. // NB: If no tables exist in the bigquery dataset, it _will_ delete the dataset even if this value is set/defaulted to `false`. // Default value is `false`. // +nais:doc:Immutable=true CascadingDelete bool `json:"cascadingDelete,omitempty" nais:"immutable"` // Human-readable description of what this BigQuery dataset contains, or is used for. // Will be visible in the GCP Console. // +nais:doc:Immutable=true Description string `json:"description,omitempty" nais:"immutable"` }
func (*CloudBigQueryDataset) DeepCopy ¶
func (in *CloudBigQueryDataset) DeepCopy() *CloudBigQueryDataset
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudBigQueryDataset.
func (*CloudBigQueryDataset) DeepCopyInto ¶
func (in *CloudBigQueryDataset) DeepCopyInto(out *CloudBigQueryDataset)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudIAMPermission ¶
type CloudIAMPermission struct { // Name of the GCP role to bind the resource to. Role string `json:"role"` // IAM resource to bind the role to. Resource CloudIAMResource `json:"resource"` }
func (*CloudIAMPermission) DeepCopy ¶
func (in *CloudIAMPermission) DeepCopy() *CloudIAMPermission
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudIAMPermission.
func (*CloudIAMPermission) DeepCopyInto ¶
func (in *CloudIAMPermission) DeepCopyInto(out *CloudIAMPermission)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudIAMResource ¶
type CloudIAMResource struct { // Kubernetes _APIVersion_. APIVersion string `json:"apiVersion"` // Kubernetes _Kind_. Kind string `json:"kind"` // Kubernetes _Name_. Name string `json:"name,omitempty"` }
func (*CloudIAMResource) DeepCopy ¶
func (in *CloudIAMResource) DeepCopy() *CloudIAMResource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudIAMResource.
func (*CloudIAMResource) DeepCopyInto ¶
func (in *CloudIAMResource) DeepCopyInto(out *CloudIAMResource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudSqlDatabase ¶
type CloudSqlDatabase struct { // Database name. // *Be aware that only one database with this name is allowed in a namespace, regardless of which SQLInstance it belongs to* // +kubebuilder:validation:Required Name string `json:"name"` // Prefix to add to environment variables made available for database connection. // If switching to `EnvVarPrefix` you need to [reset database credentials](https://doc.nais.io/persistence/postgres/#reset-database-credentials). EnvVarPrefix string `json:"envVarPrefix,omitempty"` // Add extra users for database access. These users need to be manually given access to database tables. Users []CloudSqlDatabaseUser `json:"users,omitempty"` }
func (*CloudSqlDatabase) DeepCopy ¶
func (in *CloudSqlDatabase) DeepCopy() *CloudSqlDatabase
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudSqlDatabase.
func (*CloudSqlDatabase) DeepCopyInto ¶
func (in *CloudSqlDatabase) DeepCopyInto(out *CloudSqlDatabase)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudSqlDatabaseUser ¶
type CloudSqlDatabaseUser struct { // User name. // +kubebuilder:validation:Required // +kubebuilder:validation:Pattern="^[_a-zA-Z][-_a-zA-Z0-9]+$" Name string `json:"name"` }
func (*CloudSqlDatabaseUser) DeepCopy ¶
func (in *CloudSqlDatabaseUser) DeepCopy() *CloudSqlDatabaseUser
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudSqlDatabaseUser.
func (*CloudSqlDatabaseUser) DeepCopyInto ¶
func (in *CloudSqlDatabaseUser) DeepCopyInto(out *CloudSqlDatabaseUser)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudSqlFlag ¶
type CloudSqlFlag struct { // Name of the flag. // +kubebuilder:validation:Required Name string `json:"name"` // Value of the flag. // +kubebuilder:validation:Required Value string `json:"value"` }
func (*CloudSqlFlag) DeepCopy ¶
func (in *CloudSqlFlag) DeepCopy() *CloudSqlFlag
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudSqlFlag.
func (*CloudSqlFlag) DeepCopyInto ¶
func (in *CloudSqlFlag) DeepCopyInto(out *CloudSqlFlag)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudSqlInstance ¶
type CloudSqlInstance struct { // PostgreSQL version. // +kubebuilder:validation:Enum=POSTGRES_11;POSTGRES_12;POSTGRES_13;POSTGRES_14;POSTGRES_15 // +kubebuilder:validation:Required // +nais:doc:Link="https://cloud.google.com/sql/docs/postgres/instance-settings" Type CloudSqlInstanceType `json:"type"` // The name of the instance, if omitted the application name will be used. Name string `json:"name,omitempty"` // Server tier, i.e. how much CPU and memory allocated. // Available tiers are `db-f1-micro`, `db-g1-small` and custom `db-custom-CPU-RAM`. // Custom memory must be mulitple of 256 MB and at least 3.75 GB (e.g. `db-custom-1-3840` for 1 cpu, 3840 MB ram) // +kubebuilder:validation:Pattern="db-.+" // +nais:doc:Default="db-f1-micro" Tier string `json:"tier,omitempty"` // Disk type to use for storage in the database. // +kubebuilder:validation:Enum=SSD;HDD DiskType CloudSqlInstanceDiskType `json:"diskType,omitempty"` // When set to true this will set up standby database for failover. HighAvailability bool `json:"highAvailability,omitempty"` // How much hard drive space to allocate for the SQL server, in gigabytes. // This parameter is used when first provisioning a server. // Disk size can be changed using this field _only when diskAutoresize is set to false_. // +kubebuilder:validation:Minimum=10 DiskSize int `json:"diskSize,omitempty"` // When set to true, GCP will automatically increase storage by XXX for the database when // disk usage is above the high water mark. Setting this field to true also disables // manual control over disk size, i.e. the `diskSize` parameter will be ignored. // +nais:doc:Link="https://cloud.google.com/sql/docs/postgres/instance-settings#threshold" DiskAutoresize bool `json:"diskAutoresize,omitempty"` // The maximum size, in GB, to which storage capacity can be automatically increased. // The default value is 0, which specifies that there is no limit. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 // +nais:doc:Default="0" DiskAutoresizeLimit int `json:"diskAutoresizeLimit,omitempty"` // If specified, run automatic backups of the SQL database at the given hour. // Note that this will backup the whole SQL instance, and not separate databases. // Restores are done using the Google Cloud Console. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=23 AutoBackupHour *int `json:"autoBackupHour,omitempty"` // Number of daily backups to retain. Defaults to 7 backups. // The number of retained backups must be greater or equal to TransactionLogRetentionDays. // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=365 // +nais:doc:Default="7" // +nais:doc:Link="https://cloud.google.com/sql/docs/postgres/backup-recovery/backups" RetainedBackups *int `json:"retainedBackups,omitempty"` // The number of days of transaction logs gcp retains for point in time restores. // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=7 // +nais:doc:Default="7" // +nais:doc:Link="https://cloud.google.com/sql/docs/mysql/backup-recovery/backups#retention" TransactionLogRetentionDays *int `json:"transactionLogRetentionDays,omitempty"` // Desired maintenance window for database updates. Maintenance *Maintenance `json:"maintenance,omitempty"` // List of databases that should be created on this Postgres server. // +kubebuilder:validation:Required Databases []CloudSqlDatabase `json:"databases,omitempty"` // Remove the entire Postgres server including all data when the Kubernetes resource is deleted. // *THIS IS A DESTRUCTIVE OPERATION*! Set cascading delete only when you want to remove data forever. CascadingDelete bool `json:"cascadingDelete,omitempty"` // Sort order for `ORDER BY ...` clauses. Collation string `json:"collation,omitempty"` // Enables point-in-time recovery for sql instances using write-ahead logs. PointInTimeRecovery bool `json:"pointInTimeRecovery,omitempty"` // Configures query insights which are now default for new sql instances. Insights *InsightsConfiguration `json:"insights,omitempty"` // Set flags to control the behavior of the instance. // Be aware that NAIS _does not validate_ these flags, so take extra care // to make sure the values match against the specification, otherwise your deployment // will seemingly work OK, but the database flags will not function as expected. // +nais:doc:Link="https://cloud.google.com/sql/docs/postgres/flags#list-flags-postgres" // +nais:doc:Experimental=true Flags []CloudSqlFlag `json:"flags,omitempty"` }
func (*CloudSqlInstance) Database ¶
func (in *CloudSqlInstance) Database() *CloudSqlDatabase
func (*CloudSqlInstance) DeepCopy ¶
func (in *CloudSqlInstance) DeepCopy() *CloudSqlInstance
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudSqlInstance.
func (*CloudSqlInstance) DeepCopyInto ¶
func (in *CloudSqlInstance) DeepCopyInto(out *CloudSqlInstance)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudSqlInstanceDiskType ¶
type CloudSqlInstanceDiskType string
const ( CloudSqlInstanceDiskTypeSSD CloudSqlInstanceDiskType = "SSD" CloudSqlInstanceDiskTypeHDD CloudSqlInstanceDiskType = "HDD" )
func (CloudSqlInstanceDiskType) GoogleType ¶
func (c CloudSqlInstanceDiskType) GoogleType() string
type CloudSqlInstanceType ¶
type CloudSqlInstanceType string
const ( CloudSqlInstanceTypePostgres11 CloudSqlInstanceType = "POSTGRES_11" CloudSqlInstanceTypePostgres12 CloudSqlInstanceType = "POSTGRES_12" CloudSqlInstanceTypePostgres13 CloudSqlInstanceType = "POSTGRES_13" CloudSqlInstanceTypePostgres14 CloudSqlInstanceType = "POSTGRES_14" CloudSqlInstanceTypePostgres15 CloudSqlInstanceType = "POSTGRES_15" )
type CloudStorageBucket ¶
type CloudStorageBucket struct { // The name of the bucket Name string `json:"name" nais:"immutable,key"` // Allows deletion of bucket. Set to true if you want to delete the bucket. CascadingDelete bool `json:"cascadingDelete,omitempty"` // The number of days to hold objects in the bucket before it is allowed to delete them. // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=36500 RetentionPeriodDays *int `json:"retentionPeriodDays,omitempty"` // Conditions for the bucket to use when selecting objects to delete in cleanup. // +nais:doc:Link="https://cloud.google.com/storage/docs/lifecycle" LifecycleCondition *LifecycleCondition `json:"lifecycleCondition,omitempty"` // Allows you to uniformly control access to your Cloud Storage resources. // When you enable uniform bucket-level access on a bucket, Access Control Lists (ACLs) are disabled, and only bucket-level Identity // and Access Management (IAM) permissions grant access to that bucket and the objects it contains. // // Uniform access control can not be reversed after 90 days! This is controlled by Google. // +nais:doc:Link="https://cloud.google.com/storage/docs/uniform-bucket-level-access" // +nais:doc:Default="false" UniformBucketLevelAccess bool `json:"uniformBucketLevelAccess,omitempty"` // Public access prevention allows you to prevent public access to your bucket. // +nais:doc:Link="https://cloud.google.com/storage/docs/public-access-prevention" // +nais:doc:Default="false" PublicAccessPrevention bool `json:"publicAccessPrevention,omitempty"` }
func (*CloudStorageBucket) DeepCopy ¶
func (in *CloudStorageBucket) DeepCopy() *CloudStorageBucket
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageBucket.
func (*CloudStorageBucket) DeepCopyInto ¶
func (in *CloudStorageBucket) DeepCopyInto(out *CloudStorageBucket)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConsumedScope ¶
type ConsumedScope struct { // The scope consumed by the application to gain access to an external organization API. // Ensure that the NAV organization has been granted access to the scope prior to requesting access. // +nais:doc:Link="https://doc.nais.io/security/auth/maskinporten/#consume-scopes" // +kubebuilder:validation:Required Name string `json:"name"` }
func (*ConsumedScope) DeepCopy ¶
func (in *ConsumedScope) DeepCopy() *ConsumedScope
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsumedScope.
func (*ConsumedScope) DeepCopyInto ¶
func (in *ConsumedScope) DeepCopyInto(out *ConsumedScope)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CpuScaling ¶
type CpuScaling struct { // Amount of CPU usage before the autoscaler kicks in. ThresholdPercentage int `json:"thresholdPercentage,omitempty"` }
func (*CpuScaling) DeepCopy ¶
func (in *CpuScaling) DeepCopy() *CpuScaling
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CpuScaling.
func (*CpuScaling) DeepCopyInto ¶
func (in *CpuScaling) DeepCopyInto(out *CpuScaling)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DigdiratorStatus ¶
type DigdiratorStatus struct { // SynchronizationState denotes the last known state of the Instance during synchronization SynchronizationState string `json:"synchronizationState,omitempty"` // SynchronizationTime is the last time the Status subresource was updated SynchronizationTime *metav1.Time `json:"synchronizationTime,omitempty"` // SynchronizationHash is the hash of the Instance object SynchronizationHash string `json:"synchronizationHash,omitempty"` // SynchronizationSecretName is the SecretName set in the last successful synchronization SynchronizationSecretName string `json:"synchronizationSecretName,omitempty"` // ClientID is the corresponding client ID for this client at Digdir ClientID string `json:"clientID,omitempty"` // CorrelationID is the ID referencing the processing transaction last performed on this resource CorrelationID string `json:"correlationID,omitempty"` // KeyIDs is the list of key IDs for valid JWKs registered for the client at Digdir KeyIDs []string `json:"keyIDs,omitempty"` }
DigdiratorStatus defines the observed state of Current Client
func (*DigdiratorStatus) DeepCopy ¶
func (in *DigdiratorStatus) DeepCopy() *DigdiratorStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DigdiratorStatus.
func (*DigdiratorStatus) DeepCopyInto ¶
func (in *DigdiratorStatus) DeepCopyInto(out *DigdiratorStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DigdiratorStatus) GetClientID ¶
func (in *DigdiratorStatus) GetClientID() string
func (*DigdiratorStatus) GetKeyIDs ¶
func (in *DigdiratorStatus) GetKeyIDs() []string
func (*DigdiratorStatus) GetSynchronizationHash ¶
func (in *DigdiratorStatus) GetSynchronizationHash() string
func (*DigdiratorStatus) GetSynchronizationSecretName ¶
func (in *DigdiratorStatus) GetSynchronizationSecretName() string
func (*DigdiratorStatus) SetClientID ¶
func (in *DigdiratorStatus) SetClientID(clientID string)
func (*DigdiratorStatus) SetCorrelationID ¶
func (in *DigdiratorStatus) SetCorrelationID(correlationID string)
func (*DigdiratorStatus) SetHash ¶
func (in *DigdiratorStatus) SetHash(hash string)
func (*DigdiratorStatus) SetKeyIDs ¶
func (in *DigdiratorStatus) SetKeyIDs(keyIDs []string)
func (*DigdiratorStatus) SetStateSynchronized ¶
func (in *DigdiratorStatus) SetStateSynchronized()
func (*DigdiratorStatus) SetSynchronizationSecretName ¶
func (in *DigdiratorStatus) SetSynchronizationSecretName(name string)
func (*DigdiratorStatus) SetSynchronizationState ¶
func (in *DigdiratorStatus) SetSynchronizationState(state string)
type EmptyDir ¶
type EmptyDir struct { // +kubebuilder:validation:Enum=Memory;Disk Medium MediumType `json:"medium,omitempty"` }
func (*EmptyDir) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmptyDir.
func (*EmptyDir) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvFrom ¶
type EnvFrom struct { // Name of the `ConfigMap` where environment variables are specified. // Required unless `secret` is set. ConfigMap string `json:"configmap,omitempty"` // Name of the `Secret` where environment variables are specified. // Required unless `configMap` is set. Secret string `json:"secret,omitempty"` }
func (*EnvFrom) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvFrom.
func (*EnvFrom) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvVar ¶
type EnvVar struct { // Environment variable name. May only contain letters, digits, and the underscore `_` character. // +kubebuilder:validation:Required Name string `json:"name"` // Environment variable value. Numbers and boolean values must be quoted. // Required unless `valueFrom` is specified. Value string `json:"value,omitempty"` // Dynamically set environment variables based on fields found in the Pod spec. // +nais:doc:Link="https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/" ValueFrom *EnvVarSource `json:"valueFrom,omitempty"` }
func (*EnvVar) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVar.
func (*EnvVar) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (EnvVar) ToKubernetes ¶
type EnvVarSource ¶
type EnvVarSource struct {
FieldRef ObjectFieldSelector `json:"fieldRef"`
}
func (*EnvVarSource) DeepCopy ¶
func (in *EnvVarSource) DeepCopy() *EnvVarSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVarSource.
func (*EnvVarSource) DeepCopyInto ¶
func (in *EnvVarSource) DeepCopyInto(out *EnvVarSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvVars ¶
type EnvVars []EnvVar
func (EnvVars) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVars.
func (EnvVars) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (EnvVars) ToKubernetes ¶
Maps environment variables from ApplicationSpec to the ones we use in CreateSpec
type ExecAction ¶
type ExecAction struct { // Command is the command line to execute inside the container before the pod is shut down. // The command is not run inside a shell, so traditional shell instructions (pipes, redirects, etc.) won't work. // To use a shell, you need to explicitly call out to that shell. // // If the exit status is non-zero, the pod will still be shut down, and marked as `Failed`. Command []string `json:"command,omitempty"` }
func (*ExecAction) DeepCopy ¶
func (in *ExecAction) DeepCopy() *ExecAction
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAction.
func (*ExecAction) DeepCopyInto ¶
func (in *ExecAction) DeepCopyInto(out *ExecAction)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExposedScope ¶
type ExposedScope struct { // If Enabled the configured scope is available to be used and consumed by organizations granted access. // +kubebuilder:validation:Required Enabled bool `json:"enabled"` // The actual subscope combined with `Product`. // Ensure that `<Product><Name>` matches `Pattern`. // +nais:doc:Default="false" // +kubebuilder:validation:Pattern=`^([a-zæøå0-9]+\/?)+(\:[a-zæøå0-9]+)*[a-zæøå0-9]+(\.[a-zæøå0-9]+)*$` // +kubebuilder:validation:Required Name string `json:"name"` // The product-area your application belongs to e.g. arbeid, helse ... // This will be included in the final scope `nav:<Product><Name>`. // +kubebuilder:validation:Required // +kubebuilder:validation:Pattern=`^[a-z0-9]+$` Product string `json:"product"` // Max time in seconds for a issued access_token. // Default is `30` sec. // +nais:doc:Default="30" // +kubebuilder:validation:Minimum=30 // +kubebuilder:validation:Maximum=680 AtMaxAge *int `json:"atMaxAge,omitempty"` // Whitelisting of integration's allowed. // Default is `maskinporten` // +nais:doc:Default="maskinporten" // +nais:doc:Link="https://docs.digdir.no/maskinporten_guide_apitilbyder.html#scope-begrensninger" // +kubebuilder:validation:MinItems=1 AllowedIntegrations []string `json:"allowedIntegrations,omitempty"` // External consumers granted access to this scope and able to request access_token. Consumers []ExposedScopeConsumer `json:"consumers,omitempty"` // Allow any organization to access the scope. // +nais:doc:Default="false" // +kubebuilder:validation:Optional AccessibleForAll *bool `json:"accessibleForAll,omitempty"` // Delegation source for the scope. Default is empty, which means no delegation is allowed. // +nais:doc:Link="https://docs.digdir.no/docs/Maskinporten/maskinporten_func_delegering" // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum=altinn DelegationSource *string `json:"delegationSource,omitempty"` // Separator is the character that separates `product` and `name` in the final scope: // `scope := <prefix>:<product><separator><name>` // This overrides the default separator. // The default separator is `:`. If `name` contains `/`, the default separator is instead `/`. // +kubebuilder:validation:Optional // +kubebuilder:validation:Pattern=`^[\/:]$` // +kubebuilder:validation:MaxLength=1 // +kubebuilder:validation:MinLength=1 Separator *string `json:"separator,omitempty"` }
func (*ExposedScope) DeepCopy ¶
func (in *ExposedScope) DeepCopy() *ExposedScope
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposedScope.
func (*ExposedScope) DeepCopyInto ¶
func (in *ExposedScope) DeepCopyInto(out *ExposedScope)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExposedScopeConsumer ¶
type ExposedScopeConsumer struct { // The external business/organization number. // +kubebuilder:validation:Pattern=`^\d{9}$` Orgno string `json:"orgno"` // This is a describing field intended for clarity not used for any other purpose. // +optional Name string `json:"name,omitempty"` }
func (*ExposedScopeConsumer) DeepCopy ¶
func (in *ExposedScopeConsumer) DeepCopy() *ExposedScopeConsumer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposedScopeConsumer.
func (*ExposedScopeConsumer) DeepCopyInto ¶
func (in *ExposedScopeConsumer) DeepCopyInto(out *ExposedScopeConsumer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilesFrom ¶
type FilesFrom struct { // Name of the `ConfigMap` that contains files that should be mounted into the container. // Required unless `secret` or `persistentVolumeClaim` is set. ConfigMap string `json:"configmap,omitempty"` // Name of the `Secret` that contains files that should be mounted into the container. // Required unless `configMap` or `persistentVolumeClaim` is set. // If mounting multiple secrets, `mountPath` *MUST* be set to avoid collisions. Secret string `json:"secret,omitempty"` // Specification of an empty directory EmptyDir *EmptyDir `json:"emptyDir,omitempty"` // Name of the `PersistentVolumeClaim` that should be mounted into the container. // Required unless `configMap` or `secret` is set. // This feature requires coordination with the NAIS team. PersistentVolumeClaim string `json:"persistentVolumeClaim,omitempty"` // Filesystem path inside the pod where files are mounted. // The directory will be created if it does not exist. If the directory exists, // any files in the directory will be made unaccessible. // // Defaults to `/var/run/configmaps/<NAME>`, `/var/run/secrets`, or `/var/run/pvc/<NAME>`, depending on which of them is specified. // For EmptyDir, MountPath must be set. MountPath string `json:"mountPath,omitempty"` }
func (*FilesFrom) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesFrom.
func (*FilesFrom) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Frontend ¶
type Frontend struct {
GeneratedConfig *FrontendGeneratedConfig `json:"generatedConfig,omitempty"`
}
func (*Frontend) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Frontend.
func (*Frontend) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FrontendGeneratedConfig ¶
type FrontendGeneratedConfig struct { // If specified, a Javascript file with application specific frontend configuration variables // will be generated and mounted into the pod file system at the specified path. // You can import this file directly from your Javascript application. // +nais:doc:Link="https://doc.nais.io/observability/frontend/#auto-configuration" MountPath string `json:"mountPath"` }
func (*FrontendGeneratedConfig) DeepCopy ¶
func (in *FrontendGeneratedConfig) DeepCopy() *FrontendGeneratedConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FrontendGeneratedConfig.
func (*FrontendGeneratedConfig) DeepCopyInto ¶
func (in *FrontendGeneratedConfig) DeepCopyInto(out *FrontendGeneratedConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCP ¶
type GCP struct { // Provision BigQuery datasets and give your application's pod mountable secrets for connecting to each dataset. // Datasets are immutable and cannot be changed. // +nais:doc:Link="https://cloud.google.com/bigquery/docs" // +nais:doc:Availability=GCP BigQueryDatasets []CloudBigQueryDataset `json:"bigQueryDatasets,omitempty"` // Provision cloud storage buckets and connect them to your application. // +nais:doc:Link="https://doc.nais.io/persistence/buckets/" // +nais:doc:Availability=GCP Buckets []CloudStorageBucket `json:"buckets,omitempty"` // Provision database instances and connect them to your application. // +nais:doc:Link="https://doc.nais.io/persistence/postgres/";"https://cloud.google.com/sql/docs/postgres/instance-settings#impact" // +nais:doc:Availability=GCP SqlInstances []CloudSqlInstance `json:"sqlInstances,omitempty"` // List of _additional_ permissions that should be granted to your application for accessing external GCP resources that have not been provisioned through NAIS. // +nais:doc:Availability=GCP Permissions []CloudIAMPermission `json:"permissions,omitempty"` }
func (*GCP) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCP.
func (*GCP) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GCP) Instance ¶
func (in *GCP) Instance() *CloudSqlInstance
type HttpGetAction ¶
type HttpGetAction struct { // Path to access on the HTTP server. Path string `json:"path"` // Port to access on the container. // Defaults to application port, as defined in `.spec.port`. // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 Port *int `json:"port,omitempty"` }
func (*HttpGetAction) DeepCopy ¶
func (in *HttpGetAction) DeepCopy() *HttpGetAction
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HttpGetAction.
func (*HttpGetAction) DeepCopyInto ¶
func (in *HttpGetAction) DeepCopyInto(out *HttpGetAction)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IDPorten ¶
type IDPorten struct { // Enable ID-porten authentication. Requires `.spec.idporten.sidecar.enabled=true`. // +nais:doc:Availability="GCP" // +nais:doc:Link="https://doc.nais.io/auth/idporten/" Enabled bool `json:"enabled"` // Sidecar configures a sidecar that intercepts every HTTP request, and performs the OIDC flow if necessary. // All requests to ingress + `/oauth2` will be processed only by the sidecar, whereas all other requests // will be proxied to the application. // // If the user is authenticated with ID-porten, the `Authorization` header will be set to `Bearer <JWT>`. // +nais:doc:Link="https://doc.nais.io/auth/idporten/how-to/login/" // +nais:doc:Link="https://doc.nais.io/auth/explanations/#login-proxy" // +nais:doc:Availability="GCP" Sidecar *IDPortenSidecar `json:"sidecar,omitempty"` }
func (*IDPorten) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDPorten.
func (*IDPorten) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IDPortenClient ¶
type IDPortenClient struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec IDPortenClientSpec `json:"spec,omitempty"` Status DigdiratorStatus `json:"status,omitempty"` }
IDPortenClient is the Schema for the IDPortenClients API +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*IDPortenClient) DeepCopy ¶
func (in *IDPortenClient) DeepCopy() *IDPortenClient
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDPortenClient.
func (*IDPortenClient) DeepCopyInto ¶
func (in *IDPortenClient) DeepCopyInto(out *IDPortenClient)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IDPortenClient) DeepCopyObject ¶
func (in *IDPortenClient) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*IDPortenClient) GetStatus ¶
func (in *IDPortenClient) GetStatus() *DigdiratorStatus
func (*IDPortenClient) Hash ¶
func (in *IDPortenClient) Hash() (string, error)
func (*IDPortenClient) SetStatus ¶
func (in *IDPortenClient) SetStatus(new DigdiratorStatus)
type IDPortenClientList ¶
type IDPortenClientList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []IDPortenClient `json:"items"` }
IDPortenClientList contains a list of IDPortenClient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*IDPortenClientList) DeepCopy ¶
func (in *IDPortenClientList) DeepCopy() *IDPortenClientList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDPortenClientList.
func (*IDPortenClientList) DeepCopyInto ¶
func (in *IDPortenClientList) DeepCopyInto(out *IDPortenClientList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IDPortenClientList) DeepCopyObject ¶
func (in *IDPortenClientList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IDPortenClientSpec ¶
type IDPortenClientSpec struct { // AccessTokenLifetime is the maximum lifetime in seconds for the returned access_token from ID-porten. // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=3600 AccessTokenLifetime *int `json:"accessTokenLifetime,omitempty"` // ClientURI is the URL to the client to be used at DigDir when displaying a 'back' button or on errors ClientURI IDPortenURI `json:"clientURI,omitempty"` // ClientName is the client name to be registered at DigDir. // It is shown during login for user-centric flows, and is otherwise a human-readable way to differentiate between clients at DigDir's self-service portal. ClientName string `json:"clientName,omitempty"` // IntegrationType sets the integration type for your client. // The integration type restricts which scopes you can register on your client. // The integration type is immutable, and can only be set on creation of the IDPortenClient. // If you need to change the integration type, you should either create a new IDPortenClient or delete and recreate the existing one. // // +nais:doc:Immutable=true // +nais:doc:Default=idporten // +nais:doc:Link="https://docs.digdir.no/docs/idporten/oidc_old/oidc_protocol_scope.html#scope-limitations" // +nais:doc:Link="https://docs.digdir.no/docs/idporten/oidc/oidc_func_clientreg.html#integrasjonstyper" // +kubebuilder:default=idporten // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum=krr;idporten;api_klient // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="integrationType is immutable; delete and recreate the IDPortenClient to change integrationType" IntegrationType string `json:"integrationType,omitempty" nais:"immutable"` // FrontchannelLogoutURI is the URL that ID-porten sends a requests to whenever a logout is triggered by another application using the same session FrontchannelLogoutURI IDPortenURI `json:"frontchannelLogoutURI,omitempty"` // PostLogoutRedirectURI is a list of valid URIs that ID-porten may redirect to after logout PostLogoutRedirectURIs []IDPortenURI `json:"postLogoutRedirectURIs,omitempty"` // RedirectURI is the redirect URI to be registered at DigDir. // Deprecated, prefer RedirectURIs. RedirectURI IDPortenURI `json:"redirectURI,omitempty"` // RedirectURIs is the list of redirect URIs to be registered at DigDir. RedirectURIs []IDPortenURI `json:"redirectURIs,omitempty"` // SecretName is the name of the resulting Secret resource to be created SecretName string `json:"secretName"` // Register different oauth2 Scopes on your client. // You will not be able to add a scope to your client that conflicts with the client's IntegrationType. // For example, you can not add a scope that is limited to the IntegrationType `krr` of integrationType `idporten`, and vice versa. // // Default for IntegrationType `krr` = ("krr:global/kontaktinformasjon.read", "krr:global/digitalpost.read") // Default for IntegrationType `idporten` = ("openid", "profile") // IntegrationType `api_klient` have no Default, checkout Digdir documentation. // // +nais:doc:Link="https://docs.digdir.no/oidc_func_clientreg.html?h=api_klient#scopes" Scopes []string `json:"scopes,omitempty"` // SessionLifetime is the maximum session lifetime in seconds for a logged in end-user for this client. // +kubebuilder:validation:Minimum=3600 // +kubebuilder:validation:Maximum=28800 SessionLifetime *int `json:"sessionLifetime,omitempty"` // SSODisabled controls the SSO behavior for this client. // +nais:doc:Link="https://docs.digdir.no/docs/idporten/oidc/oidc_func_nosso" SSODisabled *bool `json:"ssoDisabled,omitempty"` }
IDPortenClientSpec defines the desired state of IDPortenClient
func (*IDPortenClientSpec) DeepCopy ¶
func (in *IDPortenClientSpec) DeepCopy() *IDPortenClientSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDPortenClientSpec.
func (*IDPortenClientSpec) DeepCopyInto ¶
func (in *IDPortenClientSpec) DeepCopyInto(out *IDPortenClientSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IDPortenSidecar ¶
type IDPortenSidecar struct { Wonderwall `json:",inline"` // Default security level for all authentication requests. // +nais:doc:Default="idporten-loa-high" // +nais:doc:Link="https://doc.nais.io/auth/idporten/reference/#security-levels" // +kubebuilder:validation:Enum=Level3;Level4;idporten-loa-substantial;idporten-loa-high Level string `json:"level,omitempty"` // Default user interface locale for all authentication requests. // +nais:doc:Default="nb" // +nais:doc:Link="https://doc.nais.io/auth/idporten/reference/#locales" // +kubebuilder:validation:Enum=nb;nn;en;se Locale string `json:"locale,omitempty"` }
func (*IDPortenSidecar) DeepCopy ¶
func (in *IDPortenSidecar) DeepCopy() *IDPortenSidecar
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDPortenSidecar.
func (*IDPortenSidecar) DeepCopyInto ¶
func (in *IDPortenSidecar) DeepCopyInto(out *IDPortenSidecar)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IDPortenURI ¶
type IDPortenURI string
+kubebuilder:validation:Pattern=`^(https:\/\/)|(http:\/\/localhost\:).+$`
type Influx ¶
type Influx struct { // Provisions an InfluxDB instance and configures your application to access it. // Use the prefix: `influx-` + `team` that you specified in the [navikt/aiven-iac](https://github.com/navikt/aiven-iac) repository. Instance string `json:"instance"` }
func (*Influx) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Influx.
func (*Influx) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InsightsConfiguration ¶
type InsightsConfiguration struct { // True if Query Insights feature is enabled. // +nais:doc:Default="true" Enabled *bool `json:"enabled,omitempty"` // Maximum query length stored in bytes. Between 256 and 4500. Default to 1024. // +kubebuilder:validation:Minimum=256 // +kubebuilder:validation:Maximum=4500 QueryStringLength int `json:"queryStringLength,omitempty"` // True if Query Insights will record application tags from query when enabled. RecordApplicationTags bool `json:"recordApplicationTags,omitempty"` // True if Query Insights will record client address when enabled. RecordClientAddress bool `json:"recordClientAddress,omitempty"` }
func (*InsightsConfiguration) DeepCopy ¶
func (in *InsightsConfiguration) DeepCopy() *InsightsConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsConfiguration.
func (*InsightsConfiguration) DeepCopyInto ¶
func (in *InsightsConfiguration) DeepCopyInto(out *InsightsConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*InsightsConfiguration) IsEnabled ¶
func (i *InsightsConfiguration) IsEnabled() bool
IsEnabled returns true if Enabled is true, nil or if InsightsConfiguration is nil.
type Jwker ¶
type Jwker struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec JwkerSpec `json:"spec,omitempty"` Status JwkerStatus `json:"status,omitempty"` }
Jwker is the Schema for the jwkers API
func (*Jwker) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Jwker.
func (*Jwker) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Jwker) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type JwkerList ¶
type JwkerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Jwker `json:"items"` }
JwkerList contains a list of Jwker
func (*JwkerList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwkerList.
func (*JwkerList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*JwkerList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type JwkerSpec ¶
type JwkerSpec struct { AccessPolicy *AccessPolicy `json:"accessPolicy"` // fixme: access policy should not have rules required, but cluster and namespace. doesn't need external. SecretName string `json:"secretName"` }
func (*JwkerSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwkerSpec.
func (*JwkerSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JwkerStatus ¶
type JwkerStatus struct { SynchronizationTime int64 `json:"synchronizationTime,omitempty"` SynchronizationState string `json:"synchronizationState,omitempty"` SynchronizationHash string `json:"synchronizationHash,omitempty"` SynchronizationSecretName string `json:"synchronizationSecretName,omitempty"` }
JwkerStatus defines the observed state of Jwker
func (*JwkerStatus) DeepCopy ¶
func (in *JwkerStatus) DeepCopy() *JwkerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwkerStatus.
func (*JwkerStatus) DeepCopyInto ¶
func (in *JwkerStatus) DeepCopyInto(out *JwkerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Kafka ¶
type Kafka struct { // Configures your application to access an Aiven Kafka cluster. Pool string `json:"pool"` // Allow this app to use kafka streams // +nais:doc:Link="https://doc.nais.io/persistence/kafka/how-to/internal" // +nais:doc:Availability=GCP // +nais:doc:Default="false" Streams bool `json:"streams,omitempty"` }
func (*Kafka) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Kafka.
func (*Kafka) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KafkaScaling ¶
type KafkaScaling struct { // Topic your application is consuming Topic string `json:"topic"` // ConsumerGroup your application uses when consuming ConsumerGroup string `json:"consumerGroup"` // Threshold is the amount of lag allowed before the application should scale up Threshold int `json:"threshold"` }
func (*KafkaScaling) DeepCopy ¶
func (in *KafkaScaling) DeepCopy() *KafkaScaling
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KafkaScaling.
func (*KafkaScaling) DeepCopyInto ¶
func (in *KafkaScaling) DeepCopyInto(out *KafkaScaling)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LifecycleCondition ¶
type LifecycleCondition struct { // Condition is satisfied when the object reaches the specified age in days. These will be deleted. Age int `json:"age,omitempty"` // Condition is satisfied when the object is created before midnight on the specified date. These will be deleted. CreatedBefore string `json:"createdBefore,omitempty"` // Condition is satisfied when the object has the specified number of newer versions. // The older versions will be deleted. NumNewerVersions int `json:"numNewerVersions,omitempty"` // Condition is satisfied when the object has the specified state. // +kubebuilder:validation:Enum="";LIVE;ARCHIVED;ANY WithState string `json:"withState,omitempty"` }
func (*LifecycleCondition) DeepCopy ¶
func (in *LifecycleCondition) DeepCopy() *LifecycleCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LifecycleCondition.
func (*LifecycleCondition) DeepCopyInto ¶
func (in *LifecycleCondition) DeepCopyInto(out *LifecycleCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LogDestination ¶
type LogDestination struct {
ID string `json:"id"`
}
func (*LogDestination) DeepCopy ¶
func (in *LogDestination) DeepCopy() *LogDestination
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LogDestination.
func (*LogDestination) DeepCopyInto ¶
func (in *LogDestination) DeepCopyInto(out *LogDestination)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Logging ¶
type Logging struct { // Enable forwarding of application logs to persistent storage. // +kubebuilder:default=true // +nais:doc:Default="true" Enabled bool `json:"enabled,omitempty"` // Log destinations for where to forward application logs for persistent storage. Leave empty to use default destinations. // +nais:doc:Link="https://doc.nais.io/observability/logging/#log-destinations" Destinations []LogDestination `json:"destinations,omitempty"` }
func (*Logging) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Logging.
func (*Logging) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Maintenance ¶
type Maintenance struct { // +kubebuilder:validation:Required // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=7 Day int `json:"day,omitempty"` // +kubebuilder:validation:Required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=23 Hour *int `json:"hour,omitempty"` // must use pointer here to be able to distinguish between no value and value 0 from user. }
func (*Maintenance) DeepCopy ¶
func (in *Maintenance) DeepCopy() *Maintenance
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Maintenance.
func (*Maintenance) DeepCopyInto ¶
func (in *Maintenance) DeepCopyInto(out *Maintenance)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Maskinporten ¶
type Maskinporten struct { // If enabled, provisions and configures a Maskinporten client with consumed scopes and/or Exposed scopes with DigDir. // +nais:doc:Availability="team namespaces" // +nais:doc:Default="false" Enabled bool `json:"enabled"` // Schema to configure Maskinporten clients with consumed scopes and/or exposed scopes. Scopes MaskinportenScope `json:"scopes,omitempty"` }
func (*Maskinporten) DeepCopy ¶
func (in *Maskinporten) DeepCopy() *Maskinporten
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Maskinporten.
func (*Maskinporten) DeepCopyInto ¶
func (in *Maskinporten) DeepCopyInto(out *Maskinporten)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MaskinportenClient ¶
type MaskinportenClient struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec MaskinportenClientSpec `json:"spec,omitempty"` Status DigdiratorStatus `json:"status,omitempty"` }
MaskinportenClient is the Schema for the MaskinportenClient API +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*MaskinportenClient) DeepCopy ¶
func (in *MaskinportenClient) DeepCopy() *MaskinportenClient
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaskinportenClient.
func (*MaskinportenClient) DeepCopyInto ¶
func (in *MaskinportenClient) DeepCopyInto(out *MaskinportenClient)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MaskinportenClient) DeepCopyObject ¶
func (in *MaskinportenClient) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*MaskinportenClient) GetConsumedScopes ¶
func (in *MaskinportenClient) GetConsumedScopes() []string
func (*MaskinportenClient) GetExposedScopes ¶
func (in *MaskinportenClient) GetExposedScopes() map[string]ExposedScope
func (*MaskinportenClient) GetStatus ¶
func (in *MaskinportenClient) GetStatus() *DigdiratorStatus
func (*MaskinportenClient) Hash ¶
func (in *MaskinportenClient) Hash() (string, error)
func (*MaskinportenClient) SetStatus ¶
func (in *MaskinportenClient) SetStatus(new DigdiratorStatus)
type MaskinportenClientList ¶
type MaskinportenClientList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []MaskinportenClient `json:"items"` }
MaskinportenClientList contains a list of MaskinportenClient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +nais:doc:Availability="team namespaces"
func (*MaskinportenClientList) DeepCopy ¶
func (in *MaskinportenClientList) DeepCopy() *MaskinportenClientList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaskinportenClientList.
func (*MaskinportenClientList) DeepCopyInto ¶
func (in *MaskinportenClientList) DeepCopyInto(out *MaskinportenClientList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MaskinportenClientList) DeepCopyObject ¶
func (in *MaskinportenClientList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MaskinportenClientSpec ¶
type MaskinportenClientSpec struct { // ClientName is the client name to be registered at DigDir. // It is shown during login for user-centric flows, and is otherwise a human-readable way to differentiate between clients at DigDir's self-service portal. ClientName string `json:"clientName,omitempty"` // Scopes is a object of used end exposed scopes by application Scopes MaskinportenScope `json:"scopes,omitempty"` // SecretName is the name of the resulting Secret resource to be created SecretName string `json:"secretName"` }
MaskinportenClientSpec defines the desired state of MaskinportenClient
func (*MaskinportenClientSpec) DeepCopy ¶
func (in *MaskinportenClientSpec) DeepCopy() *MaskinportenClientSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaskinportenClientSpec.
func (*MaskinportenClientSpec) DeepCopyInto ¶
func (in *MaskinportenClientSpec) DeepCopyInto(out *MaskinportenClientSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MaskinportenScope ¶
type MaskinportenScope struct { // This is the Schema for the consumes and exposes API. // `consumes` is a list of scopes that your client can request access to. ConsumedScopes []ConsumedScope `json:"consumes,omitempty"` // `exposes` is a list of scopes your application want to expose to other organization where access to the scope is based on organization number. ExposedScopes []ExposedScope `json:"exposes,omitempty"` }
func (*MaskinportenScope) DeepCopy ¶
func (in *MaskinportenScope) DeepCopy() *MaskinportenScope
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaskinportenScope.
func (*MaskinportenScope) DeepCopyInto ¶
func (in *MaskinportenScope) DeepCopyInto(out *MaskinportenScope)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MediumType ¶
type MediumType string
const ( MediumTypeMemory MediumType = "Memory" MediumTypeDisk MediumType = "Disk" )
type Naisjob ¶
type Naisjob struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec NaisjobSpec `json:"spec"` Status Status `json:"status,omitempty"` }
Naisjob defines a NAIS Naisjob.
+genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:printcolumn:name="Schedule",type="string",JSONPath=".spec.schedule" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Team",type="string",JSONPath=".metadata.labels.team" +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.synchronizationState" +kubebuilder:resource:path="naisjobs",shortName="nj",singular="naisjob"
func ExampleNaisjobForDocumentation ¶
func ExampleNaisjobForDocumentation() *Naisjob
func (*Naisjob) ApplyDefaults ¶
ApplyDefaults sets default values where they are missing from an Application spec.
func (*Naisjob) CorrelationID ¶
func (*Naisjob) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Naisjob.
func (*Naisjob) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Naisjob) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Naisjob) DefaultSecretPath ¶
func (in *Naisjob) DefaultSecretPath(base string) SecretPath
func (*Naisjob) EnsureCorrelationID ¶
If the Naisjob was not deployed with a correlation ID annotation, generate a random UUID and add it to annotations.
func (*Naisjob) GetAccessPolicy ¶
func (in *Naisjob) GetAccessPolicy() *AccessPolicy
func (*Naisjob) GetAzure ¶
func (in *Naisjob) GetAzure() AzureInterface
func (*Naisjob) GetConcurrencyPolicy ¶
func (*Naisjob) GetIDPorten ¶
func (*Naisjob) GetIngress ¶
func (*Naisjob) GetLeaderElection ¶
func (*Naisjob) GetLiveness ¶
func (*Naisjob) GetMaskinporten ¶
func (in *Naisjob) GetMaskinporten() *Maskinporten
func (*Naisjob) GetObjectKind ¶
func (in *Naisjob) GetObjectKind() schema.ObjectKind
func (*Naisjob) GetObjectReference ¶
func (in *Naisjob) GetObjectReference() corev1.ObjectReference
func (*Naisjob) GetObservability ¶
func (in *Naisjob) GetObservability() *Observability
func (*Naisjob) GetOpenSearch ¶
func (in *Naisjob) GetOpenSearch() *OpenSearch
func (*Naisjob) GetOwnerReference ¶
func (in *Naisjob) GetOwnerReference() metav1.OwnerReference
func (*Naisjob) GetPrometheus ¶
func (in *Naisjob) GetPrometheus() *PrometheusConfig
func (*Naisjob) GetReadiness ¶
func (*Naisjob) GetSecureLogs ¶
func (in *Naisjob) GetSecureLogs() *SecureLogs
func (*Naisjob) GetSkipCABundle ¶
func (*Naisjob) GetTerminationGracePeriodSeconds ¶
func (*Naisjob) GetWebProxy ¶
func (*Naisjob) SetDeploymentRolloutStatus ¶
func (*Naisjob) SkipDeploymentMessage ¶
type NaisjobList ¶
type NaisjobList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Naisjob `json:"items"` }
+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*NaisjobList) DeepCopy ¶
func (in *NaisjobList) DeepCopy() *NaisjobList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NaisjobList.
func (*NaisjobList) DeepCopyInto ¶
func (in *NaisjobList) DeepCopyInto(out *NaisjobList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NaisjobList) DeepCopyObject ¶
func (in *NaisjobList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NaisjobSpec ¶
type NaisjobSpec struct { // By default, no traffic is allowed between naisjobs inside the cluster. // Configure access policies to explicitly allow communication between naisjobs. // This is also used for granting inbound access in the context of Azure AD and TokenX clients. // +nais:doc:Link="https://doc.nais.io/workloads/explanations/zero-trust/" AccessPolicy *AccessPolicy `json:"accessPolicy,omitempty"` // Once a Naisjob reaches activeDeadlineSeconds, all of its running Pods are terminated and the Naisjob status will become type: Failed with reason: DeadlineExceeded. // If set, this takes presedence over BackoffLimit. ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"` // Provisions and configures Azure resources. Azure *AzureNaisJob `json:"azure,omitempty"` // Specify the number of retries before considering a Naisjob as failed BackoffLimit int32 `json:"backoffLimit,omitempty"` // Override command when starting Docker image. Command []string `json:"command,omitempty"` // A Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. // +nais:doc:Default="1" // +nais:doc:Link="https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-patterns" Completions *int32 `json:"completions,omitempty"` // Specifies how to treat concurrent executions of a job that is created by this Naisjob-cron. // +kubebuilder:validation:Enum=Forbid;Replace;Allow // +nais:doc:Default="Allow" // +nais:doc:Link="https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#concurrency-policy" ConcurrencyPolicy string `json:"concurrencyPolicy,omitempty"` // Custom environment variables injected into your container. // Specify either `value` or `valueFrom`, but not both. Env EnvVars `json:"env,omitempty"` // EnvFrom exposes all variables in the ConfigMap or Secret resources as environment variables. // One of `configMap` or `secret` is required. // // Environment variables will take the form `KEY=VALUE`, where `key` is the ConfigMap or Secret key. // You can specify as many keys as you like in a single ConfigMap or Secret. // // The ConfigMap and Secret resources must live in the same Kubernetes namespace as the Naisjob resource. // +nais:doc:Availability="team namespaces" EnvFrom []EnvFrom `json:"envFrom,omitempty"` // Specify how many failed Jobs should be kept. FailedJobsHistoryLimit int32 `json:"failedJobsHistoryLimit,omitempty"` // List of ConfigMap or Secret resources that will have their contents mounted into the containers as files. // Either `configMap` or `secret` is required. // // Files will take the path `<mountPath>/<key>`, where `key` is the ConfigMap or Secret key. // You can specify as many keys as you like in a single ConfigMap or Secret, and they will all // be mounted to the same directory. // // The ConfigMap and Secret resources must live in the same Kubernetes namespace as the Naisjob resource. // +nais:doc:Availability="team namespaces" FilesFrom []FilesFrom `json:"filesFrom,omitempty"` // +nais:doc:Availability="GCP" GCP *GCP `json:"gcp,omitempty"` // Your Naisjob's Docker image location and tag. Image string `json:"image"` // An Influxdb via Aiven. A typical use case is to store metrics from your application and visualize them in Grafana. // See [navikt/aiven-iac](https://github.com/navikt/aiven-iac) repository // +nais:doc:Availability="GCP" Influx *Influx `json:"influx,omitempty"` // Enable Aiven Kafka for your Naisjob. Kafka *Kafka `json:"kafka,omitempty"` // Many Naisjobs running for long periods of time eventually transition to broken states, // and cannot recover except by being restarted. Kubernetes provides liveness probes to detect // and remedy such situations. Read more about this over at the // [Kubernetes probes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). Liveness *Probe `json:"liveness,omitempty"` // Format of the logs from the container. Use this if the container doesn't support // JSON logging and the log is in a special format that need to be parsed. // +kubebuilder:validation:Enum="";accesslog;accesslog_with_processing_time;accesslog_with_referer_useragent;capnslog;logrus;gokit;redis;glog;simple;influxdb;log15 Logformat string `json:"logformat,omitempty"` // Extra filters for modifying log content. This can e.g. be used for setting loglevel based on http status code. // +kubebuilder:validation:Enum=http_loglevel;dns_loglevel Logtransform string `json:"logtransform,omitempty"` // Configures a Maskinporten client for this Naisjob. // See [Maskinporten](https://doc.nais.io/security/auth/maskinporten/) for more details. Maskinporten *Maskinporten `json:"maskinporten,omitempty"` // To get your own OpenSearch instance head over to the IaC-repo to provision each instance. // See [navikt/aiven-iac](https://github.com/navikt/aiven-iac) repository. OpenSearch *OpenSearch `json:"openSearch,omitempty"` // For running pods in parallel. // If it is specified as 0, then the Job is effectively paused until it is increased. // +nais:doc:Default="1" // +nais:doc:Link="https://kubernetes.io/docs/concepts/workloads/controllers/job/#controlling-parallelism" Parallelism *int32 `json:"parallelism,omitempty"` // PreStopHook is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. // The handler is not called if the container crashes or exits by itself. // The reason for termination is passed to the handler. // +nais:doc:Link="https://doc.nais.io/workloads/explanations/good-practices/#handles-termination-gracefully";"https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" PreStopHook *PreStopHook `json:"preStopHook,omitempty"` // Sometimes, Naisjobs are temporarily unable to serve traffic. For example, an Naisjob might need // to load large data or configuration files during startup, or depend on external services after startup. // In such cases, you don't want to kill the Naisjob, but you don’t want to send it requests either. // Kubernetes provides readiness probes to detect and mitigate these situations. A pod with containers // reporting that they are not ready does not receive traffic through Kubernetes Services. // Read more about this over at the [Kubernetes readiness documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). Readiness *Probe `json:"readiness,omitempty"` // List of redis instances this job needs credentials for. // Must be owned by same team. // +nais:doc:Link="https://doc.nais.io/persistence/redis/" Redis []Redis `json:"redis,omitempty"` // RestartPolicy describes how the container should be restarted. Only one of the following restart policies may be specified. // If none of the following policies is specified, the default one is Never. // Read more about [Kubernetes handling pod and container failures](https://kubernetes.io/docs/concepts/workloads/controllers/job/#handling-pod-and-container-failures) // +kubebuilder:validation:Enum=OnFailure;Never RestartPolicy string `json:"restartPolicy,omitempty"` // When Containers have [resource requests](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) specified, // the Kubernetes scheduler can make better decisions about which nodes to place pods on. // +nais:doc:Link="https://doc.nais.io/workloads/explanations/good-practices/#set-reasonable-resource-requests-and-limits" Resources *ResourceRequirements `json:"resources,omitempty"` // The [Cron](https://en.wikipedia.org/wiki/Cron) schedule for running the Naisjob. // If not specified, the Naisjob will be run as a one-shot Job. The timezone for Naisjobs defaults to UTC. Schedule string `json:"schedule,omitempty"` // Whether or not to enable a sidecar container for secure logging. SecureLogs *SecureLogs `json:"secureLogs,omitempty"` // Whether to skip injection of NAV certificate authority bundle or not. Defaults to false. SkipCaBundle bool `json:"skipCaBundle,omitempty"` // Kubernetes uses startup probes to know when a container application has started. If such a probe is configured, // it disables liveness and readiness checks until it succeeds, making sure those probes don't interfere with the // application startup. This can be used to adopt liveness checks on slow starting containers, avoiding them getting // killed by Kubernetes before they are up and running. Startup *Probe `json:"startup,omitempty"` // Specify how many completed Jobs should be kept. SuccessfulJobsHistoryLimit int32 `json:"successfulJobsHistoryLimit,omitempty"` // The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. // Set this value longer than the expected cleanup time for your process. // For most jobs, the default is more than enough. Defaults to 30 seconds. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=180 TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"` // TimeZone for Naisjobs. Defaults to UTC. Only used if Schedule is specified. // Specify a valid [IANA timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). TimeZone *string `json:"timeZone,omitempty"` // Specify the number of seconds to wait before removing the Job after it has finished (either Completed or Failed). // If the field is unset, this Job won't be cleaned up by the TTL controller after it finishes. TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"` // Configuration options related to application observability. // +nais:doc:Link="https://doc.nais.io/observability/" Observability *Observability `json:"observability,omitempty"` // Provides secrets management, identity-based access, and encrypting application data for auditing of secrets // for applications, systems, and users. // +nais:doc:Link="https://github.com/navikt/vault-iac/tree/master/doc" // +nais:doc:Availability="on-premises" Vault *Vault `json:"vault,omitempty"` // Inject on-premises web proxy configuration into the job container. // Most Linux applications should auto-detect these settings from the `$HTTP_PROXY`, `$HTTPS_PROXY` and `$NO_PROXY` environment variables (and their lowercase counterparts). // Java applications can start the JVM using parameters from the `$JAVA_PROXY_OPTIONS` environment variable. // +nais:doc:Availability="on-premises" WebProxy bool `json:"webproxy,omitempty"` }
NaisjobSpec contains the NAIS manifest. Please keep this list sorted for clarity.
func (*NaisjobSpec) DeepCopy ¶
func (in *NaisjobSpec) DeepCopy() *NaisjobSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NaisjobSpec.
func (*NaisjobSpec) DeepCopyInto ¶
func (in *NaisjobSpec) DeepCopyInto(out *NaisjobSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectFieldSelector ¶
type ObjectFieldSelector struct { // Field value from the `Pod` spec that should be copied into the environment variable. // +kubebuilder:validation:Enum="";metadata.name;metadata.namespace;metadata.labels;metadata.annotations;spec.nodeName;spec.serviceAccountName;status.hostIP;status.podIP FieldPath string `json:"fieldPath"` }
func (*ObjectFieldSelector) DeepCopy ¶
func (in *ObjectFieldSelector) DeepCopy() *ObjectFieldSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectFieldSelector.
func (*ObjectFieldSelector) DeepCopyInto ¶
func (in *ObjectFieldSelector) DeepCopyInto(out *ObjectFieldSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Observability ¶
type Observability struct { // Enable application performance monitoring with traces collected using OpenTelemetry and the OTLP exporter. // +nais:doc:Availability="GCP" // +nais:doc:Experimental=true // +nais:doc:Link="https://doc.nais.io/observability/tracing/" Tracing *Tracing `json:"tracing,omitempty"` // Configure logging for your application. // +nais:doc:Link="https://doc.nais.io/observability/logging/" Logging *Logging `json:"logging,omitempty"` // Enable auto-instrumenting your application using the OpenTelemetry Agent. // +nais:doc:Availability="GCP" // +nais:doc:Experimental=true // +nais:doc:Link="https://doc.nais.io/observability/auto-instrumentation/" AutoInstrumentation *AutoInstrumentation `json:"autoInstrumentation,omitempty"` }
func (*Observability) DeepCopy ¶
func (in *Observability) DeepCopy() *Observability
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Observability.
func (*Observability) DeepCopyInto ¶
func (in *Observability) DeepCopyInto(out *Observability)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenSearch ¶
type OpenSearch struct { // Configure your application to access your OpenSearch instance. // The last part of the name used when creating the instance (ie. opensearch-{team}-{instance}) Instance string `json:"instance"` // Access level for OpenSearch user // +kubebuilder:validation:Enum=read;write;readwrite;admin Access string `json:"access,omitempty"` }
func (*OpenSearch) DeepCopy ¶
func (in *OpenSearch) DeepCopy() *OpenSearch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenSearch.
func (*OpenSearch) DeepCopyInto ¶
func (in *OpenSearch) DeepCopyInto(out *OpenSearch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PreStopHook ¶
type PreStopHook struct { // Command that should be run inside the main container just before the pod is shut down by Kubernetes. Exec *ExecAction `json:"exec,omitempty"` // HTTP GET request that is called just before the pod is shut down by Kubernetes. Http *HttpGetAction `json:"http,omitempty"` }
func (*PreStopHook) DeepCopy ¶
func (in *PreStopHook) DeepCopy() *PreStopHook
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreStopHook.
func (*PreStopHook) DeepCopyInto ¶
func (in *PreStopHook) DeepCopyInto(out *PreStopHook)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Probe ¶
type Probe struct { // HTTP endpoint path that signals 200 OK if the application has started successfully. Path string `json:"path"` // Port for the startup probe. Port int `json:"port,omitempty"` // Number of seconds after the container has started before startup probes are initiated. InitialDelay int `json:"initialDelay,omitempty"` // How often (in seconds) to perform the probe. PeriodSeconds int `json:"periodSeconds,omitempty"` // When a Pod starts, and the probe fails, Kubernetes will try _failureThreshold_ times before giving up. // Giving up in case of a startup probe means restarting the Pod. FailureThreshold int `json:"failureThreshold,omitempty"` // Number of seconds after which the probe times out. Timeout int `json:"timeout,omitempty"` }
Liveness probe and readiness probe definitions.
func (*Probe) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe.
func (*Probe) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrometheusConfig ¶
type PrometheusConfig struct { Enabled bool `json:"enabled,omitempty"` Port string `json:"port,omitempty"` Path string `json:"path,omitempty"` }
func (*PrometheusConfig) DeepCopy ¶
func (in *PrometheusConfig) DeepCopy() *PrometheusConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig.
func (*PrometheusConfig) DeepCopyInto ¶
func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Redis ¶
type Redis struct { // The last part of the name used when creating the instance (ie. redis-{team}-{instance}) Instance string `json:"instance,omitempty"` // Access level for redis user // +kubebuilder:validation:Enum=read;write;readwrite;admin Access string `json:"access,omitempty"` }
func (*Redis) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Redis.
func (*Redis) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Replicas ¶
type Replicas struct { // The minimum amount of running replicas for a deployment. Min *int `json:"min,omitempty"` // The pod autoscaler will increase replicas when required up to the maximum. Max *int `json:"max,omitempty"` // Deprecated: Use `spec.scalingStrategy.cpu.thresholdPercentage` instead. // Amount of CPU usage before the autoscaler kicks in. // If anything under ScalingStrategy is set, that takes precedence. // +nais:doc:Deprecated=true CpuThresholdPercentage int `json:"cpuThresholdPercentage,omitempty"` // Disable autoscaling // +nais:doc:Default="false" DisableAutoScaling bool `json:"disableAutoScaling,omitempty"` // ScalingStrategy configures how automatic scaling is performed. // +nais:doc:link:https://doc.nais.io/workloads/application/reference/automatic-scaling/ ScalingStrategy *ScalingStrategy `json:"scalingStrategy,omitempty"` }
func (*Replicas) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Replicas.
func (*Replicas) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceRequirements ¶
type ResourceRequirements struct { // Limit defines the maximum amount of resources a container can use before getting evicted. Limits *ResourceSpec `json:"limits,omitempty"` // Request defines the amount of resources a container is allocated on startup. Requests *ResourceSpec `json:"requests,omitempty"` }
func (*ResourceRequirements) DeepCopy ¶
func (in *ResourceRequirements) DeepCopy() *ResourceRequirements
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.
func (*ResourceRequirements) DeepCopyInto ¶
func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceSpec ¶
type ResourceSpec struct { // +kubebuilder:validation:Pattern=^\d+m?$ Cpu string `json:"cpu,omitempty"` // +kubebuilder:validation:Pattern=^\d+[KMG]i$ Memory string `json:"memory,omitempty"` }
func (*ResourceSpec) DeepCopy ¶
func (in *ResourceSpec) DeepCopy() *ResourceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec.
func (*ResourceSpec) DeepCopyInto ¶
func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ScalingStrategy ¶
type ScalingStrategy struct { // Configures HPA based on CPU usage. Cpu *CpuScaling `json:"cpu,omitempty"` // Configures HPA based on Kafka lag. Kafka *KafkaScaling `json:"kafka,omitempty"` }
func (*ScalingStrategy) DeepCopy ¶
func (in *ScalingStrategy) DeepCopy() *ScalingStrategy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalingStrategy.
func (*ScalingStrategy) DeepCopyInto ¶
func (in *ScalingStrategy) DeepCopyInto(out *ScalingStrategy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretPath ¶
type SecretPath struct { // File system path that the secret will be mounted into. MountPath string `json:"mountPath"` // Path to Vault key/value store that should be mounted into the file system. KvPath string `json:"kvPath"` // Format of the secret that should be processed. // +kubebuilder:validation:Enum=flatten;json;yaml;env;properties;"" Format string `json:"format,omitempty"` }
func (*SecretPath) DeepCopy ¶
func (in *SecretPath) DeepCopy() *SecretPath
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretPath.
func (*SecretPath) DeepCopyInto ¶
func (in *SecretPath) DeepCopyInto(out *SecretPath)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecureLogs ¶
type SecureLogs struct { // Whether to enable a sidecar container for secure logging. // If enabled, a volume is mounted in the pods where secure logs can be saved. Enabled bool `json:"enabled"` }
func (*SecureLogs) DeepCopy ¶
func (in *SecureLogs) DeepCopy() *SecureLogs
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecureLogs.
func (*SecureLogs) DeepCopyInto ¶
func (in *SecureLogs) DeepCopyInto(out *SecureLogs)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Service ¶
type Service struct { // +kubebuilder:validation:Enum=http;redis;tcp;grpc // Which protocol the backend service runs on. Default is `http`. Protocol string `json:"protocol,omitempty"` // Port for the default service. Default port is 80. Port int32 `json:"port"` }
func (*Service) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service.
func (*Service) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Status ¶
type Status struct { SynchronizationTime int64 `json:"synchronizationTime,omitempty"` RolloutCompleteTime int64 `json:"rolloutCompleteTime,omitempty"` CorrelationID string `json:"correlationID,omitempty"` DeploymentRolloutStatus string `json:"deploymentRolloutStatus,omitempty"` SynchronizationState string `json:"synchronizationState,omitempty"` SynchronizationHash string `json:"synchronizationHash,omitempty"` Conditions *[]metav1.Condition `json:"conditions,omitempty"` }
Status contains different NAIS status properties
func (*Status) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Status.
func (*Status) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Status) SetCondition ¶
func (in *Status) SetCondition(typ string, status metav1.ConditionStatus, reason, message string)
SetCondition is a wrapper around an upstream API that does more or less the same thing. The condition with the matching `typ` is either created or updated in .status.conditions[].
func (*Status) SetSynchronizationStateWithCondition ¶
SetSynchronizationStateWithCondition is a shorthand function for setting synchronization state. Additionally, the state and the human-readable message is stored in a condition.
type Strategy ¶
type Strategy struct { // Specifies the strategy used to replace old Pods by new ones. // `RollingUpdate` is the default value. // +kubebuilder:validation:Enum=Recreate;RollingUpdate Type string `json:"type,omitempty"` RollingUpdate *v1.RollingUpdateDeployment `json:"rollingUpdate,omitempty"` }
func (*Strategy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Strategy.
func (*Strategy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenX ¶
type TokenX struct { // If enabled, will provision and configure a TokenX client and inject an accompanying secret. Enabled bool `json:"enabled"` // If enabled, secrets for TokenX will be mounted as files only, i.e. not as environment variables. MountSecretsAsFilesOnly bool `json:"mountSecretsAsFilesOnly,omitempty"` }
func (*TokenX) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenX.
func (*TokenX) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Tracing ¶
type Tracing struct {
Enabled bool `json:"enabled,omitempty"`
}
func (*Tracing) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing.
func (*Tracing) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Vault ¶
type Vault struct { // If set to true, fetch secrets from Vault and inject into the pods. Enabled bool `json:"enabled,omitempty"` // If enabled, the sidecar will automatically refresh the token's Time-To-Live before it expires. Sidecar bool `json:"sidecar,omitempty"` // List of secret paths to be read from Vault and injected into the pod's filesystem. // Overriding the `paths` array is optional, and will give you fine-grained control over which Vault paths that will be mounted on the file system. // // By default, the list will contain an entry with // // `kvPath: /kv/<environment>/<zone>/<application>/<namespace>` // `mountPath: /var/run/secrets/nais.io/vault` // // that will always be attempted to be mounted. Paths []SecretPath `json:"paths,omitempty"` }
func (*Vault) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Vault.
func (*Vault) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Wonderwall ¶
type Wonderwall struct { // Automatically redirect the user to login for all proxied GET requests. // +nais:doc:Default="false" // +nais:doc:Link="https://doc.nais.io/auth/explanations/#autologin" AutoLogin bool `json:"autoLogin,omitempty"` // Absolute paths to ignore when auto-login is enabled. // +nais:doc:Link="https://doc.nais.io/auth/reference/#autologin-exclusions" AutoLoginIgnorePaths []WonderwallIgnorePaths `json:"autoLoginIgnorePaths,omitempty"` // Enable the sidecar. Enabled bool `json:"enabled"` // Resource requirements for the sidecar container. Resources *ResourceRequirements `json:"resources,omitempty"` }
func (*Wonderwall) DeepCopy ¶
func (in *Wonderwall) DeepCopy() *Wonderwall
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wonderwall.
func (*Wonderwall) DeepCopyInto ¶
func (in *Wonderwall) DeepCopyInto(out *Wonderwall)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WonderwallIgnorePaths ¶
type WonderwallIgnorePaths string
+kubebuilder:validation:Pattern=`^\/.*$`