v1alpha1

package
v1.7.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2023 License: Apache-2.0 Imports: 54 Imported by: 23

Documentation

Overview

+k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=cluster-extension/pkg/apis/cluster +k8s:defaulter-gen=TypeMeta +groupName=cluster.core.oam.dev

Index

Constants

View Source 
const (
	AnnotationKeyClusterGatewayStatusHealthy       = "status.cluster.core.oam.dev/healthy"
	AnnotationKeyClusterGatewayStatusHealthyReason = "status.cluster.core.oam.dev/healthy-reason"
)

Conversion between corev1.Secret and ClusterGateway:

  1. Storing credentials under the secret's data including X.509 key-pair or token.
  2. Extending the spec of ClusterGateway by the secret's label.
  3. Extending the status of ClusterGateway by the secrets' annotation.

NOTE: Because the secret resource is designed to have no "metadata.generation" field, the ClusterGateway resource also misses the generation tracking.

View Source 
const (
	AnnotationClusterGatewayProxyConfiguration = "cluster.core.oam.dev/cluster-gateway-proxy-configuration"
)

Variables

View Source 
var AddToScheme = func(scheme *runtime.Scheme) error {
	metav1.AddToGroupVersion(scheme, schema.GroupVersion{
		Group:   config.MetaApiGroupName,
		Version: config.MetaApiVersionName,
	})

	scheme.AddKnownTypes(schema.GroupVersion{
		Group:   config.MetaApiGroupName,
		Version: config.MetaApiVersionName,
	}, &ClusterGateway{}, &ClusterGatewayList{})
	scheme.AddKnownTypes(schema.GroupVersion{
		Group:   config.MetaApiGroupName,
		Version: config.MetaApiVersionName,
	}, &ClusterGatewayProxyOptions{})

	return nil
}
View Source 
var DialerGetter = func(ctx context.Context) (k8snet.DialFunc, error) {
	tlsCfg, err := util.GetClientTLSConfig(
		config.ClusterProxyCAFile,
		config.ClusterProxyCertFile,
		config.ClusterProxyKeyFile,
		config.ClusterProxyHost,
		nil)
	if err != nil {
		return nil, err
	}
	dialerTunnel, err := konnectivity.CreateSingleUseGrpcTunnel(
		ctx,
		net.JoinHostPort(config.ClusterProxyHost, strconv.Itoa(config.ClusterProxyPort)),
		grpc.WithTransportCredentials(grpccredentials.NewTLS(tlsCfg)),
		grpc.WithKeepaliveParams(keepalive.ClientParameters{
			Time: time.Second * 5,
		}),
	)
	if err != nil {
		return nil, err
	}
	return dialerTunnel.DialContext, nil
}
View Source 
var GlobalClusterGatewayProxyConfiguration = &ClusterGatewayProxyConfiguration{}
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: config.MetaApiGroupName, Version: config.MetaApiVersionName}

Functions

func ExchangeIdentity added in v1.7.0 

func ExchangeIdentity(exchanger *ClientIdentityExchanger, userInfo user.Info, cluster string) (matched bool, ruleName string, projected *rest.ImpersonationConfig, err error)

func GetEndpointURL 

func GetEndpointURL(c *ClusterGateway) (*url.URL, error)

func LoadGlobalClusterGatewayProxyConfig added in v1.7.0 

func LoadGlobalClusterGatewayProxyConfig() error

func NewConfigFromCluster 

func NewConfigFromCluster(ctx context.Context, c *ClusterGateway) (*restclient.Config, error)

func ValidateClusterGateway 

func ValidateClusterGateway(c *ClusterGateway) field.ErrorList

func ValidateClusterGatewaySpec 

func ValidateClusterGatewaySpec(c *ClusterGatewaySpec, path *field.Path) field.ErrorList

func ValidateClusterGatewaySpecAccess 

func ValidateClusterGatewaySpecAccess(c *ClusterAccess, path *field.Path) field.ErrorList

func ValidateClusterGatewaySpecAccessCredential 

func ValidateClusterGatewaySpecAccessCredential(c *ClusterAccessCredential, path *field.Path) field.ErrorList

Types

type ClientIdentityExchangeRule added in v1.7.0 

type ClientIdentityExchangeRule struct {
	Name   string                     `json:"name"`
	Type   ClientIdentityExchangeType `json:"type"`
	Source *IdentityExchangerSource   `json:"source"`

	Target *IdentityExchangerTarget `json:"target,omitempty"`
	URL    *string                  `json:"url,omitempty"`
}

type ClientIdentityExchangeType added in v1.7.0 

type ClientIdentityExchangeType string
const (
	PrivilegedIdentityExchanger    ClientIdentityExchangeType = "PrivilegedIdentityExchanger"
	StaticMappingIdentityExchanger ClientIdentityExchangeType = "StaticMappingIdentityExchanger"
	ExternalIdentityExchanger      ClientIdentityExchangeType = "ExternalIdentityExchanger"
)

type ClientIdentityExchanger added in v1.7.0 

type ClientIdentityExchanger struct {
	Rules []ClientIdentityExchangeRule `json:"rules,omitempty"`
}

type ClusterAccess 

type ClusterAccess struct {
	// Endpoint is a qualified URL string for accessing the cluster.
	// e.g. https://example.com:6443/
	Endpoint *ClusterEndpoint `json:"endpoint"`
	// Credential holds authentication configuration for
	// accessing the target cluster.
	Credential *ClusterAccessCredential `json:"credential,omitempty"`
}

func (*ClusterAccess) DeepCopy 

func (in *ClusterAccess) DeepCopy() *ClusterAccess

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAccess.

func (*ClusterAccess) DeepCopyInto 

func (in *ClusterAccess) DeepCopyInto(out *ClusterAccess)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAccessCredential 

type ClusterAccessCredential struct {
	// Type is the union discriminator for credential contents.
	Type                CredentialType `json:"type"`
	ServiceAccountToken string         `json:"serviceAccountToken,omitempty"`
	X509                *X509          `json:"x509,omitempty"`
}

func (*ClusterAccessCredential) DeepCopy 

func (in *ClusterAccessCredential) DeepCopy() *ClusterAccessCredential

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAccessCredential.

func (*ClusterAccessCredential) DeepCopyInto 

func (in *ClusterAccessCredential) DeepCopyInto(out *ClusterAccessCredential)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpoint 

type ClusterEndpoint struct {
	// Type is the union discriminator for prescribing apiserver endpoint.
	Type ClusterEndpointType `json:"type"`
	// Const prescribes fixed endpoint for requesting target clusters.
	Const *ClusterEndpointConst `json:"const,omitempty"`
}

func (*ClusterEndpoint) DeepCopy 

func (in *ClusterEndpoint) DeepCopy() *ClusterEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterEndpoint.

func (*ClusterEndpoint) DeepCopyInto 

func (in *ClusterEndpoint) DeepCopyInto(out *ClusterEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpointConst 

type ClusterEndpointConst struct {
	// Address is a qualified hostname for accessing the local kube-apiserver.
	Address string `json:"address"`
	// CABundle is used for verifying cluster's serving CA certificate.
	CABundle []byte `json:"caBundle,omitempty"`
	// Insecure indicates the cluster should be access'd w/o verifying
	// CA certificate at client-side.
	Insecure *bool `json:"insecure,omitempty"`
}

func (*ClusterEndpointConst) DeepCopy 

func (in *ClusterEndpointConst) DeepCopy() *ClusterEndpointConst

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterEndpointConst.

func (*ClusterEndpointConst) DeepCopyInto 

func (in *ClusterEndpointConst) DeepCopyInto(out *ClusterEndpointConst)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpointType 

type ClusterEndpointType string
const (
	// ClusterEndpointTypeConst prescribes requesting kube-apiserver via
	// a fixed endpoint url.
	ClusterEndpointTypeConst ClusterEndpointType = "Const"
	// ClusterEndpointTypeClusterProxy prescribes requesting kube-apiserver
	// through the konnectivity tunnel. Note that no explicit endpoint are
	// required under ClusterProxy mode.
	ClusterEndpointTypeClusterProxy ClusterEndpointType = "ClusterProxy"
)

type ClusterGateway 

type ClusterGateway struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterGatewaySpec   `json:"spec,omitempty"`
	Status ClusterGatewayStatus `json:"status,omitempty"`
}

+genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

ClusterGateway is an extension model for ManagedCluster which implements the Tier-II cluster model based on OCM's original abstraction of ManagedCluster. The Tier-II cluster model should be highly protected under RBAC policies and only the admin shall have the access to view the content of cluster credentials. +k8s:openapi-gen=true

func (*ClusterGateway) ConvertToTable 

func (in *ClusterGateway) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error)

func (*ClusterGateway) DeepCopy 

func (in *ClusterGateway) DeepCopy() *ClusterGateway

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGateway.

func (*ClusterGateway) DeepCopyInto 

func (in *ClusterGateway) DeepCopyInto(out *ClusterGateway)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGateway) DeepCopyObject 

func (in *ClusterGateway) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterGateway) Destroy added in v1.7.0 

func (in *ClusterGateway) Destroy()

func (*ClusterGateway) Get 

func (in *ClusterGateway) Get(ctx context.Context, name string, _ *metav1.GetOptions) (runtime.Object, error)

func (*ClusterGateway) GetArbitrarySubResources 

func (in *ClusterGateway) GetArbitrarySubResources() []resource.ArbitrarySubResource

func (*ClusterGateway) GetGroupVersionResource 

func (in *ClusterGateway) GetGroupVersionResource() schema.GroupVersionResource

func (*ClusterGateway) GetObjectMeta 

func (in *ClusterGateway) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterGateway) IsStorageVersion 

func (in *ClusterGateway) IsStorageVersion() bool

func (*ClusterGateway) List 

func (in *ClusterGateway) List(ctx context.Context, opt *internalversion.ListOptions) (runtime.Object, error)

func (*ClusterGateway) NamespaceScoped 

func (in *ClusterGateway) NamespaceScoped() bool

func (*ClusterGateway) New 

func (in *ClusterGateway) New() runtime.Object

func (*ClusterGateway) NewList 

func (in *ClusterGateway) NewList() runtime.Object

func (*ClusterGateway) Validate 

func (in *ClusterGateway) Validate(ctx context.Context) field.ErrorList

type ClusterGatewayHealth 

type ClusterGatewayHealth ClusterGateway

func (*ClusterGatewayHealth) Destroy added in v1.7.0 

func (in *ClusterGatewayHealth) Destroy()

func (*ClusterGatewayHealth) Get 

func (in *ClusterGatewayHealth) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error)

func (*ClusterGatewayHealth) New 

func (in *ClusterGatewayHealth) New() runtime.Object

func (*ClusterGatewayHealth) SubResourceName 

func (in *ClusterGatewayHealth) SubResourceName() string

func (*ClusterGatewayHealth) Update 

func (in *ClusterGatewayHealth) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error)

type ClusterGatewayList 

type ClusterGatewayList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []ClusterGateway `json:"items"`
}

ClusterGatewayList +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterGatewayList) DeepCopy 

func (in *ClusterGatewayList) DeepCopy() *ClusterGatewayList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayList.

func (*ClusterGatewayList) DeepCopyInto 

func (in *ClusterGatewayList) DeepCopyInto(out *ClusterGatewayList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGatewayList) DeepCopyObject 

func (in *ClusterGatewayList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterGatewayList) GetListMeta 

func (in *ClusterGatewayList) GetListMeta() *metav1.ListMeta

type ClusterGatewayProxy 

type ClusterGatewayProxy struct {
}

ClusterGatewayProxy is a subresource for ClusterGateway which allows user to proxy kubernetes resource requests to the managed cluster.

func (*ClusterGatewayProxy) Connect 

func (c *ClusterGatewayProxy) Connect(ctx context.Context, id string, options runtime.Object, r registryrest.Responder) (http.Handler, error)

func (*ClusterGatewayProxy) ConnectMethods 

func (c *ClusterGatewayProxy) ConnectMethods() []string

func (*ClusterGatewayProxy) DeepCopy 

func (in *ClusterGatewayProxy) DeepCopy() *ClusterGatewayProxy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayProxy.

func (*ClusterGatewayProxy) DeepCopyInto 

func (in *ClusterGatewayProxy) DeepCopyInto(out *ClusterGatewayProxy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGatewayProxy) Destroy added in v1.7.0 

func (in *ClusterGatewayProxy) Destroy()

func (*ClusterGatewayProxy) New 

func (c *ClusterGatewayProxy) New() runtime.Object

func (*ClusterGatewayProxy) NewConnectOptions 

func (c *ClusterGatewayProxy) NewConnectOptions() (runtime.Object, bool, string)

func (*ClusterGatewayProxy) SubResourceName 

func (c *ClusterGatewayProxy) SubResourceName() string

type ClusterGatewayProxyConfiguration added in v1.7.0 

type ClusterGatewayProxyConfiguration struct {
	metav1.TypeMeta `json:",inline"`
	Spec            ClusterGatewayProxyConfigurationSpec `json:"spec"`
}

type ClusterGatewayProxyConfigurationSpec added in v1.7.0 

type ClusterGatewayProxyConfigurationSpec struct {
	ClientIdentityExchanger `json:"clientIdentityExchanger"`
}

type ClusterGatewayProxyOptions 

type ClusterGatewayProxyOptions struct {
	metav1.TypeMeta

	// Path is the target api path of the proxy request.
	// e.g. "/healthz", "/api/v1"
	Path string `json:"path"`

	// Impersonate indicates whether to impersonate as the original
	// user identity from the request context after proxying to the
	// target cluster.
	// Note that this will requires additional RBAC settings inside
	// the target cluster for the impersonated users (i.e. the end-
	// user using the proxy subresource.).
	Impersonate bool `json:"impersonate"`
}

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterGatewayProxyOptions) ConvertFromUrlValues 

func (in *ClusterGatewayProxyOptions) ConvertFromUrlValues(values *url.Values) error

func (*ClusterGatewayProxyOptions) DeepCopy 

func (in *ClusterGatewayProxyOptions) DeepCopy() *ClusterGatewayProxyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayProxyOptions.

func (*ClusterGatewayProxyOptions) DeepCopyInto 

func (in *ClusterGatewayProxyOptions) DeepCopyInto(out *ClusterGatewayProxyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGatewayProxyOptions) DeepCopyObject 

func (in *ClusterGatewayProxyOptions) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterGatewaySpec 

type ClusterGatewaySpec struct {
	Provider    string                            `json:"provider"`
	Access      ClusterAccess                     `json:"access"`
	ProxyConfig *ClusterGatewayProxyConfiguration `json:"-"`
}

ClusterGatewaySpec defines the desired state of ClusterGateway

func (*ClusterGatewaySpec) DeepCopy 

func (in *ClusterGatewaySpec) DeepCopy() *ClusterGatewaySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewaySpec.

func (*ClusterGatewaySpec) DeepCopyInto 

func (in *ClusterGatewaySpec) DeepCopyInto(out *ClusterGatewaySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterGatewayStatus 

type ClusterGatewayStatus struct {
	// Healthy indicates whether the cluster is healthy.
	// If the `HealthinessCheck` feature gate is enabled, calling proxy
	// subresource upon unhealthy clusters will be rejected.
	Healthy bool `json:"healthy"`
	// HealthyReason is the reason explaining the cluster's healthiness.
	HealthyReason HealthyReasonType `json:"healthyReason,omitempty"`
}

ClusterGatewayStatus defines the observed state of ClusterGateway

func (*ClusterGatewayStatus) DeepCopy 

func (in *ClusterGatewayStatus) DeepCopy() *ClusterGatewayStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayStatus.

func (*ClusterGatewayStatus) DeepCopyInto 

func (in *ClusterGatewayStatus) DeepCopyInto(out *ClusterGatewayStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CredentialType 

type CredentialType string
const (
	// CredentialTypeServiceAccountToken means the cluster is accessible via
	// ServiceAccountToken.
	CredentialTypeServiceAccountToken CredentialType = "ServiceAccountToken"
	// CredentialTypeX509Certificate means the cluster is accessible via
	// X509 certificate and key.
	CredentialTypeX509Certificate CredentialType = "X509Certificate"
)

type ErrorResponderFunc 

type ErrorResponderFunc func(w http.ResponseWriter, req *http.Request, err error)

+k8s:deepcopy-gen=false

func (ErrorResponderFunc) Error 

func (e ErrorResponderFunc) Error(w http.ResponseWriter, req *http.Request, err error)

type HealthyReasonType 

type HealthyReasonType string
const (
	HealthyReasonTypeClusterGatewayNotRegistered HealthyReasonType = "ClusterGatewayNotRegistered"
	HealthyReasonTypeCertificateMismatch         HealthyReasonType = "CertificateMismatch"
	HealthyReasonTypeConnectionTimeout           HealthyReasonType = "ConnectionTimeout"
	HealthyReasonTypeUnknownPrefix               HealthyReasonType = "Unknown:"
)

type IdentityExchangerSource added in v1.7.0 

type IdentityExchangerSource struct {
	User    *string `json:"user,omitempty"`
	Group   *string `json:"group,omitempty"`
	UID     *string `json:"uid,omitempty"`
	Cluster *string `json:"cluster,omitempty"`

	UserPattern    *string `json:"userPattern,omitempty"`
	GroupPattern   *string `json:"groupPattern,omitempty"`
	ClusterPattern *string `json:"clusterPattern,omitempty"`
}

type IdentityExchangerTarget added in v1.7.0 

type IdentityExchangerTarget struct {
	User   string   `json:"user,omitempty"`
	Groups []string `json:"groups,omitempty"`
	UID    string   `json:"uid,omitempty"`
}

type RoundTripperFunc 

type RoundTripperFunc func(req *http.Request) (*http.Response, error)

+k8s:deepcopy-gen=false

func (RoundTripperFunc) RoundTrip 

func (fn RoundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error)

type X509 

type X509 struct {
	Certificate []byte `json:"certificate"`
	PrivateKey  []byte `json:"privateKey"`
}

func (*X509) DeepCopy 

func (in *X509) DeepCopy() *X509

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509.

func (*X509) DeepCopyInto 

func (in *X509) DeepCopyInto(out *X509)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.