v1alpha1

package
v1.7.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2023 License: Apache-2.0 Imports: 55 Imported by: 23

Documentation

Overview

+k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=cluster-extension/pkg/apis/cluster +k8s:defaulter-gen=TypeMeta +groupName=cluster.core.oam.dev

Index

Constants

View Source 
const (
	AnnotationKeyClusterGatewayStatusHealthy       = "status.cluster.core.oam.dev/healthy"
	AnnotationKeyClusterGatewayStatusHealthyReason = "status.cluster.core.oam.dev/healthy-reason"
)

Conversion between corev1.Secret and ClusterGateway:

  1. Storing credentials under the secret's data including X.509 key-pair or token.
  2. Extending the spec of ClusterGateway by the secret's label.
  3. Extending the status of ClusterGateway by the secrets' annotation.

NOTE: Because the secret resource is designed to have no "metadata.generation" field, the ClusterGateway resource also misses the generation tracking.

View Source 
const (
	AnnotationClusterGatewayProxyConfiguration = "cluster.core.oam.dev/cluster-gateway-proxy-configuration"
)

Variables

View Source 
var AddToScheme = func(scheme *runtime.Scheme) error {
	metav1.AddToGroupVersion(scheme, schema.GroupVersion{
		Group:   config.MetaApiGroupName,
		Version: config.MetaApiVersionName,
	})

	scheme.AddKnownTypes(schema.GroupVersion{
		Group:   config.MetaApiGroupName,
		Version: config.MetaApiVersionName,
	}, &ClusterGateway{}, &ClusterGatewayList{})
	scheme.AddKnownTypes(schema.GroupVersion{
		Group:   config.MetaApiGroupName,
		Version: config.MetaApiVersionName,
	}, &ClusterGatewayProxyOptions{})

	return nil
}
View Source 
var DialerGetter = func(ctx context.Context) (k8snet.DialFunc, error) {
	tlsCfg, err := util.GetClientTLSConfig(
		config.ClusterProxyCAFile,
		config.ClusterProxyCertFile,
		config.ClusterProxyKeyFile,
		config.ClusterProxyHost,
		nil)
	if err != nil {
		return nil, err
	}
	dialerTunnel, err := konnectivity.CreateSingleUseGrpcTunnel(
		ctx,
		net.JoinHostPort(config.ClusterProxyHost, strconv.Itoa(config.ClusterProxyPort)),
		grpc.WithTransportCredentials(grpccredentials.NewTLS(tlsCfg)),
		grpc.WithKeepaliveParams(keepalive.ClientParameters{
			Time: time.Second * 5,
		}),
	)
	if err != nil {
		return nil, err
	}
	return dialerTunnel.DialContext, nil
}
View Source 
var GlobalClusterGatewayProxyConfiguration = &ClusterGatewayProxyConfiguration{}
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: config.MetaApiGroupName, Version: config.MetaApiVersionName}

Functions

func ExchangeIdentity added in v1.7.0 

func ExchangeIdentity(exchanger *ClientIdentityExchanger, userInfo user.Info, cluster string) (matched bool, ruleName string, projected *rest.ImpersonationConfig, err error)

func GetEndpointURL 

func GetEndpointURL(c *ClusterGateway) (*url.URL, error)

func LoadGlobalClusterGatewayProxyConfig added in v1.7.0 

func LoadGlobalClusterGatewayProxyConfig() error

func NewClusterGatewayProxyRequestEscaper added in v1.7.0 

func NewClusterGatewayProxyRequestEscaper(delegate http.Handler) http.Handler

NewClusterGatewayProxyRequestEscaper wrap the base http.Handler and escape the dryRun parameter. Otherwise, the dryRun request will be blocked by apiserver middlewares

func NewConfigFromCluster 

func NewConfigFromCluster(ctx context.Context, c *ClusterGateway) (*restclient.Config, error)

func ValidateClusterGateway 

func ValidateClusterGateway(c *ClusterGateway) field.ErrorList

func ValidateClusterGatewaySpec 

func ValidateClusterGatewaySpec(c *ClusterGatewaySpec, path *field.Path) field.ErrorList

func ValidateClusterGatewaySpecAccess 

func ValidateClusterGatewaySpecAccess(c *ClusterAccess, path *field.Path) field.ErrorList

func ValidateClusterGatewaySpecAccessCredential 

func ValidateClusterGatewaySpecAccessCredential(c *ClusterAccessCredential, path *field.Path) field.ErrorList

Types

type ClientIdentityExchangeRule added in v1.7.0 

type ClientIdentityExchangeRule struct {
	Name   string                     `json:"name"`
	Type   ClientIdentityExchangeType `json:"type"`
	Source *IdentityExchangerSource   `json:"source"`

	Target *IdentityExchangerTarget `json:"target,omitempty"`
	URL    *string                  `json:"url,omitempty"`
}

type ClientIdentityExchangeType added in v1.7.0 

type ClientIdentityExchangeType string
const (
	PrivilegedIdentityExchanger    ClientIdentityExchangeType = "PrivilegedIdentityExchanger"
	StaticMappingIdentityExchanger ClientIdentityExchangeType = "StaticMappingIdentityExchanger"
	ExternalIdentityExchanger      ClientIdentityExchangeType = "ExternalIdentityExchanger"
)

type ClientIdentityExchanger added in v1.7.0 

type ClientIdentityExchanger struct {
	Rules []ClientIdentityExchangeRule `json:"rules,omitempty"`
}

type ClusterAccess 

type ClusterAccess struct {
	// Endpoint is a qualified URL string for accessing the cluster.
	// e.g. https://example.com:6443/
	Endpoint *ClusterEndpoint `json:"endpoint"`
	// Credential holds authentication configuration for
	// accessing the target cluster.
	Credential *ClusterAccessCredential `json:"credential,omitempty"`
}

func (*ClusterAccess) DeepCopy 

func (in *ClusterAccess) DeepCopy() *ClusterAccess

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAccess.

func (*ClusterAccess) DeepCopyInto 

func (in *ClusterAccess) DeepCopyInto(out *ClusterAccess)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAccessCredential 

type ClusterAccessCredential struct {
	// Type is the union discriminator for credential contents.
	Type                CredentialType `json:"type"`
	ServiceAccountToken string         `json:"serviceAccountToken,omitempty"`
	X509                *X509          `json:"x509,omitempty"`
}

func (*ClusterAccessCredential) DeepCopy 

func (in *ClusterAccessCredential) DeepCopy() *ClusterAccessCredential

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAccessCredential.

func (*ClusterAccessCredential) DeepCopyInto 

func (in *ClusterAccessCredential) DeepCopyInto(out *ClusterAccessCredential)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpoint 

type ClusterEndpoint struct {
	// Type is the union discriminator for prescribing apiserver endpoint.
	Type ClusterEndpointType `json:"type"`
	// Const prescribes fixed endpoint for requesting target clusters.
	Const *ClusterEndpointConst `json:"const,omitempty"`
}

func (*ClusterEndpoint) DeepCopy 

func (in *ClusterEndpoint) DeepCopy() *ClusterEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterEndpoint.

func (*ClusterEndpoint) DeepCopyInto 

func (in *ClusterEndpoint) DeepCopyInto(out *ClusterEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpointConst 

type ClusterEndpointConst struct {
	// Address is a qualified hostname for accessing the local kube-apiserver.
	Address string `json:"address"`
	// CABundle is used for verifying cluster's serving CA certificate.
	CABundle []byte `json:"caBundle,omitempty"`
	// Insecure indicates the cluster should be access'd w/o verifying
	// CA certificate at client-side.
	Insecure *bool `json:"insecure,omitempty"`
}

func (*ClusterEndpointConst) DeepCopy 

func (in *ClusterEndpointConst) DeepCopy() *ClusterEndpointConst

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterEndpointConst.

func (*ClusterEndpointConst) DeepCopyInto 

func (in *ClusterEndpointConst) DeepCopyInto(out *ClusterEndpointConst)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpointType 

type ClusterEndpointType string
const (
	// ClusterEndpointTypeConst prescribes requesting kube-apiserver via
	// a fixed endpoint url.
	ClusterEndpointTypeConst ClusterEndpointType = "Const"
	// ClusterEndpointTypeClusterProxy prescribes requesting kube-apiserver
	// through the konnectivity tunnel. Note that no explicit endpoint are
	// required under ClusterProxy mode.
	ClusterEndpointTypeClusterProxy ClusterEndpointType = "ClusterProxy"
)

type ClusterGateway 

type ClusterGateway struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterGatewaySpec   `json:"spec,omitempty"`
	Status ClusterGatewayStatus `json:"status,omitempty"`
}

+genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

ClusterGateway is an extension model for ManagedCluster which implements the Tier-II cluster model based on OCM's original abstraction of ManagedCluster. The Tier-II cluster model should be highly protected under RBAC policies and only the admin shall have the access to view the content of cluster credentials. +k8s:openapi-gen=true

func (*ClusterGateway) ConvertToTable 

func (in *ClusterGateway) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error)

func (*ClusterGateway) DeepCopy 

func (in *ClusterGateway) DeepCopy() *ClusterGateway

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGateway.

func (*ClusterGateway) DeepCopyInto 

func (in *ClusterGateway) DeepCopyInto(out *ClusterGateway)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGateway) DeepCopyObject 

func (in *ClusterGateway) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterGateway) Destroy added in v1.7.0 

func (in *ClusterGateway) Destroy()

func (*ClusterGateway) Get 

func (in *ClusterGateway) Get(ctx context.Context, name string, _ *metav1.GetOptions) (runtime.Object, error)

func (*ClusterGateway) GetArbitrarySubResources 

func (in *ClusterGateway) GetArbitrarySubResources() []resource.ArbitrarySubResource

func (*ClusterGateway) GetGroupVersionResource 

func (in *ClusterGateway) GetGroupVersionResource() schema.GroupVersionResource

func (*ClusterGateway) GetObjectMeta 

func (in *ClusterGateway) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterGateway) IsStorageVersion 

func (in *ClusterGateway) IsStorageVersion() bool

func (*ClusterGateway) List 

func (in *ClusterGateway) List(ctx context.Context, opt *internalversion.ListOptions) (runtime.Object, error)

func (*ClusterGateway) NamespaceScoped 

func (in *ClusterGateway) NamespaceScoped() bool

func (*ClusterGateway) New 

func (in *ClusterGateway) New() runtime.Object

func (*ClusterGateway) NewList 

func (in *ClusterGateway) NewList() runtime.Object

func (*ClusterGateway) Validate 

func (in *ClusterGateway) Validate(ctx context.Context) field.ErrorList

type ClusterGatewayHealth 

type ClusterGatewayHealth ClusterGateway

func (*ClusterGatewayHealth) Destroy added in v1.7.0 

func (in *ClusterGatewayHealth) Destroy()

func (*ClusterGatewayHealth) Get 

func (in *ClusterGatewayHealth) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error)

func (*ClusterGatewayHealth) New 

func (in *ClusterGatewayHealth) New() runtime.Object

func (*ClusterGatewayHealth) SubResourceName 

func (in *ClusterGatewayHealth) SubResourceName() string

func (*ClusterGatewayHealth) Update 

func (in *ClusterGatewayHealth) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error)

type ClusterGatewayList 

type ClusterGatewayList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []ClusterGateway `json:"items"`
}

ClusterGatewayList +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterGatewayList) DeepCopy 

func (in *ClusterGatewayList) DeepCopy() *ClusterGatewayList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayList.

func (*ClusterGatewayList) DeepCopyInto 

func (in *ClusterGatewayList) DeepCopyInto(out *ClusterGatewayList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGatewayList) DeepCopyObject 

func (in *ClusterGatewayList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterGatewayList) GetListMeta 

func (in *ClusterGatewayList) GetListMeta() *metav1.ListMeta

type ClusterGatewayProxy 

type ClusterGatewayProxy struct {
}

ClusterGatewayProxy is a subresource for ClusterGateway which allows user to proxy kubernetes resource requests to the managed cluster.

func (*ClusterGatewayProxy) Connect 

func (c *ClusterGatewayProxy) Connect(ctx context.Context, id string, options runtime.Object, r registryrest.Responder) (http.Handler, error)

func (*ClusterGatewayProxy) ConnectMethods 

func (c *ClusterGatewayProxy) ConnectMethods() []string

func (*ClusterGatewayProxy) DeepCopy 

func (in *ClusterGatewayProxy) DeepCopy() *ClusterGatewayProxy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayProxy.

func (*ClusterGatewayProxy) DeepCopyInto 

func (in *ClusterGatewayProxy) DeepCopyInto(out *ClusterGatewayProxy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGatewayProxy) Destroy added in v1.7.0 

func (in *ClusterGatewayProxy) Destroy()

func (*ClusterGatewayProxy) New 

func (c *ClusterGatewayProxy) New() runtime.Object

func (*ClusterGatewayProxy) NewConnectOptions 

func (c *ClusterGatewayProxy) NewConnectOptions() (runtime.Object, bool, string)

func (*ClusterGatewayProxy) SubResourceName 

func (c *ClusterGatewayProxy) SubResourceName() string

type ClusterGatewayProxyConfiguration added in v1.7.0 

type ClusterGatewayProxyConfiguration struct {
	metav1.TypeMeta `json:",inline"`
	Spec            ClusterGatewayProxyConfigurationSpec `json:"spec"`
}

type ClusterGatewayProxyConfigurationSpec added in v1.7.0 

type ClusterGatewayProxyConfigurationSpec struct {
	ClientIdentityExchanger `json:"clientIdentityExchanger"`
}

type ClusterGatewayProxyOptions 

type ClusterGatewayProxyOptions struct {
	metav1.TypeMeta

	// Path is the target api path of the proxy request.
	// e.g. "/healthz", "/api/v1"
	Path string `json:"path"`

	// Impersonate indicates whether to impersonate as the original
	// user identity from the request context after proxying to the
	// target cluster.
	// Note that this will requires additional RBAC settings inside
	// the target cluster for the impersonated users (i.e. the end-
	// user using the proxy subresource.).
	Impersonate bool `json:"impersonate"`
}

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterGatewayProxyOptions) ConvertFromUrlValues 

func (in *ClusterGatewayProxyOptions) ConvertFromUrlValues(values *url.Values) error

func (*ClusterGatewayProxyOptions) DeepCopy 

func (in *ClusterGatewayProxyOptions) DeepCopy() *ClusterGatewayProxyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayProxyOptions.

func (*ClusterGatewayProxyOptions) DeepCopyInto 

func (in *ClusterGatewayProxyOptions) DeepCopyInto(out *ClusterGatewayProxyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterGatewayProxyOptions) DeepCopyObject 

func (in *ClusterGatewayProxyOptions) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterGatewaySpec 

type ClusterGatewaySpec struct {
	Provider    string                            `json:"provider"`
	Access      ClusterAccess                     `json:"access"`
	ProxyConfig *ClusterGatewayProxyConfiguration `json:"-"`
}

ClusterGatewaySpec defines the desired state of ClusterGateway

func (*ClusterGatewaySpec) DeepCopy 

func (in *ClusterGatewaySpec) DeepCopy() *ClusterGatewaySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewaySpec.

func (*ClusterGatewaySpec) DeepCopyInto 

func (in *ClusterGatewaySpec) DeepCopyInto(out *ClusterGatewaySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterGatewayStatus 

type ClusterGatewayStatus struct {
	// Healthy indicates whether the cluster is healthy.
	// If the `HealthinessCheck` feature gate is enabled, calling proxy
	// subresource upon unhealthy clusters will be rejected.
	Healthy bool `json:"healthy"`
	// HealthyReason is the reason explaining the cluster's healthiness.
	HealthyReason HealthyReasonType `json:"healthyReason,omitempty"`
}

ClusterGatewayStatus defines the observed state of ClusterGateway

func (*ClusterGatewayStatus) DeepCopy 

func (in *ClusterGatewayStatus) DeepCopy() *ClusterGatewayStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGatewayStatus.

func (*ClusterGatewayStatus) DeepCopyInto 

func (in *ClusterGatewayStatus) DeepCopyInto(out *ClusterGatewayStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CredentialType 

type CredentialType string
const (
	// CredentialTypeServiceAccountToken means the cluster is accessible via
	// ServiceAccountToken.
	CredentialTypeServiceAccountToken CredentialType = "ServiceAccountToken"
	// CredentialTypeX509Certificate means the cluster is accessible via
	// X509 certificate and key.
	CredentialTypeX509Certificate CredentialType = "X509Certificate"
)

type ErrorResponderFunc 

type ErrorResponderFunc func(w http.ResponseWriter, req *http.Request, err error)

+k8s:deepcopy-gen=false

func (ErrorResponderFunc) Error 

func (e ErrorResponderFunc) Error(w http.ResponseWriter, req *http.Request, err error)

type HealthyReasonType 

type HealthyReasonType string
const (
	HealthyReasonTypeClusterGatewayNotRegistered HealthyReasonType = "ClusterGatewayNotRegistered"
	HealthyReasonTypeCertificateMismatch         HealthyReasonType = "CertificateMismatch"
	HealthyReasonTypeConnectionTimeout           HealthyReasonType = "ConnectionTimeout"
	HealthyReasonTypeUnknownPrefix               HealthyReasonType = "Unknown:"
)

type IdentityExchangerSource added in v1.7.0 

type IdentityExchangerSource struct {
	User    *string `json:"user,omitempty"`
	Group   *string `json:"group,omitempty"`
	UID     *string `json:"uid,omitempty"`
	Cluster *string `json:"cluster,omitempty"`

	UserPattern    *string `json:"userPattern,omitempty"`
	GroupPattern   *string `json:"groupPattern,omitempty"`
	ClusterPattern *string `json:"clusterPattern,omitempty"`
}

type IdentityExchangerTarget added in v1.7.0 

type IdentityExchangerTarget struct {
	User   string   `json:"user,omitempty"`
	Groups []string `json:"groups,omitempty"`
	UID    string   `json:"uid,omitempty"`
}

type RoundTripperFunc 

type RoundTripperFunc func(req *http.Request) (*http.Response, error)

+k8s:deepcopy-gen=false

func (RoundTripperFunc) RoundTrip 

func (fn RoundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error)

type X509 

type X509 struct {
	Certificate []byte `json:"certificate"`
	PrivateKey  []byte `json:"privateKey"`
}

func (*X509) DeepCopy 

func (in *X509) DeepCopy() *X509

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509.

func (*X509) DeepCopyInto 

func (in *X509) DeepCopyInto(out *X509)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.