Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the spire v1alpha1 API group +kubebuilder:object:generate=true +groupName=spire.spiffe.io
Index ¶
- Variables
- func LoadOptionsFromFile(path string, scheme *runtime.Scheme, options *ctrl.Options, ...) error
- func ParseClusterFederatedTrustDomainSpec(spec *ClusterFederatedTrustDomainSpec) (*spireapi.FederationRelationship, error)
- type BundleEndpointProfile
- type BundleEndpointProfileType
- type ClusterFederatedTrustDomain
- func (in *ClusterFederatedTrustDomain) DeepCopy() *ClusterFederatedTrustDomain
- func (in *ClusterFederatedTrustDomain) DeepCopyInto(out *ClusterFederatedTrustDomain)
- func (in *ClusterFederatedTrustDomain) DeepCopyObject() runtime.Object
- func (r *ClusterFederatedTrustDomain) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *ClusterFederatedTrustDomain) ValidateCreate() (admission.Warnings, error)
- func (r *ClusterFederatedTrustDomain) ValidateDelete() (admission.Warnings, error)
- func (r *ClusterFederatedTrustDomain) ValidateUpdate(runtime.Object) (admission.Warnings, error)
- type ClusterFederatedTrustDomainList
- type ClusterFederatedTrustDomainSpec
- type ClusterFederatedTrustDomainStatus
- type ClusterSPIFFEID
- func (in *ClusterSPIFFEID) DeepCopy() *ClusterSPIFFEID
- func (in *ClusterSPIFFEID) DeepCopyInto(out *ClusterSPIFFEID)
- func (in *ClusterSPIFFEID) DeepCopyObject() runtime.Object
- func (r *ClusterSPIFFEID) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *ClusterSPIFFEID) ValidateCreate() (admission.Warnings, error)
- func (r *ClusterSPIFFEID) ValidateDelete() (admission.Warnings, error)
- func (r *ClusterSPIFFEID) ValidateUpdate(runtime.Object) (admission.Warnings, error)
- type ClusterSPIFFEIDList
- type ClusterSPIFFEIDSpec
- type ClusterSPIFFEIDStats
- type ClusterSPIFFEIDStatus
- type ClusterStaticEntry
- type ClusterStaticEntryList
- type ClusterStaticEntrySpec
- type ClusterStaticEntryStatus
- type ControllerConfigurationSpec
- type ControllerHealth
- type ControllerManagerConfig
- type ControllerManagerConfigurationSpec
- type ControllerMetrics
- type ControllerWebhook
- type NamespaceConfig
- type ParsedClusterSPIFFEIDSpec
- type ReconcileConfig
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "spire.spiffe.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func LoadOptionsFromFile ¶ added in v0.2.3
func ParseClusterFederatedTrustDomainSpec ¶
func ParseClusterFederatedTrustDomainSpec(spec *ClusterFederatedTrustDomainSpec) (*spireapi.FederationRelationship, error)
Types ¶
type BundleEndpointProfile ¶
type BundleEndpointProfile struct {
// Type is the type of the bundle endpoint profile.
Type BundleEndpointProfileType `json:"type"`
// EndpointSPIFFEID is the SPIFFE ID of the bundle endpoint. It is
// required for the "https_spiffe" profile.
// +kubebuilder:validation:Optional
EndpointSPIFFEID string `json:"endpointSPIFFEID,omitempty"`
}
BundleEndpointProfile is the profile for the federated trust domain
func (*BundleEndpointProfile) DeepCopy ¶
func (in *BundleEndpointProfile) DeepCopy() *BundleEndpointProfile
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleEndpointProfile.
func (*BundleEndpointProfile) DeepCopyInto ¶
func (in *BundleEndpointProfile) DeepCopyInto(out *BundleEndpointProfile)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BundleEndpointProfileType ¶
type BundleEndpointProfileType string
+kubebuilder:validation:Enum=https_spiffe;https_web
const ( // HTTPSSPIFFEProfileType indicates an "https_spiffe" SPIFFE federation profile HTTPSSPIFFEProfileType BundleEndpointProfileType = "https_spiffe" // HTTPSWebProfileType indicates an "https_web" SPIFFE federation profile HTTPSWebProfileType BundleEndpointProfileType = "https_web" )
type ClusterFederatedTrustDomain ¶
type ClusterFederatedTrustDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterFederatedTrustDomainSpec `json:"spec,omitempty"`
Status ClusterFederatedTrustDomainStatus `json:"status,omitempty"`
}
+kubebuilder:printcolumn:name="Trust Domain",type=string,JSONPath=`.spec.trustDomain` +kubebuilder:printcolumn:name="Endpoint URL",type=string,JSONPath=`.spec.bundleEndpointURL` ClusterFederatedTrustDomain is the Schema for the clusterfederatedtrustdomains API
func (*ClusterFederatedTrustDomain) DeepCopy ¶
func (in *ClusterFederatedTrustDomain) DeepCopy() *ClusterFederatedTrustDomain
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomain.
func (*ClusterFederatedTrustDomain) DeepCopyInto ¶
func (in *ClusterFederatedTrustDomain) DeepCopyInto(out *ClusterFederatedTrustDomain)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterFederatedTrustDomain) DeepCopyObject ¶
func (in *ClusterFederatedTrustDomain) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterFederatedTrustDomain) SetupWebhookWithManager ¶
func (r *ClusterFederatedTrustDomain) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*ClusterFederatedTrustDomain) ValidateCreate ¶
func (r *ClusterFederatedTrustDomain) ValidateCreate() (admission.Warnings, error)
ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (*ClusterFederatedTrustDomain) ValidateDelete ¶
func (r *ClusterFederatedTrustDomain) ValidateDelete() (admission.Warnings, error)
ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (*ClusterFederatedTrustDomain) ValidateUpdate ¶
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
type ClusterFederatedTrustDomainList ¶
type ClusterFederatedTrustDomainList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterFederatedTrustDomain `json:"items"`
}
ClusterFederatedTrustDomainList contains a list of ClusterFederatedTrustDomain
func (*ClusterFederatedTrustDomainList) DeepCopy ¶
func (in *ClusterFederatedTrustDomainList) DeepCopy() *ClusterFederatedTrustDomainList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomainList.
func (*ClusterFederatedTrustDomainList) DeepCopyInto ¶
func (in *ClusterFederatedTrustDomainList) DeepCopyInto(out *ClusterFederatedTrustDomainList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterFederatedTrustDomainList) DeepCopyObject ¶
func (in *ClusterFederatedTrustDomainList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterFederatedTrustDomainSpec ¶
type ClusterFederatedTrustDomainSpec struct {
// TrustDomain is the name of the trust domain to federate with (e.g. example.org)
// +kubebuilder:validation:Pattern="[a-z0-9._-]{1,255}"
TrustDomain string `json:"trustDomain"`
// BundleEndpointURL is the URL of the bundle endpoint. It must be an
// HTTPS URL and cannot contain userinfo (i.e. username/password).
BundleEndpointURL string `json:"bundleEndpointURL"`
// BundleEndpointProfile is the profile for the bundle endpoint.
BundleEndpointProfile BundleEndpointProfile `json:"bundleEndpointProfile"`
// TrustDomainBundle is the contents of the bundle for the referenced trust
// domain. This field is optional when the resource is created.
// +kubebuilder:validation:Optional
TrustDomainBundle string `json:"trustDomainBundle,omitempty"`
// Set which Controller Class will act on this object
// +kubebuilder:validation:Optional
ClassName string `json:"className,omitempty"`
}
ClusterFederatedTrustDomainSpec defines the desired state of ClusterFederatedTrustDomain
func (*ClusterFederatedTrustDomainSpec) DeepCopy ¶
func (in *ClusterFederatedTrustDomainSpec) DeepCopy() *ClusterFederatedTrustDomainSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomainSpec.
func (*ClusterFederatedTrustDomainSpec) DeepCopyInto ¶
func (in *ClusterFederatedTrustDomainSpec) DeepCopyInto(out *ClusterFederatedTrustDomainSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterFederatedTrustDomainStatus ¶
type ClusterFederatedTrustDomainStatus struct {
}
ClusterFederatedTrustDomainStatus defines the observed state of ClusterFederatedTrustDomain
func (*ClusterFederatedTrustDomainStatus) DeepCopy ¶
func (in *ClusterFederatedTrustDomainStatus) DeepCopy() *ClusterFederatedTrustDomainStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomainStatus.
func (*ClusterFederatedTrustDomainStatus) DeepCopyInto ¶
func (in *ClusterFederatedTrustDomainStatus) DeepCopyInto(out *ClusterFederatedTrustDomainStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSPIFFEID ¶
type ClusterSPIFFEID struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterSPIFFEIDSpec `json:"spec,omitempty"`
// +optional
Status ClusterSPIFFEIDStatus `json:"status,omitempty"`
}
ClusterSPIFFEID is the Schema for the clusterspiffeids API
func (*ClusterSPIFFEID) DeepCopy ¶
func (in *ClusterSPIFFEID) DeepCopy() *ClusterSPIFFEID
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEID.
func (*ClusterSPIFFEID) DeepCopyInto ¶
func (in *ClusterSPIFFEID) DeepCopyInto(out *ClusterSPIFFEID)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSPIFFEID) DeepCopyObject ¶
func (in *ClusterSPIFFEID) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterSPIFFEID) SetupWebhookWithManager ¶
func (r *ClusterSPIFFEID) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*ClusterSPIFFEID) ValidateCreate ¶
func (r *ClusterSPIFFEID) ValidateCreate() (admission.Warnings, error)
ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (*ClusterSPIFFEID) ValidateDelete ¶
func (r *ClusterSPIFFEID) ValidateDelete() (admission.Warnings, error)
ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (*ClusterSPIFFEID) ValidateUpdate ¶
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
type ClusterSPIFFEIDList ¶
type ClusterSPIFFEIDList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterSPIFFEID `json:"items"`
}
ClusterSPIFFEIDList contains a list of ClusterSPIFFEID
func (*ClusterSPIFFEIDList) DeepCopy ¶
func (in *ClusterSPIFFEIDList) DeepCopy() *ClusterSPIFFEIDList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDList.
func (*ClusterSPIFFEIDList) DeepCopyInto ¶
func (in *ClusterSPIFFEIDList) DeepCopyInto(out *ClusterSPIFFEIDList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSPIFFEIDList) DeepCopyObject ¶
func (in *ClusterSPIFFEIDList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterSPIFFEIDSpec ¶
type ClusterSPIFFEIDSpec struct {
// SPIFFEID is the SPIFFE ID template. The node and pod spec are made
// available to the template under .NodeSpec, .PodSpec respectively.
SPIFFEIDTemplate string `json:"spiffeIDTemplate"`
// TTL indicates an upper-bound time-to-live for X509 SVIDs minted for this
// ClusterSPIFFEID. If unset, a default will be chosen.
TTL metav1.Duration `json:"ttl,omitempty"`
// JWTTTL indicates an upper-bound time-to-live for JWT SVIDs minted for this
// ClusterSPIFFEID.
JWTTTL metav1.Duration `json:"jwtTtl,omitempty"`
// DNSNameTemplate represents templates for extra DNS names that are
// applicable to SVIDs minted for this ClusterSPIFFEID.
// The node and pod spec are made available to the template under
// .NodeSpec, .PodSpec respectively.
DNSNameTemplates []string `json:"dnsNameTemplates,omitempty"`
// WorkloadSelectorTemplates are templates to produce arbitrary workload
// selectors that apply to a given workload before it will receive this
// SPIFFE ID. The rendered value is interpreted by SPIRE and are of the
// form type:value, where the value may, and often does, contain
// semicolons, .e.g., k8s:container-image:docker/hello-world
// The node and pod spec are made available to the template under
// .NodeSpec, .PodSpec respectively.
WorkloadSelectorTemplates []string `json:"workloadSelectorTemplates,omitempty"`
// FederatesWith is a list of trust domain names that workloads that
// obtain this SPIFFE ID will federate with.
FederatesWith []string `json:"federatesWith,omitempty"`
// NamespaceSelector selects the namespaces that are targeted by this
// CRD.
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
// PodSelector selects the pods that are targeted by this
// CRD.
PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`
// Admin indicates whether or not the SVID can be used to access the SPIRE
// administrative APIs. Extra care should be taken to only apply this
// SPIFFE ID to admin workloads.
Admin bool `json:"admin,omitempty"`
// Downstream indicates that the entry describes a downstream SPIRE server.
Downstream bool `json:"downstream,omitempty"`
// AutoPopulateDNSNames indicates whether or not to auto populate service DNS names.
AutoPopulateDNSNames bool `json:"autoPopulateDNSNames,omitempty"`
// Set which Controller Class will act on this object
// +kubebuilder:validation:Optional
ClassName string `json:"className,omitempty"`
// Apply this ID only if there are no other matching non fallback ClusterSPIFFEIDs.
// +kubebuilder:validation:Optional
Fallback bool `json:"fallback,omitempty"`
// Set the entry hint
// +kubebuilder:validation:Optional
Hint string `json:"hint,omitempty"`
}
ClusterSPIFFEIDSpec defines the desired state of ClusterSPIFFEID
func (*ClusterSPIFFEIDSpec) DeepCopy ¶
func (in *ClusterSPIFFEIDSpec) DeepCopy() *ClusterSPIFFEIDSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDSpec.
func (*ClusterSPIFFEIDSpec) DeepCopyInto ¶
func (in *ClusterSPIFFEIDSpec) DeepCopyInto(out *ClusterSPIFFEIDSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSPIFFEIDStats ¶
type ClusterSPIFFEIDStats struct {
// How many namespaces were selected.
// +kubebuilder:validation:Optional
NamespacesSelected int `json:"namespacesSelected"`
// How many (selected) namespaces were ignored (based on configuration).
// +kubebuilder:validation:Optional
NamespacesIgnored int `json:"namespacesIgnored"`
// How many pods were selected out of the namespaces.
// +kubebuilder:validation:Optional
PodsSelected int `json:"podsSelected"`
// How many failures were encountered rendering an entry selected pods.
// This could be due to either a bad template in the ClusterSPIFFEID or
// Pod metadata that when applied to the template did not produce valid
// entry values.
// +kubebuilder:validation:Optional
PodEntryRenderFailures int `json:"podEntryRenderFailures"`
// How many entries were masked by entries for other ClusterSPIFFEIDs.
// This happens when one or more ClusterSPIFFEIDs produce an entry for
// the same pod with the same set of workload selectors.
// +kubebuilder:validation:Optional
EntriesMasked int `json:"entriesMasked"`
// How many entries are to be set for this ClusterSPIFFEID. In nominal
// conditions, this should reflect the number of pods selected, but not
// always if there were problems encountered rendering an entry for the pod
// (RenderFailures) or entries are masked (EntriesMasked).
// +kubebuilder:validation:Optional
EntriesToSet int `json:"entriesToSet"`
// How many entries were unable to be set due to failures to create or
// update the entries via the SPIRE Server API.
// +kubebuilder:validation:Optional
EntryFailures int `json:"entryFailures"`
}
ClusterSPIFFEIDStats contain entry reconciliation statistics.
func (*ClusterSPIFFEIDStats) DeepCopy ¶
func (in *ClusterSPIFFEIDStats) DeepCopy() *ClusterSPIFFEIDStats
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDStats.
func (*ClusterSPIFFEIDStats) DeepCopyInto ¶
func (in *ClusterSPIFFEIDStats) DeepCopyInto(out *ClusterSPIFFEIDStats)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSPIFFEIDStatus ¶
type ClusterSPIFFEIDStatus struct {
// Stats produced by the last entry reconciliation run
// +kubebuilder:validation:Optional
Stats ClusterSPIFFEIDStats `json:"stats"`
}
ClusterSPIFFEIDStatus defines the observed state of ClusterSPIFFEID
func (*ClusterSPIFFEIDStatus) DeepCopy ¶
func (in *ClusterSPIFFEIDStatus) DeepCopy() *ClusterSPIFFEIDStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDStatus.
func (*ClusterSPIFFEIDStatus) DeepCopyInto ¶
func (in *ClusterSPIFFEIDStatus) DeepCopyInto(out *ClusterSPIFFEIDStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterStaticEntry ¶ added in v0.3.0
type ClusterStaticEntry struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterStaticEntrySpec `json:"spec,omitempty"`
Status ClusterStaticEntryStatus `json:"status,omitempty"`
}
ClusterStaticEntry is the Schema for the clusterstaticentries API
func (*ClusterStaticEntry) DeepCopy ¶ added in v0.3.0
func (in *ClusterStaticEntry) DeepCopy() *ClusterStaticEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStaticEntry.
func (*ClusterStaticEntry) DeepCopyInto ¶ added in v0.3.0
func (in *ClusterStaticEntry) DeepCopyInto(out *ClusterStaticEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterStaticEntry) DeepCopyObject ¶ added in v0.3.0
func (in *ClusterStaticEntry) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterStaticEntryList ¶ added in v0.3.0
type ClusterStaticEntryList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterStaticEntry `json:"items"`
}
ClusterStaticEntryList contains a list of ClusterStaticEntry
func (*ClusterStaticEntryList) DeepCopy ¶ added in v0.3.0
func (in *ClusterStaticEntryList) DeepCopy() *ClusterStaticEntryList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStaticEntryList.
func (*ClusterStaticEntryList) DeepCopyInto ¶ added in v0.3.0
func (in *ClusterStaticEntryList) DeepCopyInto(out *ClusterStaticEntryList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterStaticEntryList) DeepCopyObject ¶ added in v0.3.0
func (in *ClusterStaticEntryList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterStaticEntrySpec ¶ added in v0.3.0
type ClusterStaticEntrySpec struct {
SPIFFEID string `json:"spiffeID"`
ParentID string `json:"parentID"`
Selectors []string `json:"selectors"`
FederatesWith []string `json:"federatesWith,omitempty"`
X509SVIDTTL metav1.Duration `json:"x509SVIDTTL,omitempty"`
JWTSVIDTTL metav1.Duration `json:"jwtSVIDTTL,omitempty"`
DNSNames []string `json:"dnsNames,omitempty"`
Hint string `json:"hint,omitempty"`
Admin bool `json:"admin,omitempty"`
Downstream bool `json:"downstream,omitempty"`
StoreSVID bool `json:"storeSVID,omitempty"`
// Set which Controller Class will act on this object
// +kubebuilder:validation:Optional
ClassName string `json:"className,omitempty"`
}
ClusterStaticEntrySpec defines the desired state of ClusterStaticEntry
func (*ClusterStaticEntrySpec) DeepCopy ¶ added in v0.3.0
func (in *ClusterStaticEntrySpec) DeepCopy() *ClusterStaticEntrySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStaticEntrySpec.
func (*ClusterStaticEntrySpec) DeepCopyInto ¶ added in v0.3.0
func (in *ClusterStaticEntrySpec) DeepCopyInto(out *ClusterStaticEntrySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterStaticEntryStatus ¶ added in v0.3.0
type ClusterStaticEntryStatus struct {
// If the static entry rendered properly.
Rendered bool `json:"rendered"`
// If the static entry was masked by another entry.
Masked bool `json:"masked"`
// If the static entry was successfully created/updated.
Set bool `json:"set"`
}
ClusterStaticEntryStatus defines the observed state of ClusterStaticEntry
func (*ClusterStaticEntryStatus) DeepCopy ¶ added in v0.3.0
func (in *ClusterStaticEntryStatus) DeepCopy() *ClusterStaticEntryStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStaticEntryStatus.
func (*ClusterStaticEntryStatus) DeepCopyInto ¶ added in v0.3.0
func (in *ClusterStaticEntryStatus) DeepCopyInto(out *ClusterStaticEntryStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerConfigurationSpec ¶ added in v0.2.3
type ControllerConfigurationSpec struct {
// GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
// allowed for that controller.
//
// When a controller is registered within this manager using the builder utilities,
// users have to specify the type the controller reconciles in the For(...) call.
// If the object's kind passed matches one of the keys in this map, the concurrency
// for that controller is set to the number specified.
//
// The key is expected to be consistent in form with GroupKind.String(),
// e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
//
// +optional
GroupKindConcurrency map[string]int `json:"groupKindConcurrency,omitempty"`
// CacheSyncTimeout refers to the time limit set to wait for syncing caches.
// Defaults to 2 minutes if not set.
// +optional
CacheSyncTimeout *time.Duration `json:"cacheSyncTimeout,omitempty"`
// RecoverPanic indicates if panics should be recovered.
// +optional
RecoverPanic *bool `json:"recoverPanic,omitempty"`
}
ControllerConfigurationSpec defines the global configuration for controllers registered with the manager.
func (*ControllerConfigurationSpec) DeepCopy ¶ added in v0.2.3
func (in *ControllerConfigurationSpec) DeepCopy() *ControllerConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfigurationSpec.
func (*ControllerConfigurationSpec) DeepCopyInto ¶ added in v0.2.3
func (in *ControllerConfigurationSpec) DeepCopyInto(out *ControllerConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerHealth ¶ added in v0.2.3
type ControllerHealth struct {
// HealthProbeBindAddress is the TCP address that the controller should bind to
// for serving health probes
// It can be set to "0" or "" to disable serving the health probe.
// +optional
HealthProbeBindAddress string `json:"healthProbeBindAddress,omitempty"`
// ReadinessEndpointName, defaults to "readyz"
// +optional
ReadinessEndpointName string `json:"readinessEndpointName,omitempty"`
// LivenessEndpointName, defaults to "healthz"
// +optional
LivenessEndpointName string `json:"livenessEndpointName,omitempty"`
}
ControllerHealth defines the health configs.
func (*ControllerHealth) DeepCopy ¶ added in v0.2.3
func (in *ControllerHealth) DeepCopy() *ControllerHealth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerHealth.
func (*ControllerHealth) DeepCopyInto ¶ added in v0.2.3
func (in *ControllerHealth) DeepCopyInto(out *ControllerHealth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerManagerConfig ¶
type ControllerManagerConfig struct {
metav1.TypeMeta `json:",inline"`
// ControllerManagerConfigurationSpec returns the contfigurations for controllers
ControllerManagerConfigurationSpec `json:",inline"`
// ClusterName is the cluster name
ClusterName string `json:"clusterName"`
// ClusterDomain is the cluster domain, ie cluster.local
ClusterDomain string `json:"clusterDomain"`
// TrustDomain is the name of the SPIFFE trust domain
TrustDomain string `json:"trustDomain"`
// IgnoreNamespaces are the namespaces to ignore
IgnoreNamespaces []string `json:"ignoreNamespaces"`
// ValidatingWebhookConfigurationName selects the webhook configuration to manage.
// Defaults to spire-controller-manager-webhook.
ValidatingWebhookConfigurationName string `json:"validatingWebhookConfigurationName"`
// GCInterval is how often SPIRE state is reconciled when the controller
// is otherwise idle. This impacts how quickly SPIRE state will converge
// after CRDs are removed or SPIRE state is mutated out from underneath
// the controller.
GCInterval time.Duration `json:"gcInterval"`
// SPIREServerSocketPath is the path to the SPIRE Server API socket
SPIREServerSocketPath string `json:"spireServerSocketPath"`
}
ControllerManagerConfig is the Schema for the controller manager configuration
func (*ControllerManagerConfig) DeepCopy ¶
func (in *ControllerManagerConfig) DeepCopy() *ControllerManagerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerManagerConfig.
func (*ControllerManagerConfig) DeepCopyInto ¶
func (in *ControllerManagerConfig) DeepCopyInto(out *ControllerManagerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ControllerManagerConfig) DeepCopyObject ¶
func (in *ControllerManagerConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ControllerManagerConfigurationSpec ¶ added in v0.2.3
type ControllerManagerConfigurationSpec struct {
// SyncPeriod determines the minimum frequency at which watched resources are
// reconciled. A lower period will correct entropy more quickly, but reduce
// responsiveness to change if there are many watched resources. Change this
// value only if you know what you are doing. Defaults to 10 hours if unset.
// there will a 10 percent jitter between the SyncPeriod of all controllers
// so that all controllers will not send list requests simultaneously.
// +optional
SyncPeriod *metav1.Duration `json:"syncPeriod,omitempty"`
// LeaderElection is the LeaderElection config to be used when configuring
// the manager.Manager leader election.
// +optional
LeaderElection *configv1alpha1.LeaderElectionConfiguration `json:"leaderElection,omitempty"`
// CacheNamespace if specified restricts the manager's cache to watch objects in
// the desired namespace. Defaults to all namespaces.
// Deprecated: use cacheNamespaces instead
//
// Note: If a namespace is specified, controllers can still Watch for a
// cluster-scoped resource (e.g Node). For namespaced resources the cache
// will only hold objects from the desired namespace.
// +optional
CacheNamespace string `json:"cacheNamespace,omitempty"`
// CacheNamespaces if specified restricts the manager's cache to watch objects in
// the desired namespaces. Defaults to all namespaces.
// +optional
CacheNamespaces map[string]*NamespaceConfig `json:"cacheNamespaces,omitempty"`
// GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
// To disable graceful shutdown, set to time.Duration(0)
// To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
// The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
GracefulShutdownTimeout *metav1.Duration `json:"gracefulShutDown,omitempty"`
// Controller contains global configuration options for controllers
// registered within this manager.
// +optional
Controller *ControllerConfigurationSpec `json:"controller,omitempty"`
// Metrics contains the controller metrics configuration
// +optional
Metrics ControllerMetrics `json:"metrics,omitempty"`
// Health contains the controller health configuration
// +optional
Health ControllerHealth `json:"health,omitempty"`
// Webhook contains the controllers webhook configuration
// +optional
Webhook ControllerWebhook `json:"webhook,omitempty"`
// ClassName contains the name of a class to watch CRs for. Others will be ignored.
// If unset all will be watched.
// +optional
ClassName string `json:"className,omitempty"`
// If WatchClassless is set and ClassName is set, any CR without a ClassName
// specified will also be handled by this controller.
// +optional
WatchClassless bool `json:"watchClassless,omitempty"`
// If specified, uses a different parent id template for linking pods to nodes
// +optional
ParentIDTemplate string `json:"parentIDTemplate,omitempty"`
// If specified, only syncs the specified CR types. Defaults to all.
// +optional
Reconcile *ReconcileConfig `json:"reconcile,omitempty"`
// If specified, prefixes each entry id with `<prefix>.`. Entries without the Prefix will be ignored (except ones marked for cleanup, see EntryIDPrefixCleanup).
// +optiional
EntryIDPrefix string `json:"entryIDPrefix,omitempty"`
// If specified, entries with the specified prefix will be removed. If set to "" it will clean up all unprefixed entries.
// It can not be set to the same value as EntryIDPrefix.
// Generally useful when switching from nonprefixed to prefixed, or between two different prefixes.
// +optiional
EntryIDPrefixCleanup *string `json:"entryIDPrefixCleanup,omitempty"`
}
ControllerManagerConfigurationSpec defines the desired state of GenericControllerManagerConfiguration.
func (*ControllerManagerConfigurationSpec) DeepCopy ¶ added in v0.2.3
func (in *ControllerManagerConfigurationSpec) DeepCopy() *ControllerManagerConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerManagerConfigurationSpec.
func (*ControllerManagerConfigurationSpec) DeepCopyInto ¶ added in v0.2.3
func (in *ControllerManagerConfigurationSpec) DeepCopyInto(out *ControllerManagerConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerMetrics ¶ added in v0.2.3
type ControllerMetrics struct {
// BindAddress is the TCP address that the controller should bind to
// for serving prometheus metrics.
// It can be set to "0" to disable the metrics serving.
// +optional
BindAddress string `json:"bindAddress,omitempty"`
}
ControllerMetrics defines the metrics configs.
func (*ControllerMetrics) DeepCopy ¶ added in v0.2.3
func (in *ControllerMetrics) DeepCopy() *ControllerMetrics
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerMetrics.
func (*ControllerMetrics) DeepCopyInto ¶ added in v0.2.3
func (in *ControllerMetrics) DeepCopyInto(out *ControllerMetrics)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerWebhook ¶ added in v0.2.3
type ControllerWebhook struct {
// Port is the port that the webhook server serves at.
// It is used to set webhook.Server.Port.
// +optional
Port *int `json:"port,omitempty"`
// Host is the hostname that the webhook server binds to.
// It is used to set webhook.Server.Host.
// +optional
Host string `json:"host,omitempty"`
// CertDir is the directory that contains the server key and certificate.
// if not set, webhook server would look up the server key and certificate in
// {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
// must be named tls.key and tls.crt, respectively.
// +optional
CertDir string `json:"certDir,omitempty"`
}
ControllerWebhook defines the webhook server for the controller.
func (*ControllerWebhook) DeepCopy ¶ added in v0.2.3
func (in *ControllerWebhook) DeepCopy() *ControllerWebhook
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerWebhook.
func (*ControllerWebhook) DeepCopyInto ¶ added in v0.2.3
func (in *ControllerWebhook) DeepCopyInto(out *ControllerWebhook)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamespaceConfig ¶ added in v0.4.1
type NamespaceConfig struct {
// LabelSelectors map of Labels selectors
// +optional
LabelSelectors map[string]string `json:"labelSelectors,omitempty"`
// FieldSelectors map of Fields selectors
// +optional
FieldSelectors map[string]string `json:"fieldSelectors,omitempty"`
}
NamespaceConfig configuration used to filter cached namespaces
func (*NamespaceConfig) DeepCopy ¶ added in v0.4.1
func (in *NamespaceConfig) DeepCopy() *NamespaceConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceConfig.
func (*NamespaceConfig) DeepCopyInto ¶ added in v0.4.1
func (in *NamespaceConfig) DeepCopyInto(out *NamespaceConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ParsedClusterSPIFFEIDSpec ¶
type ParsedClusterSPIFFEIDSpec struct {
SPIFFEIDTemplate *template.Template
NamespaceSelector labels.Selector
PodSelector labels.Selector
TTL time.Duration
JWTTTL time.Duration
FederatesWith []spiffeid.TrustDomain
DNSNameTemplates []*template.Template
WorkloadSelectorTemplates []*template.Template
Admin bool
Downstream bool
AutoPopulateDNSNames bool
Hint string
}
+kubebuilder:object:generate=false ParsedClusterSPIFFEIDSpec is a parsed and validated ClusterSPIFFEIDSpec
func ParseClusterSPIFFEIDSpec ¶
func ParseClusterSPIFFEIDSpec(spec *ClusterSPIFFEIDSpec) (*ParsedClusterSPIFFEIDSpec, error)
ParseClusterSPIFFEIDSpec parses and validates the fields in the ClusterSPIFFEIDSpec
type ReconcileConfig ¶ added in v0.4.3
type ReconcileConfig struct {
// ClusterSpiffeIds enable syncing of clusterspiffeids
// +optional
ClusterSPIFFEIDs bool `json:"clusterSPIFFEIDs,omitempty"`
// ClusterFederatedTrustDomains enable syncing of clusterfederatedtrustdomains
// +optional
ClusterFederatedTrustDomains bool `json:"clusterFederatedTrustDomains,omitempty"`
// ClusterStaticEntries enable syncing of clusterstaticentries
// +optional
ClusterStaticEntries bool `json:"clusterStaticEntries,omitempty"`
}
ReconcileConfig configuration used to enable/disable syncing various types
func (*ReconcileConfig) DeepCopy ¶ added in v0.4.3
func (in *ReconcileConfig) DeepCopy() *ReconcileConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReconcileConfig.
func (*ReconcileConfig) DeepCopyInto ¶ added in v0.4.3
func (in *ReconcileConfig) DeepCopyInto(out *ReconcileConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files