Documentation ¶
Overview ¶
Package apiserver is the internal version of the API.
Index ¶
- Constants
- Variables
- type AdmissionConfiguration
- type AdmissionPluginConfiguration
- type AuthenticationConfiguration
- type AuthorizationConfiguration
- type AuthorizerConfiguration
- type AuthorizerType
- type ClaimMappings
- type ClaimValidationRule
- type Connection
- type EgressSelection
- type EgressSelectorConfiguration
- type Issuer
- type JWTAuthenticator
- type PrefixedClaimOrExpression
- type ProtocolType
- type TCPTransport
- type TLSConfig
- type TracingConfiguration
- type Transport
- type UDSTransport
- type WebhookConfiguration
- type WebhookConnectionInfo
- type WebhookMatchCondition
Constants ¶
const ( TypeWebhook AuthorizerType = "Webhook" FailurePolicyNoOpinion string = "NoOpinion" FailurePolicyDeny string = "Deny" AuthorizationWebhookConnectionInfoTypeKubeConfig string = "KubeConfigFile" AuthorizationWebhookConnectionInfoTypeInCluster string = "InClusterConfig" )
const GroupName = "apiserver.config.k8s.io"
const LegacyGroupName = "apiserver.k8s.io"
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal}
LegacySchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
This section is empty.
Types ¶
type AdmissionConfiguration ¶
type AdmissionConfiguration struct { metav1.TypeMeta // Plugins allows specifying a configuration per admission control plugin. // +optional Plugins []AdmissionPluginConfiguration }
AdmissionConfiguration provides versioned configuration for admission controllers.
func (*AdmissionConfiguration) DeepCopy ¶
func (in *AdmissionConfiguration) DeepCopy() *AdmissionConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfiguration.
func (*AdmissionConfiguration) DeepCopyInto ¶
func (in *AdmissionConfiguration) DeepCopyInto(out *AdmissionConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AdmissionConfiguration) DeepCopyObject ¶
func (in *AdmissionConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AdmissionPluginConfiguration ¶
type AdmissionPluginConfiguration struct { // Name is the name of the admission controller. // It must match the registered admission plugin name. Name string // Path is the path to a configuration file that contains the plugin's // configuration // +optional Path string // Configuration is an embedded configuration object to be used as the plugin's // configuration. If present, it will be used instead of the path to the configuration file. // +optional Configuration *runtime.Unknown }
AdmissionPluginConfiguration provides the configuration for a single plug-in.
func (*AdmissionPluginConfiguration) DeepCopy ¶
func (in *AdmissionPluginConfiguration) DeepCopy() *AdmissionPluginConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfiguration.
func (*AdmissionPluginConfiguration) DeepCopyInto ¶
func (in *AdmissionPluginConfiguration) DeepCopyInto(out *AdmissionPluginConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthenticationConfiguration ¶ added in v0.29.0
type AuthenticationConfiguration struct { metav1.TypeMeta JWT []JWTAuthenticator }
AuthenticationConfiguration provides versioned configuration for authentication.
func (*AuthenticationConfiguration) DeepCopy ¶ added in v0.29.0
func (in *AuthenticationConfiguration) DeepCopy() *AuthenticationConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationConfiguration.
func (*AuthenticationConfiguration) DeepCopyInto ¶ added in v0.29.0
func (in *AuthenticationConfiguration) DeepCopyInto(out *AuthenticationConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthenticationConfiguration) DeepCopyObject ¶ added in v0.29.0
func (in *AuthenticationConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthorizationConfiguration ¶ added in v0.29.0
type AuthorizationConfiguration struct { metav1.TypeMeta // Authorizers is an ordered list of authorizers to // authorize requests against. // This is similar to the --authorization-modes kube-apiserver flag // Must be at least one. Authorizers []AuthorizerConfiguration `json:"authorizers"` }
func (*AuthorizationConfiguration) DeepCopy ¶ added in v0.29.0
func (in *AuthorizationConfiguration) DeepCopy() *AuthorizationConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfiguration.
func (*AuthorizationConfiguration) DeepCopyInto ¶ added in v0.29.0
func (in *AuthorizationConfiguration) DeepCopyInto(out *AuthorizationConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthorizationConfiguration) DeepCopyObject ¶ added in v0.29.0
func (in *AuthorizationConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthorizerConfiguration ¶ added in v0.29.0
type AuthorizerConfiguration struct { // Type refers to the type of the authorizer // "Webhook" is supported in the generic API server // Other API servers may support additional authorizer // types like Node, RBAC, ABAC, etc. Type AuthorizerType // Name used to describe the webhook // This is explicitly used in monitoring machinery for metrics // Note: Names must be DNS1123 labels like `myauthorizername` or // subdomains like `myauthorizer.example.domain` // Required, with no default Name string // Webhook defines the configuration for a Webhook authorizer // Must be defined when Type=Webhook Webhook *WebhookConfiguration }
func (*AuthorizerConfiguration) DeepCopy ¶ added in v0.29.0
func (in *AuthorizerConfiguration) DeepCopy() *AuthorizerConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizerConfiguration.
func (*AuthorizerConfiguration) DeepCopyInto ¶ added in v0.29.0
func (in *AuthorizerConfiguration) DeepCopyInto(out *AuthorizerConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthorizerType ¶ added in v0.29.0
type AuthorizerType string
type ClaimMappings ¶ added in v0.29.0
type ClaimMappings struct { Username PrefixedClaimOrExpression Groups PrefixedClaimOrExpression }
ClaimMappings provides the configuration for claim mapping
func (*ClaimMappings) DeepCopy ¶ added in v0.29.0
func (in *ClaimMappings) DeepCopy() *ClaimMappings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimMappings.
func (*ClaimMappings) DeepCopyInto ¶ added in v0.29.0
func (in *ClaimMappings) DeepCopyInto(out *ClaimMappings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClaimValidationRule ¶ added in v0.29.0
ClaimValidationRule provides the configuration for a single claim validation rule.
func (*ClaimValidationRule) DeepCopy ¶ added in v0.29.0
func (in *ClaimValidationRule) DeepCopy() *ClaimValidationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimValidationRule.
func (*ClaimValidationRule) DeepCopyInto ¶ added in v0.29.0
func (in *ClaimValidationRule) DeepCopyInto(out *ClaimValidationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Connection ¶ added in v0.16.4
type Connection struct { // Protocol is the protocol used to connect from client to the konnectivity server. ProxyProtocol ProtocolType // Transport defines the transport configurations we use to dial to the konnectivity server. // This is required if ProxyProtocol is HTTPConnect or GRPC. // +optional Transport *Transport }
Connection provides the configuration for a single egress selection client.
func (*Connection) DeepCopy ¶ added in v0.16.4
func (in *Connection) DeepCopy() *Connection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection.
func (*Connection) DeepCopyInto ¶ added in v0.16.4
func (in *Connection) DeepCopyInto(out *Connection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EgressSelection ¶ added in v0.16.4
type EgressSelection struct { // Name is the name of the egress selection. // Currently supported values are "controlplane", "etcd" and "cluster" Name string // Connection is the exact information used to configure the egress selection Connection Connection }
EgressSelection provides the configuration for a single egress selection client.
func (*EgressSelection) DeepCopy ¶ added in v0.16.4
func (in *EgressSelection) DeepCopy() *EgressSelection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelection.
func (*EgressSelection) DeepCopyInto ¶ added in v0.16.4
func (in *EgressSelection) DeepCopyInto(out *EgressSelection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EgressSelectorConfiguration ¶ added in v0.16.4
type EgressSelectorConfiguration struct { metav1.TypeMeta // EgressSelections contains a list of egress selection client configurations EgressSelections []EgressSelection }
EgressSelectorConfiguration provides versioned configuration for egress selector clients.
func (*EgressSelectorConfiguration) DeepCopy ¶ added in v0.16.4
func (in *EgressSelectorConfiguration) DeepCopy() *EgressSelectorConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelectorConfiguration.
func (*EgressSelectorConfiguration) DeepCopyInto ¶ added in v0.16.4
func (in *EgressSelectorConfiguration) DeepCopyInto(out *EgressSelectorConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EgressSelectorConfiguration) DeepCopyObject ¶ added in v0.16.4
func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type Issuer ¶ added in v0.29.0
Issuer provides the configuration for a external provider specific settings.
func (*Issuer) DeepCopy ¶ added in v0.29.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (*Issuer) DeepCopyInto ¶ added in v0.29.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTAuthenticator ¶ added in v0.29.0
type JWTAuthenticator struct { Issuer Issuer ClaimValidationRules []ClaimValidationRule ClaimMappings ClaimMappings }
JWTAuthenticator provides the configuration for a single JWT authenticator.
func (*JWTAuthenticator) DeepCopy ¶ added in v0.29.0
func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.
func (*JWTAuthenticator) DeepCopyInto ¶ added in v0.29.0
func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrefixedClaimOrExpression ¶ added in v0.29.0
PrefixedClaimOrExpression provides the configuration for a single prefixed claim or expression.
func (*PrefixedClaimOrExpression) DeepCopy ¶ added in v0.29.0
func (in *PrefixedClaimOrExpression) DeepCopy() *PrefixedClaimOrExpression
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefixedClaimOrExpression.
func (*PrefixedClaimOrExpression) DeepCopyInto ¶ added in v0.29.0
func (in *PrefixedClaimOrExpression) DeepCopyInto(out *PrefixedClaimOrExpression)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProtocolType ¶ added in v0.18.0
type ProtocolType string
ProtocolType is a set of valid values for Connection.ProtocolType
const ( // Use HTTPConnect to connect to konnectivity server ProtocolHTTPConnect ProtocolType = "HTTPConnect" // Use grpc to connect to konnectivity server ProtocolGRPC ProtocolType = "GRPC" // Connect directly (skip konnectivity server) ProtocolDirect ProtocolType = "Direct" )
Valid types for ProtocolType for konnectivity server
type TCPTransport ¶ added in v0.18.0
type TCPTransport struct { // URL is the location of the konnectivity server to connect to. // As an example it might be "https://127.0.0.1:8131" URL string // TLSConfig is the config needed to use TLS when connecting to konnectivity server // +optional TLSConfig *TLSConfig }
TCPTransport provides the information to connect to konnectivity server via TCP
func (*TCPTransport) DeepCopy ¶ added in v0.18.0
func (in *TCPTransport) DeepCopy() *TCPTransport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTransport.
func (*TCPTransport) DeepCopyInto ¶ added in v0.18.0
func (in *TCPTransport) DeepCopyInto(out *TCPTransport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSConfig ¶ added in v0.18.0
type TLSConfig struct { // caBundle is the file location of the CA to be used to determine trust with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // If absent while TCPTransport.URL is prefixed with https://, default to system trust roots. // +optional CABundle string // clientKey is the file location of the client key to authenticate with the konnectivity server // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string // clientCert is the file location of the client certificate to authenticate with the konnectivity server // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientCert string }
TLSConfig provides the authentication information to connect to konnectivity server Only used with TCPTransport
func (*TLSConfig) DeepCopy ¶ added in v0.18.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.
func (*TLSConfig) DeepCopyInto ¶ added in v0.18.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TracingConfiguration ¶ added in v0.22.0
type TracingConfiguration struct { metav1.TypeMeta // Embed the component config tracing configuration struct tracingapi.TracingConfiguration }
TracingConfiguration provides versioned configuration for tracing clients.
func (*TracingConfiguration) DeepCopy ¶ added in v0.22.0
func (in *TracingConfiguration) DeepCopy() *TracingConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfiguration.
func (*TracingConfiguration) DeepCopyInto ¶ added in v0.22.0
func (in *TracingConfiguration) DeepCopyInto(out *TracingConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TracingConfiguration) DeepCopyObject ¶ added in v0.22.0
func (in *TracingConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type Transport ¶ added in v0.18.0
type Transport struct { // TCP is the TCP configuration for communicating with the konnectivity server via TCP // ProxyProtocol of GRPC is not supported with TCP transport at the moment // Requires at least one of TCP or UDS to be set // +optional TCP *TCPTransport // UDS is the UDS configuration for communicating with the konnectivity server via UDS // Requires at least one of TCP or UDS to be set // +optional UDS *UDSTransport }
Transport defines the transport configurations we use to dial to the konnectivity server
func (*Transport) DeepCopy ¶ added in v0.18.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Transport.
func (*Transport) DeepCopyInto ¶ added in v0.18.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UDSTransport ¶ added in v0.18.0
type UDSTransport struct { // UDSName is the name of the unix domain socket to connect to konnectivity server // This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket) UDSName string }
UDSTransport provides the information to connect to konnectivity server via UDS
func (*UDSTransport) DeepCopy ¶ added in v0.18.0
func (in *UDSTransport) DeepCopy() *UDSTransport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDSTransport.
func (*UDSTransport) DeepCopyInto ¶ added in v0.18.0
func (in *UDSTransport) DeepCopyInto(out *UDSTransport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookConfiguration ¶ added in v0.29.0
type WebhookConfiguration struct { // The duration to cache 'authorized' responses from the webhook // authorizer. // Same as setting `--authorization-webhook-cache-authorized-ttl` flag // Default: 5m0s AuthorizedTTL metav1.Duration // authorizer. // Same as setting `--authorization-webhook-cache-unauthorized-ttl` flag // Default: 30s UnauthorizedTTL metav1.Duration // Timeout for the webhook request // Maximum allowed value is 30s. // Required, no default value. Timeout metav1.Duration // The API version of the authorization.k8s.io SubjectAccessReview to // send to and expect from the webhook. // Same as setting `--authorization-webhook-version` flag // Valid values: v1beta1, v1 // Required, no default value SubjectAccessReviewVersion string // MatchConditionSubjectAccessReviewVersion specifies the SubjectAccessReview // version the CEL expressions are evaluated against // Valid values: v1 // Required, no default value MatchConditionSubjectAccessReviewVersion string // Controls the authorization decision when a webhook request fails to // complete or returns a malformed response or errors evaluating // matchConditions. // Valid values: // - NoOpinion: continue to subsequent authorizers to see if one of // them allows the request // - Deny: reject the request without consulting subsequent authorizers // Required, with no default. FailurePolicy string // ConnectionInfo defines how we talk to the webhook ConnectionInfo WebhookConnectionInfo // matchConditions is a list of conditions that must be met for a request to be sent to this // webhook. An empty list of matchConditions matches all requests. // There are a maximum of 64 match conditions allowed. // // The exact matching logic is (in order): // 1. If at least one matchCondition evaluates to FALSE, then the webhook is skipped. // 2. If ALL matchConditions evaluate to TRUE, then the webhook is called. // 3. If at least one matchCondition evaluates to an error (but none are FALSE): // - If failurePolicy=Deny, then the webhook rejects the request // - If failurePolicy=NoOpinion, then the error is ignored and the webhook is skipped MatchConditions []WebhookMatchCondition }
func (*WebhookConfiguration) DeepCopy ¶ added in v0.29.0
func (in *WebhookConfiguration) DeepCopy() *WebhookConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConfiguration.
func (*WebhookConfiguration) DeepCopyInto ¶ added in v0.29.0
func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookConnectionInfo ¶ added in v0.29.0
type WebhookConnectionInfo struct { // Controls how the webhook should communicate with the server. // Valid values: // - KubeConfig: use the file specified in kubeConfigFile to locate the // server. // - InClusterConfig: use the in-cluster configuration to call the // SubjectAccessReview API hosted by kube-apiserver. This mode is not // allowed for kube-apiserver. Type string // Path to KubeConfigFile for connection info // Required, if connectionInfo.Type is KubeConfig KubeConfigFile *string }
func (*WebhookConnectionInfo) DeepCopy ¶ added in v0.29.0
func (in *WebhookConnectionInfo) DeepCopy() *WebhookConnectionInfo
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConnectionInfo.
func (*WebhookConnectionInfo) DeepCopyInto ¶ added in v0.29.0
func (in *WebhookConnectionInfo) DeepCopyInto(out *WebhookConnectionInfo)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookMatchCondition ¶ added in v0.29.0
type WebhookMatchCondition struct { // expression represents the expression which will be evaluated by CEL. Must evaluate to bool. // CEL expressions have access to the contents of the SubjectAccessReview in v1 version. // If version specified by subjectAccessReviewVersion in the request variable is v1beta1, // the contents would be converted to the v1 version before evaluating the CEL expression. // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ Expression string }
func (*WebhookMatchCondition) DeepCopy ¶ added in v0.29.0
func (in *WebhookMatchCondition) DeepCopy() *WebhookMatchCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookMatchCondition.
func (*WebhookMatchCondition) DeepCopyInto ¶ added in v0.29.0
func (in *WebhookMatchCondition) DeepCopyInto(out *WebhookMatchCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Directories ¶
Path | Synopsis |
---|---|
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
Package v1alpha1 is the v1alpha1 version of the API.
|
Package v1alpha1 is the v1alpha1 version of the API. |
Package v1beta1 is the v1beta1 version of the API.
|
Package v1beta1 is the v1beta1 version of the API. |