Documentation ¶
Overview ¶
Package v1beta1 is the v1beta1 version of the API.
Index ¶
- Constants
- Variables
- func Convert_apiserver_AnonymousAuthCondition_To_v1beta1_AnonymousAuthCondition(in *apiserver.AnonymousAuthCondition, out *AnonymousAuthCondition, ...) error
- func Convert_apiserver_AnonymousAuthConfig_To_v1beta1_AnonymousAuthConfig(in *apiserver.AnonymousAuthConfig, out *AnonymousAuthConfig, ...) error
- func Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration(in *apiserver.AuthenticationConfiguration, out *AuthenticationConfiguration, ...) error
- func Convert_apiserver_AuthorizationConfiguration_To_v1beta1_AuthorizationConfiguration(in *apiserver.AuthorizationConfiguration, out *AuthorizationConfiguration, ...) error
- func Convert_apiserver_AuthorizerConfiguration_To_v1beta1_AuthorizerConfiguration(in *apiserver.AuthorizerConfiguration, out *AuthorizerConfiguration, ...) error
- func Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(in *apiserver.ClaimMappings, out *ClaimMappings, s conversion.Scope) error
- func Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(in *apiserver.ClaimOrExpression, out *ClaimOrExpression, s conversion.Scope) error
- func Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule(in *apiserver.ClaimValidationRule, out *ClaimValidationRule, ...) error
- func Convert_apiserver_Connection_To_v1beta1_Connection(in *apiserver.Connection, out *Connection, s conversion.Scope) error
- func Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error
- func Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, ...) error
- func Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping(in *apiserver.ExtraMapping, out *ExtraMapping, s conversion.Scope) error
- func Convert_apiserver_Issuer_To_v1beta1_Issuer(in *apiserver.Issuer, out *Issuer, s conversion.Scope) error
- func Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(in *apiserver.JWTAuthenticator, out *JWTAuthenticator, s conversion.Scope) error
- func Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(in *apiserver.PrefixedClaimOrExpression, out *PrefixedClaimOrExpression, ...) error
- func Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport(in *apiserver.TCPTransport, out *TCPTransport, s conversion.Scope) error
- func Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig(in *apiserver.TLSConfig, out *TLSConfig, s conversion.Scope) error
- func Convert_apiserver_TracingConfiguration_To_v1beta1_TracingConfiguration(in *apiserver.TracingConfiguration, out *TracingConfiguration, ...) error
- func Convert_apiserver_Transport_To_v1beta1_Transport(in *apiserver.Transport, out *Transport, s conversion.Scope) error
- func Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in *apiserver.UDSTransport, out *UDSTransport, s conversion.Scope) error
- func Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule(in *apiserver.UserValidationRule, out *UserValidationRule, s conversion.Scope) error
- func Convert_apiserver_WebhookConfiguration_To_v1beta1_WebhookConfiguration(in *apiserver.WebhookConfiguration, out *WebhookConfiguration, ...) error
- func Convert_apiserver_WebhookConnectionInfo_To_v1beta1_WebhookConnectionInfo(in *apiserver.WebhookConnectionInfo, out *WebhookConnectionInfo, ...) error
- func Convert_apiserver_WebhookMatchCondition_To_v1beta1_WebhookMatchCondition(in *apiserver.WebhookMatchCondition, out *WebhookMatchCondition, ...) error
- func Convert_v1beta1_AnonymousAuthCondition_To_apiserver_AnonymousAuthCondition(in *AnonymousAuthCondition, out *apiserver.AnonymousAuthCondition, ...) error
- func Convert_v1beta1_AnonymousAuthConfig_To_apiserver_AnonymousAuthConfig(in *AnonymousAuthConfig, out *apiserver.AnonymousAuthConfig, ...) error
- func Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration(in *AuthenticationConfiguration, out *apiserver.AuthenticationConfiguration, ...) error
- func Convert_v1beta1_AuthorizationConfiguration_To_apiserver_AuthorizationConfiguration(in *AuthorizationConfiguration, out *apiserver.AuthorizationConfiguration, ...) error
- func Convert_v1beta1_AuthorizerConfiguration_To_apiserver_AuthorizerConfiguration(in *AuthorizerConfiguration, out *apiserver.AuthorizerConfiguration, ...) error
- func Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(in *ClaimMappings, out *apiserver.ClaimMappings, s conversion.Scope) error
- func Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(in *ClaimOrExpression, out *apiserver.ClaimOrExpression, s conversion.Scope) error
- func Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule(in *ClaimValidationRule, out *apiserver.ClaimValidationRule, ...) error
- func Convert_v1beta1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error
- func Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error
- func Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, ...) error
- func Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping(in *ExtraMapping, out *apiserver.ExtraMapping, s conversion.Scope) error
- func Convert_v1beta1_Issuer_To_apiserver_Issuer(in *Issuer, out *apiserver.Issuer, s conversion.Scope) error
- func Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(in *JWTAuthenticator, out *apiserver.JWTAuthenticator, s conversion.Scope) error
- func Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(in *PrefixedClaimOrExpression, out *apiserver.PrefixedClaimOrExpression, ...) error
- func Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error
- func Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig(in *TLSConfig, out *apiserver.TLSConfig, s conversion.Scope) error
- func Convert_v1beta1_TracingConfiguration_To_apiserver_TracingConfiguration(in *TracingConfiguration, out *apiserver.TracingConfiguration, ...) error
- func Convert_v1beta1_Transport_To_apiserver_Transport(in *Transport, out *apiserver.Transport, s conversion.Scope) error
- func Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport(in *UDSTransport, out *apiserver.UDSTransport, s conversion.Scope) error
- func Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule(in *UserValidationRule, out *apiserver.UserValidationRule, s conversion.Scope) error
- func Convert_v1beta1_WebhookConfiguration_To_apiserver_WebhookConfiguration(in *WebhookConfiguration, out *apiserver.WebhookConfiguration, ...) error
- func Convert_v1beta1_WebhookConnectionInfo_To_apiserver_WebhookConnectionInfo(in *WebhookConnectionInfo, out *apiserver.WebhookConnectionInfo, ...) error
- func Convert_v1beta1_WebhookMatchCondition_To_apiserver_WebhookMatchCondition(in *WebhookMatchCondition, out *apiserver.WebhookMatchCondition, ...) error
- func RegisterConversions(s *runtime.Scheme) error
- func RegisterDefaults(scheme *runtime.Scheme) error
- func SetDefaults_WebhookConfiguration(obj *WebhookConfiguration)
- func SetObjectDefaults_AuthorizationConfiguration(in *AuthorizationConfiguration)
- type AnonymousAuthCondition
- type AnonymousAuthConfig
- type AudienceMatchPolicyType
- type AuthenticationConfiguration
- type AuthorizationConfiguration
- type AuthorizerConfiguration
- type AuthorizerType
- type ClaimMappings
- type ClaimOrExpression
- type ClaimValidationRule
- type Connection
- type EgressSelection
- type EgressSelectorConfiguration
- type ExtraMapping
- type Issuer
- type JWTAuthenticator
- type PrefixedClaimOrExpression
- type ProtocolType
- type TCPTransport
- type TLSConfig
- type TracingConfiguration
- type Transport
- type UDSTransport
- type UserValidationRule
- type WebhookConfiguration
- type WebhookConnectionInfo
- type WebhookMatchCondition
Constants ¶
const ( TypeWebhook AuthorizerType = "Webhook" FailurePolicyNoOpinion string = "NoOpinion" FailurePolicyDeny string = "Deny" AuthorizationWebhookConnectionInfoTypeKubeConfigFile string = "KubeConfigFile" AuthorizationWebhookConnectionInfoTypeInCluster string = "InClusterConfig" )
const ConfigGroupName = "apiserver.config.k8s.io"
const GroupName = "apiserver.k8s.io"
Variables ¶
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var ConfigSchemeGroupVersion = schema.GroupVersion{Group: ConfigGroupName, Version: "v1beta1"}
ConfigSchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Convert_apiserver_AnonymousAuthCondition_To_v1beta1_AnonymousAuthCondition ¶ added in v0.31.0
func Convert_apiserver_AnonymousAuthCondition_To_v1beta1_AnonymousAuthCondition(in *apiserver.AnonymousAuthCondition, out *AnonymousAuthCondition, s conversion.Scope) error
Convert_apiserver_AnonymousAuthCondition_To_v1beta1_AnonymousAuthCondition is an autogenerated conversion function.
func Convert_apiserver_AnonymousAuthConfig_To_v1beta1_AnonymousAuthConfig ¶ added in v0.31.0
func Convert_apiserver_AnonymousAuthConfig_To_v1beta1_AnonymousAuthConfig(in *apiserver.AnonymousAuthConfig, out *AnonymousAuthConfig, s conversion.Scope) error
Convert_apiserver_AnonymousAuthConfig_To_v1beta1_AnonymousAuthConfig is an autogenerated conversion function.
func Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration ¶ added in v0.30.0
func Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration(in *apiserver.AuthenticationConfiguration, out *AuthenticationConfiguration, s conversion.Scope) error
Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration is an autogenerated conversion function.
func Convert_apiserver_AuthorizationConfiguration_To_v1beta1_AuthorizationConfiguration ¶ added in v0.30.0
func Convert_apiserver_AuthorizationConfiguration_To_v1beta1_AuthorizationConfiguration(in *apiserver.AuthorizationConfiguration, out *AuthorizationConfiguration, s conversion.Scope) error
Convert_apiserver_AuthorizationConfiguration_To_v1beta1_AuthorizationConfiguration is an autogenerated conversion function.
func Convert_apiserver_AuthorizerConfiguration_To_v1beta1_AuthorizerConfiguration ¶ added in v0.30.0
func Convert_apiserver_AuthorizerConfiguration_To_v1beta1_AuthorizerConfiguration(in *apiserver.AuthorizerConfiguration, out *AuthorizerConfiguration, s conversion.Scope) error
Convert_apiserver_AuthorizerConfiguration_To_v1beta1_AuthorizerConfiguration is an autogenerated conversion function.
func Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings ¶ added in v0.30.0
func Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(in *apiserver.ClaimMappings, out *ClaimMappings, s conversion.Scope) error
Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings is an autogenerated conversion function.
func Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression ¶ added in v0.30.0
func Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(in *apiserver.ClaimOrExpression, out *ClaimOrExpression, s conversion.Scope) error
Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression is an autogenerated conversion function.
func Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule ¶ added in v0.30.0
func Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule(in *apiserver.ClaimValidationRule, out *ClaimValidationRule, s conversion.Scope) error
Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule is an autogenerated conversion function.
func Convert_apiserver_Connection_To_v1beta1_Connection ¶
func Convert_apiserver_Connection_To_v1beta1_Connection(in *apiserver.Connection, out *Connection, s conversion.Scope) error
Convert_apiserver_Connection_To_v1beta1_Connection is an autogenerated conversion function.
func Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection ¶
func Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error
Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection is an autogenerated conversion function.
func Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration ¶
func Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error
Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration is an autogenerated conversion function.
func Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping ¶ added in v0.30.0
func Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping(in *apiserver.ExtraMapping, out *ExtraMapping, s conversion.Scope) error
Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping is an autogenerated conversion function.
func Convert_apiserver_Issuer_To_v1beta1_Issuer ¶ added in v0.30.0
func Convert_apiserver_Issuer_To_v1beta1_Issuer(in *apiserver.Issuer, out *Issuer, s conversion.Scope) error
Convert_apiserver_Issuer_To_v1beta1_Issuer is an autogenerated conversion function.
func Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator ¶ added in v0.30.0
func Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(in *apiserver.JWTAuthenticator, out *JWTAuthenticator, s conversion.Scope) error
Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator is an autogenerated conversion function.
func Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression ¶ added in v0.30.0
func Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(in *apiserver.PrefixedClaimOrExpression, out *PrefixedClaimOrExpression, s conversion.Scope) error
Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression is an autogenerated conversion function.
func Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport ¶
func Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport(in *apiserver.TCPTransport, out *TCPTransport, s conversion.Scope) error
Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport is an autogenerated conversion function.
func Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig ¶
func Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig(in *apiserver.TLSConfig, out *TLSConfig, s conversion.Scope) error
Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig is an autogenerated conversion function.
func Convert_apiserver_TracingConfiguration_To_v1beta1_TracingConfiguration ¶ added in v0.27.0
func Convert_apiserver_TracingConfiguration_To_v1beta1_TracingConfiguration(in *apiserver.TracingConfiguration, out *TracingConfiguration, s conversion.Scope) error
Convert_apiserver_TracingConfiguration_To_v1beta1_TracingConfiguration is an autogenerated conversion function.
func Convert_apiserver_Transport_To_v1beta1_Transport ¶
func Convert_apiserver_Transport_To_v1beta1_Transport(in *apiserver.Transport, out *Transport, s conversion.Scope) error
Convert_apiserver_Transport_To_v1beta1_Transport is an autogenerated conversion function.
func Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport ¶
func Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in *apiserver.UDSTransport, out *UDSTransport, s conversion.Scope) error
Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport is an autogenerated conversion function.
func Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule ¶ added in v0.30.0
func Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule(in *apiserver.UserValidationRule, out *UserValidationRule, s conversion.Scope) error
Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule is an autogenerated conversion function.
func Convert_apiserver_WebhookConfiguration_To_v1beta1_WebhookConfiguration ¶ added in v0.30.0
func Convert_apiserver_WebhookConfiguration_To_v1beta1_WebhookConfiguration(in *apiserver.WebhookConfiguration, out *WebhookConfiguration, s conversion.Scope) error
Convert_apiserver_WebhookConfiguration_To_v1beta1_WebhookConfiguration is an autogenerated conversion function.
func Convert_apiserver_WebhookConnectionInfo_To_v1beta1_WebhookConnectionInfo ¶ added in v0.30.0
func Convert_apiserver_WebhookConnectionInfo_To_v1beta1_WebhookConnectionInfo(in *apiserver.WebhookConnectionInfo, out *WebhookConnectionInfo, s conversion.Scope) error
Convert_apiserver_WebhookConnectionInfo_To_v1beta1_WebhookConnectionInfo is an autogenerated conversion function.
func Convert_apiserver_WebhookMatchCondition_To_v1beta1_WebhookMatchCondition ¶ added in v0.30.0
func Convert_apiserver_WebhookMatchCondition_To_v1beta1_WebhookMatchCondition(in *apiserver.WebhookMatchCondition, out *WebhookMatchCondition, s conversion.Scope) error
Convert_apiserver_WebhookMatchCondition_To_v1beta1_WebhookMatchCondition is an autogenerated conversion function.
func Convert_v1beta1_AnonymousAuthCondition_To_apiserver_AnonymousAuthCondition ¶ added in v0.31.0
func Convert_v1beta1_AnonymousAuthCondition_To_apiserver_AnonymousAuthCondition(in *AnonymousAuthCondition, out *apiserver.AnonymousAuthCondition, s conversion.Scope) error
Convert_v1beta1_AnonymousAuthCondition_To_apiserver_AnonymousAuthCondition is an autogenerated conversion function.
func Convert_v1beta1_AnonymousAuthConfig_To_apiserver_AnonymousAuthConfig ¶ added in v0.31.0
func Convert_v1beta1_AnonymousAuthConfig_To_apiserver_AnonymousAuthConfig(in *AnonymousAuthConfig, out *apiserver.AnonymousAuthConfig, s conversion.Scope) error
Convert_v1beta1_AnonymousAuthConfig_To_apiserver_AnonymousAuthConfig is an autogenerated conversion function.
func Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration ¶ added in v0.30.0
func Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration(in *AuthenticationConfiguration, out *apiserver.AuthenticationConfiguration, s conversion.Scope) error
Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration is an autogenerated conversion function.
func Convert_v1beta1_AuthorizationConfiguration_To_apiserver_AuthorizationConfiguration ¶ added in v0.30.0
func Convert_v1beta1_AuthorizationConfiguration_To_apiserver_AuthorizationConfiguration(in *AuthorizationConfiguration, out *apiserver.AuthorizationConfiguration, s conversion.Scope) error
Convert_v1beta1_AuthorizationConfiguration_To_apiserver_AuthorizationConfiguration is an autogenerated conversion function.
func Convert_v1beta1_AuthorizerConfiguration_To_apiserver_AuthorizerConfiguration ¶ added in v0.30.0
func Convert_v1beta1_AuthorizerConfiguration_To_apiserver_AuthorizerConfiguration(in *AuthorizerConfiguration, out *apiserver.AuthorizerConfiguration, s conversion.Scope) error
Convert_v1beta1_AuthorizerConfiguration_To_apiserver_AuthorizerConfiguration is an autogenerated conversion function.
func Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings ¶ added in v0.30.0
func Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(in *ClaimMappings, out *apiserver.ClaimMappings, s conversion.Scope) error
Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings is an autogenerated conversion function.
func Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression ¶ added in v0.30.0
func Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(in *ClaimOrExpression, out *apiserver.ClaimOrExpression, s conversion.Scope) error
Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression is an autogenerated conversion function.
func Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule ¶ added in v0.30.0
func Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule(in *ClaimValidationRule, out *apiserver.ClaimValidationRule, s conversion.Scope) error
Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule is an autogenerated conversion function.
func Convert_v1beta1_Connection_To_apiserver_Connection ¶
func Convert_v1beta1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error
Convert_v1beta1_Connection_To_apiserver_Connection is an autogenerated conversion function.
func Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection ¶
func Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error
func Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration ¶
func Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error
Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration is an autogenerated conversion function.
func Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping ¶ added in v0.30.0
func Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping(in *ExtraMapping, out *apiserver.ExtraMapping, s conversion.Scope) error
Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping is an autogenerated conversion function.
func Convert_v1beta1_Issuer_To_apiserver_Issuer ¶ added in v0.30.0
func Convert_v1beta1_Issuer_To_apiserver_Issuer(in *Issuer, out *apiserver.Issuer, s conversion.Scope) error
Convert_v1beta1_Issuer_To_apiserver_Issuer is an autogenerated conversion function.
func Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator ¶ added in v0.30.0
func Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(in *JWTAuthenticator, out *apiserver.JWTAuthenticator, s conversion.Scope) error
Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator is an autogenerated conversion function.
func Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression ¶ added in v0.30.0
func Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(in *PrefixedClaimOrExpression, out *apiserver.PrefixedClaimOrExpression, s conversion.Scope) error
Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression is an autogenerated conversion function.
func Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport ¶
func Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error
Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport is an autogenerated conversion function.
func Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig ¶
func Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig(in *TLSConfig, out *apiserver.TLSConfig, s conversion.Scope) error
Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig is an autogenerated conversion function.
func Convert_v1beta1_TracingConfiguration_To_apiserver_TracingConfiguration ¶ added in v0.27.0
func Convert_v1beta1_TracingConfiguration_To_apiserver_TracingConfiguration(in *TracingConfiguration, out *apiserver.TracingConfiguration, s conversion.Scope) error
Convert_v1beta1_TracingConfiguration_To_apiserver_TracingConfiguration is an autogenerated conversion function.
func Convert_v1beta1_Transport_To_apiserver_Transport ¶
func Convert_v1beta1_Transport_To_apiserver_Transport(in *Transport, out *apiserver.Transport, s conversion.Scope) error
Convert_v1beta1_Transport_To_apiserver_Transport is an autogenerated conversion function.
func Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport ¶
func Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport(in *UDSTransport, out *apiserver.UDSTransport, s conversion.Scope) error
Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport is an autogenerated conversion function.
func Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule ¶ added in v0.30.0
func Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule(in *UserValidationRule, out *apiserver.UserValidationRule, s conversion.Scope) error
Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule is an autogenerated conversion function.
func Convert_v1beta1_WebhookConfiguration_To_apiserver_WebhookConfiguration ¶ added in v0.30.0
func Convert_v1beta1_WebhookConfiguration_To_apiserver_WebhookConfiguration(in *WebhookConfiguration, out *apiserver.WebhookConfiguration, s conversion.Scope) error
Convert_v1beta1_WebhookConfiguration_To_apiserver_WebhookConfiguration is an autogenerated conversion function.
func Convert_v1beta1_WebhookConnectionInfo_To_apiserver_WebhookConnectionInfo ¶ added in v0.30.0
func Convert_v1beta1_WebhookConnectionInfo_To_apiserver_WebhookConnectionInfo(in *WebhookConnectionInfo, out *apiserver.WebhookConnectionInfo, s conversion.Scope) error
Convert_v1beta1_WebhookConnectionInfo_To_apiserver_WebhookConnectionInfo is an autogenerated conversion function.
func Convert_v1beta1_WebhookMatchCondition_To_apiserver_WebhookMatchCondition ¶ added in v0.30.0
func Convert_v1beta1_WebhookMatchCondition_To_apiserver_WebhookMatchCondition(in *WebhookMatchCondition, out *apiserver.WebhookMatchCondition, s conversion.Scope) error
Convert_v1beta1_WebhookMatchCondition_To_apiserver_WebhookMatchCondition is an autogenerated conversion function.
func RegisterConversions ¶
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func SetDefaults_WebhookConfiguration ¶ added in v0.30.0
func SetDefaults_WebhookConfiguration(obj *WebhookConfiguration)
func SetObjectDefaults_AuthorizationConfiguration ¶ added in v0.30.0
func SetObjectDefaults_AuthorizationConfiguration(in *AuthorizationConfiguration)
Types ¶
type AnonymousAuthCondition ¶ added in v0.31.0
type AnonymousAuthCondition struct { // Path for which anonymous auth is enabled. Path string `json:"path"` }
AnonymousAuthCondition describes the condition under which anonymous auth should be enabled.
func (*AnonymousAuthCondition) DeepCopy ¶ added in v0.31.0
func (in *AnonymousAuthCondition) DeepCopy() *AnonymousAuthCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnonymousAuthCondition.
func (*AnonymousAuthCondition) DeepCopyInto ¶ added in v0.31.0
func (in *AnonymousAuthCondition) DeepCopyInto(out *AnonymousAuthCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AnonymousAuthConfig ¶ added in v0.31.0
type AnonymousAuthConfig struct { Enabled bool `json:"enabled"` // If set, anonymous auth is only allowed if the request meets one of the // conditions. Conditions []AnonymousAuthCondition `json:"conditions,omitempty"` }
AnonymousAuthConfig provides the configuration for the anonymous authenticator.
func (*AnonymousAuthConfig) DeepCopy ¶ added in v0.31.0
func (in *AnonymousAuthConfig) DeepCopy() *AnonymousAuthConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnonymousAuthConfig.
func (*AnonymousAuthConfig) DeepCopyInto ¶ added in v0.31.0
func (in *AnonymousAuthConfig) DeepCopyInto(out *AnonymousAuthConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AudienceMatchPolicyType ¶ added in v0.30.0
type AudienceMatchPolicyType string
AudienceMatchPolicyType is a set of valid values for issuer.audienceMatchPolicy
const ( // MatchAny means the "aud" claim in the presented JWT must match at least one of the entries in the "audiences" field. AudienceMatchPolicyMatchAny AudienceMatchPolicyType = "MatchAny" )
Valid types for AudienceMatchPolicyType
type AuthenticationConfiguration ¶ added in v0.30.0
type AuthenticationConfiguration struct { metav1.TypeMeta // jwt is a list of authenticator to authenticate Kubernetes users using // JWT compliant tokens. The authenticator will attempt to parse a raw ID token, // verify it's been signed by the configured issuer. The public key to verify the // signature is discovered from the issuer's public endpoint using OIDC discovery. // For an incoming token, each JWT authenticator will be attempted in // the order in which it is specified in this list. Note however that // other authenticators may run before or after the JWT authenticators. // The specific position of JWT authenticators in relation to other // authenticators is neither defined nor stable across releases. Since // each JWT authenticator must have a unique issuer URL, at most one // JWT authenticator will attempt to cryptographically validate the token. // // The minimum valid JWT payload must contain the following claims: // { // "iss": "https://issuer.example.com", // "aud": ["audience"], // "exp": 1234567890, // "<username claim>": "username" // } JWT []JWTAuthenticator `json:"jwt"` // If present --anonymous-auth must not be set Anonymous *AnonymousAuthConfig `json:"anonymous,omitempty"` }
AuthenticationConfiguration provides versioned configuration for authentication.
func (*AuthenticationConfiguration) DeepCopy ¶ added in v0.30.0
func (in *AuthenticationConfiguration) DeepCopy() *AuthenticationConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationConfiguration.
func (*AuthenticationConfiguration) DeepCopyInto ¶ added in v0.30.0
func (in *AuthenticationConfiguration) DeepCopyInto(out *AuthenticationConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthenticationConfiguration) DeepCopyObject ¶ added in v0.30.0
func (in *AuthenticationConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthorizationConfiguration ¶ added in v0.30.0
type AuthorizationConfiguration struct { metav1.TypeMeta // Authorizers is an ordered list of authorizers to // authorize requests against. // This is similar to the --authorization-modes kube-apiserver flag // Must be at least one. Authorizers []AuthorizerConfiguration `json:"authorizers"` }
func (*AuthorizationConfiguration) DeepCopy ¶ added in v0.30.0
func (in *AuthorizationConfiguration) DeepCopy() *AuthorizationConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfiguration.
func (*AuthorizationConfiguration) DeepCopyInto ¶ added in v0.30.0
func (in *AuthorizationConfiguration) DeepCopyInto(out *AuthorizationConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthorizationConfiguration) DeepCopyObject ¶ added in v0.30.0
func (in *AuthorizationConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthorizerConfiguration ¶ added in v0.30.0
type AuthorizerConfiguration struct { // Type refers to the type of the authorizer // "Webhook" is supported in the generic API server // Other API servers may support additional authorizer // types like Node, RBAC, ABAC, etc. Type string `json:"type"` // Name used to describe the webhook // This is explicitly used in monitoring machinery for metrics // Note: Names must be DNS1123 labels like `myauthorizername` or // subdomains like `myauthorizer.example.domain` // Required, with no default Name string `json:"name"` // Webhook defines the configuration for a Webhook authorizer // Must be defined when Type=Webhook // Must not be defined when Type!=Webhook Webhook *WebhookConfiguration `json:"webhook,omitempty"` }
func (*AuthorizerConfiguration) DeepCopy ¶ added in v0.30.0
func (in *AuthorizerConfiguration) DeepCopy() *AuthorizerConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizerConfiguration.
func (*AuthorizerConfiguration) DeepCopyInto ¶ added in v0.30.0
func (in *AuthorizerConfiguration) DeepCopyInto(out *AuthorizerConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthorizerType ¶ added in v0.30.0
type AuthorizerType string
type ClaimMappings ¶ added in v0.30.0
type ClaimMappings struct { // username represents an option for the username attribute. // The claim's value must be a singular string. // Same as the --oidc-username-claim and --oidc-username-prefix flags. // If username.expression is set, the expression must produce a string value. // If username.expression uses 'claims.email', then 'claims.email_verified' must be used in // username.expression or extra[*].valueExpression or claimValidationRules[*].expression. // An example claim validation rule expression that matches the validation automatically // applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'. // // In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set, // the default value is "sub". For the authentication config, there is no defaulting for claim or prefix. The claim and prefix must be set explicitly. // For claim, if --oidc-username-claim was not set with legacy flag approach, configure username.claim="sub" in the authentication config. // For prefix: // (1) --oidc-username-prefix="-", no prefix was added to the username. For the same behavior using authentication config, // set username.prefix="" // (2) --oidc-username-prefix="" and --oidc-username-claim != "email", prefix was "<value of --oidc-issuer-url>#". For the same // behavior using authentication config, set username.prefix="<value of issuer.url>#" // (3) --oidc-username-prefix="<value>". For the same behavior using authentication config, set username.prefix="<value>" // +required Username PrefixedClaimOrExpression `json:"username"` // groups represents an option for the groups attribute. // The claim's value must be a string or string array claim. // If groups.claim is set, the prefix must be specified (and can be the empty string). // If groups.expression is set, the expression must produce a string or string array value. // "", [], and null values are treated as the group mapping not being present. // +optional Groups PrefixedClaimOrExpression `json:"groups,omitempty"` // uid represents an option for the uid attribute. // Claim must be a singular string claim. // If uid.expression is set, the expression must produce a string value. // +optional UID ClaimOrExpression `json:"uid"` // extra represents an option for the extra attribute. // expression must produce a string or string array value. // If the value is empty, the extra mapping will not be present. // // hard-coded extra key/value // - key: "foo" // valueExpression: "'bar'" // This will result in an extra attribute - foo: ["bar"] // // hard-coded key, value copying claim value // - key: "foo" // valueExpression: "claims.some_claim" // This will result in an extra attribute - foo: [value of some_claim] // // hard-coded key, value derived from claim value // - key: "admin" // valueExpression: '(has(claims.is_admin) && claims.is_admin) ? "true":""' // This will result in: // - if is_admin claim is present and true, extra attribute - admin: ["true"] // - if is_admin claim is present and false or is_admin claim is not present, no extra attribute will be added // // +optional Extra []ExtraMapping `json:"extra,omitempty"` }
ClaimMappings provides the configuration for claim mapping
func (*ClaimMappings) DeepCopy ¶ added in v0.30.0
func (in *ClaimMappings) DeepCopy() *ClaimMappings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimMappings.
func (*ClaimMappings) DeepCopyInto ¶ added in v0.30.0
func (in *ClaimMappings) DeepCopyInto(out *ClaimMappings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClaimOrExpression ¶ added in v0.30.0
type ClaimOrExpression struct { // claim is the JWT claim to use. // Either claim or expression must be set. // Mutually exclusive with expression. // +optional Claim string `json:"claim,omitempty"` // expression represents the expression which will be evaluated by CEL. // // CEL expressions have access to the contents of the token claims, organized into CEL variable: // - 'claims' is a map of claim names to claim values. // For example, a variable named 'sub' can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'. // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ // // Mutually exclusive with claim. // +optional Expression string `json:"expression,omitempty"` }
ClaimOrExpression provides the configuration for a single claim or expression.
func (*ClaimOrExpression) DeepCopy ¶ added in v0.30.0
func (in *ClaimOrExpression) DeepCopy() *ClaimOrExpression
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimOrExpression.
func (*ClaimOrExpression) DeepCopyInto ¶ added in v0.30.0
func (in *ClaimOrExpression) DeepCopyInto(out *ClaimOrExpression)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClaimValidationRule ¶ added in v0.30.0
type ClaimValidationRule struct { // claim is the name of a required claim. // Same as --oidc-required-claim flag. // Only string claim keys are supported. // Mutually exclusive with expression and message. // +optional Claim string `json:"claim,omitempty"` // requiredValue is the value of a required claim. // Same as --oidc-required-claim flag. // Only string claim values are supported. // If claim is set and requiredValue is not set, the claim must be present with a value set to the empty string. // Mutually exclusive with expression and message. // +optional RequiredValue string `json:"requiredValue,omitempty"` // expression represents the expression which will be evaluated by CEL. // Must produce a boolean. // // CEL expressions have access to the contents of the token claims, organized into CEL variable: // - 'claims' is a map of claim names to claim values. // For example, a variable named 'sub' can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'. // Must return true for the validation to pass. // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ // // Mutually exclusive with claim and requiredValue. // +optional Expression string `json:"expression,omitempty"` // message customizes the returned error message when expression returns false. // message is a literal string. // Mutually exclusive with claim and requiredValue. // +optional Message string `json:"message,omitempty"` }
ClaimValidationRule provides the configuration for a single claim validation rule.
func (*ClaimValidationRule) DeepCopy ¶ added in v0.30.0
func (in *ClaimValidationRule) DeepCopy() *ClaimValidationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimValidationRule.
func (*ClaimValidationRule) DeepCopyInto ¶ added in v0.30.0
func (in *ClaimValidationRule) DeepCopyInto(out *ClaimValidationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Connection ¶
type Connection struct { // Protocol is the protocol used to connect from client to the konnectivity server. ProxyProtocol ProtocolType `json:"proxyProtocol,omitempty"` // Transport defines the transport configurations we use to dial to the konnectivity server. // This is required if ProxyProtocol is HTTPConnect or GRPC. // +optional Transport *Transport `json:"transport,omitempty"` }
Connection provides the configuration for a single egress selection client.
func (*Connection) DeepCopy ¶
func (in *Connection) DeepCopy() *Connection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection.
func (*Connection) DeepCopyInto ¶
func (in *Connection) DeepCopyInto(out *Connection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EgressSelection ¶
type EgressSelection struct { // name is the name of the egress selection. // Currently supported values are "controlplane", "master", "etcd" and "cluster" // The "master" egress selector is deprecated in favor of "controlplane" Name string `json:"name"` // connection is the exact information used to configure the egress selection Connection Connection `json:"connection"` }
EgressSelection provides the configuration for a single egress selection client.
func (*EgressSelection) DeepCopy ¶
func (in *EgressSelection) DeepCopy() *EgressSelection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelection.
func (*EgressSelection) DeepCopyInto ¶
func (in *EgressSelection) DeepCopyInto(out *EgressSelection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EgressSelectorConfiguration ¶
type EgressSelectorConfiguration struct { metav1.TypeMeta `json:",inline"` // connectionServices contains a list of egress selection client configurations EgressSelections []EgressSelection `json:"egressSelections"` }
EgressSelectorConfiguration provides versioned configuration for egress selector clients.
func (*EgressSelectorConfiguration) DeepCopy ¶
func (in *EgressSelectorConfiguration) DeepCopy() *EgressSelectorConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelectorConfiguration.
func (*EgressSelectorConfiguration) DeepCopyInto ¶
func (in *EgressSelectorConfiguration) DeepCopyInto(out *EgressSelectorConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EgressSelectorConfiguration) DeepCopyObject ¶
func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExtraMapping ¶ added in v0.30.0
type ExtraMapping struct { // key is a string to use as the extra attribute key. // key must be a domain-prefix path (e.g. example.org/foo). All characters before the first "/" must be a valid // subdomain as defined by RFC 1123. All characters trailing the first "/" must // be valid HTTP Path characters as defined by RFC 3986. // key must be lowercase. // Required to be unique. // +required Key string `json:"key"` // valueExpression is a CEL expression to extract extra attribute value. // valueExpression must produce a string or string array value. // "", [], and null values are treated as the extra mapping not being present. // Empty string values contained within a string array are filtered out. // // CEL expressions have access to the contents of the token claims, organized into CEL variable: // - 'claims' is a map of claim names to claim values. // For example, a variable named 'sub' can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'. // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ // // +required ValueExpression string `json:"valueExpression"` }
ExtraMapping provides the configuration for a single extra mapping.
func (*ExtraMapping) DeepCopy ¶ added in v0.30.0
func (in *ExtraMapping) DeepCopy() *ExtraMapping
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraMapping.
func (*ExtraMapping) DeepCopyInto ¶ added in v0.30.0
func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Issuer ¶ added in v0.30.0
type Issuer struct { // url points to the issuer URL in a format https://url or https://url/path. // This must match the "iss" claim in the presented JWT, and the issuer returned from discovery. // Same value as the --oidc-issuer-url flag. // Discovery information is fetched from "{url}/.well-known/openid-configuration" unless overridden by discoveryURL. // Required to be unique across all JWT authenticators. // Note that egress selection configuration is not used for this network connection. // +required URL string `json:"url"` // discoveryURL, if specified, overrides the URL used to fetch discovery // information instead of using "{url}/.well-known/openid-configuration". // The exact value specified is used, so "/.well-known/openid-configuration" // must be included in discoveryURL if needed. // // The "issuer" field in the fetched discovery information must match the "issuer.url" field // in the AuthenticationConfiguration and will be used to validate the "iss" claim in the presented JWT. // This is for scenarios where the well-known and jwks endpoints are hosted at a different // location than the issuer (such as locally in the cluster). // // Example: // A discovery url that is exposed using kubernetes service 'oidc' in namespace 'oidc-namespace' // and discovery information is available at '/.well-known/openid-configuration'. // discoveryURL: "https://oidc.oidc-namespace/.well-known/openid-configuration" // certificateAuthority is used to verify the TLS connection and the hostname on the leaf certificate // must be set to 'oidc.oidc-namespace'. // // curl https://oidc.oidc-namespace/.well-known/openid-configuration (.discoveryURL field) // { // issuer: "https://oidc.example.com" (.url field) // } // // discoveryURL must be different from url. // Required to be unique across all JWT authenticators. // Note that egress selection configuration is not used for this network connection. // +optional DiscoveryURL *string `json:"discoveryURL,omitempty"` // certificateAuthority contains PEM-encoded certificate authority certificates // used to validate the connection when fetching discovery information. // If unset, the system verifier is used. // Same value as the content of the file referenced by the --oidc-ca-file flag. // +optional CertificateAuthority string `json:"certificateAuthority,omitempty"` // audiences is the set of acceptable audiences the JWT must be issued to. // At least one of the entries must match the "aud" claim in presented JWTs. // Same value as the --oidc-client-id flag (though this field supports an array). // Required to be non-empty. // +required Audiences []string `json:"audiences"` // audienceMatchPolicy defines how the "audiences" field is used to match the "aud" claim in the presented JWT. // Allowed values are: // 1. "MatchAny" when multiple audiences are specified and // 2. empty (or unset) or "MatchAny" when a single audience is specified. // // - MatchAny: the "aud" claim in the presented JWT must match at least one of the entries in the "audiences" field. // For example, if "audiences" is ["foo", "bar"], the "aud" claim in the presented JWT must contain either "foo" or "bar" (and may contain both). // // - "": The match policy can be empty (or unset) when a single audience is specified in the "audiences" field. The "aud" claim in the presented JWT must contain the single audience (and may contain others). // // For more nuanced audience validation, use claimValidationRules. // example: claimValidationRule[].expression: 'sets.equivalent(claims.aud, ["bar", "foo", "baz"])' to require an exact match. // +optional AudienceMatchPolicy AudienceMatchPolicyType `json:"audienceMatchPolicy,omitempty"` }
Issuer provides the configuration for an external provider's specific settings.
func (*Issuer) DeepCopy ¶ added in v0.30.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (*Issuer) DeepCopyInto ¶ added in v0.30.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTAuthenticator ¶ added in v0.30.0
type JWTAuthenticator struct { // issuer contains the basic OIDC provider connection options. // +required Issuer Issuer `json:"issuer"` // claimValidationRules are rules that are applied to validate token claims to authenticate users. // +optional ClaimValidationRules []ClaimValidationRule `json:"claimValidationRules,omitempty"` // claimMappings points claims of a token to be treated as user attributes. // +required ClaimMappings ClaimMappings `json:"claimMappings"` // userValidationRules are rules that are applied to final user before completing authentication. // These allow invariants to be applied to incoming identities such as preventing the // use of the system: prefix that is commonly used by Kubernetes components. // The validation rules are logically ANDed together and must all return true for the validation to pass. // +optional UserValidationRules []UserValidationRule `json:"userValidationRules,omitempty"` }
JWTAuthenticator provides the configuration for a single JWT authenticator.
func (*JWTAuthenticator) DeepCopy ¶ added in v0.30.0
func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.
func (*JWTAuthenticator) DeepCopyInto ¶ added in v0.30.0
func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrefixedClaimOrExpression ¶ added in v0.30.0
type PrefixedClaimOrExpression struct { // claim is the JWT claim to use. // Mutually exclusive with expression. // +optional Claim string `json:"claim,omitempty"` // prefix is prepended to claim's value to prevent clashes with existing names. // prefix needs to be set if claim is set and can be the empty string. // Mutually exclusive with expression. // +optional Prefix *string `json:"prefix,omitempty"` // expression represents the expression which will be evaluated by CEL. // // CEL expressions have access to the contents of the token claims, organized into CEL variable: // - 'claims' is a map of claim names to claim values. // For example, a variable named 'sub' can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'. // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ // // Mutually exclusive with claim and prefix. // +optional Expression string `json:"expression,omitempty"` }
PrefixedClaimOrExpression provides the configuration for a single prefixed claim or expression.
func (*PrefixedClaimOrExpression) DeepCopy ¶ added in v0.30.0
func (in *PrefixedClaimOrExpression) DeepCopy() *PrefixedClaimOrExpression
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefixedClaimOrExpression.
func (*PrefixedClaimOrExpression) DeepCopyInto ¶ added in v0.30.0
func (in *PrefixedClaimOrExpression) DeepCopyInto(out *PrefixedClaimOrExpression)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProtocolType ¶
type ProtocolType string
ProtocolType is a set of valid values for Connection.ProtocolType
const ( // Use HTTPConnect to connect to konnectivity server ProtocolHTTPConnect ProtocolType = "HTTPConnect" // Use grpc to connect to konnectivity server ProtocolGRPC ProtocolType = "GRPC" // Connect directly (skip konnectivity server) ProtocolDirect ProtocolType = "Direct" )
Valid types for ProtocolType for konnectivity server
type TCPTransport ¶
type TCPTransport struct { // URL is the location of the konnectivity server to connect to. // As an example it might be "https://127.0.0.1:8131" URL string `json:"url,omitempty"` // TLSConfig is the config needed to use TLS when connecting to konnectivity server // +optional TLSConfig *TLSConfig `json:"tlsConfig,omitempty"` }
TCPTransport provides the information to connect to konnectivity server via TCP
func (*TCPTransport) DeepCopy ¶
func (in *TCPTransport) DeepCopy() *TCPTransport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTransport.
func (*TCPTransport) DeepCopyInto ¶
func (in *TCPTransport) DeepCopyInto(out *TCPTransport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSConfig ¶
type TLSConfig struct { // caBundle is the file location of the CA to be used to determine trust with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // If absent while TCPTransport.URL is prefixed with https://, default to system trust roots. // +optional CABundle string `json:"caBundle,omitempty"` // clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string `json:"clientKey,omitempty"` // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientCert string `json:"clientCert,omitempty"` }
TLSConfig provides the authentication information to connect to konnectivity server Only used with TCPTransport
func (*TLSConfig) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.
func (*TLSConfig) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TracingConfiguration ¶ added in v0.27.0
type TracingConfiguration struct { metav1.TypeMeta `json:",inline"` // Embed the component config tracing configuration struct tracingapi.TracingConfiguration `json:",inline"` }
TracingConfiguration provides versioned configuration for tracing clients.
func (*TracingConfiguration) DeepCopy ¶ added in v0.27.0
func (in *TracingConfiguration) DeepCopy() *TracingConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfiguration.
func (*TracingConfiguration) DeepCopyInto ¶ added in v0.27.0
func (in *TracingConfiguration) DeepCopyInto(out *TracingConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TracingConfiguration) DeepCopyObject ¶ added in v0.27.0
func (in *TracingConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type Transport ¶
type Transport struct { // TCP is the TCP configuration for communicating with the konnectivity server via TCP // ProxyProtocol of GRPC is not supported with TCP transport at the moment // Requires at least one of TCP or UDS to be set // +optional TCP *TCPTransport `json:"tcp,omitempty"` // UDS is the UDS configuration for communicating with the konnectivity server via UDS // Requires at least one of TCP or UDS to be set // +optional UDS *UDSTransport `json:"uds,omitempty"` }
Transport defines the transport configurations we use to dial to the konnectivity server
func (*Transport) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Transport.
func (*Transport) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UDSTransport ¶
type UDSTransport struct { // UDSName is the name of the unix domain socket to connect to konnectivity server // This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket) UDSName string `json:"udsName,omitempty"` }
UDSTransport provides the information to connect to konnectivity server via UDS
func (*UDSTransport) DeepCopy ¶
func (in *UDSTransport) DeepCopy() *UDSTransport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDSTransport.
func (*UDSTransport) DeepCopyInto ¶
func (in *UDSTransport) DeepCopyInto(out *UDSTransport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UserValidationRule ¶ added in v0.30.0
type UserValidationRule struct { // expression represents the expression which will be evaluated by CEL. // Must return true for the validation to pass. // // CEL expressions have access to the contents of UserInfo, organized into CEL variable: // - 'user' - authentication.k8s.io/v1, Kind=UserInfo object // Refer to https://github.com/kubernetes/api/blob/release-1.28/authentication/v1/types.go#L105-L122 for the definition. // API documentation: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#userinfo-v1-authentication-k8s-io // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ // // +required Expression string `json:"expression"` // message customizes the returned error message when rule returns false. // message is a literal string. // +optional Message string `json:"message,omitempty"` }
UserValidationRule provides the configuration for a single user info validation rule.
func (*UserValidationRule) DeepCopy ¶ added in v0.30.0
func (in *UserValidationRule) DeepCopy() *UserValidationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserValidationRule.
func (*UserValidationRule) DeepCopyInto ¶ added in v0.30.0
func (in *UserValidationRule) DeepCopyInto(out *UserValidationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookConfiguration ¶ added in v0.30.0
type WebhookConfiguration struct { // The duration to cache 'authorized' responses from the webhook // authorizer. // Same as setting `--authorization-webhook-cache-authorized-ttl` flag // Default: 5m0s AuthorizedTTL metav1.Duration `json:"authorizedTTL"` // authorizer. // Same as setting `--authorization-webhook-cache-unauthorized-ttl` flag // Default: 30s UnauthorizedTTL metav1.Duration `json:"unauthorizedTTL"` // Timeout for the webhook request // Maximum allowed value is 30s. // Required, no default value. Timeout metav1.Duration `json:"timeout"` // The API version of the authorization.k8s.io SubjectAccessReview to // send to and expect from the webhook. // Same as setting `--authorization-webhook-version` flag // Valid values: v1beta1, v1 // Required, no default value SubjectAccessReviewVersion string `json:"subjectAccessReviewVersion"` // MatchConditionSubjectAccessReviewVersion specifies the SubjectAccessReview // version the CEL expressions are evaluated against // Valid values: v1 // Required, no default value MatchConditionSubjectAccessReviewVersion string `json:"matchConditionSubjectAccessReviewVersion"` // Controls the authorization decision when a webhook request fails to // complete or returns a malformed response or errors evaluating // matchConditions. // Valid values: // - NoOpinion: continue to subsequent authorizers to see if one of // them allows the request // - Deny: reject the request without consulting subsequent authorizers // Required, with no default. FailurePolicy string `json:"failurePolicy"` // ConnectionInfo defines how we talk to the webhook ConnectionInfo WebhookConnectionInfo `json:"connectionInfo"` // matchConditions is a list of conditions that must be met for a request to be sent to this // webhook. An empty list of matchConditions matches all requests. // There are a maximum of 64 match conditions allowed. // // The exact matching logic is (in order): // 1. If at least one matchCondition evaluates to FALSE, then the webhook is skipped. // 2. If ALL matchConditions evaluate to TRUE, then the webhook is called. // 3. If at least one matchCondition evaluates to an error (but none are FALSE): // - If failurePolicy=Deny, then the webhook rejects the request // - If failurePolicy=NoOpinion, then the error is ignored and the webhook is skipped MatchConditions []WebhookMatchCondition `json:"matchConditions"` }
func (*WebhookConfiguration) DeepCopy ¶ added in v0.30.0
func (in *WebhookConfiguration) DeepCopy() *WebhookConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConfiguration.
func (*WebhookConfiguration) DeepCopyInto ¶ added in v0.30.0
func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookConnectionInfo ¶ added in v0.30.0
type WebhookConnectionInfo struct { // Controls how the webhook should communicate with the server. // Valid values: // - KubeConfigFile: use the file specified in kubeConfigFile to locate the // server. // - InClusterConfig: use the in-cluster configuration to call the // SubjectAccessReview API hosted by kube-apiserver. This mode is not // allowed for kube-apiserver. Type string `json:"type"` // Path to KubeConfigFile for connection info // Required, if connectionInfo.Type is KubeConfig KubeConfigFile *string `json:"kubeConfigFile"` }
func (*WebhookConnectionInfo) DeepCopy ¶ added in v0.30.0
func (in *WebhookConnectionInfo) DeepCopy() *WebhookConnectionInfo
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConnectionInfo.
func (*WebhookConnectionInfo) DeepCopyInto ¶ added in v0.30.0
func (in *WebhookConnectionInfo) DeepCopyInto(out *WebhookConnectionInfo)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookMatchCondition ¶ added in v0.30.0
type WebhookMatchCondition struct { // expression represents the expression which will be evaluated by CEL. Must evaluate to bool. // CEL expressions have access to the contents of the SubjectAccessReview in v1 version. // If version specified by subjectAccessReviewVersion in the request variable is v1beta1, // the contents would be converted to the v1 version before evaluating the CEL expression. // // - 'resourceAttributes' describes information for a resource access request and is unset for non-resource requests. e.g. has(request.resourceAttributes) && request.resourceAttributes.namespace == 'default' // - 'nonResourceAttributes' describes information for a non-resource access request and is unset for resource requests. e.g. has(request.nonResourceAttributes) && request.nonResourceAttributes.path == '/healthz'. // - 'user' is the user to test for. e.g. request.user == 'alice' // - 'groups' is the groups to test for. e.g. ('group1' in request.groups) // - 'extra' corresponds to the user.Info.GetExtra() method from the authenticator. // - 'uid' is the information about the requesting user. e.g. request.uid == '1' // // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ Expression string `json:"expression"` }
func (*WebhookMatchCondition) DeepCopy ¶ added in v0.30.0
func (in *WebhookMatchCondition) DeepCopy() *WebhookMatchCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookMatchCondition.
func (*WebhookMatchCondition) DeepCopyInto ¶ added in v0.30.0
func (in *WebhookMatchCondition) DeepCopyInto(out *WebhookMatchCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.