flowcontrol

package
v1.17.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2019 License: Apache-2.0 Imports: 3 Imported by: 16

Documentation

Overview

Package flowcontrol provides api definitions for the "flowcontrol.apiserver.k8s.io" api group.

Index

Constants

View Source 
const (
	APIGroupAll    = "*"
	ResourceAll    = "*"
	VerbAll        = "*"
	NonResourceAll = "*"

	NameAll = "*"
)

These are valid wildcards.

View Source 
const (
	FlowSchemaConditionDangling = "Dangling"

	PriorityLevelConfigurationConditionConcurrencyShared = "ConcurrencyShared"
)

Conditions

View Source 
const GroupName = "flowcontrol.apiserver.k8s.io"

GroupName is the name of api group

View Source 
const (
	PriorityLevelConfigurationNameExempt = "exempt"
)

System preset priority level names

Variables

View Source 
var (
	// SchemeBuilder installs the api group to a scheme
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme adds api to a scheme
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ConditionStatus 

type ConditionStatus string

ConditionStatus is the status of the condition. 

const (
	ConditionTrue    ConditionStatus = "True"
	ConditionFalse   ConditionStatus = "False"
	ConditionUnknown ConditionStatus = "Unknown"
)

These are valid condition statuses. "ConditionTrue" means a resource is in the condition. "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes can't decide if a resource is in the condition or not. In the future, we could add other intermediate conditions, e.g. ConditionDegraded.

type FlowDistinguisherMethod 

type FlowDistinguisherMethod struct {
	// `type` is the type of flow distinguisher method
	// The supported types are "ByUser" and "ByNamespace".
	// Required.
	Type FlowDistinguisherMethodType
}

FlowDistinguisherMethod specifies the method of a flow distinguisher.

func (*FlowDistinguisherMethod) DeepCopy 

func (in *FlowDistinguisherMethod) DeepCopy() *FlowDistinguisherMethod

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowDistinguisherMethod.

func (*FlowDistinguisherMethod) DeepCopyInto 

func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FlowDistinguisherMethodType 

type FlowDistinguisherMethodType string

FlowDistinguisherMethodType is the type of flow distinguisher method 

const (
	// FlowDistinguisherMethodByUserType specifies that the flow distinguisher is the username in the request.
	// This type is used to provide some insulation between users.
	FlowDistinguisherMethodByUserType FlowDistinguisherMethodType = "ByUser"

	// FlowDistinguisherMethodByNamespaceType specifies that the flow distinguisher is the namespace of the
	// object that the request acts upon. If the object is not namespaced, or if the request is a non-resource
	// request, then the distinguisher will be the empty string. An example usage of this type is to provide
	// some insulation between tenants in a situation where there are multiple tenants and each namespace
	// is dedicated to a tenant.
	FlowDistinguisherMethodByNamespaceType FlowDistinguisherMethodType = "ByNamespace"
)

These are valid flow-distinguisher methods.

type FlowSchema 

type FlowSchema struct {
	metav1.TypeMeta
	// `metadata` is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
	// +optional
	metav1.ObjectMeta
	// `spec` is the specification of the desired behavior of a FlowSchema.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
	// +optional
	Spec FlowSchemaSpec
	// `status` is the current status of a FlowSchema.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
	// +optional
	Status FlowSchemaStatus
}

FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".

func (*FlowSchema) DeepCopy 

func (in *FlowSchema) DeepCopy() *FlowSchema

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchema.

func (*FlowSchema) DeepCopyInto 

func (in *FlowSchema) DeepCopyInto(out *FlowSchema)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FlowSchema) DeepCopyObject 

func (in *FlowSchema) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type FlowSchemaCondition 

type FlowSchemaCondition struct {
	// `type` is the type of the condition.
	// Required.
	Type FlowSchemaConditionType
	// `status` is the status of the condition.
	// Can be True, False, Unknown.
	// Required.
	Status ConditionStatus
	// `lastTransitionTime` is the last time the condition transitioned from one status to another.
	LastTransitionTime metav1.Time
	// `reason` is a unique, one-word, CamelCase reason for the condition's last transition.
	Reason string
	// `message` is a human-readable message indicating details about last transition.
	Message string
}

FlowSchemaCondition describes conditions for a FlowSchema.

func (*FlowSchemaCondition) DeepCopy 

func (in *FlowSchemaCondition) DeepCopy() *FlowSchemaCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaCondition.

func (*FlowSchemaCondition) DeepCopyInto 

func (in *FlowSchemaCondition) DeepCopyInto(out *FlowSchemaCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FlowSchemaConditionType 

type FlowSchemaConditionType string

FlowSchemaConditionType is a valid value for FlowSchemaStatusCondition.Type

type FlowSchemaList 

type FlowSchemaList struct {
	metav1.TypeMeta
	// `metadata` is the standard list metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
	// +optional
	metav1.ListMeta

	// `items` is a list of FlowSchemas.
	// +listType=set
	Items []FlowSchema
}

FlowSchemaList is a list of FlowSchema objects.

func (*FlowSchemaList) DeepCopy 

func (in *FlowSchemaList) DeepCopy() *FlowSchemaList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaList.

func (*FlowSchemaList) DeepCopyInto 

func (in *FlowSchemaList) DeepCopyInto(out *FlowSchemaList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FlowSchemaList) DeepCopyObject 

func (in *FlowSchemaList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type FlowSchemaSpec 

type FlowSchemaSpec struct {
	// `priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot
	// be resolved, the FlowSchema will be ignored and marked as invalid in its status.
	// Required.
	PriorityLevelConfiguration PriorityLevelConfigurationReference
	// `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen
	// FlowSchema is among those with the numerically lowest (which we take to be logically highest)
	// MatchingPrecedence.  Each MatchingPrecedence value must be non-negative.
	// Note that if the precedence is not specified or zero, it will be set to 1000 as default.
	// +optional
	MatchingPrecedence int32
	// `distinguisherMethod` defines how to compute the flow distinguisher for requests that match this schema.
	// `nil` specifies that the distinguisher is disabled and thus will always be the empty string.
	// +optional
	DistinguisherMethod *FlowDistinguisherMethod
	// `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if
	// at least one member of rules matches the request.
	// if it is an empty slice, there will be no requests matching the FlowSchema.
	// +listType=set
	// +optional
	Rules []PolicyRulesWithSubjects
}

FlowSchemaSpec describes how the FlowSchema's specification looks like.

func (*FlowSchemaSpec) DeepCopy 

func (in *FlowSchemaSpec) DeepCopy() *FlowSchemaSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaSpec.

func (*FlowSchemaSpec) DeepCopyInto 

func (in *FlowSchemaSpec) DeepCopyInto(out *FlowSchemaSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FlowSchemaStatus 

type FlowSchemaStatus struct {
	// `conditions` is a list of the current states of FlowSchema.
	// +listType=associative
	// +listMapKey=type
	// +optional
	Conditions []FlowSchemaCondition
}

FlowSchemaStatus represents the current state of a FlowSchema.

func (*FlowSchemaStatus) DeepCopy 

func (in *FlowSchemaStatus) DeepCopy() *FlowSchemaStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaStatus.

func (*FlowSchemaStatus) DeepCopyInto 

func (in *FlowSchemaStatus) DeepCopyInto(out *FlowSchemaStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupSubject 

type GroupSubject struct {
	// name is the user group that matches, or "*" to match all user groups.
	// See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some
	// well-known group names.
	// Required.
	Name string
}

GroupSubject holds detailed information for group-kind subject.

func (*GroupSubject) DeepCopy 

func (in *GroupSubject) DeepCopy() *GroupSubject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSubject.

func (*GroupSubject) DeepCopyInto 

func (in *GroupSubject) DeepCopyInto(out *GroupSubject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NonResourcePolicyRule 

type NonResourcePolicyRule struct {
	// `verbs` is a list of matching verbs and may not be empty.
	// "*" matches all verbs. If it is present, it must be the only entry.
	// +listType=set
	// Required.
	Verbs []string
	// `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty.
	// For example:
	//   - "/healthz" is legal
	//   - "/hea*" is illegal
	//   - "/hea" is legal but matches nothing
	//   - "/hea/*" also matches nothing
	//   - "/healthz/*" matches all per-component health checks.
	// "*" matches all non-resource urls. if it is present, it must be the only entry.
	// +listType=set
	// Required.
	NonResourceURLs []string
}

NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.

func (*NonResourcePolicyRule) DeepCopy 

func (in *NonResourcePolicyRule) DeepCopy() *NonResourcePolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonResourcePolicyRule.

func (*NonResourcePolicyRule) DeepCopyInto 

func (in *NonResourcePolicyRule) DeepCopyInto(out *NonResourcePolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyRulesWithSubjects 

type PolicyRulesWithSubjects struct {
	// subjects is the list of normal user, serviceaccount, or group that this rule cares about.
	// There must be at least one member in this slice.
	// A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request.
	// +listType=set
	// Required.
	Subjects []Subject
	// `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the
	// target resource.
	// At least one of `resourceRules` and `nonResourceRules` has to be non-empty.
	// +listType=set
	// +optional
	ResourceRules []ResourcePolicyRule
	// `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb
	// and the target non-resource URL.
	// +listType=set
	// +optional
	NonResourceRules []NonResourcePolicyRule
}

PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.

func (*PolicyRulesWithSubjects) DeepCopy 

func (in *PolicyRulesWithSubjects) DeepCopy() *PolicyRulesWithSubjects

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRulesWithSubjects.

func (*PolicyRulesWithSubjects) DeepCopyInto 

func (in *PolicyRulesWithSubjects) DeepCopyInto(out *PolicyRulesWithSubjects)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PriorityLevelConfiguration 

type PriorityLevelConfiguration struct {
	metav1.TypeMeta
	// `metadata` is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
	// +optional
	metav1.ObjectMeta
	// `spec` is the specification of the desired behavior of a "request-priority".
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
	// +optional
	Spec PriorityLevelConfigurationSpec
	// `status` is the current status of a "request-priority".
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
	// +optional
	Status PriorityLevelConfigurationStatus
}

PriorityLevelConfiguration represents the configuration of a priority level.

func (*PriorityLevelConfiguration) DeepCopy 

func (in *PriorityLevelConfiguration) DeepCopy() *PriorityLevelConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfiguration.

func (*PriorityLevelConfiguration) DeepCopyInto 

func (in *PriorityLevelConfiguration) DeepCopyInto(out *PriorityLevelConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PriorityLevelConfiguration) DeepCopyObject 

func (in *PriorityLevelConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PriorityLevelConfigurationCondition 

type PriorityLevelConfigurationCondition struct {
	// `type` is the type of the condition.
	// Required.
	Type PriorityLevelConfigurationConditionType
	// `status` is the status of the condition.
	// Can be True, False, Unknown.
	// Required.
	Status ConditionStatus
	// `lastTransitionTime` is the last time the condition transitioned from one status to another.
	LastTransitionTime metav1.Time
	// `reason` is a unique, one-word, CamelCase reason for the condition's last transition.
	Reason string
	// `message` is a human-readable message indicating details about last transition.
	Message string
}

PriorityLevelConfigurationCondition defines the condition of priority level.

func (*PriorityLevelConfigurationCondition) DeepCopy 

func (in *PriorityLevelConfigurationCondition) DeepCopy() *PriorityLevelConfigurationCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationCondition.

func (*PriorityLevelConfigurationCondition) DeepCopyInto 

func (in *PriorityLevelConfigurationCondition) DeepCopyInto(out *PriorityLevelConfigurationCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PriorityLevelConfigurationConditionType 

type PriorityLevelConfigurationConditionType string

PriorityLevelConfigurationConditionType is a valid value for PriorityLevelConfigurationStatusCondition.Type

type PriorityLevelConfigurationList 

type PriorityLevelConfigurationList struct {
	metav1.TypeMeta
	// `metadata` is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
	// +optional
	metav1.ListMeta
	// `items` is a list of request-priorities.
	// +listType=set
	Items []PriorityLevelConfiguration
}

PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects.

func (*PriorityLevelConfigurationList) DeepCopy 

func (in *PriorityLevelConfigurationList) DeepCopy() *PriorityLevelConfigurationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationList.

func (*PriorityLevelConfigurationList) DeepCopyInto 

func (in *PriorityLevelConfigurationList) DeepCopyInto(out *PriorityLevelConfigurationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PriorityLevelConfigurationList) DeepCopyObject 

func (in *PriorityLevelConfigurationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PriorityLevelConfigurationReference 

type PriorityLevelConfigurationReference struct {
	// `name` is the name of the priority level configuration being referenced
	// Required.
	Name string
}

PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.

func (*PriorityLevelConfigurationReference) DeepCopy 

func (in *PriorityLevelConfigurationReference) DeepCopy() *PriorityLevelConfigurationReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationReference.

func (*PriorityLevelConfigurationReference) DeepCopyInto 

func (in *PriorityLevelConfigurationReference) DeepCopyInto(out *PriorityLevelConfigurationReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PriorityLevelConfigurationSpec 

type PriorityLevelConfigurationSpec struct {
	// `type` indicates whether this priority level does
	// queuing or is exempt.  Valid values are "Queuing" and "Exempt".
	// "Exempt" means that requests of this priority level are not subject
	// to concurrency limits (and thus are never queued) and do not detract
	// from the concurrency available for non-exempt requests. The "Exempt"
	// type is useful for apiserver self-requests and system administrator use.
	// Required.
	Type PriorityLevelQueueingType

	// `queuing` holds the configuration parameters that are
	// only meaningful for a priority level that does queuing (i.e.,
	// is not exempt).  This field must be non-empty if and only if
	// `queuingType` is `"Queuing"`.
	// +optional
	Queuing *QueuingConfiguration
}

PriorityLevelConfigurationSpec is specification of a priority level

func (*PriorityLevelConfigurationSpec) DeepCopy 

func (in *PriorityLevelConfigurationSpec) DeepCopy() *PriorityLevelConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationSpec.

func (*PriorityLevelConfigurationSpec) DeepCopyInto 

func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PriorityLevelConfigurationStatus 

type PriorityLevelConfigurationStatus struct {
	// `conditions` is the current state of "request-priority".
	// +listType=associative
	// +listMapKey=type
	// +optional
	Conditions []PriorityLevelConfigurationCondition
}

PriorityLevelConfigurationStatus represents the current state of a "request-priority".

func (*PriorityLevelConfigurationStatus) DeepCopy 

func (in *PriorityLevelConfigurationStatus) DeepCopy() *PriorityLevelConfigurationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationStatus.

func (*PriorityLevelConfigurationStatus) DeepCopyInto 

func (in *PriorityLevelConfigurationStatus) DeepCopyInto(out *PriorityLevelConfigurationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PriorityLevelQueueingType 

type PriorityLevelQueueingType string

PriorityLevelQueueingType identifies the queuing nature of a priority level 

const (
	// PriorityLevelQueuingTypeQueueing is the PriorityLevelQueueingType for priority levels that queue
	PriorityLevelQueuingTypeQueueing PriorityLevelQueueingType = "Queuing"

	// PriorityLevelQueuingTypeExempt is the PriorityLevelQueueingType for priority levels that are exempt from concurrency controls
	PriorityLevelQueuingTypeExempt PriorityLevelQueueingType = "Exempt"
)

Supported queuing types.

type QueuingConfiguration 

type QueuingConfiguration struct {
	// `assuredConcurrencyShares` (ACS) must be a positive number. The
	// server's concurrency limit (SCL) is divided among the
	// concurrency-controlled priority levels in proportion to their
	// assured concurrency shares. This produces the assured
	// concurrency value (ACV) for each such priority level:
	//
	//             ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) )
	//
	// bigger numbers of ACS mean more reserved concurrent requests (at the
	// expense of every other PL).
	// This field has a default value of 30.
	// +optional
	AssuredConcurrencyShares int32

	// `queues` is the number of queues for this priority level. The
	// queues exist independently at each apiserver. The value must be
	// positive.  Setting it to 1 effectively precludes
	// shufflesharding and thus makes the distinguisher method of
	// associated flow schemas irrelevant.  This field has a default
	// value of 64.
	// +optional
	Queues int32

	// `handSize` is a small positive number that configures the
	// shuffle sharding of requests into queues.  When enqueuing a request
	// at this priority level the request's flow identifier (a string
	// pair) is hashed and the hash value is used to shuffle the list
	// of queues and deal a hand of the size specified here.  The
	// request is put into one of the shortest queues in that hand.
	// `handSize` must be no larger than `queues`, and should be
	// significantly smaller (so that a few heavy flows do not
	// saturate most of the queues).  See the user-facing
	// documentation for more extensive guidance on setting this
	// field.  This field has a default value of 8.
	// +optional
	HandSize int32

	// `queueLengthLimit` is the maximum number of requests allowed to
	// be waiting in a given queue of this priority level at a time;
	// excess requests are rejected.  This value must be positive.  If
	// not specified, it will be defaulted to 50.
	// +optional
	QueueLengthLimit int32
}

QueuingConfiguration holds the configuration parameters that are specific to a priority level that is subject to concurrency controls

func (*QueuingConfiguration) DeepCopy 

func (in *QueuingConfiguration) DeepCopy() *QueuingConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueuingConfiguration.

func (*QueuingConfiguration) DeepCopyInto 

func (in *QueuingConfiguration) DeepCopyInto(out *QueuingConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourcePolicyRule 

type ResourcePolicyRule struct {
	// `verbs` is a list of matching verbs and may not be empty.
	// "*" matches all verbs. if it is present, it must be the only entry.
	// +listType=set
	// Required.
	Verbs []string
	// `apiGroups` is a list of matching API groups and may not be empty.
	// "*" matches all api-groups. if it is present, it must be the only entry.
	// +listType=set
	// Required.
	APIGroups []string
	// `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource.
	// For example, [ "services", "nodes/status" ].
	// This list may not be empty.
	// "*" matches all resources. if it is present, it must be the only entry.
	// +listType=set
	// Required.
	Resources []string
}

ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member of resources matches the request.

func (*ResourcePolicyRule) DeepCopy 

func (in *ResourcePolicyRule) DeepCopy() *ResourcePolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyRule.

func (*ResourcePolicyRule) DeepCopyInto 

func (in *ResourcePolicyRule) DeepCopyInto(out *ResourcePolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountSubject 

type ServiceAccountSubject struct {
	// `namespace` is the namespace of matching ServiceAccount objects.
	// Required.
	Namespace string
	// `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name.
	// Required.
	Name string
}

ServiceAccountSubject holds detailed information for service-account-kind subject.

func (*ServiceAccountSubject) DeepCopy 

func (in *ServiceAccountSubject) DeepCopy() *ServiceAccountSubject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountSubject.

func (*ServiceAccountSubject) DeepCopyInto 

func (in *ServiceAccountSubject) DeepCopyInto(out *ServiceAccountSubject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Subject 

type Subject struct {
	// Required
	// +unionDiscriminator
	Kind SubjectKind
	// +optional
	User *UserSubject
	// +optional
	Group *GroupSubject
	// +optional
	ServiceAccount *ServiceAccountSubject
}

Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account. +union

func (*Subject) DeepCopy 

func (in *Subject) DeepCopy() *Subject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.

func (*Subject) DeepCopyInto 

func (in *Subject) DeepCopyInto(out *Subject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SubjectKind 

type SubjectKind string

SubjectKind is the kind of subject. 

const (
	SubjectKindUser           SubjectKind = "User"
	SubjectKindGroup          SubjectKind = "Group"
	SubjectKindServiceAccount SubjectKind = "ServiceAccount"
)

Supported subject's kinds.

type UserSubject 

type UserSubject struct {
	// `name` is the username that matches, or "*" to match all usernames.
	// Required.
	Name string
}

UserSubject holds detailed information for user-kind subject.

func (*UserSubject) DeepCopy 

func (in *UserSubject) DeepCopy() *UserSubject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserSubject.

func (*UserSubject) DeepCopyInto 

func (in *UserSubject) DeepCopyInto(out *UserSubject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Directories

Path Synopsis
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
 Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.