apiserverk8s.io/apiserver/pkg/apis/apiserver Index | Files | Directories

package apiserver

import "k8s.io/apiserver/pkg/apis/apiserver"

Package apiserver is the internal version of the API.

Index

Constants

const (
	TypeWebhook                                          AuthorizerType = "Webhook"
	FailurePolicyNoOpinion                               string         = "NoOpinion"
	FailurePolicyDeny                                    string         = "Deny"
	AuthorizationWebhookConnectionInfoTypeKubeConfigFile string         = "KubeConfigFile"
	AuthorizationWebhookConnectionInfoTypeInCluster      string         = "InClusterConfig"
)
const GroupName = "apiserver.config.k8s.io"
const LegacyGroupName = "apiserver.k8s.io"

Variables

var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
var LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal}

LegacySchemeGroupVersion is group version used to register these objects

var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Types

type AdmissionConfiguration

type AdmissionConfiguration struct {
	metav1.TypeMeta

	// Plugins allows specifying a configuration per admission control plugin.
	// +optional
	Plugins []AdmissionPluginConfiguration
}

AdmissionConfiguration provides versioned configuration for admission controllers.

func (*AdmissionConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfiguration.

func (*AdmissionConfiguration) DeepCopyInto

func (in *AdmissionConfiguration) DeepCopyInto(out *AdmissionConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AdmissionConfiguration) DeepCopyObject

func (in *AdmissionConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AdmissionPluginConfiguration

type AdmissionPluginConfiguration struct {
	// Name is the name of the admission controller.
	// It must match the registered admission plugin name.
	Name string

	// Path is the path to a configuration file that contains the plugin's
	// configuration
	// +optional
	Path string

	// Configuration is an embedded configuration object to be used as the plugin's
	// configuration. If present, it will be used instead of the path to the configuration file.
	// +optional
	Configuration *runtime.Unknown
}

AdmissionPluginConfiguration provides the configuration for a single plug-in.

func (*AdmissionPluginConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfiguration.

func (*AdmissionPluginConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthenticationConfiguration

type AuthenticationConfiguration struct {
	metav1.TypeMeta

	JWT []JWTAuthenticator
}

AuthenticationConfiguration provides versioned configuration for authentication.

func (*AuthenticationConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationConfiguration.

func (*AuthenticationConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthenticationConfiguration) DeepCopyObject

func (in *AuthenticationConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthorizationConfiguration

type AuthorizationConfiguration struct {
	metav1.TypeMeta

	// Authorizers is an ordered list of authorizers to
	// authorize requests against.
	// This is similar to the --authorization-modes kube-apiserver flag
	// Must be at least one.
	Authorizers []AuthorizerConfiguration `json:"authorizers"`
}

func (*AuthorizationConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfiguration.

func (*AuthorizationConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthorizationConfiguration) DeepCopyObject

func (in *AuthorizationConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthorizerConfiguration

type AuthorizerConfiguration struct {
	// Type refers to the type of the authorizer
	// "Webhook" is supported in the generic API server
	// Other API servers may support additional authorizer
	// types like Node, RBAC, ABAC, etc.
	Type AuthorizerType

	// Name used to describe the webhook
	// This is explicitly used in monitoring machinery for metrics
	// Note: Names must be DNS1123 labels like `myauthorizername` or
	//		 subdomains like `myauthorizer.example.domain`
	// Required, with no default
	Name string

	// Webhook defines the configuration for a Webhook authorizer
	// Must be defined when Type=Webhook
	Webhook *WebhookConfiguration
}

func (*AuthorizerConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizerConfiguration.

func (*AuthorizerConfiguration) DeepCopyInto

func (in *AuthorizerConfiguration) DeepCopyInto(out *AuthorizerConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthorizerType

type AuthorizerType string

type ClaimMappings

type ClaimMappings struct {
	Username PrefixedClaimOrExpression
	Groups   PrefixedClaimOrExpression
	UID      ClaimOrExpression
	Extra    []ExtraMapping
}

ClaimMappings provides the configuration for claim mapping

func (*ClaimMappings) DeepCopy

func (in *ClaimMappings) DeepCopy() *ClaimMappings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimMappings.

func (*ClaimMappings) DeepCopyInto

func (in *ClaimMappings) DeepCopyInto(out *ClaimMappings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClaimOrExpression

type ClaimOrExpression struct {
	Claim      string
	Expression string
}

ClaimOrExpression provides the configuration for a single claim or expression.

func (*ClaimOrExpression) DeepCopy

func (in *ClaimOrExpression) DeepCopy() *ClaimOrExpression

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimOrExpression.

func (*ClaimOrExpression) DeepCopyInto

func (in *ClaimOrExpression) DeepCopyInto(out *ClaimOrExpression)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClaimValidationRule

type ClaimValidationRule struct {
	Claim         string
	RequiredValue string

	Expression string
	Message    string
}

ClaimValidationRule provides the configuration for a single claim validation rule.

func (*ClaimValidationRule) DeepCopy

func (in *ClaimValidationRule) DeepCopy() *ClaimValidationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimValidationRule.

func (*ClaimValidationRule) DeepCopyInto

func (in *ClaimValidationRule) DeepCopyInto(out *ClaimValidationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Connection

type Connection struct {
	// Protocol is the protocol used to connect from client to the konnectivity server.
	ProxyProtocol ProtocolType

	// Transport defines the transport configurations we use to dial to the konnectivity server.
	// This is required if ProxyProtocol is HTTPConnect or GRPC.
	// +optional
	Transport *Transport
}

Connection provides the configuration for a single egress selection client.

func (*Connection) DeepCopy

func (in *Connection) DeepCopy() *Connection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection.

func (*Connection) DeepCopyInto

func (in *Connection) DeepCopyInto(out *Connection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressSelection

type EgressSelection struct {
	// Name is the name of the egress selection.
	// Currently supported values are "controlplane", "etcd" and "cluster"
	Name string

	// Connection is the exact information used to configure the egress selection
	Connection Connection
}

EgressSelection provides the configuration for a single egress selection client.

func (*EgressSelection) DeepCopy

func (in *EgressSelection) DeepCopy() *EgressSelection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelection.

func (*EgressSelection) DeepCopyInto

func (in *EgressSelection) DeepCopyInto(out *EgressSelection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressSelectorConfiguration

type EgressSelectorConfiguration struct {
	metav1.TypeMeta

	// EgressSelections contains a list of egress selection client configurations
	EgressSelections []EgressSelection
}

EgressSelectorConfiguration provides versioned configuration for egress selector clients.

func (*EgressSelectorConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelectorConfiguration.

func (*EgressSelectorConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EgressSelectorConfiguration) DeepCopyObject

func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExtraMapping

type ExtraMapping struct {
	Key             string
	ValueExpression string
}

ExtraMapping provides the configuration for a single extra mapping.

func (*ExtraMapping) DeepCopy

func (in *ExtraMapping) DeepCopy() *ExtraMapping

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraMapping.

func (*ExtraMapping) DeepCopyInto

func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Issuer

type Issuer struct {
	URL                  string
	CertificateAuthority string
	Audiences            []string
}

Issuer provides the configuration for a external provider specific settings.

func (*Issuer) DeepCopy

func (in *Issuer) DeepCopy() *Issuer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.

func (*Issuer) DeepCopyInto

func (in *Issuer) DeepCopyInto(out *Issuer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTAuthenticator

type JWTAuthenticator struct {
	Issuer               Issuer
	ClaimValidationRules []ClaimValidationRule
	ClaimMappings        ClaimMappings
	UserValidationRules  []UserValidationRule
}

JWTAuthenticator provides the configuration for a single JWT authenticator.

func (*JWTAuthenticator) DeepCopy

func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.

func (*JWTAuthenticator) DeepCopyInto

func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PrefixedClaimOrExpression

type PrefixedClaimOrExpression struct {
	Claim  string
	Prefix *string

	Expression string
}

PrefixedClaimOrExpression provides the configuration for a single prefixed claim or expression.

func (*PrefixedClaimOrExpression) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefixedClaimOrExpression.

func (*PrefixedClaimOrExpression) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProtocolType

type ProtocolType string

ProtocolType is a set of valid values for Connection.ProtocolType

const (
	// Use HTTPConnect to connect to konnectivity server
	ProtocolHTTPConnect ProtocolType = "HTTPConnect"
	// Use grpc to connect to konnectivity server
	ProtocolGRPC ProtocolType = "GRPC"
	// Connect directly (skip konnectivity server)
	ProtocolDirect ProtocolType = "Direct"
)

Valid types for ProtocolType for konnectivity server

type TCPTransport

type TCPTransport struct {
	// URL is the location of the konnectivity server to connect to.
	// As an example it might be "https://127.0.0.1:8131"
	URL string

	// TLSConfig is the config needed to use TLS when connecting to konnectivity server
	// +optional
	TLSConfig *TLSConfig
}

TCPTransport provides the information to connect to konnectivity server via TCP

func (*TCPTransport) DeepCopy

func (in *TCPTransport) DeepCopy() *TCPTransport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTransport.

func (*TCPTransport) DeepCopyInto

func (in *TCPTransport) DeepCopyInto(out *TCPTransport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSConfig

type TLSConfig struct {
	// caBundle is the file location of the CA to be used to determine trust with the konnectivity server.
	// Must be absent/empty if TCPTransport.URL is prefixed with http://
	// If absent while TCPTransport.URL is prefixed with https://, default to system trust roots.
	// +optional
	CABundle string

	// clientKey is the file location of the client key to authenticate with the konnectivity server
	// Must be absent/empty if TCPTransport.URL is prefixed with http://
	// Must be configured if TCPTransport.URL is prefixed with https://
	// +optional
	ClientKey string

	// clientCert is the file location of the client certificate to authenticate with the konnectivity server
	// Must be absent/empty if TCPTransport.URL is prefixed with http://
	// Must be configured if TCPTransport.URL is prefixed with https://
	// +optional
	ClientCert string
}

TLSConfig provides the authentication information to connect to konnectivity server Only used with TCPTransport

func (*TLSConfig) DeepCopy

func (in *TLSConfig) DeepCopy() *TLSConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.

func (*TLSConfig) DeepCopyInto

func (in *TLSConfig) DeepCopyInto(out *TLSConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TracingConfiguration

type TracingConfiguration struct {
	metav1.TypeMeta

	// Embed the component config tracing configuration struct
	tracingapi.TracingConfiguration
}

TracingConfiguration provides versioned configuration for tracing clients.

func (*TracingConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfiguration.

func (*TracingConfiguration) DeepCopyInto

func (in *TracingConfiguration) DeepCopyInto(out *TracingConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TracingConfiguration) DeepCopyObject

func (in *TracingConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type Transport

type Transport struct {
	// TCP is the TCP configuration for communicating with the konnectivity server via TCP
	// ProxyProtocol of GRPC is not supported with TCP transport at the moment
	// Requires at least one of TCP or UDS to be set
	// +optional
	TCP *TCPTransport

	// UDS is the UDS configuration for communicating with the konnectivity server via UDS
	// Requires at least one of TCP or UDS to be set
	// +optional
	UDS *UDSTransport
}

Transport defines the transport configurations we use to dial to the konnectivity server

func (*Transport) DeepCopy

func (in *Transport) DeepCopy() *Transport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Transport.

func (*Transport) DeepCopyInto

func (in *Transport) DeepCopyInto(out *Transport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UDSTransport

type UDSTransport struct {
	// UDSName is the name of the unix domain socket to connect to konnectivity server
	// This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket)
	UDSName string
}

UDSTransport provides the information to connect to konnectivity server via UDS

func (*UDSTransport) DeepCopy

func (in *UDSTransport) DeepCopy() *UDSTransport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDSTransport.

func (*UDSTransport) DeepCopyInto

func (in *UDSTransport) DeepCopyInto(out *UDSTransport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UserValidationRule

type UserValidationRule struct {
	Expression string
	Message    string
}

UserValidationRule provides the configuration for a single user validation rule.

func (*UserValidationRule) DeepCopy

func (in *UserValidationRule) DeepCopy() *UserValidationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserValidationRule.

func (*UserValidationRule) DeepCopyInto

func (in *UserValidationRule) DeepCopyInto(out *UserValidationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookConfiguration

type WebhookConfiguration struct {
	// The duration to cache 'authorized' responses from the webhook
	// authorizer.
	// Same as setting `--authorization-webhook-cache-authorized-ttl` flag
	// Default: 5m0s
	AuthorizedTTL metav1.Duration
	// The duration to cache 'unauthorized' responses from the webhook
	// authorizer.
	// Same as setting `--authorization-webhook-cache-unauthorized-ttl` flag
	// Default: 30s
	UnauthorizedTTL metav1.Duration
	// Timeout for the webhook request
	// Maximum allowed value is 30s.
	// Required, no default value.
	Timeout metav1.Duration
	// The API version of the authorization.k8s.io SubjectAccessReview to
	// send to and expect from the webhook.
	// Same as setting `--authorization-webhook-version` flag
	// Valid values: v1beta1, v1
	// Required, no default value
	SubjectAccessReviewVersion string
	// MatchConditionSubjectAccessReviewVersion specifies the SubjectAccessReview
	// version the CEL expressions are evaluated against
	// Valid values: v1
	// Required, no default value
	MatchConditionSubjectAccessReviewVersion string
	// Controls the authorization decision when a webhook request fails to
	// complete or returns a malformed response or errors evaluating
	// matchConditions.
	// Valid values:
	//   - NoOpinion: continue to subsequent authorizers to see if one of
	//     them allows the request
	//   - Deny: reject the request without consulting subsequent authorizers
	// Required, with no default.
	FailurePolicy string

	// ConnectionInfo defines how we talk to the webhook
	ConnectionInfo WebhookConnectionInfo

	// matchConditions is a list of conditions that must be met for a request to be sent to this
	// webhook. An empty list of matchConditions matches all requests.
	// There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If at least one matchCondition evaluates to FALSE, then the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, then the webhook is called.
	//   3. If at least one matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Deny, then the webhook rejects the request
	//      - If failurePolicy=NoOpinion, then the error is ignored and the webhook is skipped
	MatchConditions []WebhookMatchCondition
}

func (*WebhookConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConfiguration.

func (*WebhookConfiguration) DeepCopyInto

func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookConnectionInfo

type WebhookConnectionInfo struct {
	// Controls how the webhook should communicate with the server.
	// Valid values:
	// - KubeConfigFile: use the file specified in kubeConfigFile to locate the
	//   server.
	// - InClusterConfig: use the in-cluster configuration to call the
	//   SubjectAccessReview API hosted by kube-apiserver. This mode is not
	//   allowed for kube-apiserver.
	Type string

	// Path to KubeConfigFile for connection info
	// Required, if connectionInfo.Type is KubeConfig
	KubeConfigFile *string
}

func (*WebhookConnectionInfo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConnectionInfo.

func (*WebhookConnectionInfo) DeepCopyInto

func (in *WebhookConnectionInfo) DeepCopyInto(out *WebhookConnectionInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookMatchCondition

type WebhookMatchCondition struct {
	// expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
	// CEL expressions have access to the contents of the SubjectAccessReview in v1 version.
	// If version specified by subjectAccessReviewVersion in the request variable is v1beta1,
	// the contents would be converted to the v1 version before evaluating the CEL expression.
	//
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	Expression string
}

func (*WebhookMatchCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookMatchCondition.

func (*WebhookMatchCondition) DeepCopyInto

func (in *WebhookMatchCondition) DeepCopyInto(out *WebhookMatchCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

doc.go register.go types.go zz_generated.deepcopy.go

Directories

PathSynopsis
pkg/apis/apiserver/install
pkg/apis/apiserver/load
pkg/apis/apiserver/v1Package v1 is the v1 version of the API.
pkg/apis/apiserver/v1alpha1Package v1alpha1 is the v1alpha1 version of the API.
pkg/apis/apiserver/v1beta1Package v1beta1 is the v1beta1 version of the API.
pkg/apis/apiserver/validation
Version
v0.29.5
Published
May 15, 2024
Platform
windows/amd64
Imports
4 packages
Last checked
16 seconds ago

Tools for package owners.