1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306
|
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// ConfigMapFileReference references a config map in a specific namespace.
// The namespace must be specified at the point of use.
type ConfigMapFileReference struct {
Name string `json:"name"`
// Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
Key string `json:"key,omitempty"`
}
// ConfigMapNameReference references a config map in a specific namespace.
// The namespace must be specified at the point of use.
type ConfigMapNameReference struct {
// name is the metadata.name of the referenced config map
Name string `json:"name"`
}
// SecretNameReference references a secret in a specific namespace.
// The namespace must be specified at the point of use.
type SecretNameReference struct {
// name is the metadata.name of the referenced secret
Name string `json:"name"`
}
// HTTPServingInfo holds configuration for serving HTTP
type HTTPServingInfo struct {
// ServingInfo is the HTTP serving information
ServingInfo `json:",inline"`
// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.
MaxRequestsInFlight int64 `json:"maxRequestsInFlight"`
// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if
// -1 there is no limit on requests.
RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"`
}
// ServingInfo holds information about serving web pages
type ServingInfo struct {
// BindAddress is the ip:port to serve on
BindAddress string `json:"bindAddress"`
// BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp",
// "tcp4", and "tcp6"
BindNetwork string `json:"bindNetwork"`
// CertInfo is the TLS cert info for serving secure traffic.
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
// +optional
ClientCA string `json:"clientCA,omitempty"`
// NamedCertificates is a list of certificates to use to secure requests to specific hostnames
NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"`
// MinTLSVersion is the minimum TLS version supported.
// Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
MinTLSVersion string `json:"minTLSVersion,omitempty"`
// CipherSuites contains an overridden list of ciphers for the server to support.
// Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants
CipherSuites []string `json:"cipherSuites,omitempty"`
}
// CertInfo relates a certificate with a private key
type CertInfo struct {
// CertFile is a file containing a PEM-encoded certificate
CertFile string `json:"certFile"`
// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
KeyFile string `json:"keyFile"`
}
// NamedCertificate specifies a certificate/key, and the names it should be served for
type NamedCertificate struct {
// Names is a list of DNS names this certificate should be used to secure
// A name can be a normal DNS name, or can contain leading wildcard segments.
Names []string `json:"names,omitempty"`
// CertInfo is the TLS cert info for serving secure traffic
CertInfo `json:",inline"`
}
// LeaderElection provides information to elect a leader
type LeaderElection struct {
// disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case.
Disable bool `json:"disable,omitempty"`
// namespace indicates which namespace the resource is in
Namespace string `json:"namespace,omitempty"`
// name indicates what name to use for the resource
Name string `json:"name,omitempty"`
// leaseDuration is the duration that non-leader candidates will wait
// after observing a leadership renewal until attempting to acquire
// leadership of a led but unrenewed leader slot. This is effectively the
// maximum duration that a leader can be stopped before it is replaced
// by another candidate. This is only applicable if leader election is
// enabled.
// +nullable
LeaseDuration metav1.Duration `json:"leaseDuration"`
// renewDeadline is the interval between attempts by the acting master to
// renew a leadership slot before it stops leading. This must be less
// than or equal to the lease duration. This is only applicable if leader
// election is enabled.
// +nullable
RenewDeadline metav1.Duration `json:"renewDeadline"`
// retryPeriod is the duration the clients should wait between attempting
// acquisition and renewal of a leadership. This is only applicable if
// leader election is enabled.
// +nullable
RetryPeriod metav1.Duration `json:"retryPeriod"`
}
// StringSource allows specifying a string inline, or externally via env var or file.
// When it contains only a string value, it marshals to a simple JSON string.
type StringSource struct {
// StringSourceSpec specifies the string value, or external location
StringSourceSpec `json:",inline"`
}
// StringSourceSpec specifies a string value, or external location
type StringSourceSpec struct {
// Value specifies the cleartext value, or an encrypted value if keyFile is specified.
Value string `json:"value"`
// Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.
Env string `json:"env"`
// File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.
File string `json:"file"`
// KeyFile references a file containing the key to use to decrypt the value.
KeyFile string `json:"keyFile"`
}
// RemoteConnectionInfo holds information necessary for establishing a remote connection
type RemoteConnectionInfo struct {
// URL is the remote URL to connect to
URL string `json:"url"`
// CA is the CA for verifying TLS connections
CA string `json:"ca"`
// CertInfo is the TLS client cert information to present
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
}
type AdmissionConfig struct {
PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"`
// enabledPlugins is a list of admission plugins that must be on in addition to the default list.
// Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon
// and can result in performance penalties and unexpected behavior.
EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"`
// disabledPlugins is a list of admission plugins that must be off. Putting something in this list
// is almost always a mistake and likely to result in cluster instability.
DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"`
}
// AdmissionPluginConfig holds the necessary configuration options for admission plugins
type AdmissionPluginConfig struct {
// Location is the path to a configuration file that contains the plugin's
// configuration
Location string `json:"location"`
// Configuration is an embedded configuration object to be used as the plugin's
// configuration. If present, it will be used instead of the path to the configuration file.
// +nullable
Configuration runtime.RawExtension `json:"configuration"`
}
type LogFormatType string
type WebHookModeType string
const (
// LogFormatLegacy saves event in 1-line text format.
LogFormatLegacy LogFormatType = "legacy"
// LogFormatJson saves event in structured json format.
LogFormatJson LogFormatType = "json"
// WebHookModeBatch indicates that the webhook should buffer audit events
// internally, sending batch updates either once a certain number of
// events have been received or a certain amount of time has passed.
WebHookModeBatch WebHookModeType = "batch"
// WebHookModeBlocking causes the webhook to block on every attempt to process
// a set of events. This causes requests to the API server to wait for a
// round trip to the external audit service before sending a response.
WebHookModeBlocking WebHookModeType = "blocking"
)
// AuditConfig holds configuration for the audit capabilities
type AuditConfig struct {
// If this flag is set, audit log will be printed in the logs.
// The logs contains, method, user and a requested URL.
Enabled bool `json:"enabled"`
// All requests coming to the apiserver will be logged to this file.
AuditFilePath string `json:"auditFilePath"`
// Maximum number of days to retain old log files based on the timestamp encoded in their filename.
MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"`
// Maximum number of old log files to retain.
MaximumRetainedFiles int32 `json:"maximumRetainedFiles"`
// Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.
MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"`
// PolicyFile is a path to the file that defines the audit policy configuration.
PolicyFile string `json:"policyFile"`
// PolicyConfiguration is an embedded policy configuration object to be used
// as the audit policy configuration. If present, it will be used instead of
// the path to the policy file.
// +nullable
PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"`
// Format of saved audits (legacy or json).
LogFormat LogFormatType `json:"logFormat"`
// Path to a .kubeconfig formatted file that defines the audit webhook configuration.
WebHookKubeConfig string `json:"webHookKubeConfig"`
// Strategy for sending audit events (block or batch).
WebHookMode WebHookModeType `json:"webHookMode"`
}
// EtcdConnectionInfo holds information necessary for connecting to an etcd server
type EtcdConnectionInfo struct {
// URLs are the URLs for etcd
URLs []string `json:"urls,omitempty"`
// CA is a file containing trusted roots for the etcd server certificates
CA string `json:"ca"`
// CertInfo is the TLS client cert information for securing communication to etcd
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
}
type EtcdStorageConfig struct {
EtcdConnectionInfo `json:",inline"`
// StoragePrefix is the path within etcd that the OpenShift resources will
// be rooted under. This value, if changed, will mean existing objects in etcd will
// no longer be located.
StoragePrefix string `json:"storagePrefix"`
}
// GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd
type GenericAPIServerConfig struct {
// servingInfo describes how to start serving
ServingInfo HTTPServingInfo `json:"servingInfo"`
// corsAllowedOrigins
CORSAllowedOrigins []string `json:"corsAllowedOrigins"`
// auditConfig describes how to configure audit information
AuditConfig AuditConfig `json:"auditConfig"`
// storageConfig contains information about how to use
StorageConfig EtcdStorageConfig `json:"storageConfig"`
// admissionConfig holds information about how to configure admission.
AdmissionConfig AdmissionConfig `json:"admission"`
KubeClientConfig KubeClientConfig `json:"kubeClientConfig"`
}
type KubeClientConfig struct {
// kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config
KubeConfig string `json:"kubeConfig"`
// connectionOverrides specifies client overrides for system components to loop back to this master.
ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"`
}
type ClientConnectionOverrides struct {
// acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
// default value of 'application/json'. This field will control all connections to the server used by a particular
// client.
AcceptContentTypes string `json:"acceptContentTypes"`
// contentType is the content type used when sending data to the server from this client.
ContentType string `json:"contentType"`
// qps controls the number of queries per second allowed for this connection.
QPS float32 `json:"qps"`
// burst allows extra queries to accumulate when a client is exceeding its rate.
Burst int32 `json:"burst"`
}
// GenericControllerConfig provides information to configure a controller
type GenericControllerConfig struct {
// ServingInfo is the HTTP serving information for the controller's endpoints
ServingInfo HTTPServingInfo `json:"servingInfo"`
// leaderElection provides information to elect a leader. Only override this if you have a specific need
LeaderElection LeaderElection `json:"leaderElection"`
// authentication allows configuration of authentication for the endpoints
Authentication DelegatedAuthentication `json:"authentication"`
// authorization allows configuration of authentication for the endpoints
Authorization DelegatedAuthorization `json:"authorization"`
}
// DelegatedAuthentication allows authentication to be disabled.
type DelegatedAuthentication struct {
// disabled indicates that authentication should be disabled. By default it will use delegated authentication.
Disabled bool `json:"disabled,omitempty"`
}
// DelegatedAuthorization allows authorization to be disabled.
type DelegatedAuthorization struct {
// disabled indicates that authorization should be disabled. By default it will use delegated authorization.
Disabled bool `json:"disabled,omitempty"`
}
|