v1

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var MatchConditionBlank = (&MatchConditionDie{}).DieFeed(admissionregistrationv1.MatchCondition{})
View Source 
var MutatingWebhookBlank = (&MutatingWebhookDie{}).DieFeed(admissionregistrationv1.MutatingWebhook{})
View Source 
var MutatingWebhookConfigurationBlank = (&MutatingWebhookConfigurationDie{}).DieFeed(admissionregistrationv1.MutatingWebhookConfiguration{})
View Source 
var RuleBlank = (&RuleDie{}).DieFeed(admissionregistrationv1.Rule{})
View Source 
var RuleWithOperationsBlank = (&RuleWithOperationsDie{}).DieFeed(admissionregistrationv1.RuleWithOperations{})
View Source 
var ServiceReferenceBlank = (&ServiceReferenceDie{}).DieFeed(admissionregistrationv1.ServiceReference{})
View Source 
var ValidatingWebhookBlank = (&ValidatingWebhookDie{}).DieFeed(admissionregistrationv1.ValidatingWebhook{})
View Source 
var ValidatingWebhookConfigurationBlank = (&ValidatingWebhookConfigurationDie{}).DieFeed(admissionregistrationv1.ValidatingWebhookConfiguration{})
View Source 
var WebhookClientConfigBlank = (&WebhookClientConfigDie{}).DieFeed(admissionregistrationv1.WebhookClientConfig{})

Functions

This section is empty.

Types

type MatchConditionDie added in v0.8.0 

type MatchConditionDie struct {
	// contains filtered or unexported fields
}

func (*MatchConditionDie) DeepCopy added in v0.8.0 

func (d *MatchConditionDie) DeepCopy() *MatchConditionDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MatchConditionDie) DieFeed added in v0.8.0 

func (d *MatchConditionDie) DieFeed(r admissionregistrationv1.MatchCondition) *MatchConditionDie

DieFeed returns a new die with the provided resource.

func (*MatchConditionDie) DieFeedJSON added in v0.8.0 

func (d *MatchConditionDie) DieFeedJSON(j []byte) *MatchConditionDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MatchConditionDie) DieFeedPtr added in v0.8.0 

func (d *MatchConditionDie) DieFeedPtr(r *admissionregistrationv1.MatchCondition) *MatchConditionDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MatchConditionDie) DieFeedRawExtension added in v0.8.0 

func (d *MatchConditionDie) DieFeedRawExtension(raw runtime.RawExtension) *MatchConditionDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MatchConditionDie) DieFeedYAML added in v0.8.0 

func (d *MatchConditionDie) DieFeedYAML(y []byte) *MatchConditionDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MatchConditionDie) DieFeedYAMLFile added in v0.8.0 

func (d *MatchConditionDie) DieFeedYAMLFile(name string) *MatchConditionDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MatchConditionDie) DieImmutable added in v0.8.0 

func (d *MatchConditionDie) DieImmutable(immutable bool) *MatchConditionDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MatchConditionDie) DieRelease added in v0.8.0 

func (d *MatchConditionDie) DieRelease() admissionregistrationv1.MatchCondition

DieRelease returns the resource managed by the die.

func (*MatchConditionDie) DieReleaseJSON added in v0.8.0 

func (d *MatchConditionDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MatchConditionDie) DieReleasePtr added in v0.8.0 

func (d *MatchConditionDie) DieReleasePtr() *admissionregistrationv1.MatchCondition

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MatchConditionDie) DieReleaseRawExtension added in v0.8.0 

func (d *MatchConditionDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MatchConditionDie) DieReleaseYAML added in v0.8.0 

func (d *MatchConditionDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MatchConditionDie) DieStamp added in v0.8.0 

func (d *MatchConditionDie) DieStamp(fn func(r *admissionregistrationv1.MatchCondition)) *MatchConditionDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MatchConditionDie) DieStampAt added in v0.8.0 

func (d *MatchConditionDie) DieStampAt(jp string, fn interface{}) *MatchConditionDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MatchConditionDie) DieWith added in v0.9.0 

func (d *MatchConditionDie) DieWith(fns ...func(d *MatchConditionDie)) *MatchConditionDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MatchConditionDie) Expression added in v0.8.0 

func (d *MatchConditionDie) Expression(v string) *MatchConditionDie

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.

CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests.

'oldObject' - The existing object. The value is null for CREATE requests.

'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).

'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (*MatchConditionDie) Name added in v0.8.0 

func (d *MatchConditionDie) Name(v string) *MatchConditionDie

Name is an identifier for this match condition, used for strategic merging of MatchConditions,

as well as providing an identifier for logging purposes. A good name should be descriptive of

the associated expression.

Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and

must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or

'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an

optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

type MutatingWebhookConfigurationDie 

type MutatingWebhookConfigurationDie struct {
	metav1.FrozenObjectMeta
	// contains filtered or unexported fields
}

func (*MutatingWebhookConfigurationDie) APIVersion added in v0.5.0 

func (d *MutatingWebhookConfigurationDie) APIVersion(v string) *MutatingWebhookConfigurationDie

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (*MutatingWebhookConfigurationDie) DeepCopy 

func (d *MutatingWebhookConfigurationDie) DeepCopy() *MutatingWebhookConfigurationDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MutatingWebhookConfigurationDie) DeepCopyObject 

func (d *MutatingWebhookConfigurationDie) DeepCopyObject() runtime.Object

func (*MutatingWebhookConfigurationDie) DieFeed 

func (d *MutatingWebhookConfigurationDie) DieFeed(r admissionregistrationv1.MutatingWebhookConfiguration) *MutatingWebhookConfigurationDie

DieFeed returns a new die with the provided resource.

func (*MutatingWebhookConfigurationDie) DieFeedJSON added in v0.8.0 

func (d *MutatingWebhookConfigurationDie) DieFeedJSON(j []byte) *MutatingWebhookConfigurationDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MutatingWebhookConfigurationDie) DieFeedPtr 

func (d *MutatingWebhookConfigurationDie) DieFeedPtr(r *admissionregistrationv1.MutatingWebhookConfiguration) *MutatingWebhookConfigurationDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MutatingWebhookConfigurationDie) DieFeedRawExtension added in v0.5.0 

func (d *MutatingWebhookConfigurationDie) DieFeedRawExtension(raw runtime.RawExtension) *MutatingWebhookConfigurationDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingWebhookConfigurationDie) DieFeedYAML added in v0.8.0 

func (d *MutatingWebhookConfigurationDie) DieFeedYAML(y []byte) *MutatingWebhookConfigurationDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MutatingWebhookConfigurationDie) DieFeedYAMLFile added in v0.8.0 

func (d *MutatingWebhookConfigurationDie) DieFeedYAMLFile(name string) *MutatingWebhookConfigurationDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MutatingWebhookConfigurationDie) DieImmutable 

func (d *MutatingWebhookConfigurationDie) DieImmutable(immutable bool) *MutatingWebhookConfigurationDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MutatingWebhookConfigurationDie) DieRelease 

func (d *MutatingWebhookConfigurationDie) DieRelease() admissionregistrationv1.MutatingWebhookConfiguration

DieRelease returns the resource managed by the die.

func (*MutatingWebhookConfigurationDie) DieReleaseJSON added in v0.8.0 

func (d *MutatingWebhookConfigurationDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MutatingWebhookConfigurationDie) DieReleasePtr 

func (d *MutatingWebhookConfigurationDie) DieReleasePtr() *admissionregistrationv1.MutatingWebhookConfiguration

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MutatingWebhookConfigurationDie) DieReleaseRawExtension added in v0.5.0 

func (d *MutatingWebhookConfigurationDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingWebhookConfigurationDie) DieReleaseUnstructured 

func (d *MutatingWebhookConfigurationDie) DieReleaseUnstructured() *unstructured.Unstructured

DieReleaseUnstructured returns the resource managed by the die as an unstructured object. Panics on error.

func (*MutatingWebhookConfigurationDie) DieReleaseYAML added in v0.8.0 

func (d *MutatingWebhookConfigurationDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MutatingWebhookConfigurationDie) DieStamp 

func (d *MutatingWebhookConfigurationDie) DieStamp(fn func(r *admissionregistrationv1.MutatingWebhookConfiguration)) *MutatingWebhookConfigurationDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MutatingWebhookConfigurationDie) DieStampAt added in v0.8.0 

func (d *MutatingWebhookConfigurationDie) DieStampAt(jp string, fn interface{}) *MutatingWebhookConfigurationDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MutatingWebhookConfigurationDie) DieWith added in v0.9.0 

func (d *MutatingWebhookConfigurationDie) DieWith(fns ...func(d *MutatingWebhookConfigurationDie)) *MutatingWebhookConfigurationDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MutatingWebhookConfigurationDie) GetObjectKind 

func (d *MutatingWebhookConfigurationDie) GetObjectKind() schema.ObjectKind

func (*MutatingWebhookConfigurationDie) Kind added in v0.5.0 

func (d *MutatingWebhookConfigurationDie) Kind(v string) *MutatingWebhookConfigurationDie

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (*MutatingWebhookConfigurationDie) MarshalJSON 

func (d *MutatingWebhookConfigurationDie) MarshalJSON() ([]byte, error)

func (*MutatingWebhookConfigurationDie) MetadataDie 

func (d *MutatingWebhookConfigurationDie) MetadataDie(fn func(d *metav1.ObjectMetaDie)) *MutatingWebhookConfigurationDie

MetadataDie stamps the resource's ObjectMeta field with a mutable die.

func (*MutatingWebhookConfigurationDie) UnmarshalJSON 

func (d *MutatingWebhookConfigurationDie) UnmarshalJSON(b []byte) error

func (*MutatingWebhookConfigurationDie) WebhookDie 

func (d *MutatingWebhookConfigurationDie) WebhookDie(name string, fn func(d *MutatingWebhookDie)) *MutatingWebhookConfigurationDie

func (*MutatingWebhookConfigurationDie) Webhooks 

func (d *MutatingWebhookConfigurationDie) Webhooks(v ...admissionregistrationv1.MutatingWebhook) *MutatingWebhookConfigurationDie

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookDie 

type MutatingWebhookDie struct {
	// contains filtered or unexported fields
}

func (*MutatingWebhookDie) AdmissionReviewVersions 

func (d *MutatingWebhookDie) AdmissionReviewVersions(v ...string) *MutatingWebhookDie

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`

versions the Webhook expects. API server will try to use first version in

the list which it supports. If none of the versions specified in this list

supported by API server, validation will fail for this object.

If a persisted webhook configuration specifies allowed versions and does not

include any versions known to the API Server, calls to the webhook will fail

and be subject to the failure policy.

func (*MutatingWebhookDie) ClientConfig 

func (d *MutatingWebhookDie) ClientConfig(v admissionregistrationv1.WebhookClientConfig) *MutatingWebhookDie

ClientConfig defines how to communicate with the hook.

Required

func (*MutatingWebhookDie) ClientConfigDie 

func (d *MutatingWebhookDie) ClientConfigDie(fn func(d *WebhookClientConfigDie)) *MutatingWebhookDie

func (*MutatingWebhookDie) DeepCopy 

func (d *MutatingWebhookDie) DeepCopy() *MutatingWebhookDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MutatingWebhookDie) DieFeed 

func (d *MutatingWebhookDie) DieFeed(r admissionregistrationv1.MutatingWebhook) *MutatingWebhookDie

DieFeed returns a new die with the provided resource.

func (*MutatingWebhookDie) DieFeedJSON added in v0.8.0 

func (d *MutatingWebhookDie) DieFeedJSON(j []byte) *MutatingWebhookDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MutatingWebhookDie) DieFeedPtr 

func (d *MutatingWebhookDie) DieFeedPtr(r *admissionregistrationv1.MutatingWebhook) *MutatingWebhookDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MutatingWebhookDie) DieFeedRawExtension added in v0.5.0 

func (d *MutatingWebhookDie) DieFeedRawExtension(raw runtime.RawExtension) *MutatingWebhookDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingWebhookDie) DieFeedYAML added in v0.8.0 

func (d *MutatingWebhookDie) DieFeedYAML(y []byte) *MutatingWebhookDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MutatingWebhookDie) DieFeedYAMLFile added in v0.8.0 

func (d *MutatingWebhookDie) DieFeedYAMLFile(name string) *MutatingWebhookDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MutatingWebhookDie) DieImmutable 

func (d *MutatingWebhookDie) DieImmutable(immutable bool) *MutatingWebhookDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MutatingWebhookDie) DieRelease 

func (d *MutatingWebhookDie) DieRelease() admissionregistrationv1.MutatingWebhook

DieRelease returns the resource managed by the die.

func (*MutatingWebhookDie) DieReleaseJSON added in v0.8.0 

func (d *MutatingWebhookDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MutatingWebhookDie) DieReleasePtr 

func (d *MutatingWebhookDie) DieReleasePtr() *admissionregistrationv1.MutatingWebhook

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MutatingWebhookDie) DieReleaseRawExtension added in v0.5.0 

func (d *MutatingWebhookDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingWebhookDie) DieReleaseYAML added in v0.8.0 

func (d *MutatingWebhookDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MutatingWebhookDie) DieStamp 

func (d *MutatingWebhookDie) DieStamp(fn func(r *admissionregistrationv1.MutatingWebhook)) *MutatingWebhookDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MutatingWebhookDie) DieStampAt added in v0.8.0 

func (d *MutatingWebhookDie) DieStampAt(jp string, fn interface{}) *MutatingWebhookDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MutatingWebhookDie) DieWith added in v0.9.0 

func (d *MutatingWebhookDie) DieWith(fns ...func(d *MutatingWebhookDie)) *MutatingWebhookDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MutatingWebhookDie) FailurePolicy 

func (d *MutatingWebhookDie) FailurePolicy(v *admissionregistrationv1.FailurePolicyType) *MutatingWebhookDie

FailurePolicy defines how unrecognized errors from the admission endpoint are handled -

allowed values are Ignore or Fail. Defaults to Fail.

func (*MutatingWebhookDie) MatchConditionDie added in v0.8.0 

func (d *MutatingWebhookDie) MatchConditionDie(name string, fn func(d *MatchConditionDie)) *MutatingWebhookDie

func (*MutatingWebhookDie) MatchConditions added in v0.8.0 

func (d *MutatingWebhookDie) MatchConditions(v ...admissionregistrationv1.MatchCondition) *MutatingWebhookDie

MatchConditions is a list of conditions that must be met for a request to be sent to this

webhook. Match conditions filter requests that have already been matched by the rules,

namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.

There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.

2. If ALL matchConditions evaluate to TRUE, the webhook is called.

3. If any matchCondition evaluates to an error (but none are FALSE):

- If failurePolicy=Fail, reject the request

- If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (*MutatingWebhookDie) MatchPolicy 

func (d *MutatingWebhookDie) MatchPolicy(v *admissionregistrationv1.MatchPolicyType) *MutatingWebhookDie

matchPolicy defines how the "rules" list is used to match incoming requests.

Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule.

For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,

but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,

a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.

For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,

and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,

a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (*MutatingWebhookDie) Name 

func (d *MutatingWebhookDie) Name(v string) *MutatingWebhookDie

The name of the admission webhook.

Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where

"imagepolicy" is the name of the webhook, and kubernetes.io is the name

of the organization.

Required.

func (*MutatingWebhookDie) NamespaceSelector 

func (d *MutatingWebhookDie) NamespaceSelector(v *apismetav1.LabelSelector) *MutatingWebhookDie

NamespaceSelector decides whether to run the webhook on an object based

on whether the namespace for that object matches the selector. If the

object itself is a namespace, the matching is performed on

object.metadata.labels. If the object is another cluster scoped resource,

it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not

associated with "runlevel" of "0" or "1"; you will set the selector as

follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "runlevel",

"operator": "NotIn",

"values": [

"0",

"1"

]

}

]

}

If instead you want to only run the webhook on any objects whose

namespace is associated with the "environment" of "prod" or "staging";

you will set the selector as follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "environment",

"operator": "In",

"values": [

"prod",

"staging"

]

}

]

}

See

https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (*MutatingWebhookDie) NamespaceSelectorDie 

func (d *MutatingWebhookDie) NamespaceSelectorDie(fn func(d *diemetav1.LabelSelectorDie)) *MutatingWebhookDie

func (*MutatingWebhookDie) ObjectSelector 

func (d *MutatingWebhookDie) ObjectSelector(v *apismetav1.LabelSelector) *MutatingWebhookDie

ObjectSelector decides whether to run the webhook based on if the

object has matching labels. objectSelector is evaluated against both

the oldObject and newObject that would be sent to the webhook, and

is considered to match if either object matches the selector. A null

object (oldObject in the case of create, or newObject in the case of

delete) or an object that cannot have labels (like a

DeploymentRollback or a PodProxyOptions object) is not considered to

match.

Use the object selector only if the webhook is opt-in, because end

users may skip the admission webhook by setting the labels.

Default to the empty LabelSelector, which matches everything.

func (*MutatingWebhookDie) ObjectSelectorDie 

func (d *MutatingWebhookDie) ObjectSelectorDie(fn func(d *diemetav1.LabelSelectorDie)) *MutatingWebhookDie

func (*MutatingWebhookDie) ReinvocationPolicy 

func (d *MutatingWebhookDie) ReinvocationPolicy(v *admissionregistrationv1.ReinvocationPolicyType) *MutatingWebhookDie

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.

Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation

if the object being admitted is modified by other admission plugins after the initial webhook call.

Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.

Note:

* the number of additional invocations is not guaranteed to be exactly one.

* if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.

* webhooks that use this option may be reordered to minimize the number of additional invocations.

* to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (*MutatingWebhookDie) Rules 

func (d *MutatingWebhookDie) Rules(v ...admissionregistrationv1.RuleWithOperations) *MutatingWebhookDie

Rules describes what operations on what resources/subresources the webhook cares about.

The webhook cares about an operation if it matches _any_ Rule.

However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks

from putting the cluster in a state which cannot be recovered from without completely

disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called

on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (*MutatingWebhookDie) RulesDie 

func (d *MutatingWebhookDie) RulesDie(rules ...*RuleWithOperationsDie) *MutatingWebhookDie

func (*MutatingWebhookDie) SideEffects 

func (d *MutatingWebhookDie) SideEffects(v *admissionregistrationv1.SideEffectClass) *MutatingWebhookDie

SideEffects states whether this webhook has side effects.

Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).

Webhooks with side effects MUST implement a reconciliation system, since a request may be

rejected by a future step in the admission chain and the side effects therefore need to be undone.

Requests with the dryRun attribute will be auto-rejected if they match a webhook with

sideEffects == Unknown or Some.

func (*MutatingWebhookDie) TimeoutSeconds 

func (d *MutatingWebhookDie) TimeoutSeconds(v *int32) *MutatingWebhookDie

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,

the webhook call will be ignored or the API call will fail based on the

failure policy.

The timeout value must be between 1 and 30 seconds.

Default to 10 seconds.

type RuleDie 

type RuleDie struct {
	// contains filtered or unexported fields
}

func (*RuleDie) APIGroups 

func (d *RuleDie) APIGroups(v ...string) *RuleDie

APIGroups is the API groups the resources belong to. '*' is all groups.

If '*' is present, the length of the slice must be one.

Required.

func (*RuleDie) APIVersions 

func (d *RuleDie) APIVersions(v ...string) *RuleDie

APIVersions is the API versions the resources belong to. '*' is all versions.

If '*' is present, the length of the slice must be one.

Required.

func (*RuleDie) DeepCopy 

func (d *RuleDie) DeepCopy() *RuleDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*RuleDie) DieFeed 

func (d *RuleDie) DieFeed(r admissionregistrationv1.Rule) *RuleDie

DieFeed returns a new die with the provided resource.

func (*RuleDie) DieFeedJSON added in v0.8.0 

func (d *RuleDie) DieFeedJSON(j []byte) *RuleDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*RuleDie) DieFeedPtr 

func (d *RuleDie) DieFeedPtr(r *admissionregistrationv1.Rule) *RuleDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*RuleDie) DieFeedRawExtension added in v0.5.0 

func (d *RuleDie) DieFeedRawExtension(raw runtime.RawExtension) *RuleDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*RuleDie) DieFeedYAML added in v0.8.0 

func (d *RuleDie) DieFeedYAML(y []byte) *RuleDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*RuleDie) DieFeedYAMLFile added in v0.8.0 

func (d *RuleDie) DieFeedYAMLFile(name string) *RuleDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*RuleDie) DieImmutable 

func (d *RuleDie) DieImmutable(immutable bool) *RuleDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*RuleDie) DieRelease 

func (d *RuleDie) DieRelease() admissionregistrationv1.Rule

DieRelease returns the resource managed by the die.

func (*RuleDie) DieReleaseJSON added in v0.8.0 

func (d *RuleDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*RuleDie) DieReleasePtr 

func (d *RuleDie) DieReleasePtr() *admissionregistrationv1.Rule

DieReleasePtr returns a pointer to the resource managed by the die.

func (*RuleDie) DieReleaseRawExtension added in v0.5.0 

func (d *RuleDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*RuleDie) DieReleaseYAML added in v0.8.0 

func (d *RuleDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*RuleDie) DieStamp 

func (d *RuleDie) DieStamp(fn func(r *admissionregistrationv1.Rule)) *RuleDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*RuleDie) DieStampAt added in v0.8.0 

func (d *RuleDie) DieStampAt(jp string, fn interface{}) *RuleDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*RuleDie) DieWith added in v0.9.0 

func (d *RuleDie) DieWith(fns ...func(d *RuleDie)) *RuleDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*RuleDie) Resources 

func (d *RuleDie) Resources(v ...string) *RuleDie

Resources is a list of resources this rule applies to.

For example:

'pods' means pods.

'pods/log' means the log subresource of pods.

'*' means all resources, but not subresources.

'pods/*' means all subresources of pods.

'*/scale' means all scale subresources.

'*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not

overlap with each other.

Depending on the enclosing object, subresources might not be allowed.

Required.

func (*RuleDie) Scope 

func (d *RuleDie) Scope(v *admissionregistrationv1.ScopeType) *RuleDie

scope specifies the scope of this rule.

Valid values are "Cluster", "Namespaced", and "*"

"Cluster" means that only cluster-scoped resources will match this rule.

Namespace API objects are cluster-scoped.

"Namespaced" means that only namespaced resources will match this rule.

"*" means that there are no scope restrictions.

Subresources match the scope of their parent resource.

Default is "*".

type RuleWithOperationsDie 

type RuleWithOperationsDie struct {
	// contains filtered or unexported fields
}

func (*RuleWithOperationsDie) APIGroups 

func (d *RuleWithOperationsDie) APIGroups(v ...string) *RuleWithOperationsDie

func (*RuleWithOperationsDie) APIVersions 

func (d *RuleWithOperationsDie) APIVersions(v ...string) *RuleWithOperationsDie

func (*RuleWithOperationsDie) DeepCopy 

func (d *RuleWithOperationsDie) DeepCopy() *RuleWithOperationsDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*RuleWithOperationsDie) DieFeed 

func (d *RuleWithOperationsDie) DieFeed(r admissionregistrationv1.RuleWithOperations) *RuleWithOperationsDie

DieFeed returns a new die with the provided resource.

func (*RuleWithOperationsDie) DieFeedJSON added in v0.8.0 

func (d *RuleWithOperationsDie) DieFeedJSON(j []byte) *RuleWithOperationsDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*RuleWithOperationsDie) DieFeedPtr 

func (d *RuleWithOperationsDie) DieFeedPtr(r *admissionregistrationv1.RuleWithOperations) *RuleWithOperationsDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*RuleWithOperationsDie) DieFeedRawExtension added in v0.5.0 

func (d *RuleWithOperationsDie) DieFeedRawExtension(raw runtime.RawExtension) *RuleWithOperationsDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*RuleWithOperationsDie) DieFeedYAML added in v0.8.0 

func (d *RuleWithOperationsDie) DieFeedYAML(y []byte) *RuleWithOperationsDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*RuleWithOperationsDie) DieFeedYAMLFile added in v0.8.0 

func (d *RuleWithOperationsDie) DieFeedYAMLFile(name string) *RuleWithOperationsDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*RuleWithOperationsDie) DieImmutable 

func (d *RuleWithOperationsDie) DieImmutable(immutable bool) *RuleWithOperationsDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*RuleWithOperationsDie) DieRelease 

func (d *RuleWithOperationsDie) DieRelease() admissionregistrationv1.RuleWithOperations

DieRelease returns the resource managed by the die.

func (*RuleWithOperationsDie) DieReleaseJSON added in v0.8.0 

func (d *RuleWithOperationsDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*RuleWithOperationsDie) DieReleasePtr 

func (d *RuleWithOperationsDie) DieReleasePtr() *admissionregistrationv1.RuleWithOperations

DieReleasePtr returns a pointer to the resource managed by the die.

func (*RuleWithOperationsDie) DieReleaseRawExtension added in v0.5.0 

func (d *RuleWithOperationsDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*RuleWithOperationsDie) DieReleaseYAML added in v0.8.0 

func (d *RuleWithOperationsDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*RuleWithOperationsDie) DieStamp 

func (d *RuleWithOperationsDie) DieStamp(fn func(r *admissionregistrationv1.RuleWithOperations)) *RuleWithOperationsDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*RuleWithOperationsDie) DieStampAt added in v0.8.0 

func (d *RuleWithOperationsDie) DieStampAt(jp string, fn interface{}) *RuleWithOperationsDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*RuleWithOperationsDie) DieWith added in v0.9.0 

func (d *RuleWithOperationsDie) DieWith(fns ...func(d *RuleWithOperationsDie)) *RuleWithOperationsDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*RuleWithOperationsDie) Operations 

func (d *RuleWithOperationsDie) Operations(v ...admissionregistrationv1.OperationType) *RuleWithOperationsDie

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *

for all of those operations and any future admission operations that are added.

If '*' is present, the length of the slice must be one.

Required.

func (*RuleWithOperationsDie) Resources 

func (d *RuleWithOperationsDie) Resources(v ...string) *RuleWithOperationsDie

func (*RuleWithOperationsDie) Rule 

func (d *RuleWithOperationsDie) Rule(v admissionregistrationv1.Rule) *RuleWithOperationsDie

Rule is embedded, it describes other criteria of the rule, like

APIGroups, APIVersions, Resources, etc.

func (*RuleWithOperationsDie) Scope 

func (d *RuleWithOperationsDie) Scope(v *admissionregistrationv1.ScopeType) *RuleWithOperationsDie

type ServiceReferenceDie 

type ServiceReferenceDie struct {
	// contains filtered or unexported fields
}

func (*ServiceReferenceDie) DeepCopy 

func (d *ServiceReferenceDie) DeepCopy() *ServiceReferenceDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*ServiceReferenceDie) DieFeed 

func (d *ServiceReferenceDie) DieFeed(r admissionregistrationv1.ServiceReference) *ServiceReferenceDie

DieFeed returns a new die with the provided resource.

func (*ServiceReferenceDie) DieFeedJSON added in v0.8.0 

func (d *ServiceReferenceDie) DieFeedJSON(j []byte) *ServiceReferenceDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*ServiceReferenceDie) DieFeedPtr 

func (d *ServiceReferenceDie) DieFeedPtr(r *admissionregistrationv1.ServiceReference) *ServiceReferenceDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*ServiceReferenceDie) DieFeedRawExtension added in v0.5.0 

func (d *ServiceReferenceDie) DieFeedRawExtension(raw runtime.RawExtension) *ServiceReferenceDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ServiceReferenceDie) DieFeedYAML added in v0.8.0 

func (d *ServiceReferenceDie) DieFeedYAML(y []byte) *ServiceReferenceDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*ServiceReferenceDie) DieFeedYAMLFile added in v0.8.0 

func (d *ServiceReferenceDie) DieFeedYAMLFile(name string) *ServiceReferenceDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*ServiceReferenceDie) DieImmutable 

func (d *ServiceReferenceDie) DieImmutable(immutable bool) *ServiceReferenceDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*ServiceReferenceDie) DieRelease 

func (d *ServiceReferenceDie) DieRelease() admissionregistrationv1.ServiceReference

DieRelease returns the resource managed by the die.

func (*ServiceReferenceDie) DieReleaseJSON added in v0.8.0 

func (d *ServiceReferenceDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*ServiceReferenceDie) DieReleasePtr 

func (d *ServiceReferenceDie) DieReleasePtr() *admissionregistrationv1.ServiceReference

DieReleasePtr returns a pointer to the resource managed by the die.

func (*ServiceReferenceDie) DieReleaseRawExtension added in v0.5.0 

func (d *ServiceReferenceDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ServiceReferenceDie) DieReleaseYAML added in v0.8.0 

func (d *ServiceReferenceDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*ServiceReferenceDie) DieStamp 

func (d *ServiceReferenceDie) DieStamp(fn func(r *admissionregistrationv1.ServiceReference)) *ServiceReferenceDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*ServiceReferenceDie) DieStampAt added in v0.8.0 

func (d *ServiceReferenceDie) DieStampAt(jp string, fn interface{}) *ServiceReferenceDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*ServiceReferenceDie) DieWith added in v0.9.0 

func (d *ServiceReferenceDie) DieWith(fns ...func(d *ServiceReferenceDie)) *ServiceReferenceDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*ServiceReferenceDie) Name 

func (d *ServiceReferenceDie) Name(v string) *ServiceReferenceDie

`name` is the name of the service.

Required

func (*ServiceReferenceDie) Namespace 

func (d *ServiceReferenceDie) Namespace(v string) *ServiceReferenceDie

`namespace` is the namespace of the service.

Required

func (*ServiceReferenceDie) Path 

func (d *ServiceReferenceDie) Path(v *string) *ServiceReferenceDie

`path` is an optional URL path which will be sent in any request to

this service.

func (*ServiceReferenceDie) Port 

func (d *ServiceReferenceDie) Port(v *int32) *ServiceReferenceDie

If specified, the port on the service that hosting webhook.

Default to 443 for backward compatibility.

`port` should be a valid port number (1-65535, inclusive).

type ValidatingWebhookConfigurationDie 

type ValidatingWebhookConfigurationDie struct {
	metav1.FrozenObjectMeta
	// contains filtered or unexported fields
}

func (*ValidatingWebhookConfigurationDie) APIVersion added in v0.5.0 

func (d *ValidatingWebhookConfigurationDie) APIVersion(v string) *ValidatingWebhookConfigurationDie

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (*ValidatingWebhookConfigurationDie) DeepCopy 

func (d *ValidatingWebhookConfigurationDie) DeepCopy() *ValidatingWebhookConfigurationDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*ValidatingWebhookConfigurationDie) DeepCopyObject 

func (d *ValidatingWebhookConfigurationDie) DeepCopyObject() runtime.Object

func (*ValidatingWebhookConfigurationDie) DieFeed 

func (d *ValidatingWebhookConfigurationDie) DieFeed(r admissionregistrationv1.ValidatingWebhookConfiguration) *ValidatingWebhookConfigurationDie

DieFeed returns a new die with the provided resource.

func (*ValidatingWebhookConfigurationDie) DieFeedJSON added in v0.8.0 

func (d *ValidatingWebhookConfigurationDie) DieFeedJSON(j []byte) *ValidatingWebhookConfigurationDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieFeedPtr 

func (d *ValidatingWebhookConfigurationDie) DieFeedPtr(r *admissionregistrationv1.ValidatingWebhookConfiguration) *ValidatingWebhookConfigurationDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*ValidatingWebhookConfigurationDie) DieFeedRawExtension added in v0.5.0 

func (d *ValidatingWebhookConfigurationDie) DieFeedRawExtension(raw runtime.RawExtension) *ValidatingWebhookConfigurationDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieFeedYAML added in v0.8.0 

func (d *ValidatingWebhookConfigurationDie) DieFeedYAML(y []byte) *ValidatingWebhookConfigurationDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieFeedYAMLFile added in v0.8.0 

func (d *ValidatingWebhookConfigurationDie) DieFeedYAMLFile(name string) *ValidatingWebhookConfigurationDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieImmutable 

func (d *ValidatingWebhookConfigurationDie) DieImmutable(immutable bool) *ValidatingWebhookConfigurationDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*ValidatingWebhookConfigurationDie) DieRelease 

func (d *ValidatingWebhookConfigurationDie) DieRelease() admissionregistrationv1.ValidatingWebhookConfiguration

DieRelease returns the resource managed by the die.

func (*ValidatingWebhookConfigurationDie) DieReleaseJSON added in v0.8.0 

func (d *ValidatingWebhookConfigurationDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieReleasePtr 

func (d *ValidatingWebhookConfigurationDie) DieReleasePtr() *admissionregistrationv1.ValidatingWebhookConfiguration

DieReleasePtr returns a pointer to the resource managed by the die.

func (*ValidatingWebhookConfigurationDie) DieReleaseRawExtension added in v0.5.0 

func (d *ValidatingWebhookConfigurationDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieReleaseUnstructured 

func (d *ValidatingWebhookConfigurationDie) DieReleaseUnstructured() *unstructured.Unstructured

DieReleaseUnstructured returns the resource managed by the die as an unstructured object. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieReleaseYAML added in v0.8.0 

func (d *ValidatingWebhookConfigurationDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*ValidatingWebhookConfigurationDie) DieStamp 

func (d *ValidatingWebhookConfigurationDie) DieStamp(fn func(r *admissionregistrationv1.ValidatingWebhookConfiguration)) *ValidatingWebhookConfigurationDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*ValidatingWebhookConfigurationDie) DieStampAt added in v0.8.0 

func (d *ValidatingWebhookConfigurationDie) DieStampAt(jp string, fn interface{}) *ValidatingWebhookConfigurationDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*ValidatingWebhookConfigurationDie) DieWith added in v0.9.0 

func (d *ValidatingWebhookConfigurationDie) DieWith(fns ...func(d *ValidatingWebhookConfigurationDie)) *ValidatingWebhookConfigurationDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*ValidatingWebhookConfigurationDie) GetObjectKind 

func (d *ValidatingWebhookConfigurationDie) GetObjectKind() schema.ObjectKind

func (*ValidatingWebhookConfigurationDie) Kind added in v0.5.0 

func (d *ValidatingWebhookConfigurationDie) Kind(v string) *ValidatingWebhookConfigurationDie

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (*ValidatingWebhookConfigurationDie) MarshalJSON 

func (d *ValidatingWebhookConfigurationDie) MarshalJSON() ([]byte, error)

func (*ValidatingWebhookConfigurationDie) MetadataDie 

func (d *ValidatingWebhookConfigurationDie) MetadataDie(fn func(d *metav1.ObjectMetaDie)) *ValidatingWebhookConfigurationDie

MetadataDie stamps the resource's ObjectMeta field with a mutable die.

func (*ValidatingWebhookConfigurationDie) UnmarshalJSON 

func (d *ValidatingWebhookConfigurationDie) UnmarshalJSON(b []byte) error

func (*ValidatingWebhookConfigurationDie) WebhookDie 

func (d *ValidatingWebhookConfigurationDie) WebhookDie(name string, fn func(d *ValidatingWebhookDie)) *ValidatingWebhookConfigurationDie

func (*ValidatingWebhookConfigurationDie) Webhooks 

func (d *ValidatingWebhookConfigurationDie) Webhooks(v ...admissionregistrationv1.ValidatingWebhook) *ValidatingWebhookConfigurationDie

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookDie 

type ValidatingWebhookDie struct {
	// contains filtered or unexported fields
}

func (*ValidatingWebhookDie) AdmissionReviewVersions 

func (d *ValidatingWebhookDie) AdmissionReviewVersions(v ...string) *ValidatingWebhookDie

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`

versions the Webhook expects. API server will try to use first version in

the list which it supports. If none of the versions specified in this list

supported by API server, validation will fail for this object.

If a persisted webhook configuration specifies allowed versions and does not

include any versions known to the API Server, calls to the webhook will fail

and be subject to the failure policy.

func (*ValidatingWebhookDie) ClientConfig 

func (d *ValidatingWebhookDie) ClientConfig(v admissionregistrationv1.WebhookClientConfig) *ValidatingWebhookDie

ClientConfig defines how to communicate with the hook.

Required

func (*ValidatingWebhookDie) ClientConfigDie 

func (d *ValidatingWebhookDie) ClientConfigDie(fn func(d *WebhookClientConfigDie)) *ValidatingWebhookDie

func (*ValidatingWebhookDie) DeepCopy 

func (d *ValidatingWebhookDie) DeepCopy() *ValidatingWebhookDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*ValidatingWebhookDie) DieFeed 

func (d *ValidatingWebhookDie) DieFeed(r admissionregistrationv1.ValidatingWebhook) *ValidatingWebhookDie

DieFeed returns a new die with the provided resource.

func (*ValidatingWebhookDie) DieFeedJSON added in v0.8.0 

func (d *ValidatingWebhookDie) DieFeedJSON(j []byte) *ValidatingWebhookDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*ValidatingWebhookDie) DieFeedPtr 

func (d *ValidatingWebhookDie) DieFeedPtr(r *admissionregistrationv1.ValidatingWebhook) *ValidatingWebhookDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*ValidatingWebhookDie) DieFeedRawExtension added in v0.5.0 

func (d *ValidatingWebhookDie) DieFeedRawExtension(raw runtime.RawExtension) *ValidatingWebhookDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ValidatingWebhookDie) DieFeedYAML added in v0.8.0 

func (d *ValidatingWebhookDie) DieFeedYAML(y []byte) *ValidatingWebhookDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*ValidatingWebhookDie) DieFeedYAMLFile added in v0.8.0 

func (d *ValidatingWebhookDie) DieFeedYAMLFile(name string) *ValidatingWebhookDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*ValidatingWebhookDie) DieImmutable 

func (d *ValidatingWebhookDie) DieImmutable(immutable bool) *ValidatingWebhookDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*ValidatingWebhookDie) DieRelease 

func (d *ValidatingWebhookDie) DieRelease() admissionregistrationv1.ValidatingWebhook

DieRelease returns the resource managed by the die.

func (*ValidatingWebhookDie) DieReleaseJSON added in v0.8.0 

func (d *ValidatingWebhookDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*ValidatingWebhookDie) DieReleasePtr 

func (d *ValidatingWebhookDie) DieReleasePtr() *admissionregistrationv1.ValidatingWebhook

DieReleasePtr returns a pointer to the resource managed by the die.

func (*ValidatingWebhookDie) DieReleaseRawExtension added in v0.5.0 

func (d *ValidatingWebhookDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ValidatingWebhookDie) DieReleaseYAML added in v0.8.0 

func (d *ValidatingWebhookDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*ValidatingWebhookDie) DieStamp 

func (d *ValidatingWebhookDie) DieStamp(fn func(r *admissionregistrationv1.ValidatingWebhook)) *ValidatingWebhookDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*ValidatingWebhookDie) DieStampAt added in v0.8.0 

func (d *ValidatingWebhookDie) DieStampAt(jp string, fn interface{}) *ValidatingWebhookDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*ValidatingWebhookDie) DieWith added in v0.9.0 

func (d *ValidatingWebhookDie) DieWith(fns ...func(d *ValidatingWebhookDie)) *ValidatingWebhookDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*ValidatingWebhookDie) FailurePolicy 

func (d *ValidatingWebhookDie) FailurePolicy(v *admissionregistrationv1.FailurePolicyType) *ValidatingWebhookDie

FailurePolicy defines how unrecognized errors from the admission endpoint are handled -

allowed values are Ignore or Fail. Defaults to Fail.

func (*ValidatingWebhookDie) MatchConditionDie added in v0.8.0 

func (d *ValidatingWebhookDie) MatchConditionDie(name string, fn func(d *MatchConditionDie)) *ValidatingWebhookDie

func (*ValidatingWebhookDie) MatchConditions added in v0.8.0 

func (d *ValidatingWebhookDie) MatchConditions(v ...admissionregistrationv1.MatchCondition) *ValidatingWebhookDie

MatchConditions is a list of conditions that must be met for a request to be sent to this

webhook. Match conditions filter requests that have already been matched by the rules,

namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.

There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.

2. If ALL matchConditions evaluate to TRUE, the webhook is called.

3. If any matchCondition evaluates to an error (but none are FALSE):

- If failurePolicy=Fail, reject the request

- If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (*ValidatingWebhookDie) MatchPolicy 

func (d *ValidatingWebhookDie) MatchPolicy(v *admissionregistrationv1.MatchPolicyType) *ValidatingWebhookDie

matchPolicy defines how the "rules" list is used to match incoming requests.

Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule.

For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,

but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,

a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.

For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,

and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,

a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (*ValidatingWebhookDie) Name 

func (d *ValidatingWebhookDie) Name(v string) *ValidatingWebhookDie

The name of the admission webhook.

Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where

"imagepolicy" is the name of the webhook, and kubernetes.io is the name

of the organization.

Required.

func (*ValidatingWebhookDie) NamespaceSelector 

func (d *ValidatingWebhookDie) NamespaceSelector(v *apismetav1.LabelSelector) *ValidatingWebhookDie

NamespaceSelector decides whether to run the webhook on an object based

on whether the namespace for that object matches the selector. If the

object itself is a namespace, the matching is performed on

object.metadata.labels. If the object is another cluster scoped resource,

it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not

associated with "runlevel" of "0" or "1"; you will set the selector as

follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "runlevel",

"operator": "NotIn",

"values": [

"0",

"1"

]

}

]

}

If instead you want to only run the webhook on any objects whose

namespace is associated with the "environment" of "prod" or "staging";

you will set the selector as follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "environment",

"operator": "In",

"values": [

"prod",

"staging"

]

}

]

}

See

https://kubernetes.io/docs/concepts/overview/working-with-objects/labels

for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (*ValidatingWebhookDie) NamespaceSelectorDie 

func (d *ValidatingWebhookDie) NamespaceSelectorDie(fn func(d *diemetav1.LabelSelectorDie)) *ValidatingWebhookDie

func (*ValidatingWebhookDie) ObjectSelector 

func (d *ValidatingWebhookDie) ObjectSelector(v *apismetav1.LabelSelector) *ValidatingWebhookDie

ObjectSelector decides whether to run the webhook based on if the

object has matching labels. objectSelector is evaluated against both

the oldObject and newObject that would be sent to the webhook, and

is considered to match if either object matches the selector. A null

object (oldObject in the case of create, or newObject in the case of

delete) or an object that cannot have labels (like a

DeploymentRollback or a PodProxyOptions object) is not considered to

match.

Use the object selector only if the webhook is opt-in, because end

users may skip the admission webhook by setting the labels.

Default to the empty LabelSelector, which matches everything.

func (*ValidatingWebhookDie) ObjectSelectorDie 

func (d *ValidatingWebhookDie) ObjectSelectorDie(fn func(d *diemetav1.LabelSelectorDie)) *ValidatingWebhookDie

func (*ValidatingWebhookDie) Rules 

func (d *ValidatingWebhookDie) Rules(v ...admissionregistrationv1.RuleWithOperations) *ValidatingWebhookDie

Rules describes what operations on what resources/subresources the webhook cares about.

The webhook cares about an operation if it matches _any_ Rule.

However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks

from putting the cluster in a state which cannot be recovered from without completely

disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called

on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (*ValidatingWebhookDie) RulesDie 

func (d *ValidatingWebhookDie) RulesDie(rules ...*RuleWithOperationsDie) *ValidatingWebhookDie

func (*ValidatingWebhookDie) SideEffects 

func (d *ValidatingWebhookDie) SideEffects(v *admissionregistrationv1.SideEffectClass) *ValidatingWebhookDie

SideEffects states whether this webhook has side effects.

Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).

Webhooks with side effects MUST implement a reconciliation system, since a request may be

rejected by a future step in the admission chain and the side effects therefore need to be undone.

Requests with the dryRun attribute will be auto-rejected if they match a webhook with

sideEffects == Unknown or Some.

func (*ValidatingWebhookDie) TimeoutSeconds 

func (d *ValidatingWebhookDie) TimeoutSeconds(v *int32) *ValidatingWebhookDie

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,

the webhook call will be ignored or the API call will fail based on the

failure policy.

The timeout value must be between 1 and 30 seconds.

Default to 10 seconds.

type WebhookClientConfigDie 

type WebhookClientConfigDie struct {
	// contains filtered or unexported fields
}

func (*WebhookClientConfigDie) CABundle 

func (d *WebhookClientConfigDie) CABundle(v []byte) *WebhookClientConfigDie

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.

If unspecified, system trust roots on the apiserver are used.

func (*WebhookClientConfigDie) DeepCopy 

func (d *WebhookClientConfigDie) DeepCopy() *WebhookClientConfigDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*WebhookClientConfigDie) DieFeed 

func (d *WebhookClientConfigDie) DieFeed(r admissionregistrationv1.WebhookClientConfig) *WebhookClientConfigDie

DieFeed returns a new die with the provided resource.

func (*WebhookClientConfigDie) DieFeedJSON added in v0.8.0 

func (d *WebhookClientConfigDie) DieFeedJSON(j []byte) *WebhookClientConfigDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*WebhookClientConfigDie) DieFeedPtr 

func (d *WebhookClientConfigDie) DieFeedPtr(r *admissionregistrationv1.WebhookClientConfig) *WebhookClientConfigDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*WebhookClientConfigDie) DieFeedRawExtension added in v0.5.0 

func (d *WebhookClientConfigDie) DieFeedRawExtension(raw runtime.RawExtension) *WebhookClientConfigDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*WebhookClientConfigDie) DieFeedYAML added in v0.8.0 

func (d *WebhookClientConfigDie) DieFeedYAML(y []byte) *WebhookClientConfigDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*WebhookClientConfigDie) DieFeedYAMLFile added in v0.8.0 

func (d *WebhookClientConfigDie) DieFeedYAMLFile(name string) *WebhookClientConfigDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*WebhookClientConfigDie) DieImmutable 

func (d *WebhookClientConfigDie) DieImmutable(immutable bool) *WebhookClientConfigDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*WebhookClientConfigDie) DieRelease 

func (d *WebhookClientConfigDie) DieRelease() admissionregistrationv1.WebhookClientConfig

DieRelease returns the resource managed by the die.

func (*WebhookClientConfigDie) DieReleaseJSON added in v0.8.0 

func (d *WebhookClientConfigDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*WebhookClientConfigDie) DieReleasePtr 

func (d *WebhookClientConfigDie) DieReleasePtr() *admissionregistrationv1.WebhookClientConfig

DieReleasePtr returns a pointer to the resource managed by the die.

func (*WebhookClientConfigDie) DieReleaseRawExtension added in v0.5.0 

func (d *WebhookClientConfigDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*WebhookClientConfigDie) DieReleaseYAML added in v0.8.0 

func (d *WebhookClientConfigDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*WebhookClientConfigDie) DieStamp 

func (d *WebhookClientConfigDie) DieStamp(fn func(r *admissionregistrationv1.WebhookClientConfig)) *WebhookClientConfigDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*WebhookClientConfigDie) DieStampAt added in v0.8.0 

func (d *WebhookClientConfigDie) DieStampAt(jp string, fn interface{}) *WebhookClientConfigDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*WebhookClientConfigDie) DieWith added in v0.9.0 

func (d *WebhookClientConfigDie) DieWith(fns ...func(d *WebhookClientConfigDie)) *WebhookClientConfigDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*WebhookClientConfigDie) Service 

func (d *WebhookClientConfigDie) Service(v *admissionregistrationv1.ServiceReference) *WebhookClientConfigDie

`service` is a reference to the service for this webhook. Either

`service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (*WebhookClientConfigDie) ServiceDie 

func (d *WebhookClientConfigDie) ServiceDie(fn func(d *ServiceReferenceDie)) *WebhookClientConfigDie

func (*WebhookClientConfigDie) URL 

func (d *WebhookClientConfigDie) URL(v *string) *WebhookClientConfigDie

`url` gives the location of the webhook, in standard URL form

(`scheme://host:port/path`). Exactly one of `url` or `service`

must be specified.

The `host` should not refer to a service running in the cluster; use

the `service` field instead. The host might be resolved via external

DNS in some apiservers (e.g., `kube-apiserver` cannot resolve

in-cluster DNS as that would be a layering violation). `host` may

also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is

risky unless you take great care to run this webhook on all hosts

which run an apiserver which might need to make calls to this

webhook. Such installs are likely to be non-portable, i.e., not easy

to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in

a URL. You may use the path to pass an arbitrary string to the

webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not

allowed. Fragments ("#...") and query parameters ("?...") are not

allowed, either.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.