Documentation

Index

Constants

View Source
const (
	// The stage for events generated after the audit handler receives the request, but before it
	// is delegated down the handler chain.
	StageRequestReceived = "RequestReceived"
	// The stage for events generated after the response headers are sent, but before the response body
	// is sent. This stage is only generated for long-running requests (e.g. watch).
	StageResponseStarted = "ResponseStarted"
	// The stage for events generated after the response body has been completed, and no more bytes
	// will be sent.
	StageResponseComplete = "ResponseComplete"
	// The stage for events generated when a panic occurred.
	StagePanic = "Panic"
)

    Valid audit stages.

    View Source
    const GroupName = "auditregistration.k8s.io"

      GroupName is the group name use in this package

      Variables

      View Source
      var (
      	// SchemeBuilder for audit registration
      	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
      	// AddToScheme audit registration
      	AddToScheme = SchemeBuilder.AddToScheme
      )
      View Source
      var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

        SchemeGroupVersion is group version used to register these objects

        Functions

        func Kind

        func Kind(kind string) schema.GroupKind

          Kind takes an unqualified kind and returns a Group qualified GroupKind

          func Resource

          func Resource(resource string) schema.GroupResource

            Resource takes an unqualified resource and returns a Group qualified GroupResource

            Types

            type AuditSink

            type AuditSink struct {
            	metav1.TypeMeta
            
            	// +optional
            	metav1.ObjectMeta
            
            	// Spec defines the audit sink spec
            	Spec AuditSinkSpec
            }

              AuditSink represents a cluster level sink for audit data

              func (*AuditSink) DeepCopy

              func (in *AuditSink) DeepCopy() *AuditSink

                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSink.

                func (*AuditSink) DeepCopyInto

                func (in *AuditSink) DeepCopyInto(out *AuditSink)

                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                  func (*AuditSink) DeepCopyObject

                  func (in *AuditSink) DeepCopyObject() runtime.Object

                    DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                    type AuditSinkList

                    type AuditSinkList struct {
                    	metav1.TypeMeta
                    
                    	// +optional
                    	metav1.ListMeta
                    
                    	// List of audit configurations.
                    	Items []AuditSink
                    }

                      AuditSinkList is a list of a audit sink items.

                      func (*AuditSinkList) DeepCopy

                      func (in *AuditSinkList) DeepCopy() *AuditSinkList

                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkList.

                        func (*AuditSinkList) DeepCopyInto

                        func (in *AuditSinkList) DeepCopyInto(out *AuditSinkList)

                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                          func (*AuditSinkList) DeepCopyObject

                          func (in *AuditSinkList) DeepCopyObject() runtime.Object

                            DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                            type AuditSinkSpec

                            type AuditSinkSpec struct {
                            	// Policy defines the policy for selecting which events should be sent to the backend
                            	// required
                            	Policy Policy
                            
                            	// Webhook to send events
                            	// required
                            	Webhook Webhook
                            }

                              AuditSinkSpec is the spec for the audit sink object

                              func (*AuditSinkSpec) DeepCopy

                              func (in *AuditSinkSpec) DeepCopy() *AuditSinkSpec

                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkSpec.

                                func (*AuditSinkSpec) DeepCopyInto

                                func (in *AuditSinkSpec) DeepCopyInto(out *AuditSinkSpec)

                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                  type Level

                                  type Level string

                                    Level defines the amount of information logged during auditing

                                    const (
                                    	// LevelNone disables auditing
                                    	LevelNone Level = "None"
                                    	// LevelMetadata provides the basic level of auditing.
                                    	LevelMetadata Level = "Metadata"
                                    	// LevelRequest provides Metadata level of auditing, and additionally
                                    	// logs the request object (does not apply for non-resource requests).
                                    	LevelRequest Level = "Request"
                                    	// LevelRequestResponse provides Request level of auditing, and additionally
                                    	// logs the response object (does not apply for non-resource requests and watches).
                                    	LevelRequestResponse Level = "RequestResponse"
                                    )

                                      Valid audit levels

                                      type Policy

                                      type Policy struct {
                                      	// The Level that all requests are recorded at.
                                      	// available options: None, Metadata, Request, RequestResponse
                                      	// required
                                      	Level Level
                                      
                                      	// Stages is a list of stages for which events are created.
                                      	// +optional
                                      	Stages []Stage
                                      }

                                        Policy defines the configuration of how audit events are logged

                                        func (*Policy) DeepCopy

                                        func (in *Policy) DeepCopy() *Policy

                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

                                          func (*Policy) DeepCopyInto

                                          func (in *Policy) DeepCopyInto(out *Policy)

                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                            type ServiceReference

                                            type ServiceReference struct {
                                            	// `namespace` is the namespace of the service.
                                            	// Required
                                            	Namespace string
                                            
                                            	// `name` is the name of the service.
                                            	// Required
                                            	Name string
                                            
                                            	// `path` is an optional URL path which will be sent in any request to
                                            	// this service.
                                            	// +optional
                                            	Path *string
                                            }

                                              ServiceReference holds a reference to Service.legacy.k8s.io

                                              func (*ServiceReference) DeepCopy

                                              func (in *ServiceReference) DeepCopy() *ServiceReference

                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.

                                                func (*ServiceReference) DeepCopyInto

                                                func (in *ServiceReference) DeepCopyInto(out *ServiceReference)

                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                  type Stage

                                                  type Stage string

                                                    Stage defines the stages in request handling during which audit events may be generated.

                                                    type Webhook

                                                    type Webhook struct {
                                                    	// Throttle holds the options for throttling the webhook
                                                    	// +optional
                                                    	Throttle *WebhookThrottleConfig
                                                    
                                                    	// ClientConfig holds the connection parameters for the webhook
                                                    	// required
                                                    	ClientConfig WebhookClientConfig
                                                    }

                                                      Webhook holds the configuration of the webhooks

                                                      func (*Webhook) DeepCopy

                                                      func (in *Webhook) DeepCopy() *Webhook

                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Webhook.

                                                        func (*Webhook) DeepCopyInto

                                                        func (in *Webhook) DeepCopyInto(out *Webhook)

                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                          type WebhookClientConfig

                                                          type WebhookClientConfig struct {
                                                          	// `url` gives the location of the webhook, in standard URL form
                                                          	// (`scheme://host:port/path`). Exactly one of `url` or `service`
                                                          	// must be specified.
                                                          	//
                                                          	// The `host` should not refer to a service running in the cluster; use
                                                          	// the `service` field instead. The host might be resolved via external
                                                          	// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
                                                          	// in-cluster DNS as that would be a layering violation). `host` may
                                                          	// also be an IP address.
                                                          	//
                                                          	// Please note that using `localhost` or `127.0.0.1` as a `host` is
                                                          	// risky unless you take great care to run this webhook on all hosts
                                                          	// which run an apiserver which might need to make calls to this
                                                          	// webhook. Such installs are likely to be non-portable, i.e., not easy
                                                          	// to turn up in a new cluster.
                                                          	//
                                                          	// The scheme must be "https"; the URL must begin with "https://".
                                                          	//
                                                          	// A path is optional, and if present may be any string permissible in
                                                          	// a URL. You may use the path to pass an arbitrary string to the
                                                          	// webhook, for example, a cluster identifier.
                                                          	//
                                                          	// Attempting to use a user or basic auth e.g. "user:password@" is not
                                                          	// allowed. Fragments ("#...") and query parameters ("?...") are not
                                                          	// allowed, either.
                                                          	//
                                                          	// +optional
                                                          	URL *string
                                                          
                                                          	// `service` is a reference to the service for this webhook. Either
                                                          	// `service` or `url` must be specified.
                                                          	//
                                                          	// If the webhook is running within the cluster, then you should use `service`.
                                                          	//
                                                          	// Port 443 will be used if it is open, otherwise it is an error.
                                                          	//
                                                          	// +optional
                                                          	Service *ServiceReference
                                                          
                                                          	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
                                                          	// If unspecified, system trust roots on the apiserver are used.
                                                          	// +optional
                                                          	CABundle []byte
                                                          }

                                                            WebhookClientConfig contains the information to make a connection with the webhook

                                                            func (*WebhookClientConfig) DeepCopy

                                                            func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig

                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.

                                                              func (*WebhookClientConfig) DeepCopyInto

                                                              func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig)

                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                type WebhookThrottleConfig

                                                                type WebhookThrottleConfig struct {
                                                                	// QPS maximum number of batches per second
                                                                	// default 10 QPS
                                                                	// +optional
                                                                	QPS *int64
                                                                
                                                                	// Burst is the maximum number of events sent at the same moment
                                                                	// default 15 QPS
                                                                	// +optional
                                                                	Burst *int64
                                                                }

                                                                  WebhookThrottleConfig holds the configuration for throttling

                                                                  func (*WebhookThrottleConfig) DeepCopy

                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookThrottleConfig.

                                                                    func (*WebhookThrottleConfig) DeepCopyInto

                                                                    func (in *WebhookThrottleConfig) DeepCopyInto(out *WebhookThrottleConfig)

                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                      Directories

                                                                      Path Synopsis
                                                                      Package install adds the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
                                                                      Package install adds the experimental API group, making it available as an option to all of the API encoding/decoding machinery.