Documentation

Index

Constants

View Source
const (
	// The stage for events generated after the audit handler receives the request, but before it
	// is delegated down the handler chain.
	StageRequestReceived = "RequestReceived"
	// The stage for events generated after the response headers are sent, but before the response body
	// is sent. This stage is only generated for long-running requests (e.g. watch).
	StageResponseStarted = "ResponseStarted"
	// The stage for events generated after the response body has been completed, and no more bytes
	// will be sent.
	StageResponseComplete = "ResponseComplete"
	// The stage for events generated when a panic occurred.
	StagePanic = "Panic"
)

Valid audit stages.

View Source
const GroupName = "auditregistration.k8s.io"

GroupName is the group name use in this package

Variables

View Source
var (
	// SchemeBuilder for audit registration
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme audit registration
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type AuditSink

type AuditSink struct {
	metav1.TypeMeta

	// +optional
	metav1.ObjectMeta

	// Spec defines the audit sink spec
	Spec AuditSinkSpec
}

AuditSink represents a cluster level sink for audit data

func (*AuditSink) DeepCopy

func (in *AuditSink) DeepCopy() *AuditSink

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSink.

func (*AuditSink) DeepCopyInto

func (in *AuditSink) DeepCopyInto(out *AuditSink)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuditSink) DeepCopyObject

func (in *AuditSink) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuditSinkList

type AuditSinkList struct {
	metav1.TypeMeta

	// +optional
	metav1.ListMeta

	// List of audit configurations.
	Items []AuditSink
}

AuditSinkList is a list of a audit sink items.

func (*AuditSinkList) DeepCopy

func (in *AuditSinkList) DeepCopy() *AuditSinkList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkList.

func (*AuditSinkList) DeepCopyInto

func (in *AuditSinkList) DeepCopyInto(out *AuditSinkList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuditSinkList) DeepCopyObject

func (in *AuditSinkList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuditSinkSpec

type AuditSinkSpec struct {
	// Policy defines the policy for selecting which events should be sent to the backend
	// required
	Policy Policy

	// Webhook to send events
	// required
	Webhook Webhook
}

AuditSinkSpec is the spec for the audit sink object

func (*AuditSinkSpec) DeepCopy

func (in *AuditSinkSpec) DeepCopy() *AuditSinkSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkSpec.

func (*AuditSinkSpec) DeepCopyInto

func (in *AuditSinkSpec) DeepCopyInto(out *AuditSinkSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Level

type Level string

Level defines the amount of information logged during auditing

const (
	// LevelNone disables auditing
	LevelNone Level = "None"
	// LevelMetadata provides the basic level of auditing.
	LevelMetadata Level = "Metadata"
	// LevelRequest provides Metadata level of auditing, and additionally
	// logs the request object (does not apply for non-resource requests).
	LevelRequest Level = "Request"
	// LevelRequestResponse provides Request level of auditing, and additionally
	// logs the response object (does not apply for non-resource requests and watches).
	LevelRequestResponse Level = "RequestResponse"
)

Valid audit levels

type Policy

type Policy struct {
	// The Level that all requests are recorded at.
	// available options: None, Metadata, Request, RequestResponse
	// required
	Level Level

	// Stages is a list of stages for which events are created.
	// +optional
	Stages []Stage
}

Policy defines the configuration of how audit events are logged

func (*Policy) DeepCopy

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceReference

type ServiceReference struct {
	// `namespace` is the namespace of the service.
	// Required
	Namespace string

	// `name` is the name of the service.
	// Required
	Name string

	// `path` is an optional URL path which will be sent in any request to
	// this service.
	// +optional
	Path *string
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (*ServiceReference) DeepCopy

func (in *ServiceReference) DeepCopy() *ServiceReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.

func (*ServiceReference) DeepCopyInto

func (in *ServiceReference) DeepCopyInto(out *ServiceReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Stage

type Stage string

Stage defines the stages in request handling during which audit events may be generated.

type Webhook

type Webhook struct {
	// Throttle holds the options for throttling the webhook
	// +optional
	Throttle *WebhookThrottleConfig

	// ClientConfig holds the connection parameters for the webhook
	// required
	ClientConfig WebhookClientConfig
}

Webhook holds the configuration of the webhooks

func (*Webhook) DeepCopy

func (in *Webhook) DeepCopy() *Webhook

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Webhook.

func (*Webhook) DeepCopyInto

func (in *Webhook) DeepCopyInto(out *Webhook)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookClientConfig

type WebhookClientConfig struct {
	// `url` gives the location of the webhook, in standard URL form
	// (`scheme://host:port/path`). Exactly one of `url` or `service`
	// must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use
	// the `service` field instead. The host might be resolved via external
	// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
	// in-cluster DNS as that would be a layering violation). `host` may
	// also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is
	// risky unless you take great care to run this webhook on all hosts
	// which run an apiserver which might need to make calls to this
	// webhook. Such installs are likely to be non-portable, i.e., not easy
	// to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in
	// a URL. You may use the path to pass an arbitrary string to the
	// webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not
	// allowed. Fragments ("#...") and query parameters ("?...") are not
	// allowed, either.
	//
	// +optional
	URL *string

	// `service` is a reference to the service for this webhook. Either
	// `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	//
	// Port 443 will be used if it is open, otherwise it is an error.
	//
	// +optional
	Service *ServiceReference

	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
	// If unspecified, system trust roots on the apiserver are used.
	// +optional
	CABundle []byte
}

WebhookClientConfig contains the information to make a connection with the webhook

func (*WebhookClientConfig) DeepCopy

func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.

func (*WebhookClientConfig) DeepCopyInto

func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookThrottleConfig

type WebhookThrottleConfig struct {
	// QPS maximum number of batches per second
	// default 10 QPS
	// +optional
	QPS *int64

	// Burst is the maximum number of events sent at the same moment
	// default 15 QPS
	// +optional
	Burst *int64
}

WebhookThrottleConfig holds the configuration for throttling

func (*WebhookThrottleConfig) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookThrottleConfig.

func (*WebhookThrottleConfig) DeepCopyInto

func (in *WebhookThrottleConfig) DeepCopyInto(out *WebhookThrottleConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis
Package install adds the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
Package install adds the experimental API group, making it available as an option to all of the API encoding/decoding machinery.