resource

package
v5.0.0-preview.1+incom... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2022 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source
const (
	OperationAll string = "*"
	Create       string = "CREATE"
	Update       string = "UPDATE"
	Delete       string = "DELETE"
	Connect      string = "CONNECT"
)

for OperationType

View Source
const (
	ServiceTypeClusterIP    string = "ClusterIP"
	ServiceTypeNodePort     string = "NodePort"
	ServiceTypeLoadBalancer string = "LoadBalancer"
	ServiceTypeExternalName string = "ExternalName"
)

for ServiceType

View Source
const (
	Ignore string = "Ignore"
	Fail   string = "Fail"
)

for FailurePolicyType

View Source
const (
	IgnoreLower string = "ignore"
	FailLower   string = "fail"
)
View Source
const (
	SideEffectNone         string = "None"
	SideEffectSome         string = "Some"
	SideEffectNoneOnDryRun string = "NoneOnDryRun"
)

for SideEffectClass

View Source
const (
	AwsSvcCloudformation  = "cloudformation"
	AwsSvcCloudWatch      = "cloudwatch"
	AwsSvcCognitoIdentity = "cognito-identity"
	AwsSvcCognitoSync     = "cognito-sync"
	AwsSvcDynamodb        = "dynamodb"
	AwsSvcEc2             = "ec2"
	AwsSvcEvents          = "events"
	AwsSvcIam             = "iam"
	AwsSvcIot             = "iot"
	AwsSvcKinesis         = "kinesis"
	AwsSvcKms             = "kms"
	AwsSvcLambda          = "lambda"
	AwsSvcLogs            = "logs"
	AwsSvcS3              = "s3"
	AwsSvcSns             = "sns"
	AwsSvcSqs             = "sqs"
	AwsSvcTag             = "tag"
	AwsSvcXray            = "xray"
)
View Source
const (
	AwsResHigh = "High"
	AwsResMid  = "Medium"
	AwsResLow  = "Low"
)

Permession sensitive level

View Source
const (
	K8sAllApiGroup               = "*"
	K8sAdmApiGroup               = "admissionregistration.k8s.io"
	K8sCrdApiGroup               = "apiextensions.k8s.io"
	K8sAllApiVersion             = "*"
	K8sApiVersionV1              = "v1"
	K8sApiVersionV1Beta1         = "v1beta1"
	K8sApiVersionV1Beta2         = "v1beta2"
	K8sResCronjobs               = "cronjobs"
	K8sResDaemonsets             = "daemonsets"
	K8sResDeployments            = "deployments"
	K8sResDeploymentConfigs      = "deploymentconfigs"
	K8sResJobs                   = "jobs"
	K8sResPods                   = "pods"
	K8sResReplicationControllers = "replicationcontrollers"
	K8sResReplicasets            = "replicasets"
	K8sResServices               = "services"
	K8sResStatefulSets           = "statefulsets"
)
View Source
const (
	NvDeploymentName = "neuvector-controller-pod"
	NvDaemonSetName  = "neuvector-allinone-pod"
)
View Source
const (
	NvAppRole            = "neuvector-binding-app"
	NvAppRoleBinding     = "neuvector-binding-app"
	NvAdmCtrlRole        = "neuvector-binding-admission"
	NvAdmCtrlRoleBinding = "neuvector-binding-admission"
)
View Source
const (
	NsSelectorKeyStatusNV = "statusNeuvector" // written to only neuvector namespace's label
	NsSelectorKeySkipNV   = "skipNeuvectorAdmissionControl"

	NsSelectorOpNotExist = "DoesNotExist"
	NsSelectorOpExists   = "Exists"
)
View Source
const (
	AdmissionK8sIoV1      = "admission.k8s.io/v1"
	AdmissionK8sIoV1Beta1 = "admission.k8s.io/v1beta1"

	K8sKindAdmissionReview = "AdmissionReview"
)
View Source
const (
	K8sRscTypeClusRole = "k8s-cluster-role"

	K8sRscTypeClusRoleBinding = "k8s-cluster-role-binding"
)
View Source
const (
	// DefaultRollingTimeoutSeconds is the default TimeoutSeconds for RollingDeploymentStrategyParams.
	DefaultRollingTimeoutSeconds int64 = 10 * 60
	// DefaultRecreateTimeoutSeconds is the default TimeoutSeconds for RecreateDeploymentStrategyParams.
	DefaultRecreateTimeoutSeconds int64 = 10 * 60
	// DefaultRollingIntervalSeconds is the default IntervalSeconds for RollingDeploymentStrategyParams.
	DefaultRollingIntervalSeconds int64 = 1
	// DefaultRollingUpdatePeriodSeconds is the default PeriodSeconds for RollingDeploymentStrategyParams.
	DefaultRollingUpdatePeriodSeconds int64 = 1
	// MaxDeploymentDurationSeconds represents the maximum duration that a deployment is allowed to run.
	// This is set as the default value for ActiveDeadlineSeconds for the deployer pod.
	// Currently set to 6 hours.
	MaxDeploymentDurationSeconds int64 = 21600
	// DefaultRevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks.
	// This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.
	DefaultRevisionHistoryLimit int32 = 10
)

These constants represent defaults used in the deployment process.

View Source
const (
	RscTypeNode                           = "node"
	RscTypeNamespace                      = "namespace"
	RscTypeService                        = "service"
	RscTypePod                            = "pod"
	RscTypeRBAC                           = "rbac"
	RscTypeImage                          = "image"
	RscTypeCrd                            = "customresourcedefinition"
	RscTypeConfigMap                      = "configmap"
	RscTypeMutatingWebhookConfiguration   = "mutatingwebhookconfiguration"   // case sensitive!
	RscTypeValidatingWebhookConfiguration = "validatingwebhookconfiguration" // case sensitive!
	RscTypeCrdSecurityRule                = "nvsecurityrules"
	RscTypeCrdClusterSecurityRule         = "nvclustersecurityrules"
	RscTypeCrdAdmCtrlSecurityRule         = "nvadmissioncontrolsecurityrules"
	RscTypeCrdWafSecurityRule             = "nvwafsecurityrules"
)
View Source
const (
	RscNamespaces                          = "namespaces"
	RscServices                            = "services"
	RscNameMutatingWebhookConfigurations   = "mutatingwebhookconfigurations"   // case sensitive!
	RscNameValidatingWebhookConfigurations = "validatingwebhookconfigurations" // case sensitive!
	RscNameCustomResourceDefinitions       = "customresourcedefinitions"       // case sensitive!

	RscKindMutatingWebhookConfiguration   = "MutatingWebhookConfiguration"   // case sensitive!
	RscKindValidatingWebhookConfiguration = "ValidatingWebhookConfiguration" // case sensitive!
)
View Source
const (
	WatchEventAdd    = "ResourceAdd"
	WatchEventModify = "ResourceModify"
	WatchEventDelete = "ResourceDelete"
	WatchEventState  = "StateUpdate"
)
View Source
const (
	ConnStateNone         = ""
	ConnStateConnected    = "connected"
	ConnStateDisconnected = "disconnected"
)
View Source
const DefTimeoutSeconds = 30
View Source
const NvAdmCtrlSecurityRuleKind = "NvAdmissionControlSecurityRule"
View Source
const NvAdmCtrlSecurityRuleListKind = "NvAdmissionControlSecurityRuleList"
View Source
const NvAdmCtrlSecurityRuleName = "nvadmissioncontrolsecurityrules.neuvector.com"
View Source
const NvAdmCtrlSecurityRulePlural = "nvadmissioncontrolsecurityrules"
View Source
const NvAdmCtrlSecurityRuleSingular = "nvadmissioncontrolsecurityrule"
View Source
const NvAdmCtrlSecurityRuleVersion = "v1"
View Source
const NvClusterSecurityRuleKind = "NvClusterSecurityRule"
View Source
const NvClusterSecurityRuleListKind = "NvClusterSecurityRuleList"
View Source
const NvClusterSecurityRuleName = "nvclustersecurityrules.neuvector.com"
View Source
const NvClusterSecurityRulePlural = "nvclustersecurityrules"
View Source
const NvClusterSecurityRuleScope = "Cluster"
View Source
const NvClusterSecurityRuleSingular = "nvclustersecurityrule"
View Source
const NvClusterSecurityRuleVersion = "v1"
View Source
const NvSecurityRuleKind = "NvSecurityRule"
View Source
const NvSecurityRuleListKind = "NvSecurityRuleList"
View Source
const NvSecurityRuleName = "nvsecurityrules.neuvector.com"
View Source
const NvSecurityRulePlural = "nvsecurityrules"
View Source
const NvSecurityRuleScope = "Namespaced"
View Source
const NvSecurityRuleSingular = "nvsecurityrule"
View Source
const NvSecurityRuleVersion = "v1"
View Source
const NvWafSecurityRuleKind = "NvWafSecurityRule"
View Source
const NvWafSecurityRuleListKind = "NvWafSecurityRuleList"
View Source
const NvWafSecurityRuleName = "nvwafsecurityrules.neuvector.com"
View Source
const NvWafSecurityRulePlural = "nvwafsecurityrules"
View Source
const NvWafSecurityRuleSingular = "nvwafsecurityrule"
View Source
const NvWafSecurityRuleVersion = "v1"

Variables

View Source
var AdmResForOpsSettings = []NvAdmRegRuleSetting{

	NvAdmRegRuleSetting{
		Operations: utils.NewSet(Create),
		Resources:  admResForCreateSet,
		Scope:      apiv1beta1.NamespacedScope,
	},
	NvAdmRegRuleSetting{
		Operations: utils.NewSet(Update),
		Resources:  admResForUpdateSet,
		Scope:      apiv1beta1.NamespacedScope,
	},
}
View Source
var AwsSvcPolicyMap map[string]string = map[string]string{
	// contains filtered or unexported fields
}
View Source
var AwsSvcResMap map[string]AwsSvcResource = map[string]AwsSvcResource{
	AwsSvcCloudformation: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"DescribeChangeSet":      AwsResLow,
			"DescribeStackResources": AwsResLow,
			"DescribeStacks":         AwsResLow,
			"GetTemplate":            AwsResLow,
			"ListStackResources":     AwsResLow,
		},
	},
	AwsSvcCloudWatch: AwsSvcResource{
		Sensitivity: AwsResLow,
		AllowAll:    true,
		DetailMap:   map[string]string{},
	},
	AwsSvcCognitoIdentity: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"ListIdentityPools": AwsResLow,
		},
	},
	AwsSvcCognitoSync: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"GetCognitoEvents": AwsResLow,
			"SetCognitoEvents": AwsResMid,
		},
	},
	AwsSvcDynamodb: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    true,
		DetailMap:   map[string]string{},
	},
	AwsSvcEc2: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"DescribeSecurityGroups": AwsResLow,
			"DescribeSubnets":        AwsResLow,
			"DescribeVpcs":           AwsResLow,
		},
	},
	AwsSvcEvents: AwsSvcResource{
		Sensitivity: AwsResLow,
		AllowAll:    true,
		DetailMap:   map[string]string{},
	},
	AwsSvcIam: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"GetPolicy":                AwsResLow,
			"GetPolicyVersion":         AwsResLow,
			"GetRole":                  AwsResLow,
			"GetRolePolicy":            AwsResLow,
			"ListAttachedRolePolicies": AwsResLow,
			"ListRolePolicies":         AwsResLow,
			"ListRoles":                AwsResLow,
			"PassRole":                 AwsResMid,
		},
	},
	AwsSvcIot: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"AttachPrincipalPolicy":    AwsResMid,
			"AttachThingPrincipal":     AwsResMid,
			"CreateKeysAndCertificate": AwsResMid,
			"CreatePolicy":             AwsResMid,
			"CreateThing":              AwsResMid,
			"CreateTopicRule":          AwsResMid,
			"DescribeEndpoint":         AwsResLow,
			"GetTopicRule":             AwsResLow,
			"ListPolicies":             AwsResLow,
			"ListThings":               AwsResLow,
			"ListTopicRules":           AwsResLow,
			"ReplaceTopicRule":         AwsResMid,
		},
	},
	AwsSvcKinesis: AwsSvcResource{
		Sensitivity: AwsResMid,
		AllowAll:    false,
		DetailMap: map[string]string{
			"DescribeStream": AwsResLow,
			"ListStreams":    AwsResLow,
			"PutRecord":      AwsResMid,
		},
	},
	AwsSvcKms: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    false,
		DetailMap: map[string]string{
			"ListAliases": AwsResLow,
		},
	},
	AwsSvcLambda: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    true,
		DetailMap:   map[string]string{},
	},
	AwsSvcLogs: AwsSvcResource{
		Sensitivity: AwsResLow,
		AllowAll:    true,
		DetailMap:   map[string]string{},
	},
	AwsSvcS3: AwsSvcResource{
		Sensitivity: AwsResHigh,
		AllowAll:    true,
		DetailMap:   map[string]string{},
	},
	AwsSvcSns: AwsSvcResource{
		Sensitivity: AwsResMid,
		AllowAll:    false,
		DetailMap: map[string]string{
			"ListSubscriptions":        AwsResLow,
			"ListSubscriptionsByTopic": AwsResLow,
			"ListTopics":               AwsResLow,
			"Publish":                  AwsResMid,
			"Subscribe":                AwsResMid,
			"Unsubscribe":              AwsResLow,
			"ListQueues":               AwsResLow,
			"SendMessage":              AwsResMid,
		},
	},
	AwsSvcSqs: AwsSvcResource{
		Sensitivity: AwsResMid,
		AllowAll:    false,
		DetailMap: map[string]string{
			"ListQueues":  AwsResLow,
			"SendMessage": AwsResMid,
		},
	},
	AwsSvcTag: AwsSvcResource{
		Sensitivity: AwsResLow,
		AllowAll:    false,
		DetailMap: map[string]string{
			"GetResources": AwsResLow,
		},
	},
	AwsSvcXray: AwsSvcResource{
		Sensitivity: AwsResLow,
		AllowAll:    false,
		DetailMap: map[string]string{
			"PutTelemetryRecords": AwsResLow,
			"PutTraceSegments":    AwsResLow,
		},
	},
}
View Source
var CrdResForOpsSettings = []NvAdmRegRuleSetting{
	NvAdmRegRuleSetting{
		Operations: utils.NewSet(Create, Update, Delete),
		Resources:  crdResForAllOpSet,
		Scope:      apiv1beta1.AllScopes,
	},
}
View Source
var ErrMethodNotSupported = errors.New("Method not supported")
View Source
var ErrResourceNotSupported = errors.New("Method on resource not supported")
View Source
var ErrUserNotFound = errors.New("User not found")
View Source
var NvAdmMutatingName = "neuvector-mutating-admission-webhook" // ValidatingWebhookConfiguration resource instance metadata name

ValidatingWebhookConfiguration resource instance (neuvector-validating-admission-webhook) contains 2 webhooks:

  1. neuvector-validating-admission-webhook.neuvector.svc
  2. neuvector-validating-status-webhook.neuvector.svc
View Source
var NvAdmMutatingWebhookName string

List all mutating application name here and join the list

View Source
var NvAdmSvcName = "neuvector-svc-admission-webhook"
View Source
var NvAdmSvcNamespace = "neuvector"
View Source
var NvAdmValidatingName = "neuvector-validating-admission-webhook" // ValidatingWebhookConfiguration resource instance metadata name
View Source
var NvAdmValidatingWebhookName string

List all validating application name here and join the list

View Source
var NvCrdSvcName = "neuvector-svc-crd-webhook"
View Source
var NvCrdValidatingName = "neuvector-validating-crd-webhook" // ValidatingWebhookConfiguration resource instance metadata name
View Source
var NvCrdValidatingWebhookName string
View Source
var NvListKind = "List"
View Source
var NvMutatingWebhookNameList = []string{NvAdmMutatingWebhookName}
View Source
var NvStatusValidatingWebhookName string
View Source
var NvValidatingWebhookNameList []string
View Source
var StatusResForOpsSettings = []NvAdmRegRuleSetting{
	NvAdmRegRuleSetting{
		Operations: utils.NewSet(Create, Update),
		Resources:  statusResForCreateUpdateSet,
		Scope:      apiv1beta1.NamespacedScope,
	},
	NvAdmRegRuleSetting{
		Operations: utils.NewSet(Delete),
		Resources:  statusResForDeleteSet,
		Scope:      apiv1beta1.NamespacedScope,
	},
}

Functions

func AdjustAdmResForOC

func AdjustAdmResForOC()

func AdjustAdmWebhookName

func AdjustAdmWebhookName()

func DeduceAdmCtrlRoleRules

func DeduceAdmCtrlRoleRules(rscsToCheck utils.Set, objs interface{}) error

func GetK8sVersion

func GetK8sVersion() (int, int)

func GetTlsKeyCertPath

func GetTlsKeyCertPath(svcName, ns string) (string, string)

func IsK8sNvWebhookConfigured

func IsK8sNvWebhookConfigured(whName, failurePolicy string, wh *K8sAdmRegWebhook, checkNsSelector bool) bool

func Register

func Register(platform, flavor, network string) orchAPI.ResourceDriver

Types

type AdmissionWebhookConfiguration

type AdmissionWebhookConfiguration struct {
	AdmType string // "validate" (for ValidatingWebhookConfiguration) or "mutate" (for MutatingWebhookConfiguration)
	Name    string // k8s resource metadata name, like "neuvector-validating-admission-webhook" or "neuvector-validating-crd-webhook"
}

type AwsSvcResource

type AwsSvcResource struct {
	Sensitivity string            `json:"sensitivity"`
	AllowAll    bool              `json:"allow_all"`
	DetailMap   map[string]string `json:"detail_map"`
}

type CRD

type CRD struct {
	UID     string
	Name    string
	Domain  string
	Version string
}

type ConfigMap

type ConfigMap struct {
	UID    string
	Name   string
	Domain string
}

type CustomDeploymentStrategyParams

type CustomDeploymentStrategyParams struct {
	// Image specifies a Docker image which can carry out a deployment.
	Image string `json:"image"`
	// Environment holds the environment which will be given to the container for Image.
	Environment []kapi.EnvVar `json:"environment,omitempty"`
	// Command is optional and overrides CMD in the container Image.
	Command []string `json:"command,omitempty"`
}

CustomDeploymentStrategyParams are the input to the Custom deployment strategy.

type DeploymentCause

type DeploymentCause struct {
	// Type is the type of the trigger that resulted in the creation of a new deployment
	Type DeploymentTriggerType `json:"type"`
	// ImageTrigger contains the image trigger details, if this trigger was fired based on an image change
	ImageTrigger *DeploymentCauseImageTrigger `json:"imageTrigger,omitempty"`
}

DeploymentCause captures information about a particular cause of a deployment.

type DeploymentCauseImageTrigger

type DeploymentCauseImageTrigger struct {
	// From is a reference to the changed object which triggered a deployment. The field may have
	// the kinds DockerImage, ImageStreamTag, or ImageStreamImage.
	From kapi.ObjectReference `json:"from"`
}

DeploymentCauseImageTrigger contains information about a deployment caused by an image trigger

type DeploymentCondition

type DeploymentCondition struct {
	// Type of deployment condition.
	Type DeploymentConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status kapi.ConditionStatus `json:"status"`
	// The last time this condition was updated.
	LastUpdateTime metav1.Time `json:"lastUpdateTime"`
	// The last time the condition transitioned from one status to another.
	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
	// The reason for the condition's last transition.
	Reason DeploymentConditionReason `json:"reason"`
	// A human readable message indicating details about the transition.
	Message string `json:"message"`
}

DeploymentCondition describes the state of a deployment config at a certain point.

type DeploymentConditionReason

type DeploymentConditionReason string

type DeploymentConditionType

type DeploymentConditionType string

type DeploymentConfig

type DeploymentConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec represents a desired deployment state and how to deploy to it.
	Spec DeploymentConfigSpec `json:"spec"`

	// Status represents the current deployment state.
	Status DeploymentConfigStatus `json:"status"`
}

DeploymentConfig represents a configuration for a single deployment (represented as a ReplicationController). It also contains details about changes which resulted in the current state of the DeploymentConfig. Each change to the DeploymentConfig which should result in a new deployment results in an increment of LatestVersion.

type DeploymentConfigList

type DeploymentConfigList struct {
	metav1.TypeMeta `json:",inline"`
	Metadata        metav1.ListMeta `json:"metadata,omitempty"`

	// Items is a list of deployment configs
	Items []DeploymentConfig `json:"items,omitempty"`
}

DeploymentConfigList is a collection of deployment configs.

type DeploymentConfigRollback

type DeploymentConfigRollback struct {
	metav1.TypeMeta `json:",inline"`
	// Name of the deployment config that will be rolled back.
	Name string `json:"name"`
	// UpdatedAnnotations is a set of new annotations that will be added in the deployment config.
	UpdatedAnnotations map[string]string `json:"updatedAnnotations,omitempty"`
	// Spec defines the options to rollback generation.
	Spec DeploymentConfigRollbackSpec `json:"spec"`
}

DeploymentConfigRollback provides the input to rollback generation.

type DeploymentConfigRollbackSpec

type DeploymentConfigRollbackSpec struct {
	// From points to a ReplicationController which is a deployment.
	From kapi.ObjectReference `json:"from"`
	// Revision to rollback to. If set to 0, rollback to the last revision.
	Revision int64 `json:"revision"`
	// IncludeTriggers specifies whether to include config Triggers.
	IncludeTriggers bool `json:"includeTriggers"`
	// IncludeTemplate specifies whether to include the PodTemplateSpec.
	IncludeTemplate bool `json:"includeTemplate"`
	// IncludeReplicationMeta specifies whether to include the replica count and selector.
	IncludeReplicationMeta bool `json:"includeReplicationmeta"`
	// IncludeStrategy specifies whether to include the deployment Strategy.
	IncludeStrategy bool `json:"includeStrategy"`
}

DeploymentConfigRollbackSpec represents the options for rollback generation.

type DeploymentConfigSpec

type DeploymentConfigSpec struct {
	// Strategy describes how a deployment is executed.
	Strategy DeploymentStrategy `json:"strategy"`

	// MinReadySeconds is the minimum number of seconds for which a newly created pod should
	// be ready without any of its container crashing, for it to be considered available.
	// Defaults to 0 (pod will be considered available as soon as it is ready)
	MinReadySeconds int32 `json:"minReadySeconds"`

	// Triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers
	// are defined, a new deployment can only occur as a result of an explicit client update to the
	// DeploymentConfig with a new LatestVersion.
	Triggers []DeploymentTriggerPolicy `json:"triggers,omitempty"`

	// Replicas is the number of desired replicas.
	Replicas int32 `json:"replicas"`

	// RevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks.
	// This field is a pointer to allow for differentiation between an explicit zero and not specified.
	// Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)
	RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"`

	// Test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the
	// deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding
	// or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.
	Test bool `json:"test"`

	// Paused indicates that the deployment config is paused resulting in no new deployments on template
	// changes or changes in the template caused by other triggers.
	Paused bool `json:"paused"`

	// Selector is a label query over pods that should match the Replicas count.
	Selector map[string]string `json:"selector,omitempty"`

	// Template is the object that describes the pod that will be created if
	// insufficient replicas are detected.
	Template *kapi.PodTemplateSpec `json:"template,omitempty"`
}

DeploymentConfigSpec represents the desired state of the deployment.

type DeploymentConfigStatus

type DeploymentConfigStatus struct {
	// LatestVersion is used to determine whether the current deployment associated with a deployment
	// config is out of sync.
	LatestVersion int64 `json:"latestVersion"`
	// ObservedGeneration is the most recent generation observed by the deployment config controller.
	ObservedGeneration int64 `json:"observedGeneration"`
	// Replicas is the total number of pods targeted by this deployment config.
	Replicas int32 `json:"replicas"`
	// UpdatedReplicas is the total number of non-terminated pods targeted by this deployment config
	// that have the desired template spec.
	UpdatedReplicas int32 `json:"updatedReplicas"`
	// AvailableReplicas is the total number of available pods targeted by this deployment config.
	AvailableReplicas int32 `json:"availableReplicas"`
	// UnavailableReplicas is the total number of unavailable pods targeted by this deployment config.
	UnavailableReplicas int32 `json:"unavailableReplicas"`
	// Details are the reasons for the update to this deployment config.
	// This could be based on a change made by the user or caused by an automatic trigger
	Details *DeploymentDetails `json:"details,omitempty"`
	// Conditions represents the latest available observations of a deployment config's current state.
	Conditions []DeploymentCondition `json:"conditions,omitempty"`
	// Total number of ready pods targeted by this deployment.
	ReadyReplicas int32 `json:"readyReplicas"`
}

DeploymentConfigStatus represents the current deployment state.

type DeploymentDetails

type DeploymentDetails struct {
	// Message is the user specified change message, if this deployment was triggered manually by the user
	Message string `json:"message"`
	// Causes are extended data associated with all the causes for creating a new deployment
	Causes []DeploymentCause `json:"causes,omitempty"`
}

DeploymentDetails captures information about the causes of a deployment.

type DeploymentLog

type DeploymentLog struct {
	metav1.TypeMeta `json:",inline"`
}

DeploymentLog represents the logs for a deployment

type DeploymentLogOptions

type DeploymentLogOptions struct {
	metav1.TypeMeta `json:",inline"`

	// Container for which to return logs
	Container string `json:"container"`
	// Follow if true indicates that the deployment log should be streamed until
	// the deployment terminates.
	Follow bool `json:"follow"`
	// If true, return previous deployment logs
	Previous bool `json:"previous"`
	// A relative time in seconds before the current time from which to show logs. If this value
	// precedes the time a pod was started, only logs since the pod start will be returned.
	// If this value is in the future, no logs will be returned.
	// Only one of sinceSeconds or sinceTime may be specified.
	SinceSeconds *int64 `json:"sinceSeconds,omitempty"`
	// An RFC3339 timestamp from which to show logs. If this value
	// precedes the time a pod was started, only logs since the pod start will be returned.
	// If this value is in the future, no logs will be returned.
	// Only one of sinceSeconds or sinceTime may be specified.
	SinceTime *metav1.Time `json:"sinceTime,omitempty"`
	// If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line
	// of log output.
	Timestamps bool `json:"timestamps"`
	// If set, the number of lines from the end of the logs to show. If not specified,
	// logs are shown from the creation of the container or sinceSeconds or sinceTime
	TailLines *int64 `json:"tailLines,omitempty"`
	// If set, the number of bytes to read from the server before terminating the
	// log output. This may not display a complete final line of logging, and may return
	// slightly more or slightly less than the specified limit.
	LimitBytes *int64 `json:"limitBytes,omitempty"`

	// NoWait if true causes the call to return immediately even if the deployment
	// is not available yet. Otherwise the server will wait until the deployment has started.
	NoWait bool `json:"noWait"`

	// Version of the deployment for which to view logs.
	Version *int64 `json:"version,omitempty"`
}

DeploymentLogOptions is the REST options for a deployment log

type DeploymentRequest

type DeploymentRequest struct {
	metav1.TypeMeta `json:",inline"`
	// Name of the deployment config for requesting a new deployment.
	Name string `json:"name"`
	// Latest will update the deployment config with the latest state from all triggers.
	Latest bool `json:"latest"`
	// Force will try to force a new deployment to run. If the deployment config is paused,
	// then setting this to true will return an Invalid error.
	Force bool `json:"force"`
	// ExcludeTriggers instructs the instantiator to avoid processing the specified triggers.
	// This field overrides the triggers from latest and allows clients to control specific
	// logic.
	ExcludeTriggers []DeploymentTriggerType `json:"excludeTriggers,omitempty"`
}

DeploymentRequest is a request to a deployment config for a new deployment.

type DeploymentStrategy

type DeploymentStrategy struct {
	// Type is the name of a deployment strategy.
	Type DeploymentStrategyType `json:"type"`

	// CustomParams are the input to the Custom deployment strategy, and may also
	// be specified for the Recreate and Rolling strategies to customize the execution
	// process that runs the deployment.
	CustomParams *CustomDeploymentStrategyParams `json:"customParams,omitempty"`
	// RecreateParams are the input to the Recreate deployment strategy.
	RecreateParams *RecreateDeploymentStrategyParams `json:"recreateParams,omitempty"`
	// RollingParams are the input to the Rolling deployment strategy.
	RollingParams *RollingDeploymentStrategyParams `json:"rollingParams,omitempty"`

	// Resources contains resource requirements to execute the deployment and any hooks.
	Resources kapi.ResourceRequirements `json:"resources"`
	// Labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.
	Labels map[string]string `json:"labels,omitempty"`
	// Annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.
	Annotations map[string]string `json:"annotations,omitempty"`

	// ActiveDeadlineSeconds is the duration in seconds that the deployer pods for this deployment
	// config may be active on a node before the system actively tries to terminate them.
	ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"`
}

DeploymentStrategy describes how to perform a deployment.

type DeploymentStrategyType

type DeploymentStrategyType string

DeploymentStrategyType refers to a specific DeploymentStrategy implementation.

const (
	// DeploymentStrategyTypeRecreate is a simple strategy suitable as a default.
	DeploymentStrategyTypeRecreate DeploymentStrategyType = "Recreate"
	// DeploymentStrategyTypeCustom is a user defined strategy.
	DeploymentStrategyTypeCustom DeploymentStrategyType = "Custom"
	// DeploymentStrategyTypeRolling uses the Kubernetes RollingUpdater.
	DeploymentStrategyTypeRolling DeploymentStrategyType = "Rolling"
)

type DeploymentTriggerImageChangeParams

type DeploymentTriggerImageChangeParams struct {
	// Automatic means that the detection of a new tag value should result in an image update
	// inside the pod template.
	Automatic bool `json:"automatic"`
	// ContainerNames is used to restrict tag updates to the specified set of container names in a pod.
	ContainerNames []string `json:"containerNames,omitempty"`
	// From is a reference to an image stream tag to watch for changes. From.Name is the only
	// required subfield - if From.Namespace is blank, the namespace of the current deployment
	// trigger will be used.
	From kapi.ObjectReference `json:"from"`
	// LastTriggeredImage is the last image to be triggered.
	LastTriggeredImage string `json:"lastTriggeredImage"`
}

DeploymentTriggerImageChangeParams represents the parameters to the ImageChange trigger.

type DeploymentTriggerPolicy

type DeploymentTriggerPolicy struct {
	// Type of the trigger
	Type DeploymentTriggerType `json:"type"`
	// ImageChangeParams represents the parameters for the ImageChange trigger.
	ImageChangeParams *DeploymentTriggerImageChangeParams `json:"imageChangeParams,omitempty"`
}

DeploymentTriggerPolicy describes a policy for a single trigger that results in a new deployment.

type DeploymentTriggerType

type DeploymentTriggerType string

DeploymentTriggerType refers to a specific DeploymentTriggerPolicy implementation.

const (
	// DeploymentTriggerManual is a placeholder implementation which does nothing.
	DeploymentTriggerManual DeploymentTriggerType = "Manual"
	// DeploymentTriggerOnImageChange will create new deployments in response to updated tags from
	// a Docker image repository.
	DeploymentTriggerOnImageChange DeploymentTriggerType = "ImageChange"
	// DeploymentTriggerOnConfigChange will create new deployments in response to changes to
	// the ControllerTemplate of a DeploymentConfig.
	DeploymentTriggerOnConfigChange DeploymentTriggerType = "ConfigChange"
)

type Event

type Event struct {
	Event        string
	ResourceType string
	ResourceOld  interface{}
	ResourceNew  interface{}
	Status       string
	LastError    string
}

type ExecNewPodHook

type ExecNewPodHook struct {
	// Command is the action command and its arguments.
	Command []string `json:"command,omitempty"`
	// Env is a set of environment variables to supply to the hook pod's container.
	Env []kapi.EnvVar `json:"env,omitempty"`
	// ContainerName is the name of a container in the deployment pod template
	// whose Docker image will be used for the hook pod's container.
	ContainerName string `json:"containerName"`
	// Volumes is a list of named volumes from the pod template which should be
	// copied to the hook pod. Volumes names not found in pod spec are ignored.
	// An empty list means no volumes will be copied.
	Volumes []string `json:"volumes,omitempty"`
}

ExecNewPodHook is a hook implementation which runs a command in a new pod based on the specified container which is assumed to be part of the deployment template.

type Image

type Image struct {
	UID    string
	Name   string
	Domain string
	Repo   string
	Tags   []ImageTag
}

type ImageTag

type ImageTag struct {
	Tag    string
	Serial string
}

type K8sAdmRegRule

type K8sAdmRegRule struct {
	ApiGroups   []string
	ApiVersions []string
	Resources   []string
	Scope       *string
}

type K8sAdmRegRuleWithOperations

type K8sAdmRegRuleWithOperations struct {
	Operations []string
	Rule       *K8sAdmRegRule
}

type K8sAdmRegServiceReference

type K8sAdmRegServiceReference struct {
	Namespace *string
	Name      *string
	Path      *string
}

--- for generic types in admissionregistration v1/vebeta1

type K8sAdmRegValidatingWebhookConfiguration

type K8sAdmRegValidatingWebhookConfiguration struct {
	Metadata *metav1.ObjectMeta
	Webhooks []*K8sAdmRegWebhook
}

type K8sAdmRegWebhook

type K8sAdmRegWebhook struct {
	Name                    *string
	AdmissionReviewVersions []string
	ClientConfig            *K8sAdmRegWebhookClientConfig
	Rules                   []*K8sAdmRegRuleWithOperations
	FailurePolicy           *string
	NamespaceSelector       *metav1.LabelSelector
	SideEffects             *string
}

type K8sAdmRegWebhookClientConfig

type K8sAdmRegWebhookClientConfig struct {
	Url      *string
	Service  *K8sAdmRegServiceReference
	CaBundle []byte
}

type LifecycleHook

type LifecycleHook struct {
	// FailurePolicy specifies what action to take if the hook fails.
	FailurePolicy LifecycleHookFailurePolicy `json:"failurePolicy"`

	// ExecNewPod specifies the options for a lifecycle hook backed by a pod.
	ExecNewPod *ExecNewPodHook `json:"execNewPod,omitempty"`

	// TagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.
	TagImages []TagImageHook `json:"tagImages,omitempty"`
}

LifecycleHook defines a specific deployment lifecycle action. Only one type of action may be specified at any time.

type LifecycleHookFailurePolicy

type LifecycleHookFailurePolicy string

LifecycleHookFailurePolicy describes possibles actions to take if a hook fails.

const (
	// LifecycleHookFailurePolicyRetry means retry the hook until it succeeds.
	LifecycleHookFailurePolicyRetry LifecycleHookFailurePolicy = "Retry"
	// LifecycleHookFailurePolicyAbort means abort the deployment.
	LifecycleHookFailurePolicyAbort LifecycleHookFailurePolicy = "Abort"
	// LifecycleHookFailurePolicyIgnore means ignore failure and continue the deployment.
	LifecycleHookFailurePolicyIgnore LifecycleHookFailurePolicy = "Ignore"
)

type Namespace

type Namespace struct {
	UID    string
	Name   string
	Labels map[string]string
}

type Node

type Node struct {
	UID              string
	Name             string
	IPNets           []net.IPNet
	Labels           map[string]string
	Annotations      map[string]string
	IBMCloudWorkerID string // for IBM cloud only: the hostname(before the 1st dot character) of the node
}

type NvAdmCtrlSecurityRule

type NvAdmCtrlSecurityRule struct {
	Kind       *string               `json:"kind,omitempty"`
	ApiVersion *string               `json:"apiVersion,omitempty"`
	Metadata   *metav1.ObjectMeta    `json:"metadata"`
	Spec       NvSecurityAdmCtrlSpec `json:"spec"`
}

func (*NvAdmCtrlSecurityRule) GetMetadata

func (m *NvAdmCtrlSecurityRule) GetMetadata() *metav1.ObjectMeta

type NvAdmCtrlSecurityRuleList

type NvAdmCtrlSecurityRuleList struct {
	Kind             *string                  `json:"kind,omitempty"`
	ApiVersion       *string                  `json:"apiVersion,omitempty"`
	Metadata         *metav1.ListMeta         `json:"metadata"`
	Items            []*NvAdmCtrlSecurityRule `json:"items"`
	XXX_unrecognized []byte                   `json:"-"`
}

func (*NvAdmCtrlSecurityRuleList) GetMetadata

func (m *NvAdmCtrlSecurityRuleList) GetMetadata() *metav1.ListMeta

type NvAdmRegRuleSetting

type NvAdmRegRuleSetting struct {
	Operations utils.Set
	Resources  utils.Set
	Scope      string
}

type NvClusterSecurityRule

type NvClusterSecurityRule struct {
	Kind       *string            `json:"kind,omitempty"`
	ApiVersion *string            `json:"apiVersion,omitempty"`
	Metadata   *metav1.ObjectMeta `json:"metadata"`
	Spec       NvSecurityRuleSpec `json:"spec"`
}

func (*NvClusterSecurityRule) GetMetadata

func (m *NvClusterSecurityRule) GetMetadata() *metav1.ObjectMeta

type NvClusterSecurityRuleList

type NvClusterSecurityRuleList struct {
	Kind             *string                  `json:"kind,omitempty"`
	ApiVersion       *string                  `json:"apiVersion,omitempty"`
	Metadata         *metav1.ListMeta         `json:"metadata"`
	Items            []*NvClusterSecurityRule `json:"items"`
	XXX_unrecognized []byte                   `json:"-"`
}

func (*NvClusterSecurityRuleList) GetMetadata

func (m *NvClusterSecurityRuleList) GetMetadata() *metav1.ListMeta

type NvCrdAdmCtrlConfig

type NvCrdAdmCtrlConfig struct {
	Enable        bool   `json:"enable"`
	Mode          string `json:"mode"`
	AdmClientMode string `json:"adm_client_mode"`
}

type NvCrdAdmCtrlRule

type NvCrdAdmCtrlRule struct {
	ID       uint32                      `json:"id"`        // only set for default rules
	RuleType string                      `json:"rule_type"` // ValidatingExceptRuleType / ValidatingDenyRuleType (see above)
	Comment  string                      `json:"comment"`
	Criteria []*api.RESTAdmRuleCriterion `json:"criteria,omitempty"`
	Disabled bool                        `json:"disabled"`
}

type NvCrdInfo

type NvCrdInfo struct {
	RscType           string
	MetaName          string
	SpecScope         string
	SpecGroup         string
	SpecVersion       string
	SpecNamesPlural   string
	SpecNamesKind     string
	SpecNamesSingular string
	SpecNamesListKind string
	LockKey           string
	KvCrdKind         string
}

type NvSecurityAdmCtrlConfig

type NvSecurityAdmCtrlConfig struct {
	Enable        *bool   `json:"enable,omitempty"`
	Mode          *string `json:"mode,omitempty"`
	AdmClientMode *string `json:"client_mode" validate:"required"`
}

admission control CRD resourced are non-namespaced

type NvSecurityAdmCtrlRule

type NvSecurityAdmCtrlRule struct {
	ID       *uint32                     `json:"id,omitempty"`
	Action   *string                     `json:"action,omitempty"` // api.ValidatingAllowRuleType / api.ValidatingDenyRuleType
	Comment  *string                     `json:"comment,omitempty"`
	Disabled *bool                       `json:"disabled,omitempty"`
	Criteria []*api.RESTAdmRuleCriterion `json:"criteria,omitempty"`
}

type NvSecurityAdmCtrlRules

type NvSecurityAdmCtrlRules struct {
	Rules []*NvSecurityAdmCtrlRule `json:"rules,omitempty"`
}

type NvSecurityAdmCtrlSpec

type NvSecurityAdmCtrlSpec struct {
	Config *NvSecurityAdmCtrlConfig `json:"config,omitempty"`
	Rules  []*NvSecurityAdmCtrlRule `json:"rules,omitempty"`
}

type NvSecurityFileRule

type NvSecurityFileRule struct {
	Filter    string   `json:"filter"`
	Recursive bool     `json:"recursive"`
	Behavior  string   `json:"behavior"`
	App       []string `json:"app"`
}

type NvSecurityParse

type NvSecurityParse struct {
	TargetName        string
	PolicyModeCfg     *api.RESTServiceConfig
	ProcessProfileCfg *api.RESTProcessProfile
	FileProfileCfg    *api.RESTFileMonitorProfile
	GroupCfgs         []api.RESTCrdGroupConfig
	RuleCfgs          []api.RESTPolicyRuleConfig
	WafGroupCfg       *api.RESTCrdWafGroupConfig // per-group's waf sensor configuration
	AdmCtrlCfg        *NvCrdAdmCtrlConfig
	AdmCtrlRulesCfg   map[string][]*NvCrdAdmCtrlRule // map key is "deny" / "exception"
	WafSensorCfg      *api.RESTWafSensorConfig       // waf sensor defined by this crd object
}

type NvSecurityProcessProfile

type NvSecurityProcessProfile struct {
	Baseline *string `json:"baseline"`
}

type NvSecurityProcessRule

type NvSecurityProcessRule struct {
	Name            string `json:"name"`
	Path            string `json:"path"`
	Action          string `json:"action"`
	AllowFileUpdate bool   `json:"allow_update"`
}

type NvSecurityRule

type NvSecurityRule struct {
	Kind       *string            `json:"kind,omitempty"`
	ApiVersion *string            `json:"apiVersion,omitempty"`
	Metadata   *metav1.ObjectMeta `json:"metadata"`
	Spec       NvSecurityRuleSpec `json:"spec"`
}

func (*NvSecurityRule) GetMetadata

func (m *NvSecurityRule) GetMetadata() *metav1.ObjectMeta

type NvSecurityRuleDetail

type NvSecurityRuleDetail struct {
	Selector     api.RESTCrdGroupConfig `json:"selector"`
	Applications []string               `json:"applications"`
	Ports        string                 `json:"ports"`
	Action       string                 `json:"action"`
	Name         string                 `json:"name"`
	Priority     uint32                 `json:"priority"`
}

type NvSecurityRuleList

type NvSecurityRuleList struct {
	Kind             *string           `json:"kind,omitempty"`
	ApiVersion       *string           `json:"apiVersion,omitempty"`
	Metadata         *metav1.ListMeta  `json:"metadata"`
	Items            []*NvSecurityRule `json:"items"`
	XXX_unrecognized []byte            `json:"-"`
}

func (*NvSecurityRuleList) GetMetadata

func (m *NvSecurityRuleList) GetMetadata() *metav1.ListMeta

type NvSecurityRulePartial

type NvSecurityRulePartial struct {
	Kind             *string            `json:"kind,omitempty"`
	ApiVersion       *string            `json:"apiVersion,omitempty"`
	Metadata         *metav1.ObjectMeta `json:"metadata"`
	XXX_unrecognized []byte             `json:"-"`
}

type NvSecurityRuleSpec

type NvSecurityRuleSpec struct {
	Target         NvSecurityTarget          `json:"target"`
	IngressRule    []NvSecurityRuleDetail    `json:"ingress"`
	EgressRule     []NvSecurityRuleDetail    `json:"egress"`
	ProcessProfile *NvSecurityProcessProfile `json:"process_profile"`
	ProcessRule    []NvSecurityProcessRule   `json:"process"`
	FileRule       []NvSecurityFileRule      `json:"file"`
	WafGroup       *NvSecurityWafGroup       `json:"waf"` // per-group's waf sensor mapping data
}

type NvSecurityTarget

type NvSecurityTarget struct {
	PolicyMode *string                `json:"policymode, omitempty"`
	Selector   api.RESTCrdGroupConfig `json:"selector"`
}

type NvSecurityWafGroup

type NvSecurityWafGroup struct {
	Status   bool                         `json:"status"`
	Settings []api.RESTCrdWafGroupSetting `json:"settings"`
}

type NvSecurityWafRule

type NvSecurityWafRule struct {
	Name     *string                    `json:"name"`
	Patterns []api.RESTWafCriteriaEntry `json:"patterns"`
}

type NvSecurityWafSensor

type NvSecurityWafSensor struct {
	Name     string               `json:"name"`
	Comment  *string              `json:"comment"`
	RuleList []*NvSecurityWafRule `json:"rules"`
}

type NvSecurityWafSpec

type NvSecurityWafSpec struct {
	Sensor *NvSecurityWafSensor `json:"sensor"`
}

type NvWafSecurityRule

type NvWafSecurityRule struct {
	Kind       *string            `json:"kind,omitempty"`
	ApiVersion *string            `json:"apiVersion,omitempty"`
	Metadata   *metav1.ObjectMeta `json:"metadata"`
	Spec       NvSecurityWafSpec  `json:"spec"`
}

func (*NvWafSecurityRule) GetMetadata

func (m *NvWafSecurityRule) GetMetadata() *metav1.ObjectMeta

type NvWafSecurityRuleList

type NvWafSecurityRuleList struct {
	Kind             *string              `json:"kind,omitempty"`
	ApiVersion       *string              `json:"apiVersion,omitempty"`
	Metadata         *metav1.ListMeta     `json:"metadata"`
	Items            []*NvWafSecurityRule `json:"items"`
	XXX_unrecognized []byte               `json:"-"`
}

func (*NvWafSecurityRuleList) GetMetadata

func (m *NvWafSecurityRuleList) GetMetadata() *metav1.ListMeta

type Pod

type Pod struct {
	UID       string
	Name      string
	Domain    string
	Node      string
	IPNet     net.IPNet
	HostNet   bool
	Running   bool
	OwnerUID  string
	OwnerName string
	OwnerType string
}

type RBAC

type RBAC struct {
	Name   string
	Domain string
	Roles  map[string]string
}

type RecreateDeploymentStrategyParams

type RecreateDeploymentStrategyParams struct {
	// TimeoutSeconds is the time to wait for updates before giving up. If the
	// value is nil, a default will be used.
	TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty"`
	// Pre is a lifecycle hook which is executed before the strategy manipulates
	// the deployment. All LifecycleHookFailurePolicy values are supported.
	Pre *LifecycleHook `json:"pre,omitempty"`
	// Mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new
	// pod is created. All LifecycleHookFailurePolicy values are supported.
	Mid *LifecycleHook `json:"mid,omitempty"`
	// Post is a lifecycle hook which is executed after the strategy has
	// finished all deployment logic. All LifecycleHookFailurePolicy values are supported.
	Post *LifecycleHook `json:"post,omitempty"`
}

RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.

type RollingDeploymentStrategyParams

type RollingDeploymentStrategyParams struct {
	// UpdatePeriodSeconds is the time to wait between individual pod updates.
	// If the value is nil, a default will be used.
	UpdatePeriodSeconds *int64 `json:"failurePolicyFailurePolicy,omitempty"`
	// IntervalSeconds is the time to wait between polling deployment status
	// after update. If the value is nil, a default will be used.
	IntervalSeconds *int64 `json:"intervalSeconds,omitempty"`
	// TimeoutSeconds is the time to wait for updates before giving up. If the
	// value is nil, a default will be used.
	TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty"`
	// MaxUnavailable is the maximum number of pods that can be unavailable
	// during the update. Value can be an absolute number (ex: 5) or a
	// percentage of total pods at the start of update (ex: 10%). Absolute
	// number is calculated from percentage by rounding down.
	//
	// This cannot be 0 if MaxSurge is 0. By default, 25% is used.
	//
	// Example: when this is set to 30%, the old RC can be scaled down by 30%
	// immediately when the rolling update starts. Once new pods are ready, old
	// RC can be scaled down further, followed by scaling up the new RC,
	// ensuring that at least 70% of original number of pods are available at
	// all times during the update.
	MaxUnavailable intstr.IntOrString `json:"maxUnavailable"`
	// MaxSurge is the maximum number of pods that can be scheduled above the
	// original number of pods. Value can be an absolute number (ex: 5) or a
	// percentage of total pods at the start of the update (ex: 10%). Absolute
	// number is calculated from percentage by rounding up.
	//
	// This cannot be 0 if MaxUnavailable is 0. By default, 25% is used.
	//
	// Example: when this is set to 30%, the new RC can be scaled up by 30%
	// immediately when the rolling update starts. Once old pods have been
	// killed, new RC can be scaled up further, ensuring that total number of
	// pods running at any time during the update is atmost 130% of original
	// pods.
	MaxSurge intstr.IntOrString `json:"maxSurge"`
	// Pre is a lifecycle hook which is executed before the deployment process
	// begins. All LifecycleHookFailurePolicy values are supported.
	Pre *LifecycleHook `json:"pre,omitempty"`
	// Post is a lifecycle hook which is executed after the strategy has
	// finished all deployment logic. All LifecycleHookFailurePolicy values
	// are supported.
	Post *LifecycleHook `json:"post,omitempty"`
}

RollingDeploymentStrategyParams are the input to the Rolling deployment strategy.

type Service

type Service struct {
	UID         string
	Name        string
	Domain      string
	Labels      map[string]string
	IPs         []net.IP
	Selector    map[string]string
	Type        string
	ExternalIPs []net.IP
}

type TagImageHook

type TagImageHook struct {
	// ContainerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single
	// container this value will be defaulted to the name of that container.
	ContainerName string `json:"containerName"`
	// To is the target ImageStreamTag to set the container's image onto.
	To kapi.ObjectReference `json:"to"`
}

TagImageHook is a request to tag the image in a particular container onto an ImageStreamTag.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL