Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessPolicy ¶
type AccessPolicy struct {
// Inbound specifies the ingress rules. Which apps on the cluster can talk to this app?
//
//+kubebuilder:validation:Optional
Inbound *InboundPolicy `json:"inbound,omitempty"`
// Outbound specifies egress rules. Which apps on the cluster and the
// internet is the Application allowed to send requests to?
//
//+kubebuilder:validation:Optional
Outbound OutboundPolicy `json:"outbound,omitempty"`
}
AccessPolicy
Zero trust dictates that only applications with a reason for being able to access another resource should be able to reach it. This is set up by default by denying all ingress and egress traffic from the Pods in the Deployment. The AccessPolicy field is an allowlist of other applications and hostnames that are allowed to talk with this Application and which resources this app can talk to
+kubebuilder:object:generate=true
func (*AccessPolicy) DeepCopy ¶
func (in *AccessPolicy) DeepCopy() *AccessPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicy.
func (*AccessPolicy) DeepCopyInto ¶
func (in *AccessPolicy) DeepCopyInto(out *AccessPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Auth ¶
type Auth struct {
// Name of the service account in which you are trying to authenticate your pod with
// Generally takes the form of some-name@some-project-id.iam.gserviceaccount.com
//
//+kubebuilder:validation:Required
ServiceAccount string `json:"serviceAccount"`
}
Auth
Configuration for authenticating a Pod with Google Cloud Platform
type EnvFrom ¶
type EnvFrom struct {
// Name of Kubernetes ConfigMap in which the deployment should mount environment variables from. Must be in the same namespace as the Application
//
//+kubebuilder:validation:Optional
ConfigMap string `json:"configMap,omitempty"`
// Name of Kubernetes Secret in which the deployment should mount environment variables from. Must be in the same namespace as the Application
//
//+kubebuilder:validation:Optional
Secret string `json:"secret,omitempty"`
}
type ExternalPort ¶
type ExternalPort struct {
// Name is required and is an arbitrary name. Must be unique within all ExternalRule ports.
//
//+kubebuilder:validation:Required
Name string `json:"name"`
// The port number of the external host
//
//+kubebuilder:validation:Required
Port int `json:"port"`
// The protocol to use for communication with the host. Only HTTP, HTTPS and TCP are supported.
//
//+kubebuilder:validation:Required
// +kubebuilder:validation:Enum=HTTP;HTTPS;TCP
Protocol string `json:"protocol"`
}
ExternalPort
A custom port describing an external host
type ExternalRule ¶
type ExternalRule struct {
Host string `json:"host"`
// Non-HTTP requests (i.e. using the TCP protocol) need to use IP in addition to hostname
// Only required for TCP requests.
//
// Note: Hostname must always be defined even if IP is set statically
//
//+kubebuilder:validation:Optional
Ip string `json:"ip,omitempty"`
// The ports to allow for the above hostname. When not specified HTTP and
// HTTPS on port 80 and 443 respectively are put into the allowlist
//
//+kubebuilder:validation:Optional
Ports []ExternalPort `json:"ports,omitempty"`
}
ExternalRule
Describes a rule for allowing your Application to route traffic to external applications and hosts.
+kubebuilder:object:generate=true
func (*ExternalRule) DeepCopy ¶
func (in *ExternalRule) DeepCopy() *ExternalRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRule.
func (*ExternalRule) DeepCopyInto ¶
func (in *ExternalRule) DeepCopyInto(out *ExternalRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilesFrom ¶
type FilesFrom struct {
// The path to mount the file in the Pods directory. Required.
//
//+kubebuilder:validation:Required
MountPath string `json:"mountPath"`
//+kubebuilder:validation:Optional
ConfigMap string `json:"configMap,omitempty"`
//+kubebuilder:validation:Optional
Secret string `json:"secret,omitempty"`
//+kubebuilder:validation:Optional
EmptyDir string `json:"emptyDir,omitempty"`
//+kubebuilder:validation:Optional
PersistentVolumeClaim string `json:"persistentVolumeClaim,omitempty"`
}
FilesFrom
Struct representing information needed to mount a Kubernetes resource as a file to a Pod's directory. One of ConfigMap, Secret, EmptyDir or PersistentVolumeClaim must be present, and just represent the name of the resource in question NB. Out-of-the-box, skiperator provides a writable 'emptyDir'-volume at '/tmp'
type GCP ¶
type GCP struct {
// Configuration for authenticating a Pod with Google Cloud Platform
//
//+kubebuilder:validation:Required
Auth Auth `json:"auth"`
}
GCP
Configuration for interacting with Google Cloud Platform
type InboundPolicy ¶
type InboundPolicy struct {
// The rules list specifies a list of applications. When no namespace is
// specified it refers to an app in the current namespace. For apps in
// other namespaces namespace is required
//
//+kubebuilder:validation:Required
Rules []InternalRule `json:"rules"`
}
InboundPolicy
+kubebuilder:object:generate=true
func (*InboundPolicy) DeepCopy ¶
func (in *InboundPolicy) DeepCopy() *InboundPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundPolicy.
func (*InboundPolicy) DeepCopyInto ¶
func (in *InboundPolicy) DeepCopyInto(out *InboundPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InternalPort ¶
type InternalPort struct {
//+kubebuilder:validation:Required
Name string `json:"name"`
//+kubebuilder:validation:Required
Port int32 `json:"port"`
//+kubebuilder:validation:Required
// +kubebuilder:validation:Enum=TCP;UDP;SCTP
// +kubebuilder:default:TCP
Protocol corev1.Protocol `json:"protocol"`
}
type InternalRule ¶
type InternalRule struct {
// The name of the Application you are allowing traffic to/from.
//
//+kubebuilder:validation:Required
Application string `json:"application"`
// The namespace in which the Application you are allowing traffic to/from resides. If unset, uses namespace of Application.
//
//+kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
// Namespace label value-pair in which the Application you are allowing traffic to/from resides. If both namespace and namespacesByLabel are set, namespace takes precedence and namespacesByLabel is omitted.
//
//+kubebuilder:validation:Optional
NamespacesByLabel map[string]string `json:"namespacesByLabel,omitempty"`
}
InternalRule
The rules list specifies a list of applications. When no namespace is specified it refers to an app in the current namespace. For apps in other namespaces, namespace is required.
+kubebuilder:object:generate=true
func (*InternalRule) DeepCopy ¶ added in v1.1.0
func (in *InternalRule) DeepCopy() *InternalRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalRule.
func (*InternalRule) DeepCopyInto ¶ added in v1.1.0
func (in *InternalRule) DeepCopyInto(out *InternalRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OutboundPolicy ¶
type OutboundPolicy struct {
// Rules apply the same in-cluster rules as InboundPolicy
//
//+kubebuilder:validation:Optional
Rules []InternalRule `json:"rules,omitempty"`
// External specifies which applications on the internet the application
// can reach. Only host is required unless it is on another port than HTTPS port 443.
// If other ports or protocols are required then `ports` must be specified as well
//
//+kubebuilder:validation:Optional
External []ExternalRule `json:"external,omitempty"`
}
OutboundPolicy
The rules list specifies a list of applications that are reachable on the cluster. Note that the application you're trying to reach also must specify that they accept communication from this app in their ingress rules.
+kubebuilder:object:generate=true
func (*OutboundPolicy) DeepCopy ¶
func (in *OutboundPolicy) DeepCopy() *OutboundPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundPolicy.
func (*OutboundPolicy) DeepCopyInto ¶
func (in *OutboundPolicy) DeepCopyInto(out *OutboundPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodSettings ¶ added in v1.1.0
type PodSettings struct {
// Annotations that are set on Pods created by Skiperator. These annotations can for example be used to change the behaviour of sidecars and similar.
//
//+kubebuilder:validation:Optional
Annotations map[string]string `json:"annotations,omitempty"`
// TerminationGracePeriodSeconds determines how long Kubernetes waits after a SIGTERM signal sent to a Pod before terminating the pod. If your application uses longer than
// 30 seconds to terminate, you should increase TerminationGracePeriodSeconds.
//
//+kubebuilder:validation:Optional
//+kubebuilder:default:=30
TerminationGracePeriodSeconds int64 `json:"terminationGracePeriodSeconds,omitempty"`
}
PodSettings
+kubebuilder:object:generate=true
func (*PodSettings) DeepCopy ¶ added in v1.1.0
func (in *PodSettings) DeepCopy() *PodSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSettings.
func (*PodSettings) DeepCopyInto ¶ added in v1.1.0
func (in *PodSettings) DeepCopyInto(out *PodSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Probe ¶
type Probe struct {
// Number of the port to access on the container
//
//+kubebuilder:validation:Required
Port intstr.IntOrString `json:"port"`
// The path to access on the HTTP server
//
//+kubebuilder:validation:Required
Path string `json:"path"`
// Delay sending the first probe by X seconds. Can be useful for applications that
// are slow to start.
//
//+kubebuilder:default=0
//+kubebuilder:validation:Optional
InitialDelay int32 `json:"initialDelay,omitempty"`
// Number of seconds after which the probe times out. Defaults to 1 second.
// Minimum value is 1
//
//+kubebuilder:default=1
//+kubebuilder:validation:Optional
Timeout int32 `json:"timeout,omitempty"`
// Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
//
//+kubebuilder:default=10
//+kubebuilder:validation:Optional
Period int32 `json:"period,omitempty"`
// Minimum consecutive successes for the probe to be considered successful after having failed.
// Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
//
//+kubebuilder:default=1
//+kubebuilder:validation:Optional
SuccessThreshold int32 `json:"successThreshold,omitempty"`
// Minimum consecutive failures for the probe to be considered failed after
// having succeeded. Defaults to 3. Minimum value is 1
//
//+kubebuilder:default=3
//+kubebuilder:validation:Optional
FailureThreshold int32 `json:"failureThreshold,omitempty"`
}
Probe
Type configuration for all types of Kubernetes probes.
type ResourceRequirements ¶
type ResourceRequirements struct {
// Limits set the maximum the app is allowed to use. Exceeding this limit will
// make kubernetes kill the app and restart it.
//
// Limits can be set on the CPU and memory, but it is not recommended to put a limit on CPU, see: https://home.robusta.dev/blog/stop-using-cpu-limits
//
//+kubebuilder:validation:Optional
Limits corev1.ResourceList `json:"limits,omitempty"`
// Requests set the initial allocation that is done for the app and will
// thus be available to the app on startup. More is allocated on demand
// until the limit is reached.
//
// Requests can be set on the CPU and memory.
//
//+kubebuilder:validation:Optional
Requests corev1.ResourceList `json:"requests,omitempty"`
}
ResourceRequirements
A simplified version of the Kubernetes native ResourceRequirement field, in which only Limits and Requests are present. For the units used for resources, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes
+kubebuilder:object:generate=true
func (*ResourceRequirements) DeepCopy ¶
func (in *ResourceRequirements) DeepCopy() *ResourceRequirements
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.
func (*ResourceRequirements) DeepCopyInto ¶
func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files