Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the api v1beta1 API group +kubebuilder:object:generate=true +groupName=api.kubemod.io
Index ¶
- Variables
- type MatchForType
- type MatchItem
- type ModRule
- func (in *ModRule) DeepCopy() *ModRule
- func (in *ModRule) DeepCopyInto(out *ModRule)
- func (in *ModRule) DeepCopyObject() runtime.Object
- func (r *ModRule) Default()
- func (m *ModRule) GetNamespacedName() string
- func (r *ModRule) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *ModRule) ValidateCreate() error
- func (r *ModRule) ValidateDelete() error
- func (r *ModRule) ValidateUpdate(old runtime.Object) error
- type ModRuleAdmissionOperation
- type ModRuleList
- type ModRuleSpec
- type ModRuleStatus
- type ModRuleType
- type PatchOperation
- type PatchOperationType
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "api.kubemod.io", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type MatchForType ¶ added in v0.8.0
type MatchForType string
MatchForType describes the type of a match. Only one of the following ModRule types may be specified. +kubebuilder:validation:Enum=Any;All
const ( // MatchForTypeAny indicates that a match is positive when any of the selected results matches any of the match requirements. MatchForTypeAny MatchForType = "Any" // MatchForTypeAll indicates that a match is positive when all of the selected results matches any of the match requirements. MatchForTypeAll MatchForType = "All" )
type MatchItem ¶ added in v0.5.0
type MatchItem struct { // Select is a JSONPath query expression: https://goessner.net/articles/JsonPath/ which yields zero or more values. // If no match value or regex is specified, if the query yields a non-empty result, the match is considered positive. Select string `json:"select"` // MatchFor instructs how to match the results against the match... requirements. // Valid values are: // - "Any" - the match is considered positive if any of the results of select have a match. // - "All" - the match is considered positive only if all of the results of select have a match. // +optional MatchFor MatchForType `json:"matchFor,omitempty"` // MatchValue specifies the exact value to match the result of Select by. // The match is considered positive if at least one of the results of evaluating the select query yields a match when compared to matchValue. // +nullable MatchValue *string `json:"matchValue,omitempty"` // MatchValues specifies a list of values to match the result of Select by. // The match is considered positive if at least one of the results of evaluating the select query yields a match when compared to any of the values in the array. // +optional MatchValues []string `json:"matchValues,omitempty"` // MatchRegex specifies the regular expression to compare the result of Select by. // The match is considered positive if at least one of the results of evaluating the select query yields a match when compared to value. // +nullable MatchRegex *string `json:"matchRegex,omitempty"` // Negate indicates whether the match result should be to inverted. // Defaults to false. // +optional Negate bool `json:"negate,omitempty"` }
MatchItem represents a single match query.
func (*MatchItem) DeepCopy ¶ added in v0.5.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchItem.
func (*MatchItem) DeepCopyInto ¶ added in v0.5.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ModRule ¶
type ModRule struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ModRuleSpec `json:"spec,omitempty"` Status ModRuleStatus `json:"status,omitempty"` }
ModRule is the Schema for the modrules API
func (*ModRule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRule.
func (*ModRule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ModRule) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ModRule) Default ¶
func (r *ModRule) Default()
Default implements webhook.Defaulter so a webhook will be registered for the type
func (*ModRule) GetNamespacedName ¶
GetNamespacedName returns a combined namespace/name.
func (*ModRule) SetupWebhookWithManager ¶
SetupWebhookWithManager hooks up the web hook with a manager.
func (*ModRule) ValidateCreate ¶
ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (*ModRule) ValidateDelete ¶
ValidateDelete implements webhook.Validator so a webhook will be registered for the type
type ModRuleAdmissionOperation ¶ added in v0.18.0
type ModRuleAdmissionOperation string
ModRuleAdmissionOperation describes the operation a ModRule is executed on. Only the following ModRuleAdmissionOperation(s) may be specified. +kubebuilder:validation:Enum=CREATE;UPDATE;DELETE
type ModRuleList ¶
type ModRuleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ModRule `json:"items"` }
ModRuleList contains a list of ModRule
func (*ModRuleList) DeepCopy ¶
func (in *ModRuleList) DeepCopy() *ModRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRuleList.
func (*ModRuleList) DeepCopyInto ¶
func (in *ModRuleList) DeepCopyInto(out *ModRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ModRuleList) DeepCopyObject ¶
func (in *ModRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ModRuleSpec ¶
type ModRuleSpec struct { // Type describes the type of a ModRule. // Valid values are: // - "Patch" - the rule performs modifications on all the matching resources as they are created. // - "Reject" - the rule rejects the creation of all matching resources. Type ModRuleType `json:"type"` // ExecutionTier is a value between -32767 and 32766. // ExecutionTier controls when this ModRule will be executed as it relates to the other ModRules loaded in the system. // ModRules are matched and executed in tiers, starting with the lowest tier. // The results of executing all ModRules in a tier are passed as input to the ModRules in the next tier. // This cascading execution continues until the highest tier of ModRules has been executed. // ModRules in the same tier are executed in indeterminate order. // +optional // +kubebuilder:default=0 ExecutionTier int16 `json:"executionTier"` // AdmissionOperations specifies which admission hook operations this ModRule applies to. // Valid values are: // - "CREATE" - the rule applies to all matching resources as they are created. // - "UPDATE" - the rule applies to all matching resources as they are updated. // - "DELETE" - the rule applies to all matching resources as they are deleted. // By default, a ModRule applies to all admission operations. // +optional // +kubebuilder:default={"CREATE", "UPDATE"} AdmissionOperations []ModRuleAdmissionOperation `json:"admissionOperations"` // Match is a list of match items which consist of select queries and expected match values or regular expressions. // When all match items for an object are positive, the rule is in effect. // +kubebuilder:validation:MinItems=1 Match []MatchItem `json:"match"` // Patch is a list of patch operations to perform on the matching resources at the time of creation. // The value part of a patch operation can be a golang template which accepts the resource as its context. // This field must be provided for ModRules of type "patch" // +optional Patch []PatchOperation `json:"patch,omitempty"` // RejectMessage is an optional message displayed when a resource is rejected by a Reject ModRule. // The field is a Golang template evaluated in the context of the object being rejected. // +optional RejectMessage *string `json:"rejectMessage,omitempty"` // TargetNamespaceRegex is optional and only applies to ModRules in "kubemod-system" namespace. // Its usage enables cluster-wide matching of namespaced resources. TargetNamespaceRegex *string `json:"targetNamespaceRegex,omitempty"` }
ModRuleSpec defines the desired state of ModRule
func (*ModRuleSpec) DeepCopy ¶
func (in *ModRuleSpec) DeepCopy() *ModRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRuleSpec.
func (*ModRuleSpec) DeepCopyInto ¶
func (in *ModRuleSpec) DeepCopyInto(out *ModRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ModRuleStatus ¶
type ModRuleStatus struct { }
ModRuleStatus defines the observed state of ModRule
func (*ModRuleStatus) DeepCopy ¶
func (in *ModRuleStatus) DeepCopy() *ModRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRuleStatus.
func (*ModRuleStatus) DeepCopyInto ¶
func (in *ModRuleStatus) DeepCopyInto(out *ModRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ModRuleType ¶
type ModRuleType string
ModRuleType describes the type of a ModRule. Only one of the following ModRule types may be specified. +kubebuilder:validation:Enum=Patch;Reject
const ( // ModRuleTypePatch describes a ModRule which performs modifications on the target resource. ModRuleTypePatch ModRuleType = "Patch" // ModRuleTypeReject indicates that the ModRule should reject Create events for resources which match the rule. ModRuleTypeReject ModRuleType = "Reject" )
type PatchOperation ¶
type PatchOperation struct { // Operation is the type of JSON Path operation to perform against the target element. Operation PatchOperationType `json:"op"` // Optional JSONPath query expression: https://goessner.net/articles/JsonPath/ used to construct path. // A patch operation is created for each result of the query. // A placeholder is created for each wildcard and filter in the expression. // These placeholders can be used when constructing "path". // For example, if select is "$.spec.containers[*].ports[?@.containerPort == 80]" // placeholder #0 will point to the index of "containers" and #1 will point to the index of "ports". // This allows us to define paths such as "/spec/template/spec/containers/#0/securityContext" Select *string `json:"select,omitempty"` // Path is the JSON path to the target element. Path string `json:"path"` // Value is the JSON representation of the modification. // The value is a golang template which is evaluated against the context of the target resource. // KubeMod performs some analysis of the result of the template evaluation in order to infer its JSON type: // - If the value matches the format of a JavaScript number, it is considered to be a number. // - If the value matches a boolean literal (true/false), it is considered to be a boolean literal. // - If the value matches 'null', it is considered to be null. // - If the value is surrounded by double-quotes, it is considered to be a string. // - If the value is surrounded by brackets, it is considered to be a JSON array. // - If the value is surrounded by curly braces, it is considered to be a JSON object. // - If none of the above is true, the value is considered to be a string. // +nullable Value *string `json:"value,omitempty"` }
PatchOperation represents a single JSON Patch operation.
func (*PatchOperation) DeepCopy ¶
func (in *PatchOperation) DeepCopy() *PatchOperation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PatchOperation.
func (*PatchOperation) DeepCopyInto ¶
func (in *PatchOperation) DeepCopyInto(out *PatchOperation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PatchOperationType ¶
type PatchOperationType string
PatchOperationType describes the type of a JSON Patch operation. Only one of the following ModRule types may be specified. +kubebuilder:validation:Enum=add;replace;remove
const ( // Add represents an "add" JSON Patch operation. Add PatchOperationType = "add" // Replace represents a "replace" JSON Patch operation. Replace PatchOperationType = "replace" // Remove represents a "remove" JSON Patch operation. Remove PatchOperationType = "remove" )