v1beta1

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2023 License: BSD-3-Clause Imports: 14 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the api v1beta1 API group +kubebuilder:object:generate=true +groupName=api.kubemod.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "api.kubemod.io", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type MatchForType added in v0.8.0 

type MatchForType string

MatchForType describes the type of a match. Only one of the following ModRule types may be specified. +kubebuilder:validation:Enum=Any;All 

const (
	// MatchForTypeAny indicates that a match is positive when any of the selected results matches any of the match requirements.
	MatchForTypeAny MatchForType = "Any"
	// MatchForTypeAll indicates that a match is positive when all of the selected results matches any of the match requirements.
	MatchForTypeAll MatchForType = "All"
)

type MatchItem added in v0.5.0 

type MatchItem struct {
	// Select is a JSONPath query expression: https://goessner.net/articles/JsonPath/ which yields zero or more values.
	// If no match value or regex is specified, if the query yields a non-empty result, the match is considered positive.
	Select string `json:"select"`

	// MatchFor instructs how to match the results against the match... requirements.
	// Valid values are:
	// - "Any" - the match is considered positive if any of the results of select have a match.
	// - "All" - the match is considered positive only if all of the results of select have a match.
	// +optional
	MatchFor MatchForType `json:"matchFor,omitempty"`

	// MatchValue specifies the exact value to match the result of Select by.
	// The match is considered positive if at least one of the results of evaluating the select query yields a match when compared to matchValue.
	// +nullable
	MatchValue *string `json:"matchValue,omitempty"`

	// MatchValues specifies a list of values to match the result of Select by.
	// The match is considered positive if at least one of the results of evaluating the select query yields a match when compared to any of the values in the array.
	// +optional
	MatchValues []string `json:"matchValues,omitempty"`

	// MatchRegex specifies the regular expression to compare the result of Select by.
	// The match is considered positive if at least one of the results of evaluating the select query yields a match when compared to value.
	// +nullable
	MatchRegex *string `json:"matchRegex,omitempty"`

	// Negate indicates whether the match result should be to inverted.
	// Defaults to false.
	// +optional
	Negate bool `json:"negate,omitempty"`
}

MatchItem represents a single match query.

func (*MatchItem) DeepCopy added in v0.5.0 

func (in *MatchItem) DeepCopy() *MatchItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchItem.

func (*MatchItem) DeepCopyInto added in v0.5.0 

func (in *MatchItem) DeepCopyInto(out *MatchItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ModRule 

type ModRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ModRuleSpec   `json:"spec,omitempty"`
	Status ModRuleStatus `json:"status,omitempty"`
}

ModRule is the Schema for the modrules API

func (*ModRule) DeepCopy 

func (in *ModRule) DeepCopy() *ModRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRule.

func (*ModRule) DeepCopyInto 

func (in *ModRule) DeepCopyInto(out *ModRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ModRule) DeepCopyObject 

func (in *ModRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ModRule) Default 

func (r *ModRule) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*ModRule) GetNamespacedName 

func (m *ModRule) GetNamespacedName() string

GetNamespacedName returns a combined namespace/name.

func (*ModRule) SetupWebhookWithManager 

func (r *ModRule) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager hooks up the web hook with a manager.

func (*ModRule) ValidateCreate 

func (r *ModRule) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ModRule) ValidateDelete 

func (r *ModRule) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ModRule) ValidateUpdate 

func (r *ModRule) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ModRuleAdmissionOperation added in v0.18.0 

type ModRuleAdmissionOperation string

ModRuleAdmissionOperation describes the operation a ModRule is executed on. Only the following ModRuleAdmissionOperation(s) may be specified. +kubebuilder:validation:Enum=CREATE;UPDATE;DELETE

type ModRuleList 

type ModRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ModRule `json:"items"`
}

ModRuleList contains a list of ModRule

func (*ModRuleList) DeepCopy 

func (in *ModRuleList) DeepCopy() *ModRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRuleList.

func (*ModRuleList) DeepCopyInto 

func (in *ModRuleList) DeepCopyInto(out *ModRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ModRuleList) DeepCopyObject 

func (in *ModRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ModRuleSpec 

type ModRuleSpec struct {

	// Type describes the type of a ModRule.
	// Valid values are:
	// - "Patch" - the rule performs modifications on all the matching resources as they are created.
	// - "Reject" - the rule rejects the creation of all matching resources.
	Type ModRuleType `json:"type"`

	// ExecutionTier is a value between -32767 and 32766.
	// ExecutionTier controls when this ModRule will be executed as it relates to the other ModRules loaded in the system.
	// ModRules are matched and executed in tiers, starting with the lowest tier.
	// The results of executing all ModRules in a tier are passed as input to the ModRules in the next tier.
	// This cascading execution continues until the highest tier of ModRules has been executed.
	// ModRules in the same tier are executed in indeterminate order.
	// +optional
	// +kubebuilder:default=0
	ExecutionTier int16 `json:"executionTier"`

	// AdmissionOperations specifies which admission hook operations this ModRule applies to.
	// Valid values are:
	// - "CREATE" - the rule applies to all matching resources as they are created.
	// - "UPDATE" - the rule applies to all matching resources as they are updated.
	// - "DELETE" - the rule applies to all matching resources as they are deleted.
	// By default, a ModRule applies to all admission operations.
	// +optional
	// +kubebuilder:default={"CREATE", "UPDATE"}
	AdmissionOperations []ModRuleAdmissionOperation `json:"admissionOperations"`

	// Match is a list of match items which consist of select queries and expected match values or regular expressions.
	// When all match items for an object are positive, the rule is in effect.
	// +kubebuilder:validation:MinItems=1
	Match []MatchItem `json:"match"`

	// Patch is a list of patch operations to perform on the matching resources at the time of creation.
	// The value part of a patch operation can be a golang template which accepts the resource as its context.
	// This field must be provided for ModRules of type "patch"
	// +optional
	Patch []PatchOperation `json:"patch,omitempty"`

	// RejectMessage is an optional message displayed when a resource is rejected by a Reject ModRule.
	// The field is a Golang template evaluated in the context of the object being rejected.
	// +optional
	RejectMessage *string `json:"rejectMessage,omitempty"`

	// TargetNamespaceRegex is optional and only applies to ModRules in "kubemod-system" namespace.
	// Its usage enables cluster-wide matching of namespaced resources.
	TargetNamespaceRegex *string `json:"targetNamespaceRegex,omitempty"`
}

ModRuleSpec defines the desired state of ModRule

func (*ModRuleSpec) DeepCopy 

func (in *ModRuleSpec) DeepCopy() *ModRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRuleSpec.

func (*ModRuleSpec) DeepCopyInto 

func (in *ModRuleSpec) DeepCopyInto(out *ModRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ModRuleStatus 

type ModRuleStatus struct {
}

ModRuleStatus defines the observed state of ModRule

func (*ModRuleStatus) DeepCopy 

func (in *ModRuleStatus) DeepCopy() *ModRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModRuleStatus.

func (*ModRuleStatus) DeepCopyInto 

func (in *ModRuleStatus) DeepCopyInto(out *ModRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ModRuleType 

type ModRuleType string

ModRuleType describes the type of a ModRule. Only one of the following ModRule types may be specified. +kubebuilder:validation:Enum=Patch;Reject 

const (
	// ModRuleTypePatch describes a ModRule which performs modifications on the target resource.
	ModRuleTypePatch ModRuleType = "Patch"

	// ModRuleTypeReject indicates that the ModRule should reject Create events for resources which match the rule.
	ModRuleTypeReject ModRuleType = "Reject"
)

type PatchOperation 

type PatchOperation struct {

	// Operation is the type of JSON Path operation to perform against the target element.
	Operation PatchOperationType `json:"op"`

	// Optional JSONPath query expression: https://goessner.net/articles/JsonPath/ used to construct path.
	// A patch operation is created for each result of the query.
	// A placeholder is created for each wildcard and filter in the expression.
	// These placeholders can be used when constructing "path".
	// For example, if select is "$.spec.containers[*].ports[?@.containerPort == 80]"
	// placeholder #0 will point to the index of "containers" and #1 will point to the index of "ports".
	// This allows us to define paths such as "/spec/template/spec/containers/#0/securityContext"
	Select *string `json:"select,omitempty"`

	// Path is the JSON path to the target element.
	Path string `json:"path"`

	// Value is the JSON representation of the modification.
	// The value is a golang template which is evaluated against the context of the target resource.
	// KubeMod performs some analysis of the result of the template evaluation in order to infer its JSON type:
	// - If the value matches the format of a JavaScript number, it is considered to be a number.
	// - If the value matches a boolean literal (true/false), it is considered to be a boolean literal.
	// - If the value matches 'null', it is considered to be null.
	// - If the value is surrounded by double-quotes, it is considered to be a string.
	// - If the value is surrounded by brackets, it is considered to be a JSON array.
	// - If the value is surrounded by curly braces, it is considered to be a JSON object.
	// - If none of the above is true, the value is considered to be a string.
	// +nullable
	Value *string `json:"value,omitempty"`
}

PatchOperation represents a single JSON Patch operation.

func (*PatchOperation) DeepCopy 

func (in *PatchOperation) DeepCopy() *PatchOperation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PatchOperation.

func (*PatchOperation) DeepCopyInto 

func (in *PatchOperation) DeepCopyInto(out *PatchOperation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PatchOperationType 

type PatchOperationType string

PatchOperationType describes the type of a JSON Patch operation. Only one of the following ModRule types may be specified. +kubebuilder:validation:Enum=add;replace;remove 

const (
	// Add represents an "add" JSON Patch operation.
	Add PatchOperationType = "add"
	// Replace represents a "replace" JSON Patch operation.
	Replace PatchOperationType = "replace"
	// Remove represents a "remove" JSON Patch operation.
	Remove PatchOperationType = "remove"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.