Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the audit v1alpha1 API group +groupName=auditing.kubesphere.io
Package v1alpha1 contains API Schema definitions for the audit v1alpha1 API group +kubebuilder:object:generate=true +groupName=auditing.kubesphere.io
Index ¶
- Variables
- func Resource(resource string) schema.GroupResource
- type AuditSinkPolicy
- type DynamicAuditConfig
- type Level
- type Policy
- type PolicyRule
- type Receiver
- type Rule
- type RuleList
- type RuleSpec
- type RuleStatus
- type ServiceReference
- type Stage
- type Webhook
- type WebhookClientConfig
- type WebhookList
- type WebhookSpec
- type WebhookStatus
- type WebhookThrottleConfig
Constants ¶
This section is empty.
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "auditing.kubesphere.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Types ¶
type AuditSinkPolicy ¶
type AuditSinkPolicy struct { ArchivingRuleSelector *metav1.LabelSelector `json:"archivingRuleSelector,omitempty" protobuf:"bytes,8,opt,name=archivingRuleSelector"` AlertingRuleSelector *metav1.LabelSelector `json:"alertingRuleSelector,omitempty" protobuf:"bytes,8,opt,name=alertingRuleSelector"` }
func (*AuditSinkPolicy) DeepCopy ¶
func (in *AuditSinkPolicy) DeepCopy() *AuditSinkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkPolicy.
func (*AuditSinkPolicy) DeepCopyInto ¶
func (in *AuditSinkPolicy) DeepCopyInto(out *AuditSinkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DynamicAuditConfig ¶
type DynamicAuditConfig struct { // Throttle holds the options for throttling the webhook // +optional Throttle *WebhookThrottleConfig `json:"throttle,omitempty" protobuf:"bytes,18,opt,name=throttle"` // Policy defines the policy for selecting which events should be sent to the webhook // +optional Policy *Policy `json:"policy,omitempty" protobuf:"bytes,18,opt,name=policy"` }
func (*DynamicAuditConfig) DeepCopy ¶
func (in *DynamicAuditConfig) DeepCopy() *DynamicAuditConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicAuditConfig.
func (*DynamicAuditConfig) DeepCopyInto ¶
func (in *DynamicAuditConfig) DeepCopyInto(out *DynamicAuditConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Level ¶
type Level string
const ( // LevelNone disables auditing LevelNone Level = "None" // LevelMetadata provides the basic level of auditing. LevelMetadata Level = "Metadata" // LevelRequest provides Metadata level of auditing, and additionally // logs the request object (does not apply for non-resource requests). LevelRequest Level = "Request" // LevelRequestResponse provides Request level of auditing, and additionally // logs the response object (does not apply for non-resource requests and watches). LevelRequestResponse Level = "RequestResponse" )
type Policy ¶
type Policy struct { // The Level that all requests are recorded at. // available options: None, Metadata, Request, RequestResponse // required Level Level `json:"level" protobuf:"bytes,1,opt,name=level"` // Stages is a list of stages for which events are created. // +optional Stages []Stage `json:"stages" protobuf:"bytes,2,opt,name=stages"` }
func (*Policy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyRule ¶
type PolicyRule struct { // Rule name Name string `json:"name,omitempty" protobuf:"bytes,8,opt,name=name"` // Rule type, rule, macro,list,alias Type string `json:"type,omitempty" protobuf:"bytes,8,opt,name=type"` // Rule describe Desc string `json:"desc,omitempty" protobuf:"bytes,8,opt,name=desc"` // Rule condition // This effective When the rule type is rule Condition string `json:"condition,omitempty" protobuf:"bytes,8,opt,name=condition"` // This effective When the rule type is macro Macro string `json:"macro,omitempty" protobuf:"bytes,8,opt,name=macro"` // This effective When the rule type is alias Alias string `json:"alias,omitempty" protobuf:"bytes,8,opt,name=alias"` // This effective When the rule type is list List []string `json:"list,omitempty" protobuf:"bytes,8,opt,name=list"` // Is the rule enable Enable bool `json:"enable" protobuf:"bytes,8,opt,name=enable"` // The output formater of message which send to user Output string `json:"output,omitempty" protobuf:"bytes,8,opt,name=output"` // Rule priority, DEBUG, INFO, WARNING Priority string `json:"priority,omitempty" protobuf:"bytes,8,opt,name=priority"` }
func (*PolicyRule) DeepCopy ¶
func (in *PolicyRule) DeepCopy() *PolicyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.
func (*PolicyRule) DeepCopyInto ¶
func (in *PolicyRule) DeepCopyInto(out *PolicyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Receiver ¶
type Receiver struct { // Receiver name // +optional ReceicerName string `json:"name,omitempty" protobuf:"bytes,8,opt,name=name"` // Receiver type, alertmanager or webhook // +optional ReceiverType string `json:"type,omitempty" protobuf:"bytes,8,opt,name=type"` // ClientConfig holds the connection parameters for the webhook // +optional ReceiverConfig *WebhookClientConfig `json:"config,omitempty" protobuf:"bytes,8,opt,name=config"` }
Receiver config which received the audit alert
func (*Receiver) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Receiver.
func (*Receiver) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec RuleSpec `json:"spec,omitempty"` Status RuleStatus `json:"status,omitempty"` }
Rule is the Schema for the rules API
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Rule) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RuleList ¶
type RuleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Rule `json:"items"` }
AuditRuleList contains a list of Rule
func (*RuleList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.
func (*RuleList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RuleList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RuleSpec ¶
type RuleSpec struct {
PolicyRules []PolicyRule `json:"rules,omitempty" protobuf:"bytes,8,opt,name=rules"`
}
AuditRuleSpec defines the desired state of Rule
func (*RuleSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleSpec.
func (*RuleSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleStatus ¶
type RuleStatus struct { }
AuditRuleStatus defines the observed state of Rule
func (*RuleStatus) DeepCopy ¶
func (in *RuleStatus) DeepCopy() *RuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStatus.
func (*RuleStatus) DeepCopyInto ¶
func (in *RuleStatus) DeepCopyInto(out *RuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceReference ¶
type ServiceReference struct { // `namespace` is the namespace of the service. // Required Namespace string `json:"namespace" protobuf:"bytes,1,opt,name=namespace"` // `name` is the name of the service. // Required Name string `json:"name" protobuf:"bytes,2,opt,name=name"` // `path` is an optional URL path which will be sent in any request to // this service. // +optional Path *string `json:"path,omitempty" protobuf:"bytes,3,opt,name=path"` // If specified, the port on the service that hosting webhook. // Default to 443 for backward compatibility. // `port` should be a valid port number (1-65535, inclusive). // +optional Port *int32 `json:"port,omitempty" protobuf:"varint,4,opt,name=port"` }
func (*ServiceReference) DeepCopy ¶
func (in *ServiceReference) DeepCopy() *ServiceReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.
func (*ServiceReference) DeepCopyInto ¶
func (in *ServiceReference) DeepCopyInto(out *ServiceReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Webhook ¶
type Webhook struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec WebhookSpec `json:"spec,omitempty"` Status WebhookStatus `json:"status,omitempty"` }
Webhook is the Schema for the webhooks API
func (*Webhook) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Webhook.
func (*Webhook) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Webhook) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WebhookClientConfig ¶
type WebhookClientConfig struct { // `url` gives the location of the webhook, in standard URL form // (`scheme://host:port/path`). Exactly one of `url` or `service` // must be specified. // // The `host` should not refer to a service running in the cluster; use // the `service` field instead. The host might be resolved via external // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve // in-cluster DNS as that would be a layering violation). `host` may // also be an IP address. // // Please note that using `localhost` or `127.0.0.1` as a `host` is // risky unless you take great care to run this webhook on all hosts // which run an apiserver which might need to make calls to this // webhook. Such installs are likely to be non-portable, i.e., not easy // to turn up in a new cluster. // // The scheme must be "https"; the URL must begin with "https://". // // A path is optional, and if present may be any string permissible in // a URL. You may use the path to pass an arbitrary string to the // webhook, for example, a cluster identifier. // // Attempting to use a user or basic auth e.g. "user:password@" is not // allowed. Fragments ("#...") and query parameters ("?...") are not // allowed, either. // // +optional URL *string `json:"url,omitempty" protobuf:"bytes,1,opt,name=url"` // `service` is a reference to the service for this webhook. Either // `service` or `url` must be specified. // // If the webhook is running within the cluster, then you should use `service`. // // +optional Service *ServiceReference `json:"service,omitempty" protobuf:"bytes,2,opt,name=service"` // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. // If unspecified, system trust roots on the apiserver are used. // +optional CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,3,opt,name=caBundle"` }
func (*WebhookClientConfig) DeepCopy ¶
func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.
func (*WebhookClientConfig) DeepCopyInto ¶
func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookList ¶
type WebhookList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Webhook `json:"items"` }
WebhookList contains a list of Webhook
func (*WebhookList) DeepCopy ¶
func (in *WebhookList) DeepCopy() *WebhookList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookList.
func (*WebhookList) DeepCopyInto ¶
func (in *WebhookList) DeepCopyInto(out *WebhookList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WebhookList) DeepCopyObject ¶
func (in *WebhookList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WebhookSpec ¶
type WebhookSpec struct { // Number of desired pods. This is a pointer to distinguish between explicit // zero and not specified. Defaults to 1. // +optional Replicas *int32 `json:"replicas,omitempty" protobuf:"varint,1,opt,name=replicas"` // The webhook docker image name. // +optional Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"` // Image pull policy. // One of Always, Never, IfNotPresent. // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. // Cannot be updated. // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images // +optional ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"` // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod // +optional // +patchMergeKey=name // +patchStrategy=merge ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"` // Arguments to the entrypoint.. // It will be appended to the args and replace the default value. // +optional Args []string `json:"args,omitempty" protobuf:"bytes,3,rep,name=args"` // NodeSelector is a selector which must be true for the pod to fit on a node. // Selector which must match a node's labels for the pod to be scheduled on that node. // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ // +optional NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"` // If specified, the pod's scheduling constraints // +optional Affinity *corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,18,opt,name=affinity"` // If specified, the pod's tolerations. // +optional Tolerations []corev1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"` // Compute Resources required by this container. // Cannot be updated. // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ // +optional Resources *corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"` // Receiver contains the information to make a connection with the alertmanager // +optional Receivers []Receiver `json:"receivers,omitempty" protobuf:"bytes,8,opt,name=receivers"` // AuditSinkPolicy is a rule selector, only the rule matched this selector will be taked effect. // +optional *AuditSinkPolicy `json:"auditSinkPolicy,omitempty" protobuf:"bytes,8,opt,name=auditSinkPolicy"` // Rule priority, DEBUG < INFO < WARNING //Audit events will be stored only when the priority of the audit rule // matching the audit event is greater than this. Priority string `json:"priority,omitempty" protobuf:"bytes,8,opt,name=priority"` // Audit type, static or dynamic. AuditType string `json:"auditType,omitempty" protobuf:"bytes,8,opt,name=auditType"` // The Level that all requests are recorded at. // available options: None, Metadata, Request, RequestResponse // default: Metadata // +optional AuditLevel Level `json:"auditLevel" protobuf:"bytes,1,opt,name=auditLevel"` // K8s auditing is enabled or not. K8sAuditingEnabled bool `json:"k8sAuditingEnabled,omitempty" protobuf:"bytes,8,opt,name=priority"` }
WebhookSpec defines the desired state of Webhook
func (*WebhookSpec) DeepCopy ¶
func (in *WebhookSpec) DeepCopy() *WebhookSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSpec.
func (*WebhookSpec) DeepCopyInto ¶
func (in *WebhookSpec) DeepCopyInto(out *WebhookSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookStatus ¶
type WebhookStatus struct { }
WebhookStatus defines the observed state of Webhook
func (*WebhookStatus) DeepCopy ¶
func (in *WebhookStatus) DeepCopy() *WebhookStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookStatus.
func (*WebhookStatus) DeepCopyInto ¶
func (in *WebhookStatus) DeepCopyInto(out *WebhookStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookThrottleConfig ¶
type WebhookThrottleConfig struct { // ThrottleQPS maximum number of batches per second // default 10 QPS // +optional QPS *int64 `json:"qps,omitempty" protobuf:"bytes,1,opt,name=qps"` // ThrottleBurst is the maximum number of events sent at the same moment // default 15 QPS // +optional Burst *int64 `json:"burst,omitempty" protobuf:"bytes,2,opt,name=burst"` }
func (*WebhookThrottleConfig) DeepCopy ¶
func (in *WebhookThrottleConfig) DeepCopy() *WebhookThrottleConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookThrottleConfig.
func (*WebhookThrottleConfig) DeepCopyInto ¶
func (in *WebhookThrottleConfig) DeepCopyInto(out *WebhookThrottleConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.