Documentation
¶
Overview ¶
+kubebuilder:object:generate=true
Index ¶
Constants ¶
const ( // StatusPhaseReady indicates that the resource is ready. All conditions are met and are in status "True". StatusPhaseReady = "Ready" // StatusPhaseProgressing indicates that the resource is not ready and being created or updated. At least one condition is not met and is in status "False". StatusPhaseProgressing = "Progressing" // StatusPhaseTerminating indicates that the resource is not ready and in deletion. At least one condition is not met and is in status "False". StatusPhaseTerminating = "Terminating" )
const ClusterScoped = ""
ClusterScoped can be passed into a LocalObjectReference's NamespacedName method to indicate that the object is cluster-scoped.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LocalObjectReference ¶
type LocalObjectReference corev1.LocalObjectReference
LocalObjectReference is a reference to an object in the same namespace as the resource referencing it.
func (*LocalObjectReference) DeepCopy ¶ added in v0.11.0
func (in *LocalObjectReference) DeepCopy() *LocalObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference.
func (*LocalObjectReference) DeepCopyInto ¶ added in v0.11.0
func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*LocalObjectReference) NamespacedName ¶
func (r *LocalObjectReference) NamespacedName(namespace string) apimachinery.NamespacedName
NamespacedName returns the NamespacedName of the LocalObjectReference. This is a convenience method to convert the LocalObjectReference to a NamespacedName, which can be passed into k8s client methods. Since LocalObjectReference refers to an object in the same namespace as the resource referencing it, which is only known from context, this method requires a namespace parameter. An empty string (or the ClusterScoped constant) can be used to indicate that the object is cluster-scoped.
type LocalSecretReference ¶
type LocalSecretReference struct {
LocalObjectReference `json:",inline"`
// Key is the key in the secret to use.
Key string `json:"key"`
}
LocalSecretReference is a reference to a secret in the same namespace as the resource referencing it with a key.
func (*LocalSecretReference) DeepCopy ¶ added in v0.11.0
func (in *LocalSecretReference) DeepCopy() *LocalSecretReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalSecretReference.
func (*LocalSecretReference) DeepCopyInto ¶ added in v0.11.0
func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCProviderConfig ¶ added in v0.11.0
type OIDCProviderConfig struct {
// Name is the name of the OIDC provider.
// May be used in k8s resources, therefore has to be a valid k8s name.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*`
Name string `json:"name"`
// Issuer is the issuer URL of the OIDC provider.
Issuer string `json:"issuer"`
// ClientID is the client ID to use for the OIDC provider.
ClientID string `json:"clientID"`
// GroupsClaim is the claim in the OIDC token that contains the groups.
// If empty, the default claim "groups" will be used.
// +kubebuilder:default="groups"
// +optional
GroupsClaim string `json:"groupsClaim"`
// GroupsPrefix is a prefix that will be added to all group names when referenced in RBAC rules.
// This is required to avoid conflicts with Kubernetes built-in groups.
// If the prefix does not end with a colon (:), it will be added automatically.
// +kubebuilder:validation:MinLength=1
GroupsPrefix string `json:"groupsPrefix"`
// UsernameClaim is the claim in the OIDC token that contains the username.
// If empty, the default claim "sub" will be used.
// +kubebuilder:default="sub"
// +optional
UsernameClaim string `json:"usernameClaim"`
// UsernamePrefix is a prefix that will be added to all usernames when referenced in RBAC rules.
// This is required to avoid conflicts with Kubernetes built-in users.
// If the prefix does not end with a colon (:), it will be added automatically.
// +kubebuilder:validation:MinLength=1
UsernamePrefix string `json:"usernamePrefix"`
// ExtraScopes is a list of extra scopes that should be requested from the OIDC provider.
// +optional
ExtraScopes []string `json:"extraScopes,omitempty"`
// RoleBindings is a list of subjects with (cluster) role bindings that should be created for them.
// Note that the username prefix is added automatically to the subjects' names, it must not be explicitly specified here.
RoleBindings []RoleBindings `json:"roleBindings"`
}
func (*OIDCProviderConfig) DeepCopy ¶ added in v0.11.0
func (in *OIDCProviderConfig) DeepCopy() *OIDCProviderConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfig.
func (*OIDCProviderConfig) DeepCopyInto ¶ added in v0.11.0
func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OIDCProviderConfig) Default ¶ added in v0.11.0
func (o *OIDCProviderConfig) Default() *OIDCProviderConfig
Default sets default values for the OIDCProviderConfig. Modifies in-place and returns the receiver for chaining.
type ObjectReference ¶
type ObjectReference struct {
// Name is the name of the object.
Name string `json:"name"`
// Namespace is the namespace of the object.
Namespace string `json:"namespace"`
}
ObjectReference is a reference to an object in any namespace.
func (*ObjectReference) DeepCopy ¶ added in v0.11.0
func (in *ObjectReference) DeepCopy() *ObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.
func (*ObjectReference) DeepCopyInto ¶ added in v0.11.0
func (in *ObjectReference) DeepCopyInto(out *ObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ObjectReference) NamespacedName ¶
func (r *ObjectReference) NamespacedName() apimachinery.NamespacedName
NamespacedName returns the NamespacedName of the ObjectReference. This is a convenience method to convert the ObjectReference to a NamespacedName, which can be passed into k8s client methods.
type RoleBindings ¶ added in v0.11.0
type RoleBindings struct {
// Subjects is a list of subjects that should be bound to the specified roles.
// The subjects' names will be prefixed with the username prefix of the OIDC provider.
Subjects []rbacv1.Subject `json:"subjects"`
// RoleRefs is a list of (cluster) role references that the subjects should be bound to.
// Note that existence of the roles is not checked and missing (cluster) roles will result in ineffective (cluster) role bindings.
RoleRefs []RoleRef `json:"roleRefs"`
}
func (*RoleBindings) DeepCopy ¶ added in v0.11.0
func (in *RoleBindings) DeepCopy() *RoleBindings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindings.
func (*RoleBindings) DeepCopyInto ¶ added in v0.11.0
func (in *RoleBindings) DeepCopyInto(out *RoleBindings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleRef ¶ added in v0.11.0
type RoleRef struct {
// Name is the name of the role or cluster role to bind to the subjects.
// +kubebuilder:validation:MinLength=1
Name string `json:"name"`
// Namespace is the namespace of the role to bind to the subjects.
// It must be set if the kind is 'Role' and may not be set if the kind is 'ClusterRole'.
// +optional
Namespace string `json:"namespace,omitempty"`
// Kind is the kind of the role to bind to the subjects.
// It must be 'Role' or 'ClusterRole'.
// +kubebuilder:validation:Enum=Role;ClusterRole
Kind string `json:"kind"`
}
RoleRef defines a reference to a (cluster) role that should be bound to the subjects. TODO: Validate that Namespace is set if Kind is 'Role' and not set if Kind is 'ClusterRole'.
func (*RoleRef) DeepCopy ¶ added in v0.11.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef.
func (*RoleRef) DeepCopyInto ¶ added in v0.11.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretReference ¶
type SecretReference struct {
ObjectReference `json:",inline"`
// Key is the key in the secret to use.
Key string `json:"key"`
}
SecretReference is a reference to a secret in any namespace with a key.
func (*SecretReference) DeepCopy ¶ added in v0.11.0
func (in *SecretReference) DeepCopy() *SecretReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference.
func (*SecretReference) DeepCopyInto ¶ added in v0.11.0
func (in *SecretReference) DeepCopyInto(out *SecretReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Status ¶
type Status struct {
// ObservedGeneration is the generation of this resource that was last reconciled by the controller.
ObservedGeneration int64 `json:"observedGeneration"`
// Phase is the current phase of the resource.
Phase string `json:"phase"`
// Conditions contains the conditions.
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
Status represents the status of an openMCP resource.
func (*Status) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Status.
func (*Status) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files