Documentation ¶
Overview ¶
+groupName=kubecontrolplane.config.openshift.io Package v1 is the v1 version of the API.
Index ¶
- Variables
- func Resource(resource string) schema.GroupResource
- type AggregatorConfig
- type Arguments
- type KubeAPIServerConfig
- type KubeAPIServerImagePolicyConfig
- type KubeAPIServerProjectConfig
- type KubeControllerManagerConfig
- func (in *KubeControllerManagerConfig) DeepCopy() *KubeControllerManagerConfig
- func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerConfig)
- func (in *KubeControllerManagerConfig) DeepCopyObject() runtime.Object
- func (KubeControllerManagerConfig) SwaggerDoc() map[string]string
- type KubeControllerManagerProjectConfig
- type KubeletConnectionInfo
- type MasterAuthConfig
- type RequestHeaderAuthenticationOptions
- type ServiceServingCert
- type UserAgentDenyRule
- type UserAgentMatchRule
- type UserAgentMatchingConfig
- type WebhookTokenAuthenticator
Constants ¶
This section is empty.
Variables ¶
var ( GroupName = "kubecontrolplane.config.openshift.io" GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} // Install is a function which adds this version to a scheme Install = schemeBuilder.AddToScheme // SchemeGroupVersion generated code relies on this name // Deprecated SchemeGroupVersion = GroupVersion // AddToScheme exists solely to keep the old generators creating valid code // DEPRECATED AddToScheme = schemeBuilder.AddToScheme )
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource generated code relies on this being here, but it logically belongs to the group DEPRECATED
Types ¶
type AggregatorConfig ¶
type AggregatorConfig struct { // proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers ProxyClientInfo configv1.CertInfo `json:"proxyClientInfo"` }
AggregatorConfig holds information required to make the aggregator function.
func (*AggregatorConfig) DeepCopy ¶
func (in *AggregatorConfig) DeepCopy() *AggregatorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AggregatorConfig.
func (*AggregatorConfig) DeepCopyInto ¶
func (in *AggregatorConfig) DeepCopyInto(out *AggregatorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AggregatorConfig) SwaggerDoc ¶
func (AggregatorConfig) SwaggerDoc() map[string]string
type Arguments ¶
type Arguments []string
Arguments masks the value so protobuf can generate +protobuf.nullable=true +protobuf.options.(gogoproto.goproto_stringer)=false
func (Arguments) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Arguments.
func (Arguments) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeAPIServerConfig ¶
type KubeAPIServerConfig struct { metav1.TypeMeta `json:",inline"` // provides the standard apiserver configuration configv1.GenericAPIServerConfig `json:",inline"` // authConfig configures authentication options in addition to the standard // oauth token and client certificate authenticators AuthConfig MasterAuthConfig `json:"authConfig"` // aggregatorConfig has options for configuring the aggregator component of the API server. AggregatorConfig AggregatorConfig `json:"aggregatorConfig"` // kubeletClientInfo contains information about how to connect to kubelets KubeletClientInfo KubeletConnectionInfo `json:"kubeletClientInfo"` // servicesSubnet is the subnet to use for assigning service IPs ServicesSubnet string `json:"servicesSubnet"` // servicesNodePortRange is the range to use for assigning service public ports on a host. ServicesNodePortRange string `json:"servicesNodePortRange"` // DEPRECATED: consolePublicURL has been deprecated and setting it has no effect. ConsolePublicURL string `json:"consolePublicURL"` // userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS! // TODO I think we should just drop this feature. UserAgentMatchingConfig UserAgentMatchingConfig `json:"userAgentMatchingConfig"` // imagePolicyConfig feeds the image policy admission plugin // TODO make it an admission plugin config ImagePolicyConfig KubeAPIServerImagePolicyConfig `json:"imagePolicyConfig"` // projectConfig feeds an admission plugin // TODO make it an admission plugin config ProjectConfig KubeAPIServerProjectConfig `json:"projectConfig"` // serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. // (If any file contains a private key, the public portion of the key is used) // The list of public keys is used to verify presented service account tokens. // Each key is tried in order until the list is exhausted or verification succeeds. // If no keys are specified, no service account authentication will be available. ServiceAccountPublicKeyFiles []string `json:"serviceAccountPublicKeyFiles"` // oauthConfig, if present start the /oauth endpoint in this process OAuthConfig *osinv1.OAuthConfig `json:"oauthConfig"` // TODO this needs to be removed. APIServerArguments map[string]Arguments `json:"apiServerArguments"` // minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. // Specifically, the apiserver will deny most authorization requests of kubelets that are older // than the specified version, only allowing the kubelet to get and update its node object, and perform // subjectaccessreviews. // This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, // and will eventually be marked as not ready. // Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99". // Since the kubelet reports the version of the kubernetes release, not Openshift, this field references // the underlying kubernetes version this version of Openshift is based off of. // In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then // they should set the minimumKubeletVersion to 1.30.0. // When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. // Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier. // +kubebuilder:validation:XValidation:rule="self == \"\" || self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="minmumKubeletVersion must be in a semver compatible format of x.y.z, or empty" // +kubebuilder:validation:MaxLength:=8 // +openshift:enable:FeatureGate=MinimumKubeletVersion // +optional MinimumKubeletVersion string `json:"minimumKubeletVersion"` }
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +openshift:compatibility-gen:level=4 +openshift:compatibility-gen:internal
func (*KubeAPIServerConfig) DeepCopy ¶
func (in *KubeAPIServerConfig) DeepCopy() *KubeAPIServerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerConfig.
func (*KubeAPIServerConfig) DeepCopyInto ¶
func (in *KubeAPIServerConfig) DeepCopyInto(out *KubeAPIServerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeAPIServerConfig) DeepCopyObject ¶
func (in *KubeAPIServerConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (KubeAPIServerConfig) SwaggerDoc ¶
func (KubeAPIServerConfig) SwaggerDoc() map[string]string
type KubeAPIServerImagePolicyConfig ¶
type KubeAPIServerImagePolicyConfig struct { // internalRegistryHostname sets the hostname for the default internal image // registry. The value must be in "hostname[:port]" format. InternalRegistryHostname string `json:"internalRegistryHostname"` // externalRegistryHostnames provides the hostnames for the default external image // registry. The external hostname should be set only when the image registry // is exposed externally. The first value is used in 'publicDockerImageRepository' // field in ImageStreams. The value must be in "hostname[:port]" format. ExternalRegistryHostnames []string `json:"externalRegistryHostnames"` }
func (*KubeAPIServerImagePolicyConfig) DeepCopy ¶
func (in *KubeAPIServerImagePolicyConfig) DeepCopy() *KubeAPIServerImagePolicyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerImagePolicyConfig.
func (*KubeAPIServerImagePolicyConfig) DeepCopyInto ¶
func (in *KubeAPIServerImagePolicyConfig) DeepCopyInto(out *KubeAPIServerImagePolicyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeAPIServerImagePolicyConfig) SwaggerDoc ¶
func (KubeAPIServerImagePolicyConfig) SwaggerDoc() map[string]string
type KubeAPIServerProjectConfig ¶
type KubeAPIServerProjectConfig struct { // defaultNodeSelector holds default project node label selector DefaultNodeSelector string `json:"defaultNodeSelector"` }
func (*KubeAPIServerProjectConfig) DeepCopy ¶
func (in *KubeAPIServerProjectConfig) DeepCopy() *KubeAPIServerProjectConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerProjectConfig.
func (*KubeAPIServerProjectConfig) DeepCopyInto ¶
func (in *KubeAPIServerProjectConfig) DeepCopyInto(out *KubeAPIServerProjectConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeAPIServerProjectConfig) SwaggerDoc ¶
func (KubeAPIServerProjectConfig) SwaggerDoc() map[string]string
type KubeControllerManagerConfig ¶
type KubeControllerManagerConfig struct { metav1.TypeMeta `json:",inline"` // serviceServingCert provides support for the old alpha service serving cert signer CA bundle ServiceServingCert ServiceServingCert `json:"serviceServingCert"` // projectConfig is an optimization for the daemonset controller ProjectConfig KubeControllerManagerProjectConfig `json:"projectConfig"` // extendedArguments is used to configure the kube-controller-manager ExtendedArguments map[string]Arguments `json:"extendedArguments"` }
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +openshift:compatibility-gen:level=4 +openshift:compatibility-gen:internal
func (*KubeControllerManagerConfig) DeepCopy ¶
func (in *KubeControllerManagerConfig) DeepCopy() *KubeControllerManagerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerConfig.
func (*KubeControllerManagerConfig) DeepCopyInto ¶
func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeControllerManagerConfig) DeepCopyObject ¶
func (in *KubeControllerManagerConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (KubeControllerManagerConfig) SwaggerDoc ¶
func (KubeControllerManagerConfig) SwaggerDoc() map[string]string
type KubeControllerManagerProjectConfig ¶
type KubeControllerManagerProjectConfig struct { // defaultNodeSelector holds default project node label selector DefaultNodeSelector string `json:"defaultNodeSelector"` }
func (*KubeControllerManagerProjectConfig) DeepCopy ¶
func (in *KubeControllerManagerProjectConfig) DeepCopy() *KubeControllerManagerProjectConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerProjectConfig.
func (*KubeControllerManagerProjectConfig) DeepCopyInto ¶
func (in *KubeControllerManagerProjectConfig) DeepCopyInto(out *KubeControllerManagerProjectConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeControllerManagerProjectConfig) SwaggerDoc ¶
func (KubeControllerManagerProjectConfig) SwaggerDoc() map[string]string
type KubeletConnectionInfo ¶
type KubeletConnectionInfo struct { // port is the port to connect to kubelets on Port uint32 `json:"port"` // ca is the CA for verifying TLS connections to kubelets CA string `json:"ca"` // CertInfo is the TLS client cert information for securing communication to kubelets // this is anonymous so that we can inline it for serialization configv1.CertInfo `json:",inline"` }
KubeletConnectionInfo holds information necessary for connecting to a kubelet
func (*KubeletConnectionInfo) DeepCopy ¶
func (in *KubeletConnectionInfo) DeepCopy() *KubeletConnectionInfo
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConnectionInfo.
func (*KubeletConnectionInfo) DeepCopyInto ¶
func (in *KubeletConnectionInfo) DeepCopyInto(out *KubeletConnectionInfo)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeletConnectionInfo) SwaggerDoc ¶
func (KubeletConnectionInfo) SwaggerDoc() map[string]string
type MasterAuthConfig ¶
type MasterAuthConfig struct { // requestHeader holds options for setting up a front proxy against the API. It is optional. RequestHeader *RequestHeaderAuthenticationOptions `json:"requestHeader"` // webhookTokenAuthenticators, if present configures remote token reviewers WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators"` // oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization // Server Metadata for an external OAuth server. // See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 // This option is mutually exclusive with OAuthConfig OAuthMetadataFile string `json:"oauthMetadataFile"` }
MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators
func (*MasterAuthConfig) DeepCopy ¶
func (in *MasterAuthConfig) DeepCopy() *MasterAuthConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MasterAuthConfig.
func (*MasterAuthConfig) DeepCopyInto ¶
func (in *MasterAuthConfig) DeepCopyInto(out *MasterAuthConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (MasterAuthConfig) SwaggerDoc ¶
func (MasterAuthConfig) SwaggerDoc() map[string]string
type RequestHeaderAuthenticationOptions ¶
type RequestHeaderAuthenticationOptions struct { // clientCA is a file with the trusted signer certs. It is required. ClientCA string `json:"clientCA"` // clientCommonNames is a required list of common names to require a match from. ClientCommonNames []string `json:"clientCommonNames"` // usernameHeaders is the list of headers to check for user information. First hit wins. UsernameHeaders []string `json:"usernameHeaders"` // groupHeaders is the set of headers to check for group information. All are unioned. GroupHeaders []string `json:"groupHeaders"` // extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested. ExtraHeaderPrefixes []string `json:"extraHeaderPrefixes"` }
RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.
func (*RequestHeaderAuthenticationOptions) DeepCopy ¶
func (in *RequestHeaderAuthenticationOptions) DeepCopy() *RequestHeaderAuthenticationOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderAuthenticationOptions.
func (*RequestHeaderAuthenticationOptions) DeepCopyInto ¶
func (in *RequestHeaderAuthenticationOptions) DeepCopyInto(out *RequestHeaderAuthenticationOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (RequestHeaderAuthenticationOptions) SwaggerDoc ¶
func (RequestHeaderAuthenticationOptions) SwaggerDoc() map[string]string
type ServiceServingCert ¶
type ServiceServingCert struct { // certFile is a file containing a PEM-encoded certificate CertFile string `json:"certFile"` }
ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.
func (*ServiceServingCert) DeepCopy ¶
func (in *ServiceServingCert) DeepCopy() *ServiceServingCert
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceServingCert.
func (*ServiceServingCert) DeepCopyInto ¶
func (in *ServiceServingCert) DeepCopyInto(out *ServiceServingCert)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ServiceServingCert) SwaggerDoc ¶
func (ServiceServingCert) SwaggerDoc() map[string]string
type UserAgentDenyRule ¶
type UserAgentDenyRule struct { UserAgentMatchRule `json:",inline"` // rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used. RejectionMessage string `json:"rejectionMessage"` }
UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client
func (*UserAgentDenyRule) DeepCopy ¶
func (in *UserAgentDenyRule) DeepCopy() *UserAgentDenyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAgentDenyRule.
func (*UserAgentDenyRule) DeepCopyInto ¶
func (in *UserAgentDenyRule) DeepCopyInto(out *UserAgentDenyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (UserAgentDenyRule) SwaggerDoc ¶
func (UserAgentDenyRule) SwaggerDoc() map[string]string
type UserAgentMatchRule ¶
type UserAgentMatchRule struct { // regex is a regex that is checked against the User-Agent. // Known variants of oc clients // 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d // 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f // 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d // 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f // 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d // 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f // 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d // 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f Regex string `json:"regex"` // httpVerbs specifies which HTTP verbs should be matched. An empty list means "match all verbs". HTTPVerbs []string `json:"httpVerbs"` }
UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb
func (*UserAgentMatchRule) DeepCopy ¶
func (in *UserAgentMatchRule) DeepCopy() *UserAgentMatchRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAgentMatchRule.
func (*UserAgentMatchRule) DeepCopyInto ¶
func (in *UserAgentMatchRule) DeepCopyInto(out *UserAgentMatchRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (UserAgentMatchRule) SwaggerDoc ¶
func (UserAgentMatchRule) SwaggerDoc() map[string]string
type UserAgentMatchingConfig ¶
type UserAgentMatchingConfig struct { // requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed RequiredClients []UserAgentMatchRule `json:"requiredClients"` // deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes DeniedClients []UserAgentDenyRule `json:"deniedClients"` // defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given. DefaultRejectionMessage string `json:"defaultRejectionMessage"` }
UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!
func (*UserAgentMatchingConfig) DeepCopy ¶
func (in *UserAgentMatchingConfig) DeepCopy() *UserAgentMatchingConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAgentMatchingConfig.
func (*UserAgentMatchingConfig) DeepCopyInto ¶
func (in *UserAgentMatchingConfig) DeepCopyInto(out *UserAgentMatchingConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (UserAgentMatchingConfig) SwaggerDoc ¶
func (UserAgentMatchingConfig) SwaggerDoc() map[string]string
type WebhookTokenAuthenticator ¶
type WebhookTokenAuthenticator struct { // configFile is a path to a Kubeconfig file with the webhook configuration ConfigFile string `json:"configFile"` // cacheTTL indicates how long an authentication result should be cached. // It takes a valid time duration string (e.g. "5m"). // If empty, you get a default timeout of 2 minutes. // If zero (e.g. "0m"), caching is disabled CacheTTL string `json:"cacheTTL"` }
WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators
func (*WebhookTokenAuthenticator) DeepCopy ¶
func (in *WebhookTokenAuthenticator) DeepCopy() *WebhookTokenAuthenticator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookTokenAuthenticator.
func (*WebhookTokenAuthenticator) DeepCopyInto ¶
func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (WebhookTokenAuthenticator) SwaggerDoc ¶
func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string