Documentation
¶
Index ¶
- Constants
- func NewForbiddenError(key string, forbiddenSpec ForbiddenListSpec) error
- func ValidateForbidden(metadata map[string]string, forbiddenList ForbiddenListSpec) error
- type AdditionalMetadataSelectorSpec
- type AdditionalMetadataSpec
- type AdditionalRoleBindingsSpec
- type AllowedIP
- type AllowedListSpec
- type AllowedServices
- type DefaultAllowedListSpec
- type ExternalServiceIPsSpec
- type ForbiddenError
- type ForbiddenListSpec
- type HostnameCollisionScope
- type ImagePullPolicySpec
- type LimitRangesSpec
- type Name
- type NamespaceSelector
- type NetworkPolicySpec
- type PodOptions
- type PoolExhaustionResource
- type ResourceQuotaScope
- type ResourceQuotaSpec
- type SelectionListWithDefaultSpec
- type SelectionListWithSpec
- type SelectorAllowedListSpec
- type ServiceOptions
- type StatusNameUID
- type Tenant
- type TenantSubjectRoles
Constants ¶
const ( ForbiddenNamespaceLabelsAnnotation = "capsule.clastix.io/forbidden-namespace-labels" ForbiddenNamespaceLabelsRegexpAnnotation = "capsule.clastix.io/forbidden-namespace-labels-regexp" ForbiddenNamespaceAnnotationsAnnotation = "capsule.clastix.io/forbidden-namespace-annotations" ForbiddenNamespaceAnnotationsRegexpAnnotation = "capsule.clastix.io/forbidden-namespace-annotations-regexp" ProtectedTenantAnnotation = "capsule.clastix.io/protected" )
const ( // ForbiddenLabelReason used as reason string to deny forbidden labels. ForbiddenLabelReason = "ForbiddenLabel" // ForbiddenAnnotationReason used as reason string to deny forbidden annotations. ForbiddenAnnotationReason = "ForbiddenAnnotation" )
const (
TenantNameLabel = "kubernetes.io/metadata.name"
)
Variables ¶
This section is empty.
Functions ¶
func NewForbiddenError ¶ added in v0.5.0
func NewForbiddenError(key string, forbiddenSpec ForbiddenListSpec) error
func ValidateForbidden ¶ added in v0.5.0
func ValidateForbidden(metadata map[string]string, forbiddenList ForbiddenListSpec) error
Types ¶
type AdditionalMetadataSelectorSpec ¶ added in v0.9.0
type AdditionalMetadataSelectorSpec struct {
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*AdditionalMetadataSelectorSpec) DeepCopy ¶ added in v0.9.0
func (in *AdditionalMetadataSelectorSpec) DeepCopy() *AdditionalMetadataSelectorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalMetadataSelectorSpec.
func (*AdditionalMetadataSelectorSpec) DeepCopyInto ¶ added in v0.9.0
func (in *AdditionalMetadataSelectorSpec) DeepCopyInto(out *AdditionalMetadataSelectorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AdditionalMetadataSpec ¶
type AdditionalMetadataSpec struct {
Labels map[string]string `json:"labels,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*AdditionalMetadataSpec) DeepCopy ¶
func (in *AdditionalMetadataSpec) DeepCopy() *AdditionalMetadataSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalMetadataSpec.
func (*AdditionalMetadataSpec) DeepCopyInto ¶
func (in *AdditionalMetadataSpec) DeepCopyInto(out *AdditionalMetadataSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AdditionalRoleBindingsSpec ¶
type AdditionalRoleBindingsSpec struct {
ClusterRoleName string `json:"clusterRoleName"`
// kubebuilder:validation:Minimum=1
Subjects []rbacv1.Subject `json:"subjects"`
// Additional Labels for the synchronized rolebindings
Labels map[string]string `json:"labels,omitempty"`
// Additional Annotations for the synchronized rolebindings
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*AdditionalRoleBindingsSpec) DeepCopy ¶
func (in *AdditionalRoleBindingsSpec) DeepCopy() *AdditionalRoleBindingsSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalRoleBindingsSpec.
func (*AdditionalRoleBindingsSpec) DeepCopyInto ¶
func (in *AdditionalRoleBindingsSpec) DeepCopyInto(out *AdditionalRoleBindingsSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AllowedIP ¶
type AllowedIP string
+kubebuilder:validation:Pattern="^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
type AllowedListSpec ¶
type AllowedListSpec struct {
Exact []string `json:"allowed,omitempty"`
Regex string `json:"allowedRegex,omitempty"`
}
func (*AllowedListSpec) DeepCopy ¶
func (in *AllowedListSpec) DeepCopy() *AllowedListSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedListSpec.
func (*AllowedListSpec) DeepCopyInto ¶
func (in *AllowedListSpec) DeepCopyInto(out *AllowedListSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AllowedListSpec) ExactMatch ¶
func (in *AllowedListSpec) ExactMatch(value string) (ok bool)
func (*AllowedListSpec) Match ¶
func (in *AllowedListSpec) Match(value string) (ok bool)
func (*AllowedListSpec) RegexMatch ¶
func (in *AllowedListSpec) RegexMatch(value string) (ok bool)
type AllowedServices ¶
type AllowedServices struct {
// +kubebuilder:default=true
// Specifies if NodePort service type resources are allowed for the Tenant. Default is true. Optional.
NodePort *bool `json:"nodePort,omitempty"`
// +kubebuilder:default=true
// Specifies if ExternalName service type resources are allowed for the Tenant. Default is true. Optional.
ExternalName *bool `json:"externalName,omitempty"`
// +kubebuilder:default=true
// Specifies if LoadBalancer service type resources are allowed for the Tenant. Default is true. Optional.
LoadBalancer *bool `json:"loadBalancer,omitempty"`
}
func (*AllowedServices) DeepCopy ¶
func (in *AllowedServices) DeepCopy() *AllowedServices
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedServices.
func (*AllowedServices) DeepCopyInto ¶
func (in *AllowedServices) DeepCopyInto(out *AllowedServices)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DefaultAllowedListSpec ¶
type DefaultAllowedListSpec struct {
SelectorAllowedListSpec `json:",inline"`
Default string `json:"default,omitempty"`
}
func (*DefaultAllowedListSpec) DeepCopy ¶
func (in *DefaultAllowedListSpec) DeepCopy() *DefaultAllowedListSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAllowedListSpec.
func (*DefaultAllowedListSpec) DeepCopyInto ¶
func (in *DefaultAllowedListSpec) DeepCopyInto(out *DefaultAllowedListSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DefaultAllowedListSpec) MatchDefault ¶
func (in *DefaultAllowedListSpec) MatchDefault(value string) bool
type ExternalServiceIPsSpec ¶
type ExternalServiceIPsSpec struct {
Allowed []AllowedIP `json:"allowed"`
}
func (*ExternalServiceIPsSpec) DeepCopy ¶
func (in *ExternalServiceIPsSpec) DeepCopy() *ExternalServiceIPsSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalServiceIPsSpec.
func (*ExternalServiceIPsSpec) DeepCopyInto ¶
func (in *ExternalServiceIPsSpec) DeepCopyInto(out *ExternalServiceIPsSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ForbiddenError ¶ added in v0.5.0
type ForbiddenError struct {
// contains filtered or unexported fields
}
func (ForbiddenError) Error ¶ added in v0.5.0
func (f ForbiddenError) Error() string
type ForbiddenListSpec ¶
type ForbiddenListSpec struct {
Exact []string `json:"denied,omitempty"`
Regex string `json:"deniedRegex,omitempty"`
}
+kubebuilder:object:generate=true
func (*ForbiddenListSpec) DeepCopy ¶
func (in *ForbiddenListSpec) DeepCopy() *ForbiddenListSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForbiddenListSpec.
func (*ForbiddenListSpec) DeepCopyInto ¶
func (in *ForbiddenListSpec) DeepCopyInto(out *ForbiddenListSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ForbiddenListSpec) ExactMatch ¶
func (in ForbiddenListSpec) ExactMatch(value string) (ok bool)
func (ForbiddenListSpec) RegexMatch ¶
func (in ForbiddenListSpec) RegexMatch(value string) (ok bool)
type HostnameCollisionScope ¶
type HostnameCollisionScope string
+kubebuilder:validation:Enum=Cluster;Tenant;Namespace;Disabled
const ( HostnameCollisionScopeCluster HostnameCollisionScope = "Cluster" HostnameCollisionScopeTenant HostnameCollisionScope = "Tenant" HostnameCollisionScopeNamespace HostnameCollisionScope = "Namespace" HostnameCollisionScopeDisabled HostnameCollisionScope = "Disabled" )
type ImagePullPolicySpec ¶
type ImagePullPolicySpec string
+kubebuilder:validation:Enum=Always;Never;IfNotPresent
func (ImagePullPolicySpec) String ¶
func (i ImagePullPolicySpec) String() string
type LimitRangesSpec ¶
type LimitRangesSpec struct {
Items []corev1.LimitRangeSpec `json:"items,omitempty"`
}
func (*LimitRangesSpec) DeepCopy ¶
func (in *LimitRangesSpec) DeepCopy() *LimitRangesSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitRangesSpec.
func (*LimitRangesSpec) DeepCopyInto ¶
func (in *LimitRangesSpec) DeepCopyInto(out *LimitRangesSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Name ¶ added in v0.10.0
type Name string
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` +kubebuilder:validation:MaxLength=253 +kubebuilder:object:generate=true
type NamespaceSelector ¶ added in v0.10.0
type NamespaceSelector struct {
// Select Items based on their labels. If the namespaceSelector is also set, the selector is applied
// to items within the selected namespaces. Otherwise for all the items.
*metav1.LabelSelector `json:",inline"`
}
Selector for resources and their labels or selecting origin namespaces +kubebuilder:object:generate=true
func (*NamespaceSelector) DeepCopy ¶ added in v0.10.0
func (in *NamespaceSelector) DeepCopy() *NamespaceSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector.
func (*NamespaceSelector) DeepCopyInto ¶ added in v0.10.0
func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NamespaceSelector) GetMatchingNamespaces ¶ added in v0.10.0
func (s *NamespaceSelector) GetMatchingNamespaces(ctx context.Context, client client.Client) ([]corev1.Namespace, error)
GetMatchingNamespaces retrieves the list of namespaces that match the NamespaceSelector.
type NetworkPolicySpec ¶
type NetworkPolicySpec struct {
Items []networkingv1.NetworkPolicySpec `json:"items,omitempty"`
}
func (*NetworkPolicySpec) DeepCopy ¶
func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec.
func (*NetworkPolicySpec) DeepCopyInto ¶
func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodOptions ¶ added in v0.5.0
type PodOptions struct {
// Specifies additional labels and annotations the Capsule operator places on any Pod resource in the Tenant. Optional.
AdditionalMetadata *AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
}
func (*PodOptions) DeepCopy ¶ added in v0.5.0
func (in *PodOptions) DeepCopy() *PodOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodOptions.
func (*PodOptions) DeepCopyInto ¶ added in v0.5.0
func (in *PodOptions) DeepCopyInto(out *PodOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PoolExhaustionResource ¶ added in v0.10.1
type PoolExhaustionResource struct {
// Available Resources to be claimed
Available resource.Quantity `json:"available,omitempty"`
// Requesting Resources
Requesting resource.Quantity `json:"requesting,omitempty"`
}
+kubebuilder:object:generate=true
func (*PoolExhaustionResource) DeepCopy ¶ added in v0.10.1
func (in *PoolExhaustionResource) DeepCopy() *PoolExhaustionResource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PoolExhaustionResource.
func (*PoolExhaustionResource) DeepCopyInto ¶ added in v0.10.1
func (in *PoolExhaustionResource) DeepCopyInto(out *PoolExhaustionResource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceQuotaScope ¶
type ResourceQuotaScope string
+kubebuilder:validation:Enum=Tenant;Namespace
const ( ResourceQuotaScopeTenant ResourceQuotaScope = "Tenant" ResourceQuotaScopeNamespace ResourceQuotaScope = "Namespace" )
type ResourceQuotaSpec ¶
type ResourceQuotaSpec struct {
// +kubebuilder:default=Tenant
// Define if the Resource Budget should compute resource across all Namespaces in the Tenant or individually per cluster. Default is Tenant
Scope ResourceQuotaScope `json:"scope,omitempty"`
Items []corev1.ResourceQuotaSpec `json:"items,omitempty"`
}
func (*ResourceQuotaSpec) DeepCopy ¶
func (in *ResourceQuotaSpec) DeepCopy() *ResourceQuotaSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceQuotaSpec.
func (*ResourceQuotaSpec) DeepCopyInto ¶
func (in *ResourceQuotaSpec) DeepCopyInto(out *ResourceQuotaSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SelectionListWithDefaultSpec ¶ added in v0.10.0
type SelectionListWithDefaultSpec struct {
SelectionListWithSpec `json:",inline"`
Default string `json:"default,omitempty"`
}
+kubebuilder:object:generate=true
func (*SelectionListWithDefaultSpec) DeepCopy ¶ added in v0.10.0
func (in *SelectionListWithDefaultSpec) DeepCopy() *SelectionListWithDefaultSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectionListWithDefaultSpec.
func (*SelectionListWithDefaultSpec) DeepCopyInto ¶ added in v0.10.0
func (in *SelectionListWithDefaultSpec) DeepCopyInto(out *SelectionListWithDefaultSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SelectionListWithDefaultSpec) MatchDefault ¶ added in v0.10.0
func (in *SelectionListWithDefaultSpec) MatchDefault(value string) bool
type SelectionListWithSpec ¶ added in v0.10.0
type SelectionListWithSpec struct {
metav1.LabelSelector `json:",inline"`
}
func (*SelectionListWithSpec) DeepCopy ¶ added in v0.10.0
func (in *SelectionListWithSpec) DeepCopy() *SelectionListWithSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectionListWithSpec.
func (*SelectionListWithSpec) DeepCopyInto ¶ added in v0.10.0
func (in *SelectionListWithSpec) DeepCopyInto(out *SelectionListWithSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SelectionListWithSpec) SelectorMatch ¶ added in v0.10.0
func (in *SelectionListWithSpec) SelectorMatch(obj client.Object) bool
type SelectorAllowedListSpec ¶
type SelectorAllowedListSpec struct {
AllowedListSpec `json:",inline"`
metav1.LabelSelector `json:",inline"`
}
func (*SelectorAllowedListSpec) DeepCopy ¶
func (in *SelectorAllowedListSpec) DeepCopy() *SelectorAllowedListSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectorAllowedListSpec.
func (*SelectorAllowedListSpec) DeepCopyInto ¶
func (in *SelectorAllowedListSpec) DeepCopyInto(out *SelectorAllowedListSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SelectorAllowedListSpec) MatchSelectByName ¶
func (in *SelectorAllowedListSpec) MatchSelectByName(obj client.Object) bool
func (*SelectorAllowedListSpec) SelectorMatch ¶
func (in *SelectorAllowedListSpec) SelectorMatch(obj client.Object) bool
type ServiceOptions ¶
type ServiceOptions struct {
// Specifies additional labels and annotations the Capsule operator places on any Service resource in the Tenant. Optional.
AdditionalMetadata *AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
// Block or deny certain type of Services. Optional.
AllowedServices *AllowedServices `json:"allowedServices,omitempty"`
// Specifies the external IPs that can be used in Services with type ClusterIP. An empty list means no IPs are allowed. Optional.
ExternalServiceIPs *ExternalServiceIPsSpec `json:"externalIPs,omitempty"`
// Define the labels that a Tenant Owner cannot set for their Service resources.
ForbiddenLabels ForbiddenListSpec `json:"forbiddenLabels,omitempty"`
// Define the annotations that a Tenant Owner cannot set for their Service resources.
ForbiddenAnnotations ForbiddenListSpec `json:"forbiddenAnnotations,omitempty"`
}
func (*ServiceOptions) DeepCopy ¶
func (in *ServiceOptions) DeepCopy() *ServiceOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOptions.
func (*ServiceOptions) DeepCopyInto ¶
func (in *ServiceOptions) DeepCopyInto(out *ServiceOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StatusNameUID ¶ added in v0.10.0
type TenantSubjectRoles ¶ added in v0.7.2
Type to extract all clusterroles for a subject on a tenant from the owner and additionalRoleBindings spec.
Source Files
¶
- additional_metadata.go
- additional_role_bindings.go
- allowed_list.go
- annotations.go
- exhaustion.go
- external_service_ips.go
- forbidden_list.go
- hostname_collision_scope.go
- image_pull_policy.go
- limit_ranges.go
- metadata_const.go
- network_policy.go
- pod_options.go
- resource_quota.go
- selectors.go
- service_allowed_types.go
- service_options.go
- status.go
- status_namespaces.go
- tenant_roles.go
- zz_generated.deepcopy.go