Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the ocgate v1beta1 API group +kubebuilder:object:generate=true +groupName=ocgate.rh-fieldwork.com
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "ocgate.rh-fieldwork.com", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type GateServer ¶
type GateServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec GateServerSpec `json:"spec,omitempty"` Status GateServerStatus `json:"status,omitempty"` }
GateServer is the Schema for the gateservers API
func (*GateServer) DeepCopy ¶
func (in *GateServer) DeepCopy() *GateServer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateServer.
func (*GateServer) DeepCopyInto ¶
func (in *GateServer) DeepCopyInto(out *GateServer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GateServer) DeepCopyObject ¶
func (in *GateServer) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GateServerList ¶
type GateServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []GateServer `json:"items"` }
GateServerList contains a list of GateServer
func (*GateServerList) DeepCopy ¶
func (in *GateServerList) DeepCopy() *GateServerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateServerList.
func (*GateServerList) DeepCopyInto ¶
func (in *GateServerList) DeepCopyInto(out *GateServerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GateServerList) DeepCopyObject ¶
func (in *GateServerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GateServerSpec ¶
type GateServerSpec struct { // apiURL is the k8s API url. // Defalut value is "https://kubernetes.default.svc". // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="string" // +kubebuilder:validation:Pattern="^(http|https)://.*" // +kubebuilder:validation:MaxLength=1024 // +kubebuilder:default:="https://kubernetes.default.svc" APIURL string `json:"apiURL,omitempty"` // route is the the gate proxy server. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Type="string" // +kubebuilder:validation:Pattern="^([a-z0-9-_])+[.]([a-z0-9-_])+[.]([a-z0-9-._])+$" // +kubebuilder:validation:MaxLength=226 Route string `json:"route,omitempty"` // serviceAccountNamespace of the rule. "*" represents all namespaces. // Defalut value is "*". // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="string" // +kubebuilder:default:="*" ServiceAccountNamespace string `json:"serviceAccountNamespace,omitempty"` // serviceAccountVerbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. // VerbAll represents all kinds. // Defalut value is ["get"]. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" // +kubebuilder:default:={"get"} ServiceAccountVerbs []string `json:"serviceAccountVerbs,omitempty"` // serviceAccountAPIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is ["subresources.kubevirt.io"]. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" // +kubebuilder:default:={"subresources.kubevirt.io"} ServiceAccountAPIGroups []string `json:"serviceAccountAPIGroups,omitempty"` // serviceAccountResources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups. // '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is ["virtualmachineinstances","virtualmachineinstances/vnc"]. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" // +kubebuilder:default:={"virtualmachineinstances","virtualmachineinstances/vnc"} ServiceAccountResources []string `json:"serviceAccountResources,omitempty"` // serviceAccountResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is []. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" ServiceAccountResourceNames []string `json:"serviceAccountResourceNames,omitempty"` // serviceAccountNonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path // If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match. // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is []. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" ServiceAccountNonResourceURLs []string `json:"serviceAccountNonResourceURLs,omitempty"` // passThrough determain if the tokens acquired from OAuth2 server directly to k8s API. // Defalut value is false. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="boolean" // +kubebuilder:default:=false PassThrough bool `json:"passThrough,omitempty"` // image is the oc gate proxy image to use. // Defalut value is "quay.io/rh-fieldwork/kube-gateway". // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="string" // +kubebuilder:validation:MaxLength=1024 // +kubebuilder:default:="quay.io/rh-fieldwork/kube-gateway" Image string `json:"image,omitempty"` // webAppImage is the oc gate proxy web application image to use, // It's an image including the static web application to be served together // with k8s API. // The static web application should be in the directory "/data/web/public/" // and it will be copied to the proxy servers "/web/public/" directory on pproxy // startup. If left empty, the proxies default web application will not be replaced. // Defalut value is "quay.io/rh-fieldwork/kube-gateway-web-app-novnc". // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="string" // +kubebuilder:validation:MaxLength=1024 // +kubebuilder:default:="quay.io/rh-fieldwork/kube-gateway-web-app-novnc" WebAppImage string `json:"webAppImage,omitempty"` // generateSecret determain if a secrete with public and private keys will be automatically // generated when the kube-gateway server is created. // Defalut value is true. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="boolean" // +kubebuilder:default:=true GenerateSecret bool `json:"generateSecret,omitempty"` // generateOauthClient determain if oauthclient for Openshifts Oauth2 issuer // will be created. // Defalut value is false. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="boolean" // +kubebuilder:default:=false GenerateOauthClient bool `json:"generateOauthClient,omitempty"` // generateRoute determain if Openshift route will be created for the proxy service, // if a route is not created, the operator will try to create k8s ingress for // proxy service. // Defalut value is false. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="boolean" // +kubebuilder:default:=false GenerateRoute bool `json:"generateRoute,omitempty"` }
GateServerSpec defines the desired state of GateServer
func (*GateServerSpec) DeepCopy ¶
func (in *GateServerSpec) DeepCopy() *GateServerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateServerSpec.
func (*GateServerSpec) DeepCopyInto ¶
func (in *GateServerSpec) DeepCopyInto(out *GateServerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GateServerStatus ¶
type GateServerStatus struct { // Conditions represent the latest available observations of an object's state Conditions []metav1.Condition `json:"conditions"` // Token generation phase (ready|error) Phase string `json:"phase"` }
GateServerStatus defines the observed state of GateServer
func (*GateServerStatus) DeepCopy ¶
func (in *GateServerStatus) DeepCopy() *GateServerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateServerStatus.
func (*GateServerStatus) DeepCopyInto ¶
func (in *GateServerStatus) DeepCopyInto(out *GateServerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GateToken ¶
type GateToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec GateTokenSpec `json:"spec,omitempty"` Status GateTokenStatus `json:"status,omitempty"` }
GateToken is the Schema for the gatetokens API
func (*GateToken) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateToken.
func (*GateToken) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GateToken) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GateTokenCache ¶
type GateTokenCache struct { From string `json:"from"` Until string `json:"until"` DurationSec int64 `json:"duration-sec"` NBf int64 `json:"nbf"` Exp int64 `json:"exp"` Alg string `json:"alg"` Namespace string `json:"namespace,omitempty"` Verbs []string `json:"verbs,omitempty"` APIGroups []string `json:"APIGroups,omitempty"` Resources []string `json:"resources,omitempty"` ResourceNames []string `json:"resourceNames,omitempty"` NonResourceURLs []string `json:"nonResourceURLs,omitempty"` }
GateTokenCache stores initial token data
func (*GateTokenCache) DeepCopy ¶
func (in *GateTokenCache) DeepCopy() *GateTokenCache
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateTokenCache.
func (*GateTokenCache) DeepCopyInto ¶
func (in *GateTokenCache) DeepCopyInto(out *GateTokenCache)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GateTokenList ¶
type GateTokenList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []GateToken `json:"items"` }
GateTokenList contains a list of GateToken
func (*GateTokenList) DeepCopy ¶
func (in *GateTokenList) DeepCopy() *GateTokenList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateTokenList.
func (*GateTokenList) DeepCopyInto ¶
func (in *GateTokenList) DeepCopyInto(out *GateTokenList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GateTokenList) DeepCopyObject ¶
func (in *GateTokenList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GateTokenSpec ¶
type GateTokenSpec struct { // from is time of token invocation, the token will not validate before this time, // the token duration will start from this time. // Defalut to token object creation time. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="string" // +kubebuilder:validation:Format="date-time" From string `json:"from"` // durationSec is the duration in sec the token will be validated since it's invocation. // Defalut value is 3600s (1h). // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="integer" // +kubebuilder:validation:Minimum=0 // +kubebuilder:default:=3600 DurationSec int64 `json:"durationSec"` // generateServiceAccount determain if the operator will create a service account and // delever the actual service account token instead of a JWT access key. // the service account will be generated not before the token is valid // and will be deleted when the token expires. // Defalut value is false. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="boolean" // +kubebuilder:default:=false GenerateServiceAccount bool `json:"generateServiceAccount,omitempty"` // namespace of the rule. "*" represents all namespaces. // Defalut value is "*". // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="string" // +kubebuilder:default:="*" Namespace string `json:"namespace,omitempty"` // verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is ["get"]. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" // +kubebuilder:default:={"get"} Verbs []string `json:"verbs,omitempty"` // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is [subresources.kubevirt.io]. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" // +kubebuilder:default:={"subresources.kubevirt.io"} APIGroups []string `json:"APIGroups,omitempty"` // resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups. // '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is ["virtualmachineinstances","virtualmachineinstances/vnc"]. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" // +kubebuilder:default:={"virtualmachineinstances","virtualmachineinstances/vnc"} Resources []string `json:"resources,omitempty"` // resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is []. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" ResourceNames []string `json:"resourceNames,omitempty"` // nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path // If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match. // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. // APIGroups is the name of the APIGroup that contains the resources. // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. // Defalut value is []. // +kubebuilder:validation:Optional // +kubebuilder:validation:Type="array" NonResourceURLs []string `json:"nonResourceURLs,omitempty"` }
GateTokenSpec defines the desired state of GateToken
func (*GateTokenSpec) DeepCopy ¶
func (in *GateTokenSpec) DeepCopy() *GateTokenSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateTokenSpec.
func (*GateTokenSpec) DeepCopyInto ¶
func (in *GateTokenSpec) DeepCopyInto(out *GateTokenSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GateTokenStatus ¶
type GateTokenStatus struct { // Conditions represent the latest available observations of an object's state Conditions []metav1.Condition `json:"conditions"` // The generated token Token string `json:"token"` // The generated service account name ServiceAccountName string `json:"service-account-name"` // Cached data, once created, user can not change this valuse Data GateTokenCache `json:"data"` // Token generation phase (pending|ready|expired|error) Phase string `json:"phase"` }
GateTokenStatus defines the observed state of GateToken
func (*GateTokenStatus) DeepCopy ¶
func (in *GateTokenStatus) DeepCopy() *GateTokenStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateTokenStatus.
func (*GateTokenStatus) DeepCopyInto ¶
func (in *GateTokenStatus) DeepCopyInto(out *GateTokenStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.