admissionregistration

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2017 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package admissionregistration is the internal version of the API. AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration InitializerConfiguration and ExternalAdmissionHookConfiguration is for the new dynamic admission controller configuration. +groupName=admissionregistration.k8s.io

Index

Constants

View Source
const GroupName = "admissionregistration.k8s.io"

Variables

View Source
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions

func DeepCopy_admissionregistration_AdmissionHookClientConfig

func DeepCopy_admissionregistration_AdmissionHookClientConfig(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_AdmissionHookClientConfig is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_ExternalAdmissionHook

func DeepCopy_admissionregistration_ExternalAdmissionHook(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_ExternalAdmissionHook is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_ExternalAdmissionHookConfiguration

func DeepCopy_admissionregistration_ExternalAdmissionHookConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_ExternalAdmissionHookConfiguration is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_ExternalAdmissionHookConfigurationList

func DeepCopy_admissionregistration_ExternalAdmissionHookConfigurationList(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_ExternalAdmissionHookConfigurationList is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_Initializer

func DeepCopy_admissionregistration_Initializer(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_Initializer is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_InitializerConfiguration

func DeepCopy_admissionregistration_InitializerConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_InitializerConfiguration is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_InitializerConfigurationList

func DeepCopy_admissionregistration_InitializerConfigurationList(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_InitializerConfigurationList is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_Rule

func DeepCopy_admissionregistration_Rule(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_Rule is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_RuleWithOperations

func DeepCopy_admissionregistration_RuleWithOperations(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_RuleWithOperations is an autogenerated deepcopy function.

func DeepCopy_admissionregistration_ServiceReference

func DeepCopy_admissionregistration_ServiceReference(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_admissionregistration_ServiceReference is an autogenerated deepcopy function.

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func RegisterDeepCopies

func RegisterDeepCopies(scheme *runtime.Scheme) error

RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns back a Group qualified GroupResource

Types

type AdmissionHookClientConfig

type AdmissionHookClientConfig struct {
	// Service is a reference to the service for this webhook. If there is only
	// one port open for the service, that port will be used. If there are multiple
	// ports open, port 443 will be used if it is open, otherwise it is an error.
	// Required
	Service ServiceReference
	// CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
	// Required
	CABundle []byte
}

AdmissionHookClientConfig contains the information to make a TLS connection with the webhook

type ExternalAdmissionHook

type ExternalAdmissionHook struct {
	// The name of the external admission webhook.
	// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
	// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
	// of the organization.
	// Required.
	Name string

	// ClientConfig defines how to communicate with the hook.
	// Required
	ClientConfig AdmissionHookClientConfig

	// Rules describes what operations on what resources/subresources the webhook cares about.
	// The webhook cares about an operation if it matches _any_ Rule.
	Rules []RuleWithOperations

	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
	// allowed values are Ignore or Fail. Defaults to Ignore.
	// +optional
	FailurePolicy *FailurePolicyType
}

ExternalAdmissionHook describes an external admission webhook and the resources and operations it applies to.

type ExternalAdmissionHookConfiguration

type ExternalAdmissionHookConfiguration struct {
	metav1.TypeMeta
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
	// +optional
	metav1.ObjectMeta
	// ExternalAdmissionHooks is a list of external admission webhooks and the
	// affected resources and operations.
	// +optional
	ExternalAdmissionHooks []ExternalAdmissionHook
}

ExternalAdmissionHookConfiguration describes the configuration of initializers.

type ExternalAdmissionHookConfigurationList

type ExternalAdmissionHookConfigurationList struct {
	metav1.TypeMeta
	// Standard list metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
	// +optional
	metav1.ListMeta
	// List of ExternalAdmissionHookConfiguration.
	Items []ExternalAdmissionHookConfiguration
}

ExternalAdmissionHookConfigurationList is a list of ExternalAdmissionHookConfiguration.

type FailurePolicyType

type FailurePolicyType string
const (
	// Ignore means the initilizer is removed from the initializers list of an
	// object if the initializer is timed out.
	Ignore FailurePolicyType = "Ignore"
	// For 1.7, only "Ignore" is allowed. "Fail" will be allowed when the
	// extensible admission feature is beta.
	Fail FailurePolicyType = "Fail"
)

type Initializer

type Initializer struct {
	// Name is the identifier of the initializer. It will be added to the
	// object that needs to be initialized.
	// Name should be fully qualified, e.g., alwayspullimages.kubernetes.io, where
	// "alwayspullimages" is the name of the webhook, and kubernetes.io is the name
	// of the organization.
	// Required
	Name string

	// Rules describes what resources/subresources the initializer cares about.
	// The initializer cares about an operation if it matches _any_ Rule.
	// Rule.Resources must not include subresources.
	Rules []Rule

	// FailurePolicy defines what happens if the responsible initializer controller
	// fails to takes action. Allowed values are Ignore, or Fail. If "Ignore" is
	// set, initializer is removed from the initializers list of an object if
	// the timeout is reached; If "Fail" is set, admissionregistration returns timeout error
	// if the timeout is reached.
	FailurePolicy *FailurePolicyType
}

Initializer describes the name and the failure policy of an initializer, and what resources it applies to.

type InitializerConfiguration

type InitializerConfiguration struct {
	metav1.TypeMeta
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
	// +optional
	metav1.ObjectMeta

	// Initializers is a list of resources and their default initializers
	// Order-sensitive.
	// When merging multiple InitializerConfigurations, we sort the initializers
	// from different InitializerConfigurations by the name of the
	// InitializerConfigurations; the order of the initializers from the same
	// InitializerConfiguration is preserved.
	// +optional
	Initializers []Initializer
}

InitializerConfiguration describes the configuration of initializers.

type InitializerConfigurationList

type InitializerConfigurationList struct {
	metav1.TypeMeta
	// Standard list metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
	// +optional
	metav1.ListMeta

	// List of InitializerConfiguration.
	Items []InitializerConfiguration
}

InitializerConfigurationList is a list of InitializerConfiguration.

type OperationType

type OperationType string
const (
	OperationAll OperationType = "*"
	Create       OperationType = "CREATE"
	Update       OperationType = "UPDATE"
	Delete       OperationType = "DELETE"
	Connect      OperationType = "CONNECT"
)

The constants should be kept in sync with those defined in k8s.io/kubernetes/pkg/admission/interface.go.

type Rule

type Rule struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups.
	// If '*' is present, the length of the slice must be one.
	// Required.
	APIGroups []string

	// APIVersions is the API versions the resources belong to. '*' is all versions.
	// If '*' is present, the length of the slice must be one.
	// Required.
	APIVersions []string

	// Resources is a list of resources this rule applies to.
	//
	// For example:
	// 'pods' means pods.
	// 'pods/log' means the log subresource of pods.
	// '*' means all resources, but not subresources.
	// 'pods/*' means all subresources of pods.
	// '*/scale' means all scale subresources.
	// '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not
	// overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed.
	// Required.
	Resources []string
}

Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperations

type RuleWithOperations struct {
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, or *
	// for all operations.
	// If '*' is present, the length of the slice must be one.
	// Required.
	Operations []OperationType
	// Rule is embedded, it describes other criteria of the rule, like
	// APIGroups, APIVersions, Resources, etc.
	Rule
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type ServiceReference

type ServiceReference struct {
	// Namespace is the namespace of the service
	// Required
	Namespace string
	// Name is the name of the service
	// Required
	Name string
}

ServiceReference holds a reference to Service.legacy.k8s.io

Directories

Path Synopsis
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL