v1

package
v0.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2021 License: GPL-3.0 Imports: 18 Imported by: 0

Documentation

Overview

Package v1 contains API Schema definitions for the App v1 API group +groupName=app.kvdi.io

Package v1 contains API Schema definitions for the app v1 API group +kubebuilder:object:generate=true +groupName=app.kvdi.io

Index

Constants

View Source 
const (
	// SecretsBackendK8s represents using a kubernetes secret for secret storage.
	SecretsBackendK8s = "k8s"
	// SecretsBackendVault represents using vault for secret storage.
	SecretsBackendVault = "vault"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "app.kvdi.io", Version: "v1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AppConfig 

type AppConfig struct {
	// The image to use for the app instances. Defaults to the public image
	// matching the version of the currently running manager.
	Image string `json:"image,omitempty"`
	// Whether to add CORS headers to API requests
	CORSEnabled bool `json:"corsEnabled,omitempty"`
	// Whether to log auditing events to stdout
	AuditLog bool `json:"auditLog,omitempty"`
	// The number of app replicas to run
	Replicas int32 `json:"replicas,omitempty"`
	// The type of service to create in front of the app instance.
	// Defaults to `LoadBalancer`.
	ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
	// Extra annotations to apply to the app service.
	ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
	// TLS configurations for the app instance
	TLS *TLSConfig `json:"tls,omitempty"`
	// Resource requirements to place on the app pods
	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
}

AppConfig represents app configurations for the VDI cluster

func (*AppConfig) DeepCopy 

func (in *AppConfig) DeepCopy() *AppConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppConfig.

func (*AppConfig) DeepCopyInto 

func (in *AppConfig) DeepCopyInto(out *AppConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthConfig 

type AuthConfig struct {
	// Allow anonymous users to create desktop instances
	AllowAnonymous bool `json:"allowAnonymous,omitempty"`
	// A secret where a generated admin password will be stored
	AdminSecret string `json:"adminSecret,omitempty"`
	// How long issued access tokens should be valid for. When using OIDC auth
	// you may want to set this to a higher value (e.g. 8-10h) since the refresh token
	// flow will not be able to lookup a user's grants from the provider. Defaults to `15m`.
	TokenDuration string `json:"tokenDuration,omitempty"`
	// The rules to apply to the default role created for this cluster. These are the rules applied to
	// anonymous users (if allowed) and non-grouped OIDC users. They can also be used for convenience
	// when getting started. The defaults only allow for launching templates in the `appNamespace`.
	DefaultRoleRules []v1.Rule `json:"defaultRoleRules,omitempty"`
	// Use local auth (secret-backed) authentication
	LocalAuth *LocalAuthConfig `json:"localAuth,omitempty"`
	// Use LDAP for authentication.
	LDAPAuth *LDAPConfig `json:"ldapAuth,omitempty"`
	// Use OIDC for authentication
	OIDCAuth *OIDCConfig `json:"oidcAuth,omitempty"`
}

AuthConfig will be for authentication driver configurations. The goal is to support multiple backends, e.g. local, oauth, ldap, etc.

func (*AuthConfig) DeepCopy 

func (in *AuthConfig) DeepCopy() *AuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.

func (*AuthConfig) DeepCopyInto 

func (in *AuthConfig) DeepCopyInto(out *AuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DesktopsConfig 

type DesktopsConfig struct {
	// When configured, desktop sessions will be forcefully terminated when
	// the time limit is reached.
	MaxSessionLength string `json:"maxSessionLength,omitempty"`
	// The maximum number of sessions a user can run at a time. A zero value (or undefined)
	// means no limit. When using a `userdataSpec`, you might want to set this value to 1 if
	// you aren't using ReadWriteMany volumes. The storage controller would inevitably enforce
	// this behavior anyway, but you would save the `kvdi-manager` some extra work.
	SessionsPerUser int `json:"sessionsPerUser,omitempty"`
}

DesktopsConfig represents global configurations for desktop sessions.

func (*DesktopsConfig) DeepCopy 

func (in *DesktopsConfig) DeepCopy() *DesktopsConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DesktopsConfig.

func (*DesktopsConfig) DeepCopyInto 

func (in *DesktopsConfig) DeepCopyInto(out *DesktopsConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GrafanaConfig 

type GrafanaConfig struct {
	// Set to true to run a grafana sidecar with the app pods. This can be used to visualize
	// data in the prometheus deployment.
	Enabled bool `json:"enabled,omitempty"`
}

GrafanaConfig contains configuration options for the grafana sidecar.

func (*GrafanaConfig) DeepCopy 

func (in *GrafanaConfig) DeepCopy() *GrafanaConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrafanaConfig.

func (*GrafanaConfig) DeepCopyInto 

func (in *GrafanaConfig) DeepCopyInto(out *GrafanaConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type K8SSecretConfig 

type K8SSecretConfig struct {
	// The name of the secret backing the values. Default is `<cluster-name>-app-secrets`.
	SecretName string `json:"secretName,omitempty"`
}

K8SSecretConfig uses a Kubernetes secret to store and retrieve sensitive values.

func (*K8SSecretConfig) DeepCopy 

func (in *K8SSecretConfig) DeepCopy() *K8SSecretConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8SSecretConfig.

func (*K8SSecretConfig) DeepCopyInto 

func (in *K8SSecretConfig) DeepCopyInto(out *K8SSecretConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPConfig 

type LDAPConfig struct {
	// The URL to the LDAP server.
	URL string `json:"url,omitempty"`
	// Set to true to skip TLS verification of an `ldaps` connection.
	TLSInsecureSkipVerify bool `json:"tlsInsecureSkipVerify,omitempty"`
	// The base64 encoded CA certificate to use when verifying the TLS certificate of
	// the LDAP server.
	TLSCACert string `json:"tlsCACert,omitempty"`
	// If you want to use the built-in secrets backend (vault or k8s currently),
	// set this to either the name of the secret in the vault path (the key must be "data" for now), or the key of
	// the secret used in `secrets.k8sSecret.secretName`. In default configurations this is
	// `kvdi-app-secrets`. Defaults to `ldap-userdn`.
	BindUserDNSecretKey string `json:"bindUserDNSecretKey,omitempty"`
	// Similar to the `bindUserDNSecretKey`, but for the location of the password
	// secret. Defaults to `ldap-password`.
	BindPasswordSecretKey string `json:"bindPasswordSecretKey,omitempty"`
	// If you'd rather create a separate k8s secret (instead of the configured backend)
	// for the LDAP credentials, set its name here. The keys in the secret need to
	// be defined in the other fields still. Default is to use the secret backend.
	BindCredentialsSecret string `json:"bindCredentialsSecret,omitempty"`
	// Group DNs that are allowed administrator access to the cluster. Kubernetes
	// admins will still have the ability to change configurations via the CRDs.
	AdminGroups []string `json:"adminGroups,omitempty"`
	// The base scope to search for users in. Default is to search the entire
	// directory.
	UserSearchBase string `json:"userSearchBase,omitempty"`
	// The user ID attribute to use when looking up a provided username. Defaults to `uid`.
	// This value may be different depending on the LDAP provider. For example, in an Active Directory
	// environment you may want to set this value to `sAMAccountName`.
	UserIDAttribute string `json:"userIDAttribute,omitempty"`
	// The user attribute use to lookup group membership in LDAP. Defaults to `memberOf`.
	UserGroupsAttribute string `json:"userGroupsAttribute,omitempty"`
	// The user attribute to use when querying if an account is active. Defaults to `accountStatus`.
	// Only takes effect if `doStatusCheck` is `true`. A user is considered disabled when the attribute is
	// both present and matches the value in `userStatusDisabledValue`.
	UserStatusAttribute string `json:"userStatusAttribute,omitempty"`
	// The value for the `userStatusAttribute` that signifies that the user is disabled. Defaults to `inactive`.
	UserStatusDisabledValue string `json:"userStatusDisabledValue,omitempty"`
	// When set to true, the authentication provider will query the user's attributes for the `userStatusAttribute`
	// and make sure it matches the value in `userStatusEnabledValue` before attemtping to bind.
	DoStatusCheck bool `json:"doStatusCheck,omitempty"`
}

LDAPConfig represents the configurations for using LDAP as the authentication backend.

func (*LDAPConfig) DeepCopy 

func (in *LDAPConfig) DeepCopy() *LDAPConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPConfig.

func (*LDAPConfig) DeepCopyInto 

func (in *LDAPConfig) DeepCopyInto(out *LDAPConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPConfig) IsUndefined 

func (l *LDAPConfig) IsUndefined() bool

IsUndefined returns true if the given LDAPConfig object is not actually configured. It checks that required values are present.

type LocalAuthConfig 

type LocalAuthConfig struct{}

LocalAuthConfig represents a local, 'passwd'-like authentication driver.

func (*LocalAuthConfig) DeepCopy 

func (in *LocalAuthConfig) DeepCopy() *LocalAuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalAuthConfig.

func (*LocalAuthConfig) DeepCopyInto 

func (in *LocalAuthConfig) DeepCopyInto(out *LocalAuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MetricsConfig 

type MetricsConfig struct {
	// Configurations for creating a ServiceMonitor CR for a pre-existing
	// prometheus-operator installation.
	ServiceMonitor *ServiceMonitorConfig `json:"serviceMonitor,omitempty"`
	// Prometheus deployment configurations.g.
	Prometheus *PrometheusConfig `json:"prometheus,omitempty"`
	// Grafana sidecar configurations.
	Grafana *GrafanaConfig `json:"grafana,omitempty"`
}

MetricsConfig contains configuration options for gathering metrics.

func (*MetricsConfig) DeepCopy 

func (in *MetricsConfig) DeepCopy() *MetricsConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsConfig.

func (*MetricsConfig) DeepCopyInto 

func (in *MetricsConfig) DeepCopyInto(out *MetricsConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OIDCConfig 

type OIDCConfig struct {
	// The OIDC issuer URL used for discovery
	IssuerURL string `json:"issuerURL,omitempty"`
	// When using the built-in secrets backend, the key to where the client-id is
	// stored. Set this to either the name of the secret in the vault path (the key must be "data" for now),
	// or the key of the secret used in `secrets.k8sSecret.secretName`. When configuring `clientCredentialsSecret`,
	// set this to the key in that secret. Defaults to `oidc-clientid`.
	ClientIDKey string `json:"clientIDKey,omitempty"`
	// Similar to `clientIDKey`, but for the location of the client secret. Defaults
	// to `oidc-clientsecret`.
	ClientSecretKey string `json:"clientSecretKey,omitempty"`
	// When creating your own kubernets secret with the `clientIDKey` and `clientSecretKey`,
	// set this to the name of the created secret. It must be in the same namespace
	// as the manager and app instances. Defaults to `oidc-clientsecret`.
	ClientCredentialsSecret string `json:"clientCredentialsSecret,omitempty"`
	// The redirect URL path configured in the OIDC provider. This should be the full
	// path where kvdi is hosted followed by `/api/login`. For example, if `kvdi` is
	// hosted at https://kvdi.local, then this value should be set `https://kvdi.local/api/login`.
	RedirectURL string `json:"redirectURL,omitempty"`
	// The scopes to request with the authentication request. Defaults to
	// `["openid", "email", "profile", "groups"]`.
	Scopes []string `json:"scopes,omitempty"`
	// If your OIDC provider does not return a `groups` object, set this to the user
	// attribute to use for binding authenticated users to VDIRoles. Defaults to `groups`.
	GroupScope string `json:"groupScope,omitempty"`
	// Groups that are allowed administrator access to the cluster. Kubernetes
	// admins will still have the ability to change rbac configurations via the CRDs.
	AdminGroups []string `json:"adminGroups,omitempty"`
	// Set to true to skip TLS verification of an OIDC provider.
	TLSInsecureSkipVerify bool `json:"tlsInsecureSkipVerify,omitempty"`
	// The base64 encoded CA certificate to use when verifying the TLS certificate of
	// the OIDC provider.
	TLSCACert string `json:"tlsCACert,omitempty"`
	// Set to true if the OIDC provider does not support the "groups" claim (or any
	// valid alternative) and/or you would like to allow any authenticated user
	// read-only access.
	AllowNonGroupedReadOnly bool `json:"allowNonGroupedReadOnly,omitempty"`
	// The access tokens returned by the OIDC provider are usually discarded after identify information
	// is retrieved from them. If you set this to true, these fields will be available for mapping in
	// desktops at the following paths:
	//
	//   - `{{ .Session.Data.access_token }}`
	//   - `{{ .Session.Data.token_type }}`
	//   - `{{ .Session.Data.refresh_token }}`
	//   - `{{ .Session.Data.expiry }}`
	//
	// **NOTE:** This should be considered an insecure option and only turned on taking into account
	// the inherent risks. If the access token used for authorizing actions against the kvdi API gets compromised,
	// it would be relatively easy for the attacker to extract this information from the token and use it for
	// authenticating against third-party resources. Additionally, when mapping these values to desktops, they will
	// be stored temporarily in Kubernetes Secrets. The security of those secrets depends highly on your Kubernetes
	// RBAC setup and who has access to secrets in the namespace where the Desktop is. So in short, it would be wise to
	// only use this setting in trusted environments where access to the necessary kubernetes APIs is only available to
	// a select group of administrators, and the risk of the user using a compromised browser is minimal.
	PreserveTokens bool `json:"preserveTokens,omitempty"`
}

OIDCConfig represents configurations for using an OIDC/OAuth provider for authentication.

func (*OIDCConfig) DeepCopy 

func (in *OIDCConfig) DeepCopy() *OIDCConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCConfig.

func (*OIDCConfig) DeepCopyInto 

func (in *OIDCConfig) DeepCopyInto(out *OIDCConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OIDCConfig) IsUndefined 

func (o *OIDCConfig) IsUndefined() bool

IsUndefined returns true if the given OIDCConfig object is not actually configured. It checks that required values are present.

type PrometheusConfig 

type PrometheusConfig struct {
	// Set to true to create a prometheus instance.
	Create bool `json:"create,omitempty"`
	// Resource requirements to place on the Prometheus deployment
	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
}

PrometheusConfig contains configuration options for a prometheus deployment.

func (*PrometheusConfig) DeepCopy 

func (in *PrometheusConfig) DeepCopy() *PrometheusConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig.

func (*PrometheusConfig) DeepCopyInto 

func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretsConfig 

type SecretsConfig struct {
	// Use a kubernetes secret for storing sensitive values. If no other coniguration is provided
	// then this is the fallback.
	K8SSecret *K8SSecretConfig `json:"k8sSecret,omitempty"`
	// Use vault for storing sensitive values. Requires kubernetes service account
	// authentication.
	Vault *VaultConfig `json:"vault,omitempty"`
}

SecretsConfig configurese the backend for secrets management.

func (*SecretsConfig) DeepCopy 

func (in *SecretsConfig) DeepCopy() *SecretsConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsConfig.

func (*SecretsConfig) DeepCopyInto 

func (in *SecretsConfig) DeepCopyInto(out *SecretsConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceMonitorConfig 

type ServiceMonitorConfig struct {
	// Set to true to create a ServiceMonitor object for the kvdi metrics.
	Create bool `json:"create,omitempty"`
	// Extra labels to apply to the ServiceMonitor object. Set these to the selector
	// in your prometheus-operator configuration (usually `{"release": "<helm_release_name>"}`).
	// Defaults to `{"release": "prometheus"}`.
	Labels map[string]string `json:"labels,omitempty"`
}

ServiceMonitorConfig contains configuration options for creating a ServiceMonitor.

func (*ServiceMonitorConfig) DeepCopy 

func (in *ServiceMonitorConfig) DeepCopy() *ServiceMonitorConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceMonitorConfig.

func (*ServiceMonitorConfig) DeepCopyInto 

func (in *ServiceMonitorConfig) DeepCopyInto(out *ServiceMonitorConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSConfig 

type TLSConfig struct {
	// A pre-existing TLS secret to use for the HTTPS listener. If not defined,
	// a certificate is generated.
	ServerSecret string `json:"serverSecret,omitempty"`
}

TLSConfig contains TLS configurations for kVDI.

func (*TLSConfig) DeepCopy 

func (in *TLSConfig) DeepCopy() *TLSConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.

func (*TLSConfig) DeepCopyInto 

func (in *TLSConfig) DeepCopyInto(out *TLSConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UserdataSelector added in v0.3.1 

type UserdataSelector struct {
	// MatchName is a pattern to match for the name of the PVC. The string ${USERNAME} will be
	// replaced in the pattern with the actual username when searching for the volume. Note, this
	// will only work if usernames are DNS compliant.
	MatchName string `json:"matchName,omitempty"`
	// MatchLabel is a label **key** to use to select a PVC for the user. The value will in the
	// selector will be the name of the user launching the session. Use this if your usernames
	// may not always be DNS compliant.
	MatchLabel string `json:"matchLabel,omitempty"`
}

UserdataSelector represents a means for selecting pre-existing userdata PVCs based off a label or name match. Note that you will need to restrict templates to launching in namespaces that contain the PVCs yourself.

func (*UserdataSelector) DeepCopy added in v0.3.1 

func (in *UserdataSelector) DeepCopy() *UserdataSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserdataSelector.

func (*UserdataSelector) DeepCopyInto added in v0.3.1 

func (in *UserdataSelector) DeepCopyInto(out *UserdataSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UserdataSelector) IsValid added in v0.3.1 

func (u *UserdataSelector) IsValid() bool

IsValid returns true if this is a usable selector.

type VDICluster 

type VDICluster struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VDIClusterSpec   `json:"spec,omitempty"`
	Status VDIClusterStatus `json:"status,omitempty"`
}

VDICluster is the Schema for the vdiclusters API

func (*VDICluster) AllowNonGroupedReadOnly 

func (c *VDICluster) AllowNonGroupedReadOnly() bool

AllowNonGroupedReadOnly returns true if non-grouped users from the OpenID provider should be allowed read-only access to kVDI.

func (*VDICluster) AnonymousAllowed 

func (c *VDICluster) AnonymousAllowed() bool

AnonymousAllowed returns true if anonymous users are allowed to interact with this cluster.

func (*VDICluster) AppIsUsingExternalServerTLS 

func (c *VDICluster) AppIsUsingExternalServerTLS() bool

AppIsUsingExternalServerTLS returns true if the app server certificate is user-supplied.

func (*VDICluster) AuditLogEnabled 

func (c *VDICluster) AuditLogEnabled() bool

AuditLogEnabled returns true if auditing events should be logged to stdout.

func (*VDICluster) AuthIsUsingSecretEngine 

func (c *VDICluster) AuthIsUsingSecretEngine() bool

AuthIsUsingSecretEngine returns true if the secrets for the configured auth backend are using the built-in secrets engine and not a separate kubernetes secret.

func (*VDICluster) CreateAppServiceMonitor 

func (c *VDICluster) CreateAppServiceMonitor() bool

CreateAppServiceMonitor returns true if the cluster specifies to create a ServiceMonitor.

func (*VDICluster) CreatePrometheusCR 

func (c *VDICluster) CreatePrometheusCR() bool

CreatePrometheusCR returns true if the cluster specifies to create a Prometheus CR.

func (*VDICluster) DeepCopy 

func (in *VDICluster) DeepCopy() *VDICluster

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VDICluster.

func (*VDICluster) DeepCopyInto 

func (in *VDICluster) DeepCopyInto(out *VDICluster)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VDICluster) DeepCopyObject 

func (in *VDICluster) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VDICluster) EnableCORS 

func (c *VDICluster) EnableCORS() bool

EnableCORS returns true if CORS headers should be included in responses from the app server.

func (*VDICluster) GetAdminRole 

func (c *VDICluster) GetAdminRole() *rbacv1.VDIRole

GetAdminRole returns an admin role for this VDICluster.

func (*VDICluster) GetAdminSecret 

func (c *VDICluster) GetAdminSecret() string

GetAdminSecret returns the name of the secret for storing the admin password.

func (*VDICluster) GetAppClientTLSNamespacedName 

func (c *VDICluster) GetAppClientTLSNamespacedName() types.NamespacedName

GetAppClientTLSNamespacedName returns the namespaced name for the client TLS certificate.

func (*VDICluster) GetAppClientTLSSecretName 

func (c *VDICluster) GetAppClientTLSSecretName() string

GetAppClientTLSSecretName returns the name of the client TLS secret for the app.

func (*VDICluster) GetAppImage 

func (c *VDICluster) GetAppImage() string

GetAppImage returns the image to use for the app deployment.

func (*VDICluster) GetAppName 

func (c *VDICluster) GetAppName() string

GetAppName returns the name of the kVDI app deployment for this VDICluster.

func (*VDICluster) GetAppPullPolicy 

func (c *VDICluster) GetAppPullPolicy() corev1.PullPolicy

GetAppPullPolicy returns the ImagePullPolicy to use for the app deployment.

func (*VDICluster) GetAppReplicas 

func (c *VDICluster) GetAppReplicas() *int32

GetAppReplicas returns the number of app replicas to run in this VDICluster. TODO: auto-scaling?

func (*VDICluster) GetAppResources 

func (c *VDICluster) GetAppResources() corev1.ResourceRequirements

GetAppResources returns the resource requirements for the app deployments.

func (*VDICluster) GetAppSecretsName 

func (c *VDICluster) GetAppSecretsName() string

GetAppSecretsName returns the name of the secret to use for app secrets.

func (*VDICluster) GetAppSecurityContext 

func (c *VDICluster) GetAppSecurityContext() *corev1.PodSecurityContext

GetAppSecurityContext returns the pod security context for the app deployment.

func (*VDICluster) GetAppServerTLSNamespacedName 

func (c *VDICluster) GetAppServerTLSNamespacedName() types.NamespacedName

GetAppServerTLSNamespacedName returns the namespaced name for the server TLS certificate.

func (*VDICluster) GetAppServerTLSSecretName 

func (c *VDICluster) GetAppServerTLSSecretName() string

GetAppServerTLSSecretName returns the name of the server TLS secret for the app.

func (*VDICluster) GetAppServiceType 

func (c *VDICluster) GetAppServiceType() corev1.ServiceType

GetAppServiceType returns the type of service to create in front of the app pods.

func (*VDICluster) GetAuthK8sSecret 

func (c *VDICluster) GetAuthK8sSecret() string

GetAuthK8sSecret returns the name of the k8s auth secret. For safety it returns the name of the app secret, however, the caller should only be using this function because they know they are not using the built-in secrets.

func (*VDICluster) GetCAName 

func (c *VDICluster) GetCAName() string

GetCAName returns the name of the CA certificate for the VDICluster.

func (*VDICluster) GetClusterDesktopsSelector 

func (c *VDICluster) GetClusterDesktopsSelector() client.MatchingLabels

GetClusterDesktopsSelector gets the label selector for looking up all desktops owned by this VDICluster.

func (*VDICluster) GetComponentLabels 

func (c *VDICluster) GetComponentLabels(component string) map[string]string

GetComponentLabels returns the labels to apply to a given kVDI component.

func (*VDICluster) GetCoreNamespace 

func (c *VDICluster) GetCoreNamespace() string

GetCoreNamespace returns the namespace where kVDI components should be created.

func (*VDICluster) GetLDAPAdminGroups 

func (c *VDICluster) GetLDAPAdminGroups() []string

GetLDAPAdminGroups returns the list of groups in LDAP that should be bound to the kvdi-admin role.

func (*VDICluster) GetLDAPCA 

func (c *VDICluster) GetLDAPCA() ([]byte, error)

GetLDAPCA returns the CA certificate to use when verifying the LDAPS server certificate. The configured result is base64 decoded and sent back to the caller.

func (*VDICluster) GetLDAPDoUserStatusCheck 

func (c *VDICluster) GetLDAPDoUserStatusCheck() bool

GetLDAPDoUserStatusCheck returns if the account status check should be done when performing user authentication.

func (*VDICluster) GetLDAPInsecureSkipVerify 

func (c *VDICluster) GetLDAPInsecureSkipVerify() bool

GetLDAPInsecureSkipVerify returns whether TLS certificate verification should be performed on the LDAPS connection.

func (*VDICluster) GetLDAPPasswordKey 

func (c *VDICluster) GetLDAPPasswordKey() string

GetLDAPPasswordKey returns the key in the secret where the bind password can be retrieved.

func (*VDICluster) GetLDAPSearchBase 

func (c *VDICluster) GetLDAPSearchBase() string

GetLDAPSearchBase returns the base DN to use when querying users from LDAP.

func (*VDICluster) GetLDAPURL 

func (c *VDICluster) GetLDAPURL() string

GetLDAPURL returns the full URL to the configured LDAP server.

func (*VDICluster) GetLDAPUserDNKey 

func (c *VDICluster) GetLDAPUserDNKey() string

GetLDAPUserDNKey returns the key in the secret where the bind DN can be retrieved.

func (*VDICluster) GetLDAPUserGroupsAttribute 

func (c *VDICluster) GetLDAPUserGroupsAttribute() string

GetLDAPUserGroupsAttribute returns the user attribute to use when querying user groups.

func (*VDICluster) GetLDAPUserIDAttribute 

func (c *VDICluster) GetLDAPUserIDAttribute() string

GetLDAPUserIDAttribute returns the user attribute to use when querying user IDs.

func (*VDICluster) GetLDAPUserStatusAttribute 

func (c *VDICluster) GetLDAPUserStatusAttribute() string

GetLDAPUserStatusAttribute returns the user attribute to use when querying account status.

func (*VDICluster) GetLDAPUserStatusDisabledValue 

func (c *VDICluster) GetLDAPUserStatusDisabledValue() string

GetLDAPUserStatusDisabledValue returns the value to match that means the user is disabled.

func (*VDICluster) GetLaunchTemplatesRole 

func (c *VDICluster) GetLaunchTemplatesRole() *rbacv1.VDIRole

GetLaunchTemplatesRole returns a launch-templates role for a cluster. A role like this is created for every cluster for convenience. It is the default role applied to anonymous users, and for non-grouped OIDC users.

func (*VDICluster) GetMaxSessionLength 

func (c *VDICluster) GetMaxSessionLength() time.Duration

GetMaxSessionLength returns the duration to wait to kill a desktop pod. If the duration is not parseable or unconfigured, 0 is returned.

func (*VDICluster) GetMaxSessionsPerUser 

func (c *VDICluster) GetMaxSessionsPerUser() int

GetMaxSessionsPerUser returns the maximum number of sessions a user can run for this VDICluster.

func (*VDICluster) GetOIDCAdminGroups 

func (c *VDICluster) GetOIDCAdminGroups() []string

GetOIDCAdminGroups returns the values in the groups claim that will map to administrator access.

func (*VDICluster) GetOIDCCA 

func (c *VDICluster) GetOIDCCA() ([]byte, error)

GetOIDCCA returns the CA certificate to use when verifying the OIDC provider certificate. The value is base64 decoded and returned to the caller.

func (*VDICluster) GetOIDCClientIDKey 

func (c *VDICluster) GetOIDCClientIDKey() string

GetOIDCClientIDKey returns the key in the secret where the client ID can be retrieved.

func (*VDICluster) GetOIDCClientSecretKey 

func (c *VDICluster) GetOIDCClientSecretKey() string

GetOIDCClientSecretKey returns the key in the secret where client secret can be retrieved.

func (*VDICluster) GetOIDCGroupScope 

func (c *VDICluster) GetOIDCGroupScope() string

GetOIDCGroupScope returns the scope to use for matching a user's groups to VDI roles.

func (*VDICluster) GetOIDCInsecureSkipVerify 

func (c *VDICluster) GetOIDCInsecureSkipVerify() bool

GetOIDCInsecureSkipVerify returns whether or not to verify the TLS certificate of the OIDC provider.

func (*VDICluster) GetOIDCIssuerURL 

func (c *VDICluster) GetOIDCIssuerURL() string

GetOIDCIssuerURL returns the OIDC issuer URL or a blank string (which will throw an error when used).

func (*VDICluster) GetOIDCRedirectURL 

func (c *VDICluster) GetOIDCRedirectURL() string

GetOIDCRedirectURL returns the URL that the OIDC provider should redirect to after a successful authentication.

func (*VDICluster) GetOIDCScopes 

func (c *VDICluster) GetOIDCScopes() []string

GetOIDCScopes returns the list of scopes to request from the OpenID provider.

func (*VDICluster) GetPrometheusName 

func (c *VDICluster) GetPrometheusName() string

GetPrometheusName returns the name of the kVDI prometheus deployment for this VDICluster.

func (*VDICluster) GetPrometheusResources 

func (c *VDICluster) GetPrometheusResources() corev1.ResourceRequirements

GetPrometheusResources returns the resource requirements to place on the Prometheus deployment.

func (*VDICluster) GetPullSecrets 

func (c *VDICluster) GetPullSecrets() []corev1.LocalObjectReference

GetPullSecrets returns any pull secrets required for pulling images.

func (*VDICluster) GetRoles 

func (c *VDICluster) GetRoles(cl client.Client) ([]*rbacv1.VDIRole, error)

GetRoles returns a list of all the VDIRoles that apply to this cluster instance. Note that the roles are trimmed of extra metadata before returning.

func (*VDICluster) GetSecretsBackend 

func (c *VDICluster) GetSecretsBackend() string

GetSecretsBackend returns the type of secrets backend this VDICluster is using.

func (*VDICluster) GetServiceAnnotations 

func (c *VDICluster) GetServiceAnnotations() map[string]string

GetServiceAnnotations returns the annotations to apply to the kvdi app service.

func (*VDICluster) GetServiceMonitorLabels 

func (c *VDICluster) GetServiceMonitorLabels() map[string]string

GetServiceMonitorLabels returns the labels to apply to the ServiceMonitor object.

func (*VDICluster) GetSignerName 

func (c *VDICluster) GetSignerName() string

GetSignerName returns the name of the signing certificate for the VDICluster.

func (*VDICluster) GetTokenDuration 

func (c *VDICluster) GetTokenDuration() time.Duration

GetTokenDuration returns the duration for a new token to live. If the duration cannot be parsed, the default is returned

func (*VDICluster) GetUserDesktopSelector 

func (c *VDICluster) GetUserDesktopSelector(username string) map[string]string

GetUserDesktopSelector returns a selector that can be used to find desktops for a given user.

func (*VDICluster) GetUserDesktopsSelector 

func (c *VDICluster) GetUserDesktopsSelector(username string) client.MatchingLabels

GetUserDesktopsSelector gets the label selector to use for looking up a user's desktop sessions.

func (*VDICluster) GetUserdataSelector added in v0.3.1 

func (c *VDICluster) GetUserdataSelector() *UserdataSelector

GetUserdataSelector returns the selector to use for locating PVCs for a user's $HOME.

func (*VDICluster) GetUserdataVolumeMapName 

func (c *VDICluster) GetUserdataVolumeMapName() types.NamespacedName

GetUserdataVolumeMapName returns the name of the configmap where user's are mapped to PVs.

func (*VDICluster) GetUserdataVolumeName 

func (c *VDICluster) GetUserdataVolumeName(username string) string

GetUserdataVolumeName returns the name of the userdata volume for the given user.

func (*VDICluster) GetUserdataVolumeSpec 

func (c *VDICluster) GetUserdataVolumeSpec() *corev1.PersistentVolumeClaimSpec

GetUserdataVolumeSpec returns the spec for creating PVCs for user persistence.

func (*VDICluster) IsUsingLDAPAuth 

func (c *VDICluster) IsUsingLDAPAuth() bool

IsUsingLDAPAuth returns true if the cluster is using the ldap authentication driver.

func (*VDICluster) IsUsingLDAPOverTLS 

func (c *VDICluster) IsUsingLDAPOverTLS() bool

IsUsingLDAPOverTLS returns true if the configured LDAP server is using TLS.

func (*VDICluster) IsUsingLocalAuth 

func (c *VDICluster) IsUsingLocalAuth() bool

IsUsingLocalAuth returns true if the cluster is using the local authentication driver. This function and the API should be refactored to just return true if no other options are defined.

func (*VDICluster) IsUsingOIDCAuth 

func (c *VDICluster) IsUsingOIDCAuth() bool

IsUsingOIDCAuth returns true if the cluster is using the oidc authentication driver.

func (*VDICluster) NamespacedName 

func (c *VDICluster) NamespacedName() types.NamespacedName

NamespacedName returns the NamespacedName of this VDICluster.

func (*VDICluster) OwnerReferences 

func (c *VDICluster) OwnerReferences() []metav1.OwnerReference

OwnerReferences returns an owner reference slice with this VDICluster instance as the owner.

func (*VDICluster) PreserveOIDCTokens 

func (c *VDICluster) PreserveOIDCTokens() bool

PreserveOIDCTokens returns whether OIDC tokens should be preserved and stored in the kvdi claims for the user.

func (*VDICluster) RunAppGrafanaSidecar 

func (c *VDICluster) RunAppGrafanaSidecar() bool

RunAppGrafanaSidecar returns true if a Grafana sidecar should be run alongside the app containers for displaying metrics in the UI.

type VDIClusterList 

type VDIClusterList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VDICluster `json:"items"`
}

VDIClusterList contains a list of VDICluster

func (*VDIClusterList) DeepCopy 

func (in *VDIClusterList) DeepCopy() *VDIClusterList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VDIClusterList.

func (*VDIClusterList) DeepCopyInto 

func (in *VDIClusterList) DeepCopyInto(out *VDIClusterList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VDIClusterList) DeepCopyObject 

func (in *VDIClusterList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VDIClusterSpec 

type VDIClusterSpec struct {
	// The namespace to provision application resurces in. Defaults to the `default`
	// namespace
	AppNamespace string `json:"appNamespace,omitempty"`
	// Pull secrets to use when pulling container images
	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
	// The configuration for user $HOME volumes to be managed by kVDI.
	//
	// **NOTE:** Even though the controller will try to force the reclaim policy on
	// created volumes to `Retain`, you may want to set it explicitly on your storage-class
	// controller as an extra safeguard.
	UserdataSpec *corev1.PersistentVolumeClaimSpec `json:"userdataSpec,omitempty"`
	// A configuration for selecting pre-existing PVCs to use as the $HOME directory for
	// sessions. This configuration takes precedence over `userdataSpec`.
	UserdataSelector *UserdataSelector `json:"userdataSelector,omitempty"`
	// App configurations.
	App *AppConfig `json:"app,omitempty"`
	// Authentication configurations
	Auth *AuthConfig `json:"auth,omitempty"`
	// Global desktop configurations
	Desktops *DesktopsConfig `json:"desktops,omitempty"`
	// Secrets backend configurations
	Secrets *SecretsConfig `json:"secrets,omitempty"`
	// Metrics configurations.
	Metrics *MetricsConfig `json:"metrics,omitempty"`
}

VDIClusterSpec defines the desired state of VDICluster

func (*VDIClusterSpec) DeepCopy 

func (in *VDIClusterSpec) DeepCopy() *VDIClusterSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VDIClusterSpec.

func (*VDIClusterSpec) DeepCopyInto 

func (in *VDIClusterSpec) DeepCopyInto(out *VDIClusterSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VDIClusterStatus 

type VDIClusterStatus struct{}

VDIClusterStatus defines the observed state of VDICluster

func (*VDIClusterStatus) DeepCopy 

func (in *VDIClusterStatus) DeepCopy() *VDIClusterStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VDIClusterStatus.

func (*VDIClusterStatus) DeepCopyInto 

func (in *VDIClusterStatus) DeepCopyInto(out *VDIClusterStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultConfig 

type VaultConfig struct {
	// The full URL to the vault server. Same as the `VAULT_ADDR` variable.
	Address string `json:"address,omitempty"`
	// The base64 encoded CA certificate for verifying the vault server certificate.
	CACertBase64 string `json:"caCertBase64,omitempty"`
	// Set to true to disable TLS verification.
	Insecure bool `json:"insecure,omitempty"`
	// Optionally set the SNI when connecting using HTTPS.
	TLSServerName string `json:"tlsServerName,omitempty"`
	// The auth role to assume when authenticating against vault. Defaults to `kvdi`.
	AuthRole string `json:"authRole,omitempty"`
	// The base path to store secrets in vault. "Keys" for other configurations in the
	// context of the vault backend can be put at `<secretsPath>/<secretKey>.data`. This
	// will change in the future to support keys inside the secret itself, instead of assuming
	// `data`.
	SecretsPath string `json:"secretsPath,omitempty"`
}

VaultConfig represents the configurations for connecting to a vault server.

func (*VaultConfig) DeepCopy 

func (in *VaultConfig) DeepCopy() *VaultConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultConfig.

func (*VaultConfig) DeepCopyInto 

func (in *VaultConfig) DeepCopyInto(out *VaultConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultConfig) GetAuthRole 

func (v *VaultConfig) GetAuthRole() string

GetAuthRole returns the auth role to use when connecting to a vault server.

func (*VaultConfig) GetSecretsPath 

func (v *VaultConfig) GetSecretsPath() string

GetSecretsPath returns the path in vault to use for storing and retrieving secrets.

func (*VaultConfig) IsUndefined 

func (v *VaultConfig) IsUndefined() bool

IsUndefined returns true if the given VaultConfig object is not actually configured. It checks that required values are present.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.