Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the audit v1alpha1 API group +groupName=auditing.kubesphere.io
Package v1alpha1 contains API Schema definitions for the audit v1alpha1 API group +kubebuilder:object:generate=true +groupName=auditing.kubesphere.io
Index ¶
- Variables
- func Resource(resource string) schema.GroupResource
- type AuditSinkPolicy
- type DynamicAuditConfig
- type Level
- type Policy
- type PolicyRule
- type Receiver
- type Rule
- type RuleList
- type RuleSpec
- type RuleStatus
- type ServiceReference
- type Stage
- type Webhook
- type WebhookClientConfig
- type WebhookList
- type WebhookSpec
- type WebhookStatus
- type WebhookThrottleConfig
Constants ¶
This section is empty.
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "auditing.kubesphere.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Types ¶
type AuditSinkPolicy ¶
type AuditSinkPolicy struct {
ArchivingRuleSelector *metav1.LabelSelector `json:"archivingRuleSelector,omitempty" protobuf:"bytes,8,opt,name=archivingRuleSelector"`
AlertingRuleSelector *metav1.LabelSelector `json:"alertingRuleSelector,omitempty" protobuf:"bytes,8,opt,name=alertingRuleSelector"`
}
func (*AuditSinkPolicy) DeepCopy ¶
func (in *AuditSinkPolicy) DeepCopy() *AuditSinkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkPolicy.
func (*AuditSinkPolicy) DeepCopyInto ¶
func (in *AuditSinkPolicy) DeepCopyInto(out *AuditSinkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DynamicAuditConfig ¶
type DynamicAuditConfig struct {
// Throttle holds the options for throttling the webhook
// +optional
Throttle *WebhookThrottleConfig `json:"throttle,omitempty" protobuf:"bytes,18,opt,name=throttle"`
// Policy defines the policy for selecting which events should be sent to the webhook
// +optional
Policy *Policy `json:"policy,omitempty" protobuf:"bytes,18,opt,name=policy"`
}
func (*DynamicAuditConfig) DeepCopy ¶
func (in *DynamicAuditConfig) DeepCopy() *DynamicAuditConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicAuditConfig.
func (*DynamicAuditConfig) DeepCopyInto ¶
func (in *DynamicAuditConfig) DeepCopyInto(out *DynamicAuditConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Level ¶
type Level string
const ( // LevelNone disables auditing LevelNone Level = "None" // LevelMetadata provides the basic level of auditing. LevelMetadata Level = "Metadata" // LevelRequest provides Metadata level of auditing, and additionally // logs the request object (does not apply for non-resource requests). LevelRequest Level = "Request" // LevelRequestResponse provides Request level of auditing, and additionally // logs the response object (does not apply for non-resource requests and watches). LevelRequestResponse Level = "RequestResponse" )
type Policy ¶
type Policy struct {
// The Level that all requests are recorded at.
// available options: None, Metadata, Request, RequestResponse
// required
Level Level `json:"level" protobuf:"bytes,1,opt,name=level"`
// Stages is a list of stages for which events are created.
// +optional
Stages []Stage `json:"stages" protobuf:"bytes,2,opt,name=stages"`
}
func (*Policy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyRule ¶
type PolicyRule struct {
// Rule name
Name string `json:"name,omitempty" protobuf:"bytes,8,opt,name=name"`
// Rule type, rule, macro,list,alias
Type string `json:"type,omitempty" protobuf:"bytes,8,opt,name=type"`
// Rule describe
Desc string `json:"desc,omitempty" protobuf:"bytes,8,opt,name=desc"`
// Rule condition
// This effective When the rule type is rule
Condition string `json:"condition,omitempty" protobuf:"bytes,8,opt,name=condition"`
// This effective When the rule type is macro
Macro string `json:"macro,omitempty" protobuf:"bytes,8,opt,name=macro"`
// This effective When the rule type is alias
Alias string `json:"alias,omitempty" protobuf:"bytes,8,opt,name=alias"`
// This effective When the rule type is list
List []string `json:"list,omitempty" protobuf:"bytes,8,opt,name=list"`
// Is the rule enable
Enable bool `json:"enable" protobuf:"bytes,8,opt,name=enable"`
// The output formater of message which send to user
Output string `json:"output,omitempty" protobuf:"bytes,8,opt,name=output"`
// Rule priority, DEBUG, INFO, WARNING
Priority string `json:"priority,omitempty" protobuf:"bytes,8,opt,name=priority"`
}
func (*PolicyRule) DeepCopy ¶
func (in *PolicyRule) DeepCopy() *PolicyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.
func (*PolicyRule) DeepCopyInto ¶
func (in *PolicyRule) DeepCopyInto(out *PolicyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Receiver ¶
type Receiver struct {
// Receiver name
// +optional
ReceicerName string `json:"name,omitempty" protobuf:"bytes,8,opt,name=name"`
// Receiver type, alertmanager or webhook
// +optional
ReceiverType string `json:"type,omitempty" protobuf:"bytes,8,opt,name=type"`
// ClientConfig holds the connection parameters for the webhook
// +optional
ReceiverConfig *WebhookClientConfig `json:"config,omitempty" protobuf:"bytes,8,opt,name=config"`
}
Receiver config which received the audit alert
func (*Receiver) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Receiver.
func (*Receiver) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec RuleSpec `json:"spec,omitempty"`
Status RuleStatus `json:"status,omitempty"`
}
Rule is the Schema for the rules API
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Rule) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RuleList ¶
type RuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Rule `json:"items"`
}
AuditRuleList contains a list of Rule
func (*RuleList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.
func (*RuleList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RuleList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RuleSpec ¶
type RuleSpec struct {
PolicyRules []PolicyRule `json:"rules,omitempty" protobuf:"bytes,8,opt,name=rules"`
}
AuditRuleSpec defines the desired state of Rule
func (*RuleSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleSpec.
func (*RuleSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleStatus ¶
type RuleStatus struct {
}
AuditRuleStatus defines the observed state of Rule
func (*RuleStatus) DeepCopy ¶
func (in *RuleStatus) DeepCopy() *RuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStatus.
func (*RuleStatus) DeepCopyInto ¶
func (in *RuleStatus) DeepCopyInto(out *RuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceReference ¶
type ServiceReference struct {
// `namespace` is the namespace of the service.
// Required
Namespace string `json:"namespace" protobuf:"bytes,1,opt,name=namespace"`
// `name` is the name of the service.
// Required
Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
// `path` is an optional URL path which will be sent in any request to
// this service.
// +optional
Path *string `json:"path,omitempty" protobuf:"bytes,3,opt,name=path"`
// If specified, the port on the service that hosting webhook.
// Default to 443 for backward compatibility.
// `port` should be a valid port number (1-65535, inclusive).
// +optional
Port *int32 `json:"port,omitempty" protobuf:"varint,4,opt,name=port"`
}
func (*ServiceReference) DeepCopy ¶
func (in *ServiceReference) DeepCopy() *ServiceReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.
func (*ServiceReference) DeepCopyInto ¶
func (in *ServiceReference) DeepCopyInto(out *ServiceReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Webhook ¶
type Webhook struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec WebhookSpec `json:"spec,omitempty"`
Status WebhookStatus `json:"status,omitempty"`
}
Webhook is the Schema for the webhooks API
func (*Webhook) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Webhook.
func (*Webhook) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Webhook) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WebhookClientConfig ¶
type WebhookClientConfig struct {
// `url` gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
URL *string `json:"url,omitempty" protobuf:"bytes,1,opt,name=url"`
// `service` is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// +optional
Service *ServiceReference `json:"service,omitempty" protobuf:"bytes,2,opt,name=service"`
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,3,opt,name=caBundle"`
}
func (*WebhookClientConfig) DeepCopy ¶
func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.
func (*WebhookClientConfig) DeepCopyInto ¶
func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookList ¶
type WebhookList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Webhook `json:"items"`
}
WebhookList contains a list of Webhook
func (*WebhookList) DeepCopy ¶
func (in *WebhookList) DeepCopy() *WebhookList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookList.
func (*WebhookList) DeepCopyInto ¶
func (in *WebhookList) DeepCopyInto(out *WebhookList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WebhookList) DeepCopyObject ¶
func (in *WebhookList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WebhookSpec ¶
type WebhookSpec struct {
// Number of desired pods. This is a pointer to distinguish between explicit
// zero and not specified. Defaults to 1.
// +optional
Replicas *int32 `json:"replicas,omitempty" protobuf:"varint,1,opt,name=replicas"`
// The webhook docker image name.
// +optional
Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"`
// Image pull policy.
// One of Always, Never, IfNotPresent.
// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
// +optional
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"`
// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
// If specified, these secrets will be passed to individual puller implementations for them to use. For example,
// in the case of docker, only DockerConfig type secrets are honored.
// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
// Arguments to the entrypoint..
// It will be appended to the args and replace the default value.
// +optional
Args []string `json:"args,omitempty" protobuf:"bytes,3,rep,name=args"`
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"`
// If specified, the pod's scheduling constraints
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,18,opt,name=affinity"`
// If specified, the pod's tolerations.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"`
// Compute Resources required by this container.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
// +optional
Resources *corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"`
// Receiver contains the information to make a connection with the alertmanager
// +optional
Receivers []Receiver `json:"receivers,omitempty" protobuf:"bytes,8,opt,name=receivers"`
// AuditSinkPolicy is a rule selector, only the rule matched this selector will be taked effect.
// +optional
*AuditSinkPolicy `json:"auditSinkPolicy,omitempty" protobuf:"bytes,8,opt,name=auditSinkPolicy"`
// Rule priority, DEBUG < INFO < WARNING
//Audit events will be stored only when the priority of the audit rule
// matching the audit event is greater than this.
Priority string `json:"priority,omitempty" protobuf:"bytes,8,opt,name=priority"`
// Audit type, static or dynamic.
AuditType string `json:"auditType,omitempty" protobuf:"bytes,8,opt,name=auditType"`
// The Level that all requests are recorded at.
// available options: None, Metadata, Request, RequestResponse
// default: Metadata
// +optional
AuditLevel Level `json:"auditLevel" protobuf:"bytes,1,opt,name=auditLevel"`
// K8s auditing is enabled or not.
K8sAuditingEnabled bool `json:"k8sAuditingEnabled,omitempty" protobuf:"bytes,8,opt,name=priority"`
}
WebhookSpec defines the desired state of Webhook
func (*WebhookSpec) DeepCopy ¶
func (in *WebhookSpec) DeepCopy() *WebhookSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSpec.
func (*WebhookSpec) DeepCopyInto ¶
func (in *WebhookSpec) DeepCopyInto(out *WebhookSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookStatus ¶
type WebhookStatus struct {
}
WebhookStatus defines the observed state of Webhook
func (*WebhookStatus) DeepCopy ¶
func (in *WebhookStatus) DeepCopy() *WebhookStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookStatus.
func (*WebhookStatus) DeepCopyInto ¶
func (in *WebhookStatus) DeepCopyInto(out *WebhookStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookThrottleConfig ¶
type WebhookThrottleConfig struct {
// ThrottleQPS maximum number of batches per second
// default 10 QPS
// +optional
QPS *int64 `json:"qps,omitempty" protobuf:"bytes,1,opt,name=qps"`
// ThrottleBurst is the maximum number of events sent at the same moment
// default 15 QPS
// +optional
Burst *int64 `json:"burst,omitempty" protobuf:"bytes,2,opt,name=burst"`
}
func (*WebhookThrottleConfig) DeepCopy ¶
func (in *WebhookThrottleConfig) DeepCopy() *WebhookThrottleConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookThrottleConfig.
func (*WebhookThrottleConfig) DeepCopyInto ¶
func (in *WebhookThrottleConfig) DeepCopyInto(out *WebhookThrottleConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files