opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-19 16:33:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update buildah to v1.11.0

Browse Source 
Vendor in the latest changes for buildah to apply the implemented
features here as well.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
This commit is contained in:
Sascha Grunert
2019-09-05 16:58:06 +02:00
parent b962b1e353
commit f66a2069f1
78 changed files with 34431 additions and 11746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
vendor/github.com/openshift/api/LICENSE generated vendored Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

8
vendor/github.com/openshift/api/config/v1/doc.go generated vendored Normal file
View File

@ -0,0 +1,8 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
// +kubebuilder:validation:Optional
// +groupName=config.openshift.io
// Package v1 is the v1 version of the API.
package v1

70
vendor/github.com/openshift/api/config/v1/register.go generated vendored Normal file
View File

@ -0,0 +1,70 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
var (
GroupName = "config.openshift.io"
GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// Install is a function which adds this version to a scheme
Install = schemeBuilder.AddToScheme
// SchemeGroupVersion generated code relies on this name
// Deprecated
SchemeGroupVersion = GroupVersion
// AddToScheme exists solely to keep the old generators creating valid code
// DEPRECATED
AddToScheme = schemeBuilder.AddToScheme
)
// Resource generated code relies on this being here, but it logically belongs to the group
// DEPRECATED
func Resource(resource string) schema.GroupResource {
return schema.GroupResource{Group: GroupName, Resource: resource}
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(GroupVersion,
&APIServer{},
&APIServerList{},
&Authentication{},
&AuthenticationList{},
&Build{},
&BuildList{},
&ClusterOperator{},
&ClusterOperatorList{},
&ClusterVersion{},
&ClusterVersionList{},
&Console{},
&ConsoleList{},
&DNS{},
&DNSList{},
&FeatureGate{},
&FeatureGateList{},
&Image{},
&ImageList{},
&Infrastructure{},
&InfrastructureList{},
&Ingress{},
&IngressList{},
&Network{},
&NetworkList{},
&OAuth{},
&OAuthList{},
&OperatorHub{},
&OperatorHubList{},
&Project{},
&ProjectList{},
&Proxy{},
&ProxyList{},
&Scheduler{},
&SchedulerList{},
)
metav1.AddToGroupVersion(scheme, GroupVersion)
return nil
}

31
vendor/github.com/openshift/api/config/v1/stringsource.go generated vendored Normal file
View File

@ -0,0 +1,31 @@
package v1
import "encoding/json"
// UnmarshalJSON implements the json.Unmarshaller interface.
// If the value is a string, it sets the Value field of the StringSource.
// Otherwise, it is unmarshaled into the StringSourceSpec struct
func (s *StringSource) UnmarshalJSON(value []byte) error {
// If we can unmarshal to a simple string, just set the value
var simpleValue string
if err := json.Unmarshal(value, &simpleValue); err == nil {
s.Value = simpleValue
return nil
}
// Otherwise do the full struct unmarshal
return json.Unmarshal(value, &s.StringSourceSpec)
}
// MarshalJSON implements the json.Marshaller interface.
// If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string.
// Otherwise, the StringSourceSpec struct is marshaled as a JSON object.
func (s *StringSource) MarshalJSON() ([]byte, error) {
// If we have only a cleartext value set, do a simple string marshal
if s.StringSourceSpec == (StringSourceSpec{Value: s.Value}) {
return json.Marshal(s.Value)
}
// Otherwise do the full struct marshal of the externalized bits
return json.Marshal(s.StringSourceSpec)
}

310
vendor/github.com/openshift/api/config/v1/types.go generated vendored Normal file
View File

@ -0,0 +1,310 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// ConfigMapFileReference references a config map in a specific namespace.
// The namespace must be specified at the point of use.
type ConfigMapFileReference struct {
Name string `json:"name"`
// Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
Key string `json:"key,omitempty"`
}
// ConfigMapNameReference references a config map in a specific namespace.
// The namespace must be specified at the point of use.
type ConfigMapNameReference struct {
// name is the metadata.name of the referenced config map
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
}
// SecretNameReference references a secret in a specific namespace.
// The namespace must be specified at the point of use.
type SecretNameReference struct {
// name is the metadata.name of the referenced secret
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
}
// HTTPServingInfo holds configuration for serving HTTP
type HTTPServingInfo struct {
// ServingInfo is the HTTP serving information
ServingInfo `json:",inline"`
// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.
MaxRequestsInFlight int64 `json:"maxRequestsInFlight"`
// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if
// -1 there is no limit on requests.
RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"`
}
// ServingInfo holds information about serving web pages
type ServingInfo struct {
// BindAddress is the ip:port to serve on
BindAddress string `json:"bindAddress"`
// BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp",
// "tcp4", and "tcp6"
BindNetwork string `json:"bindNetwork"`
// CertInfo is the TLS cert info for serving secure traffic.
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
// +optional
ClientCA string `json:"clientCA,omitempty"`
// NamedCertificates is a list of certificates to use to secure requests to specific hostnames
NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"`
// MinTLSVersion is the minimum TLS version supported.
// Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
MinTLSVersion string `json:"minTLSVersion,omitempty"`
// CipherSuites contains an overridden list of ciphers for the server to support.
// Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants
CipherSuites []string `json:"cipherSuites,omitempty"`
}
// CertInfo relates a certificate with a private key
type CertInfo struct {
// CertFile is a file containing a PEM-encoded certificate
CertFile string `json:"certFile"`
// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
KeyFile string `json:"keyFile"`
}
// NamedCertificate specifies a certificate/key, and the names it should be served for
type NamedCertificate struct {
// Names is a list of DNS names this certificate should be used to secure
// A name can be a normal DNS name, or can contain leading wildcard segments.
Names []string `json:"names,omitempty"`
// CertInfo is the TLS cert info for serving secure traffic
CertInfo `json:",inline"`
}
// LeaderElection provides information to elect a leader
type LeaderElection struct {
// disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case.
Disable bool `json:"disable,omitempty"`
// namespace indicates which namespace the resource is in
Namespace string `json:"namespace,omitempty"`
// name indicates what name to use for the resource
Name string `json:"name,omitempty"`
// leaseDuration is the duration that non-leader candidates will wait
// after observing a leadership renewal until attempting to acquire
// leadership of a led but unrenewed leader slot. This is effectively the
// maximum duration that a leader can be stopped before it is replaced
// by another candidate. This is only applicable if leader election is
// enabled.
// +nullable
LeaseDuration metav1.Duration `json:"leaseDuration"`
// renewDeadline is the interval between attempts by the acting master to
// renew a leadership slot before it stops leading. This must be less
// than or equal to the lease duration. This is only applicable if leader
// election is enabled.
// +nullable
RenewDeadline metav1.Duration `json:"renewDeadline"`
// retryPeriod is the duration the clients should wait between attempting
// acquisition and renewal of a leadership. This is only applicable if
// leader election is enabled.
// +nullable
RetryPeriod metav1.Duration `json:"retryPeriod"`
}
// StringSource allows specifying a string inline, or externally via env var or file.
// When it contains only a string value, it marshals to a simple JSON string.
type StringSource struct {
// StringSourceSpec specifies the string value, or external location
StringSourceSpec `json:",inline"`
}
// StringSourceSpec specifies a string value, or external location
type StringSourceSpec struct {
// Value specifies the cleartext value, or an encrypted value if keyFile is specified.
Value string `json:"value"`
// Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.
Env string `json:"env"`
// File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.
File string `json:"file"`
// KeyFile references a file containing the key to use to decrypt the value.
KeyFile string `json:"keyFile"`
}
// RemoteConnectionInfo holds information necessary for establishing a remote connection
type RemoteConnectionInfo struct {
// URL is the remote URL to connect to
URL string `json:"url"`
// CA is the CA for verifying TLS connections
CA string `json:"ca"`
// CertInfo is the TLS client cert information to present
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
}
type AdmissionConfig struct {
PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"`
// enabledPlugins is a list of admission plugins that must be on in addition to the default list.
// Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon
// and can result in performance penalties and unexpected behavior.
EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"`
// disabledPlugins is a list of admission plugins that must be off. Putting something in this list
// is almost always a mistake and likely to result in cluster instability.
DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"`
}
// AdmissionPluginConfig holds the necessary configuration options for admission plugins
type AdmissionPluginConfig struct {
// Location is the path to a configuration file that contains the plugin's
// configuration
Location string `json:"location"`
// Configuration is an embedded configuration object to be used as the plugin's
// configuration. If present, it will be used instead of the path to the configuration file.
// +nullable
Configuration runtime.RawExtension `json:"configuration"`
}
type LogFormatType string
type WebHookModeType string
const (
// LogFormatLegacy saves event in 1-line text format.
LogFormatLegacy LogFormatType = "legacy"
// LogFormatJson saves event in structured json format.
LogFormatJson LogFormatType = "json"
// WebHookModeBatch indicates that the webhook should buffer audit events
// internally, sending batch updates either once a certain number of
// events have been received or a certain amount of time has passed.
WebHookModeBatch WebHookModeType = "batch"
// WebHookModeBlocking causes the webhook to block on every attempt to process
// a set of events. This causes requests to the API server to wait for a
// round trip to the external audit service before sending a response.
WebHookModeBlocking WebHookModeType = "blocking"
)
// AuditConfig holds configuration for the audit capabilities
type AuditConfig struct {
// If this flag is set, audit log will be printed in the logs.
// The logs contains, method, user and a requested URL.
Enabled bool `json:"enabled"`
// All requests coming to the apiserver will be logged to this file.
AuditFilePath string `json:"auditFilePath"`
// Maximum number of days to retain old log files based on the timestamp encoded in their filename.
MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"`
// Maximum number of old log files to retain.
MaximumRetainedFiles int32 `json:"maximumRetainedFiles"`
// Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.
MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"`
// PolicyFile is a path to the file that defines the audit policy configuration.
PolicyFile string `json:"policyFile"`
// PolicyConfiguration is an embedded policy configuration object to be used
// as the audit policy configuration. If present, it will be used instead of
// the path to the policy file.
// +nullable
PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"`
// Format of saved audits (legacy or json).
LogFormat LogFormatType `json:"logFormat"`
// Path to a .kubeconfig formatted file that defines the audit webhook configuration.
WebHookKubeConfig string `json:"webHookKubeConfig"`
// Strategy for sending audit events (block or batch).
WebHookMode WebHookModeType `json:"webHookMode"`
}
// EtcdConnectionInfo holds information necessary for connecting to an etcd server
type EtcdConnectionInfo struct {
// URLs are the URLs for etcd
URLs []string `json:"urls,omitempty"`
// CA is a file containing trusted roots for the etcd server certificates
CA string `json:"ca"`
// CertInfo is the TLS client cert information for securing communication to etcd
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
}
type EtcdStorageConfig struct {
EtcdConnectionInfo `json:",inline"`
// StoragePrefix is the path within etcd that the OpenShift resources will
// be rooted under. This value, if changed, will mean existing objects in etcd will
// no longer be located.
StoragePrefix string `json:"storagePrefix"`
}
// GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd
type GenericAPIServerConfig struct {
// servingInfo describes how to start serving
ServingInfo HTTPServingInfo `json:"servingInfo"`
// corsAllowedOrigins
CORSAllowedOrigins []string `json:"corsAllowedOrigins"`
// auditConfig describes how to configure audit information
AuditConfig AuditConfig `json:"auditConfig"`
// storageConfig contains information about how to use
StorageConfig EtcdStorageConfig `json:"storageConfig"`
// admissionConfig holds information about how to configure admission.
AdmissionConfig AdmissionConfig `json:"admission"`
KubeClientConfig KubeClientConfig `json:"kubeClientConfig"`
}
type KubeClientConfig struct {
// kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config
KubeConfig string `json:"kubeConfig"`
// connectionOverrides specifies client overrides for system components to loop back to this master.
ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"`
}
type ClientConnectionOverrides struct {
// acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
// default value of 'application/json'. This field will control all connections to the server used by a particular
// client.
AcceptContentTypes string `json:"acceptContentTypes"`
// contentType is the content type used when sending data to the server from this client.
ContentType string `json:"contentType"`
// qps controls the number of queries per second allowed for this connection.
QPS float32 `json:"qps"`
// burst allows extra queries to accumulate when a client is exceeding its rate.
Burst int32 `json:"burst"`
}
// GenericControllerConfig provides information to configure a controller
type GenericControllerConfig struct {
// ServingInfo is the HTTP serving information for the controller's endpoints
ServingInfo HTTPServingInfo `json:"servingInfo"`
// leaderElection provides information to elect a leader. Only override this if you have a specific need
LeaderElection LeaderElection `json:"leaderElection"`
// authentication allows configuration of authentication for the endpoints
Authentication DelegatedAuthentication `json:"authentication"`
// authorization allows configuration of authentication for the endpoints
Authorization DelegatedAuthorization `json:"authorization"`
}
// DelegatedAuthentication allows authentication to be disabled.
type DelegatedAuthentication struct {
// disabled indicates that authentication should be disabled. By default it will use delegated authentication.
Disabled bool `json:"disabled,omitempty"`
}
// DelegatedAuthorization allows authorization to be disabled.
type DelegatedAuthorization struct {
// disabled indicates that authorization should be disabled. By default it will use delegated authorization.
Disabled bool `json:"disabled,omitempty"`
}

75
vendor/github.com/openshift/api/config/v1/types_apiserver.go generated vendored Normal file
View File

@ -0,0 +1,75 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// APIServer holds configuration (like serving certificates, client CA and CORS domains)
// shared by all API servers in the system, among them especially kube-apiserver
// and openshift-apiserver. The canonical name of an instance is 'cluster'.
type APIServer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// +kubebuilder:validation:Required
// +required
Spec APIServerSpec `json:"spec"`
// +optional
Status APIServerStatus `json:"status"`
}
type APIServerSpec struct {
// servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
// will be used for serving secure traffic.
// +optional
ServingCerts APIServerServingCerts `json:"servingCerts"`
// clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for
// incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.
// You usually only have to set this if you have your own PKI you wish to honor client certificates from.
// The ConfigMap must exist in the openshift-config namespace and contain the following required fields:
// - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
// +optional
ClientCA ConfigMapNameReference `json:"clientCA"`
// additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the
// API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth
// server from JavaScript applications.
// The values are regular expressions that correspond to the Golang regular expression language.
// +optional
AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"`
}
type APIServerServingCerts struct {
// namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.
// If no named certificates are provided, or no named certificates match the server name as understood by a client,
// the defaultServingCertificate will be used.
// +optional
NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"`
}
// APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type APIServerNamedServingCert struct {
// names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to
// serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.
// Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
// +optional
Names []string `json:"names,omitempty"`
// servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
// The secret must exist in the openshift-config namespace and contain the following required fields:
// - Secret.Data["tls.key"] - TLS private key.
// - Secret.Data["tls.crt"] - TLS certificate.
ServingCertificate SecretNameReference `json:"servingCertificate"`
}
type APIServerStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type APIServerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []APIServer `json:"items"`
}

120
vendor/github.com/openshift/api/config/v1/types_authentication.go generated vendored Normal file
View File

@ -0,0 +1,120 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Authentication specifies cluster-wide settings for authentication (like OAuth and
// webhook token authenticators). The canonical name of an instance is `cluster`.
type Authentication struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec AuthenticationSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status AuthenticationStatus `json:"status"`
}
type AuthenticationSpec struct {
// type identifies the cluster managed, user facing authentication mode in use.
// Specifically, it manages the component that responds to login attempts.
// The default is IntegratedOAuth.
// +optional
Type AuthenticationType `json:"type"`
// oauthMetadata contains the discovery endpoint data for OAuth 2.0
// Authorization Server Metadata for an external OAuth server.
// This discovery document can be viewed from its served location:
// oc get --raw '/.well-known/oauth-authorization-server'
// For further details, see the IETF Draft:
// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
// If oauthMetadata.name is non-empty, this value has precedence
// over any metadata reference stored in status.
// The key "oauthMetadata" is used to locate the data.
// If specified and the config map or expected key is not found, no metadata is served.
// If the specified metadata is not valid, no metadata is served.
// The namespace for this config map is openshift-config.
// +optional
OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"`
// webhookTokenAuthenticators configures remote token reviewers.
// These remote authentication webhooks can be used to verify bearer tokens
// via the tokenreviews.authentication.k8s.io REST API. This is required to
// honor bearer tokens that are provisioned by an external authentication service.
// The namespace for these secrets is openshift-config.
// +optional
WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"`
}
type AuthenticationStatus struct {
// integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0
// Authorization Server Metadata for the in-cluster integrated OAuth server.
// This discovery document can be viewed from its served location:
// oc get --raw '/.well-known/oauth-authorization-server'
// For further details, see the IETF Draft:
// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
// This contains the observed value based on cluster state.
// An explicitly set value in spec.oauthMetadata has precedence over this field.
// This field has no meaning if authentication spec.type is not set to IntegratedOAuth.
// The key "oauthMetadata" is used to locate the data.
// If the config map or expected key is not found, no metadata is served.
// If the specified metadata is not valid, no metadata is served.
// The namespace for this config map is openshift-config-managed.
IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"`
// TODO if we add support for an in-cluster operator managed Keycloak instance
// KeycloakOAuthMetadata ConfigMapNameReference `json:"keycloakOAuthMetadata"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type AuthenticationList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Authentication `json:"items"`
}
type AuthenticationType string
const (
// None means that no cluster managed authentication system is in place.
// Note that user login will only work if a manually configured system is in place and
// referenced in authentication spec via oauthMetadata and webhookTokenAuthenticators.
AuthenticationTypeNone AuthenticationType = "None"
// IntegratedOAuth refers to the cluster managed OAuth server.
// It is configured via the top level OAuth config.
AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth"
// TODO if we add support for an in-cluster operator managed Keycloak instance
// AuthenticationTypeKeycloak AuthenticationType = "Keycloak"
)
// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator
type WebhookTokenAuthenticator struct {
// kubeConfig contains kube config file data which describes how to access the remote webhook service.
// For further details, see:
// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
// The key "kubeConfig" is used to locate the data.
// If the secret or expected key is not found, the webhook is not honored.
// If the specified kube config data is not valid, the webhook is not honored.
// The namespace for this secret is determined by the point of use.
KubeConfig SecretNameReference `json:"kubeConfig"`
}
const (
// OAuthMetadataKey is the key for the oauth authorization server metadata
OAuthMetadataKey = "oauthMetadata"
// KubeConfigKey is the key for the kube config file data in a secret
KubeConfigKey = "kubeConfig"
)

101
vendor/github.com/openshift/api/config/v1/types_build.go generated vendored Normal file
View File

@ -0,0 +1,101 @@
package v1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Build holds cluster-wide information on how to handle builds. The canonical name is `cluster`
type Build struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds user-settable values for the build controller configuration
// +kubebuilder:validation:Required
// +required
Spec BuildSpec `json:"spec"`
}
type BuildSpec struct {
// AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
// should be trusted for image pushes and pulls during builds.
// The namespace for this config map is openshift-config.
// +optional
AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
// BuildDefaults controls the default information for Builds
// +optional
BuildDefaults BuildDefaults `json:"buildDefaults"`
// BuildOverrides controls override settings for builds
// +optional
BuildOverrides BuildOverrides `json:"buildOverrides"`
}
type BuildDefaults struct {
// DefaultProxy contains the default proxy settings for all build operations, including image pull/push
// and source download.
//
// Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables
// in the build config's strategy.
// +optional
DefaultProxy *ProxySpec `json:"defaultProxy,omitempty"`
// GitProxy contains the proxy settings for git operations only. If set, this will override
// any Proxy settings for all git commands, such as git clone.
//
// Values that are not set here will be inherited from DefaultProxy.
// +optional
GitProxy *ProxySpec `json:"gitProxy,omitempty"`
// Env is a set of default environment variables that will be applied to the
// build if the specified variables do not exist on the build
// +optional
Env []corev1.EnvVar `json:"env,omitempty"`
// ImageLabels is a list of docker labels that are applied to the resulting image.
// User can override a default label by providing a label with the same name in their
// Build/BuildConfig.
// +optional
ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
// Resources defines resource requirements to execute the build.
// +optional
Resources corev1.ResourceRequirements `json:"resources"`
}
type ImageLabel struct {
// Name defines the name of the label. It must have non-zero length.
Name string `json:"name"`
// Value defines the literal value of the label.
// +optional
Value string `json:"value,omitempty"`
}
type BuildOverrides struct {
// ImageLabels is a list of docker labels that are applied to the resulting image.
// If user provided a label in their Build/BuildConfig with the same name as one in this
// list, the user's label will be overwritten.
// +optional
ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
// NodeSelector is a selector which must be true for the build pod to fit on a node
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// Tolerations is a list of Tolerations that will override any existing
// tolerations set on a build pod.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type BuildList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Build `json:"items"`
}

150
vendor/github.com/openshift/api/config/v1/types_cluster_operator.go generated vendored Normal file
View File

@ -0,0 +1,150 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterOperator is the Custom Resource object which holds the current state
// of an operator. This object is used by operators to convey their state to
// the rest of the cluster.
type ClusterOperator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// spec hold the intent of how this operator should behave.
// +kubebuilder:validation:Required
// +required
Spec ClusterOperatorSpec `json:"spec"`
// status holds the information about the state of an operator. It is consistent with status information across
// the kube ecosystem.
// +optional
Status ClusterOperatorStatus `json:"status"`
}
// ClusterOperatorSpec is empty for now, but you could imagine holding information like "pause".
type ClusterOperatorSpec struct {
}
// ClusterOperatorStatus provides information about the status of the operator.
// +k8s:deepcopy-gen=true
type ClusterOperatorStatus struct {
// conditions describes the state of the operator's reconciliation functionality.
// +patchMergeKey=type
// +patchStrategy=merge
// +optional
Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
// versions is a slice of operand version tuples. Operators which manage multiple operands will have multiple
// entries in the array. If an operator is Available, it must have at least one entry. You must report the version of
// the operator itself with the name "operator".
// +optional
Versions []OperandVersion `json:"versions,omitempty"`
// relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are:
// 1. the detailed resource driving the operator
// 2. operator namespaces
// 3. operand namespaces
// +optional
RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"`
// extension contains any additional status information specific to the
// operator which owns this status object.
// +nullable
// +optional
Extension runtime.RawExtension `json:"extension"`
}
type OperandVersion struct {
// name is the name of the particular operand this version is for. It usually matches container images, not operators.
Name string `json:"name"`
// version indicates which version of a particular operand is currently being manage. It must always match the Available
// condition. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout
// 1.1.0
Version string `json:"version"`
}
// ObjectReference contains enough information to let you inspect or modify the referred object.
type ObjectReference struct {
// group of the referent.
Group string `json:"group"`
// resource of the referent.
Resource string `json:"resource"`
// namespace of the referent.
// +optional
Namespace string `json:"namespace,omitempty"`
// name of the referent.
Name string `json:"name"`
}
type ConditionStatus string
// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
// can't decide if a resource is in the condition or not. In the future, we could add other
// intermediate conditions, e.g. ConditionDegraded.
const (
ConditionTrue ConditionStatus = "True"
ConditionFalse ConditionStatus = "False"
ConditionUnknown ConditionStatus = "Unknown"
)
// ClusterOperatorStatusCondition represents the state of the operator's
// reconciliation functionality.
// +k8s:deepcopy-gen=true
type ClusterOperatorStatusCondition struct {
// type specifies the state of the operator's reconciliation functionality.
Type ClusterStatusConditionType `json:"type"`
// status of the condition, one of True, False, Unknown.
Status ConditionStatus `json:"status"`
// lastTransitionTime is the time of the last update to the current status object.
LastTransitionTime metav1.Time `json:"lastTransitionTime"`
// reason is the reason for the condition's last transition. Reasons are CamelCase
Reason string `json:"reason,omitempty"`
// message provides additional information about the current condition.
// This is only to be consumed by humans.
Message string `json:"message,omitempty"`
}
// ClusterStatusConditionType is the state of the operator's reconciliation functionality.
type ClusterStatusConditionType string
const (
// Available indicates that the binary maintained by the operator (eg: openshift-apiserver for the
// openshift-apiserver-operator), is functional and available in the cluster.
OperatorAvailable ClusterStatusConditionType = "Available"
// Progressing indicates that the operator is actively making changes to the binary maintained by the
// operator (eg: openshift-apiserver for the openshift-apiserver-operator).
OperatorProgressing ClusterStatusConditionType = "Progressing"
// Degraded indicates that the operand is not functioning completely. An example of a degraded state
// would be if there should be 5 copies of the operand running but only 4 are running. It may still be available,
// but it is degraded
OperatorDegraded ClusterStatusConditionType = "Degraded"
// Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False`
// administrators should not upgrade their cluster and the message field should contain a human readable description
// of what the administrator should do to allow the operator to successfully update. A missing condition, True,
// and Unknown are all treated by the CVO as allowing an upgrade.
OperatorUpgradeable ClusterStatusConditionType = "Upgradeable"
)
// ClusterOperatorList is a list of OperatorStatus resources.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ClusterOperatorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterOperator `json:"items"`
}

237
vendor/github.com/openshift/api/config/v1/types_cluster_version.go generated vendored Normal file
View File

@ -0,0 +1,237 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterVersion is the configuration for the ClusterVersionOperator. This is where
// parameters related to automatic updates can be set.
type ClusterVersion struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec is the desired state of the cluster version - the operator will work
// to ensure that the desired version is applied to the cluster.
// +kubebuilder:validation:Required
// +required
Spec ClusterVersionSpec `json:"spec"`
// status contains information about the available updates and any in-progress
// updates.
// +optional
Status ClusterVersionStatus `json:"status"`
}
// ClusterVersionSpec is the desired version state of the cluster. It includes
// the version the cluster should be at, how the cluster is identified, and
// where the cluster should look for version updates.
// +k8s:deepcopy-gen=true
type ClusterVersionSpec struct {
// clusterID uniquely identifies this cluster. This is expected to be
// an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in
// hexadecimal values). This is a required field.
ClusterID ClusterID `json:"clusterID"`
// desiredUpdate is an optional field that indicates the desired value of
// the cluster version. Setting this value will trigger an upgrade (if
// the current version does not match the desired version). The set of
// recommended update values is listed as part of available updates in
// status, and setting values outside that range may cause the upgrade
// to fail. You may specify the version field without setting image if
// an update exists with that version in the availableUpdates or history.
//
// If an upgrade fails the operator will halt and report status
// about the failing component. Setting the desired update value back to
// the previous version will cause a rollback to be attempted. Not all
// rollbacks will succeed.
//
// +optional
DesiredUpdate *Update `json:"desiredUpdate,omitempty"`
// upstream may be used to specify the preferred update server. By default
// it will use the appropriate update server for the cluster and region.
//
// +optional
Upstream URL `json:"upstream,omitempty"`
// channel is an identifier for explicitly requesting that a non-default
// set of updates be applied to this cluster. The default channel will be
// contain stable updates that are appropriate for production clusters.
//
// +optional
Channel string `json:"channel,omitempty"`
// overrides is list of overides for components that are managed by
// cluster version operator. Marking a component unmanaged will prevent
// the operator from creating or updating the object.
// +optional
Overrides []ComponentOverride `json:"overrides,omitempty"`
}
// ClusterVersionStatus reports the status of the cluster versioning,
// including any upgrades that are in progress. The current field will
// be set to whichever version the cluster is reconciling to, and the
// conditions array will report whether the update succeeded, is in
// progress, or is failing.
// +k8s:deepcopy-gen=true
type ClusterVersionStatus struct {
// desired is the version that the cluster is reconciling towards.
// If the cluster is not yet fully initialized desired will be set
// with the information available, which may be an image or a tag.
Desired Update `json:"desired"`
// history contains a list of the most recent versions applied to the cluster.
// This value may be empty during cluster startup, and then will be updated
// when a new update is being applied. The newest update is first in the
// list and it is ordered by recency. Updates in the history have state
// Completed if the rollout completed - if an update was failing or halfway
// applied the state will be Partial. Only a limited amount of update history
// is preserved.
// +optional
History []UpdateHistory `json:"history,omitempty"`
// observedGeneration reports which version of the spec is being synced.
// If this value is not equal to metadata.generation, then the desired
// and conditions fields may represent from a previous version.
ObservedGeneration int64 `json:"observedGeneration"`
// versionHash is a fingerprint of the content that the cluster will be
// updated with. It is used by the operator to avoid unnecessary work
// and is for internal use only.
VersionHash string `json:"versionHash"`
// conditions provides information about the cluster version. The condition
// "Available" is set to true if the desiredUpdate has been reached. The
// condition "Progressing" is set to true if an update is being applied.
// The condition "Degraded" is set to true if an update is currently blocked
// by a temporary or permanent error. Conditions are only valid for the
// current desiredUpdate when metadata.generation is equal to
// status.generation.
// +optional
Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"`
// availableUpdates contains the list of updates that are appropriate
// for this cluster. This list may be empty if no updates are recommended,
// if the update service is unavailable, or if an invalid channel has
// been specified.
// +nullable
AvailableUpdates []Update `json:"availableUpdates"`
}
// UpdateState is a constant representing whether an update was successfully
// applied to the cluster or not.
type UpdateState string
const (
// CompletedUpdate indicates an update was successfully applied
// to the cluster (all resource updates were successful).
CompletedUpdate UpdateState = "Completed"
// PartialUpdate indicates an update was never completely applied
// or is currently being applied.
PartialUpdate UpdateState = "Partial"
)
// UpdateHistory is a single attempted update to the cluster.
type UpdateHistory struct {
// state reflects whether the update was fully applied. The Partial state
// indicates the update is not fully applied, while the Completed state
// indicates the update was successfully rolled out at least once (all
// parts of the update successfully applied).
State UpdateState `json:"state"`
// startedTime is the time at which the update was started.
StartedTime metav1.Time `json:"startedTime"`
// completionTime, if set, is when the update was fully applied. The update
// that is currently being applied will have a null completion time.
// Completion time will always be set for entries that are not the current
// update (usually to the started time of the next update).
// +nullable
CompletionTime *metav1.Time `json:"completionTime"`
// version is a semantic versioning identifying the update version. If the
// requested image does not define a version, or if a failure occurs
// retrieving the image, this value may be empty.
//
// +optional
Version string `json:"version"`
// image is a container image location that contains the update. This value
// is always populated.
Image string `json:"image"`
// verified indicates whether the provided update was properly verified
// before it was installed. If this is false the cluster may not be trusted.
Verified bool `json:"verified"`
}
// ClusterID is string RFC4122 uuid.
type ClusterID string
// ComponentOverride allows overriding cluster version operator's behavior
// for a component.
// +k8s:deepcopy-gen=true
type ComponentOverride struct {
// kind indentifies which object to override.
Kind string `json:"kind"`
// group identifies the API group that the kind is in.
Group string `json:"group"`
// namespace is the component's namespace. If the resource is cluster
// scoped, the namespace should be empty.
Namespace string `json:"namespace"`
// name is the component's name.
Name string `json:"name"`
// unmanaged controls if cluster version operator should stop managing the
// resources in this cluster.
// Default: false
Unmanaged bool `json:"unmanaged"`
}
// URL is a thin wrapper around string that ensures the string is a valid URL.
type URL string
// Update represents a release of the ClusterVersionOperator, referenced by the
// Image member.
// +k8s:deepcopy-gen=true
type Update struct {
// version is a semantic versioning identifying the update version. When this
// field is part of spec, version is optional if image is specified.
//
// +optional
Version string `json:"version"`
// image is a container image location that contains the update. When this
// field is part of spec, image is optional if version is specified and the
// availableUpdates field contains a matching version.
//
// +optional
Image string `json:"image"`
// force allows an administrator to update to an image that has failed
// verification, does not appear in the availableUpdates list, or otherwise
// would be blocked by normal protections on update. This option should only
// be used when the authenticity of the provided image has been verified out
// of band because the provided image will run with full administrative access
// to the cluster. Do not use this flag with images that comes from unknown
// or potentially malicious sources.
//
// This flag does not override other forms of consistency checking that are
// required before a new update is deployed.
//
// +optional
Force bool `json:"force"`
}
// RetrievedUpdates reports whether available updates have been retrieved from
// the upstream update server. The condition is Unknown before retrieval, False
// if the updates could not be retrieved or recently failed, or True if the
// availableUpdates field is accurate and recent.
const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates"
// ClusterVersionList is a list of ClusterVersion resources.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ClusterVersionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterVersion `json:"items"`
}

63
vendor/github.com/openshift/api/config/v1/types_console.go generated vendored Normal file
View File

@ -0,0 +1,63 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Console holds cluster-wide configuration for the web console, including the
// logout URL, and reports the public URL of the console. The canonical name is
// `cluster`.
type Console struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ConsoleSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ConsoleStatus `json:"status"`
}
// ConsoleSpec is the specification of the desired behavior of the Console.
type ConsoleSpec struct {
// +optional
Authentication ConsoleAuthentication `json:"authentication"`
}
// ConsoleStatus defines the observed status of the Console.
type ConsoleStatus struct {
// The URL for the console. This will be derived from the host for the route that
// is created for the console.
ConsoleURL string `json:"consoleURL"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ConsoleList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Console `json:"items"`
}
// ConsoleAuthentication defines a list of optional configuration for console authentication.
type ConsoleAuthentication struct {
// An optional, absolute URL to redirect web browsers to after logging out of
// the console. If not specified, it will redirect to the default login page.
// This is required when using an identity provider that supports single
// sign-on (SSO) such as:
// - OpenID (Keycloak, Azure)
// - RequestHeader (GSSAPI, SSPI, SAML)
// - OAuth (GitHub, GitLab, Google)
// Logging out of the console will destroy the user's token. The logoutRedirect
// provides the user the option to perform single logout (SLO) through the identity
// provider to destroy their single sign-on session.
// +optional
// +kubebuilder:validation:Pattern=^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$
LogoutRedirect string `json:"logoutRedirect,omitempty"`
}

88
vendor/github.com/openshift/api/config/v1/types_dns.go generated vendored Normal file
View File

@ -0,0 +1,88 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DNS holds cluster-wide information about DNS. The canonical name is `cluster`
type DNS struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec DNSSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status DNSStatus `json:"status"`
}
type DNSSpec struct {
// baseDomain is the base domain of the cluster. All managed DNS records will
// be sub-domains of this base.
//
// For example, given the base domain `openshift.example.com`, an API server
// DNS record may be created for `cluster-api.openshift.example.com`.
//
// Once set, this field cannot be changed.
BaseDomain string `json:"baseDomain"`
// publicZone is the location where all the DNS records that are publicly accessible to
// the internet exist.
//
// If this field is nil, no public records should be created.
//
// Once set, this field cannot be changed.
//
// +optional
PublicZone *DNSZone `json:"publicZone,omitempty"`
// privateZone is the location where all the DNS records that are only available internally
// to the cluster exist.
//
// If this field is nil, no private records should be created.
//
// Once set, this field cannot be changed.
//
// +optional
PrivateZone *DNSZone `json:"privateZone,omitempty"`
}
// DNSZone is used to define a DNS hosted zone.
// A zone can be identified by an ID or tags.
type DNSZone struct {
// id is the identifier that can be used to find the DNS hosted zone.
//
// on AWS zone can be fetched using `ID` as id in [1]
// on Azure zone can be fetched using `ID` as a pre-determined name in [2],
// on GCP zone can be fetched using `ID` as a pre-determined name in [3].
//
// [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
// [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
// [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
// +optional
ID string `json:"id,omitempty"`
// tags can be used to query the DNS hosted zone.
//
// on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
//
// [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
// +optional
Tags map[string]string `json:"tags,omitempty"`
}
type DNSStatus struct {
// dnsSuffix (service-ca amongst others)
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type DNSList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []DNS `json:"items"`
}

118
vendor/github.com/openshift/api/config/v1/types_feature.go generated vendored Normal file
View File

@ -0,0 +1,118 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Feature holds cluster-wide information about feature gates. The canonical name is `cluster`
type FeatureGate struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec FeatureGateSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status FeatureGateStatus `json:"status"`
}
type FeatureSet string
var (
// Default feature set that allows upgrades.
Default FeatureSet = ""
// TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning
// this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES.
TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade"
// CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
// Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations
// your cluster may fail in an unrecoverable way.
CustomNoUpgrade FeatureSet = "CustomNoUpgrade"
)
type FeatureGateSpec struct {
FeatureGateSelection `json:",inline"`
}
// +union
type FeatureGateSelection struct {
// featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting.
// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
// +unionDiscriminator
// +optional
FeatureSet FeatureSet `json:"featureSet,omitempty"`
// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
// Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations
// your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field.
// +optional
// +nullable
CustomNoUpgrade *CustomFeatureGates `json:"customNoUpgrade,omitempty"`
}
type CustomFeatureGates struct {
// enabled is a list of all feature gates that you want to force on
// +optional
Enabled []string `json:"enabled,omitempty"`
// disabled is a list of all feature gates that you want to force off
// +optional
Disabled []string `json:"disabled,omitempty"`
}
type FeatureGateStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type FeatureGateList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []FeatureGate `json:"items"`
}
type FeatureGateEnabledDisabled struct {
Enabled []string
Disabled []string
}
// FeatureSets Contains a map of Feature names to Enabled/Disabled Feature.
//
// NOTE: The caller needs to make sure to check for the existence of the value
// using golang's existence field. A possible scenario is an upgrade where new
// FeatureSets are added and a controller has not been upgraded with a newer
// version of this file. In this upgrade scenario the map could return nil.
//
// example:
// if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { }
//
// If you put an item in either of these lists, put your area and name on it so we can find owners.
var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{
Default: {
Enabled: []string{
"ExperimentalCriticalPodAnnotation", // sig-pod, sjenning
"RotateKubeletServerCertificate", // sig-pod, sjenning
"SupportPodPidsLimit", // sig-pod, sjenning
},
Disabled: []string{
"LocalStorageCapacityIsolation", // sig-pod, sjenning
},
},
TechPreviewNoUpgrade: {
Enabled: []string{
"ExperimentalCriticalPodAnnotation", // sig-pod, sjenning
"RotateKubeletServerCertificate", // sig-pod, sjenning
"SupportPodPidsLimit", // sig-pod, sjenning
},
Disabled: []string{
"LocalStorageCapacityIsolation", // sig-pod, sjenning
},
},
}

111
vendor/github.com/openshift/api/config/v1/types_image.go generated vendored Normal file
View File

@ -0,0 +1,111 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Image holds cluster-wide information about how to handle images. The canonical name is `cluster`
type Image struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ImageSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ImageStatus `json:"status"`
}
type ImageSpec struct {
// AllowedRegistriesForImport limits the container image registries that normal users may import
// images from. Set this list to the registries that you trust to contain valid Docker
// images and that you want applications to be able to import from. Users with
// permission to create Images or ImageStreamMappings via the API are not affected by
// this policy - typically only administrators or system integrations will have those
// permissions.
// +optional
AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"`
// externalRegistryHostnames provides the hostnames for the default external image
// registry. The external hostname should be set only when the image registry
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
// +optional
ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
// AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
// should be trusted during imagestream import, pod image pull, and imageregistry
// pullthrough.
// The namespace for this config map is openshift-config.
// +optional
AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
// RegistrySources contains configuration that determines how the container runtime
// should treat individual registries when accessing images for builds+pods. (e.g.
// whether or not to allow insecure access). It does not contain configuration for the
// internal cluster registry.
// +optional
RegistrySources RegistrySources `json:"registrySources"`
}
type ImageStatus struct {
// this value is set by the image registry operator which controls the internal registry hostname
// InternalRegistryHostname sets the hostname for the default internal image
// registry. The value must be in "hostname[:port]" format.
// For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY
// environment variable but this setting overrides the environment variable.
// +optional
InternalRegistryHostname string `json:"internalRegistryHostname,omitempty"`
// externalRegistryHostnames provides the hostnames for the default external image
// registry. The external hostname should be set only when the image registry
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
// +optional
ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ImageList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Image `json:"items"`
}
// RegistryLocation contains a location of the registry specified by the registry domain
// name. The domain name might include wildcards, like '*' or '??'.
type RegistryLocation struct {
// DomainName specifies a domain name for the registry
// In case the registry use non-standard (80 or 443) port, the port should be included
// in the domain name as well.
DomainName string `json:"domainName"`
// Insecure indicates whether the registry is secure (https) or insecure (http)
// By default (if not specified) the registry is assumed as secure.
// +optional
Insecure bool `json:"insecure,omitempty"`
}
// RegistrySources holds cluster-wide information about how to handle the registries config.
type RegistrySources struct {
// InsecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
// +optional
InsecureRegistries []string `json:"insecureRegistries,omitempty"`
// BlockedRegistries are blacklisted from image pull/push. All other registries are allowed.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
BlockedRegistries []string `json:"blockedRegistries,omitempty"`
// AllowedRegistries are whitelisted for image pull/push. All other registries are blocked.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
AllowedRegistries []string `json:"allowedRegistries,omitempty"`
}

210
vendor/github.com/openshift/api/config/v1/types_infrastructure.go generated vendored Normal file
View File

@ -0,0 +1,210 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`
type Infrastructure struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec InfrastructureSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status InfrastructureStatus `json:"status"`
}
// InfrastructureSpec contains settings that apply to the cluster infrastructure.
type InfrastructureSpec struct {
// cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
// This configuration file is used to configure the Kubernetes cloud provider integration
// when using the built-in cloud provider integration or the external cloud controller manager.
// The namespace for this config map is openshift-config.
// +optional
CloudConfig ConfigMapFileReference `json:"cloudConfig"`
}
// InfrastructureStatus describes the infrastructure the cluster is leveraging.
type InfrastructureStatus struct {
// infrastructureName uniquely identifies a cluster with a human friendly name.
// Once set it should not be changed. Must be of max length 27 and must have only
// alphanumeric or hyphen characters.
InfrastructureName string `json:"infrastructureName"`
// platform is the underlying infrastructure provider for the cluster.
//
// Deprecated: Use platformStatus.type instead.
Platform PlatformType `json:"platform,omitempty"`
// platformStatus holds status information specific to the underlying
// infrastructure provider.
// +optional
PlatformStatus *PlatformStatus `json:"platformStatus,omitempty"`
// etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
// etcd servers and clients.
// For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"`
// apiServerURL is a valid URI with scheme(http/https), address and
// port. apiServerURL can be used by components like the web console
// to tell users where to find the Kubernetes API.
APIServerURL string `json:"apiServerURL"`
// apiServerInternalURL is a valid URI with scheme(http/https),
// address and port. apiServerInternalURL can be used by components
// like kubelets, to contact the Kubernetes API server using the
// infrastructure provider rather than Kubernetes networking.
APIServerInternalURL string `json:"apiServerInternalURI"`
}
// PlatformType is a specific supported infrastructure provider.
type PlatformType string
const (
// AWSPlatformType represents Amazon Web Services infrastructure.
AWSPlatformType PlatformType = "AWS"
// AzurePlatformType represents Microsoft Azure infrastructure.
AzurePlatformType PlatformType = "Azure"
// BareMetalPlatformType represents managed bare metal infrastructure.
BareMetalPlatformType PlatformType = "BareMetal"
// GCPPlatformType represents Google Cloud Platform infrastructure.
GCPPlatformType PlatformType = "GCP"
// LibvirtPlatformType represents libvirt infrastructure.
LibvirtPlatformType PlatformType = "Libvirt"
// OpenStackPlatformType represents OpenStack infrastructure.
OpenStackPlatformType PlatformType = "OpenStack"
// NonePlatformType means there is no infrastructure provider.
NonePlatformType PlatformType = "None"
// VSpherePlatformType represents VMWare vSphere infrastructure.
VSpherePlatformType PlatformType = "VSphere"
// OvirtPlatformType represents oVirt/RHV infrastructure.
OvirtPlatformType PlatformType = "oVirt"
)
// PlatformStatus holds the current status specific to the underlying infrastructure provider
// of the current cluster. Since these are used at status-level for the underlying cluster, it
// is supposed that only one of the status structs is set.
type PlatformStatus struct {
// type is the underlying infrastructure provider for the cluster. This
// value controls whether infrastructure automation such as service load
// balancers, dynamic volume provisioning, machine creation and deletion, and
// other integrations are enabled. If None, no infrastructure automation is
// enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
// "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support
// all platforms, and must handle unrecognized platforms as None if they do
// not support that platform.
Type PlatformType `json:"type"`
// AWS contains settings specific to the Amazon Web Services infrastructure provider.
// +optional
AWS *AWSPlatformStatus `json:"aws,omitempty"`
// Azure contains settings specific to the Azure infrastructure provider.
// +optional
Azure *AzurePlatformStatus `json:"azure,omitempty"`
// GCP contains settings specific to the Google Cloud Platform infrastructure provider.
// +optional
GCP *GCPPlatformStatus `json:"gcp,omitempty"`
// BareMetal contains settings specific to the BareMetal platform.
// +optional
BareMetal *BareMetalPlatformStatus `json:"baremetal,omitempty"`
// OpenStack contains settings specific to the OpenStack infrastructure provider.
// +optional
OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"`
}
// AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.
type AWSPlatformStatus struct {
// region holds the default AWS region for new AWS resources created by the cluster.
Region string `json:"region"`
}
// AzurePlatformStatus holds the current status of the Azure infrastructure provider.
type AzurePlatformStatus struct {
// resourceGroupName is the Resource Group for new Azure resources created for the cluster.
ResourceGroupName string `json:"resourceGroupName"`
}
// GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.
type GCPPlatformStatus struct {
// resourceGroupName is the Project ID for new GCP resources created for the cluster.
ProjectID string `json:"projectID"`
// region holds the region for new GCP resources created for the cluster.
Region string `json:"region"`
}
// BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider.
type BareMetalPlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
// points to. It is the IP for a self-hosted load balancer in front of the API servers.
APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
// ingressIP is an external IP which routes to the default ingress controller.
// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
IngressIP string `json:"ingressIP,omitempty"`
// nodeDNSIP is the IP address for the internal DNS used by the
// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
// BareMetal deployments. In order to minimize necessary changes to the
// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
// to the nodes in the cluster.
NodeDNSIP string `json:"nodeDNSIP,omitempty"`
}
// OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.
type OpenStackPlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
// points to. It is the IP for a self-hosted load balancer in front of the API servers.
APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
// cloudName is the name of the desired OpenStack cloud in the
// client configuration file (`clouds.yaml`).
CloudName string `json:"cloudName,omitempty"`
// ingressIP is an external IP which routes to the default ingress controller.
// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
IngressIP string `json:"ingressIP,omitempty"`
// nodeDNSIP is the IP address for the internal DNS used by the
// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
// OpenStack deployments. In order to minimize necessary changes to the
// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
// to the nodes in the cluster.
NodeDNSIP string `json:"nodeDNSIP,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// InfrastructureList is
type InfrastructureList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Infrastructure `json:"items"`
}

42
vendor/github.com/openshift/api/config/v1/types_ingress.go generated vendored Normal file
View File

@ -0,0 +1,42 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Ingress holds cluster-wide information about Ingress. The canonical name is `cluster`
// TODO this object is an example of a possible grouping and is subject to change or removal
type Ingress struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec IngressSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status IngressStatus `json:"status"`
}
type IngressSpec struct {
// domain is used to generate a default host name for a route when the
// route's host name is empty. The generated host name will follow this
// pattern: "<route-name>.<route-namespace>.<domain>".
Domain string `json:"domain"`
}
type IngressStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type IngressList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Ingress `json:"items"`
}

117
vendor/github.com/openshift/api/config/v1/types_network.go generated vendored Normal file
View File

@ -0,0 +1,117 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Network holds cluster-wide information about Network. The canonical name is `cluster`
// TODO this object is an example of a possible grouping and is subject to change or removal
type Network struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration.
// +kubebuilder:validation:Required
// +required
Spec NetworkSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status NetworkStatus `json:"status"`
}
// NetworkSpec is the desired network configuration.
// As a general rule, this SHOULD NOT be read directly. Instead, you should
// consume the NetworkStatus, as it indicates the currently deployed configuration.
// Currently, changing ClusterNetwork, ServiceNetwork, or NetworkType after
// installation is not supported.
type NetworkSpec struct {
// IP address pool to use for pod IPs.
ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"`
// IP address pool for services.
// Currently, we only support a single entry here.
ServiceNetwork []string `json:"serviceNetwork"`
// NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN).
// This should match a value that the cluster-network-operator understands,
// or else no networking will be installed.
// Currently supported values are:
// - OpenShiftSDN
NetworkType string `json:"networkType"`
// externalIP defines configuration for controllers that
// affect Service.ExternalIP
// +optional
ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"`
}
// NetworkStatus is the current network configuration.
type NetworkStatus struct {
// IP address pool to use for pod IPs.
ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork,omitempty"`
// IP address pool for services.
// Currently, we only support a single entry here.
ServiceNetwork []string `json:"serviceNetwork,omitempty"`
// NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
NetworkType string `json:"networkType,omitempty"`
// ClusterNetworkMTU is the MTU for inter-pod networking.
ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"`
}
// ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
// are allocated.
type ClusterNetworkEntry struct {
// The complete block for pod IPs.
CIDR string `json:"cidr"`
// The size (prefix) of block to allocate to each node.
HostPrefix uint32 `json:"hostPrefix"`
}
// ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field
// of a Service resource.
type ExternalIPConfig struct {
// policy is a set of restrictions applied to the ExternalIP field.
// If nil, any value is allowed for an ExternalIP. If the empty/zero
// policy is supplied, then ExternalIP is not allowed to be set.
// +optional
Policy *ExternalIPPolicy `json:"policy,omitempty"`
// autoAssignCIDRs is a list of CIDRs from which to automatically assign
// Service.ExternalIP. These are assigned when the service is of type
// LoadBalancer. In general, this is only useful for bare-metal clusters.
// In Openshift 3.x, this was misleadingly called "IngressIPs".
// Automatically assigned External IPs are not affected by any
// ExternalIPPolicy rules.
// Currently, only one entry may be provided.
// +optional
AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"`
}
// ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP
// field in a Service. If the zero struct is supplied, then none are permitted.
// The policy controller always allows automatically assigned external IPs.
type ExternalIPPolicy struct {
// allowedCIDRs is the list of allowed CIDRs.
AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
// rejectedCIDRs is the list of disallowed CIDRs. These take precedence
// over allowedCIDRs.
// +optional
RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type NetworkList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Network `json:"items"`
}

557
vendor/github.com/openshift/api/config/v1/types_oauth.go generated vendored Normal file
View File

@ -0,0 +1,557 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// OAuth Server and Identity Provider Config
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`.
// It is used to configure the integrated OAuth server.
// This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.
type OAuth struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// +kubebuilder:validation:Required
// +required
Spec OAuthSpec `json:"spec"`
// +optional
Status OAuthStatus `json:"status"`
}
// OAuthSpec contains desired cluster auth configuration
type OAuthSpec struct {
// identityProviders is an ordered list of ways for a user to identify themselves.
// When this list is empty, no identities are provisioned for users.
// +optional
IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"`
// tokenConfig contains options for authorization and access tokens
TokenConfig TokenConfig `json:"tokenConfig"`
// templates allow you to customize pages like the login page.
// +optional
Templates OAuthTemplates `json:"templates"`
}
// OAuthStatus shows current known state of OAuth server in the cluster
type OAuthStatus struct {
// TODO Fill in with status of identityProviders and templates (and maybe tokenConfig)
}
// TokenConfig holds the necessary configuration options for authorization and access tokens
type TokenConfig struct {
// accessTokenMaxAgeSeconds defines the maximum age of access tokens
AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"`
// accessTokenInactivityTimeoutSeconds defines the default token
// inactivity timeout for tokens granted by any client.
// The value represents the maximum amount of time that can occur between
// consecutive uses of the token. Tokens become invalid if they are not
// used within this temporal window. The user will need to acquire a new
// token to regain access once a token times out.
// Valid values are integer values:
// x < 0 Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`)
// x = 0 Tokens time out is disabled (default)
// x > 0 Tokens time out if there is no activity for x seconds
// The current minimum allowed value for X is 300 (5 minutes)
// +optional
AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"`
}
const (
// LoginTemplateKey is the key of the login template in a secret
LoginTemplateKey = "login.html"
// ProviderSelectionTemplateKey is the key for the provider selection template in a secret
ProviderSelectionTemplateKey = "providers.html"
// ErrorsTemplateKey is the key for the errors template in a secret
ErrorsTemplateKey = "errors.html"
// BindPasswordKey is the key for the LDAP bind password in a secret
BindPasswordKey = "bindPassword"
// ClientSecretKey is the key for the oauth client secret data in a secret
ClientSecretKey = "clientSecret"
// HTPasswdDataKey is the key for the htpasswd file data in a secret
HTPasswdDataKey = "htpasswd"
)
// OAuthTemplates allow for customization of pages like the login page
type OAuthTemplates struct {
// login is the name of a secret that specifies a go template to use to render the login page.
// The key "login.html" is used to locate the template data.
// If specified and the secret or expected key is not found, the default login page is used.
// If the specified template is not valid, the default login page is used.
// If unspecified, the default login page is used.
// The namespace for this secret is openshift-config.
// +optional
Login SecretNameReference `json:"login"`
// providerSelection is the name of a secret that specifies a go template to use to render
// the provider selection page.
// The key "providers.html" is used to locate the template data.
// If specified and the secret or expected key is not found, the default provider selection page is used.
// If the specified template is not valid, the default provider selection page is used.
// If unspecified, the default provider selection page is used.
// The namespace for this secret is openshift-config.
// +optional
ProviderSelection SecretNameReference `json:"providerSelection"`
// error is the name of a secret that specifies a go template to use to render error pages
// during the authentication or grant flow.
// The key "errors.html" is used to locate the template data.
// If specified and the secret or expected key is not found, the default error page is used.
// If the specified template is not valid, the default error page is used.
// If unspecified, the default error page is used.
// The namespace for this secret is openshift-config.
// +optional
Error SecretNameReference `json:"error"`
}
// IdentityProvider provides identities for users authenticating using credentials
type IdentityProvider struct {
// name is used to qualify the identities returned by this provider.
// - It MUST be unique and not shared by any other identity provider used
// - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":"
// Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
Name string `json:"name"`
// mappingMethod determines how identities from this provider are mapped to users
// Defaults to "claim"
// +optional
MappingMethod MappingMethodType `json:"mappingMethod,omitempty"`
IdentityProviderConfig `json:",inline"`
}
// MappingMethodType specifies how new identities should be mapped to users when they log in
type MappingMethodType string
const (
// MappingMethodClaim provisions a user with the identitys preferred user name. Fails if a user
// with that user name is already mapped to another identity.
// Default.
MappingMethodClaim MappingMethodType = "claim"
// MappingMethodLookup looks up existing users already mapped to an identity but does not
// automatically provision users or identities. Requires identities and users be set up
// manually or using an external process.
MappingMethodLookup MappingMethodType = "lookup"
// MappingMethodAdd provisions a user with the identitys preferred user name. If a user with
// that user name already exists, the identity is mapped to the existing user, adding to any
// existing identity mappings for the user.
MappingMethodAdd MappingMethodType = "add"
)
type IdentityProviderType string
const (
// IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth
IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth"
// IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials
IdentityProviderTypeGitHub IdentityProviderType = "GitHub"
// IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials
IdentityProviderTypeGitLab IdentityProviderType = "GitLab"
// IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials
IdentityProviderTypeGoogle IdentityProviderType = "Google"
// IdentityProviderTypeHTPasswd provides identities from an HTPasswd file
IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd"
// IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials
IdentityProviderTypeKeystone IdentityProviderType = "Keystone"
// IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials
IdentityProviderTypeLDAP IdentityProviderType = "LDAP"
// IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials
IdentityProviderTypeOpenID IdentityProviderType = "OpenID"
// IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials
IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader"
)
// IdentityProviderConfig contains configuration for using a specific identity provider
type IdentityProviderConfig struct {
// type identifies the identity provider type for this entry.
Type IdentityProviderType `json:"type"`
// Provider-specific configuration
// The json tag MUST match the `Type` specified above, case-insensitively
// e.g. For `Type: "LDAP"`, the `ldap` configuration should be provided
// basicAuth contains configuration options for the BasicAuth IdP
// +optional
BasicAuth *BasicAuthIdentityProvider `json:"basicAuth,omitempty"`
// github enables user authentication using GitHub credentials
// +optional
GitHub *GitHubIdentityProvider `json:"github,omitempty"`
// gitlab enables user authentication using GitLab credentials
// +optional
GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"`
// google enables user authentication using Google credentials
// +optional
Google *GoogleIdentityProvider `json:"google,omitempty"`
// htpasswd enables user authentication using an HTPasswd file to validate credentials
// +optional
HTPasswd *HTPasswdIdentityProvider `json:"htpasswd,omitempty"`
// keystone enables user authentication using keystone password credentials
// +optional
Keystone *KeystoneIdentityProvider `json:"keystone,omitempty"`
// ldap enables user authentication using LDAP credentials
// +optional
LDAP *LDAPIdentityProvider `json:"ldap,omitempty"`
// openID enables user authentication using OpenID credentials
// +optional
OpenID *OpenIDIdentityProvider `json:"openID,omitempty"`
// requestHeader enables user authentication using request header credentials
// +optional
RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"`
}
// BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials
type BasicAuthIdentityProvider struct {
// OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server
OAuthRemoteConnectionInfo `json:",inline"`
}
// OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection
type OAuthRemoteConnectionInfo struct {
// url is the remote URL to connect to
URL string `json:"url"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
// tlsClientCert is an optional reference to a secret by name that contains the
// PEM-encoded TLS client certificate to present when connecting to the server.
// The key "tls.crt" is used to locate the data.
// If specified and the secret or expected key is not found, the identity provider is not honored.
// If the specified certificate data is not valid, the identity provider is not honored.
// The namespace for this secret is openshift-config.
// +optional
TLSClientCert SecretNameReference `json:"tlsClientCert"`
// tlsClientKey is an optional reference to a secret by name that contains the
// PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
// The key "tls.key" is used to locate the data.
// If specified and the secret or expected key is not found, the identity provider is not honored.
// If the specified certificate data is not valid, the identity provider is not honored.
// The namespace for this secret is openshift-config.
// +optional
TLSClientKey SecretNameReference `json:"tlsClientKey"`
}
// HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials
type HTPasswdIdentityProvider struct {
// fileData is a required reference to a secret by name containing the data to use as the htpasswd file.
// The key "htpasswd" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// If the specified htpasswd data is not valid, the identity provider is not honored.
// The namespace for this secret is openshift-config.
FileData SecretNameReference `json:"fileData"`
}
// LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials
type LDAPIdentityProvider struct {
// url is an RFC 2255 URL which specifies the LDAP search parameters to use.
// The syntax of the URL is:
// ldap://host:port/basedn?attribute?scope?filter
URL string `json:"url"`
// bindDN is an optional DN to bind with during the search phase.
// +optional
BindDN string `json:"bindDN"`
// bindPassword is an optional reference to a secret by name
// containing a password to bind with during the search phase.
// The key "bindPassword" is used to locate the data.
// If specified and the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
// +optional
BindPassword SecretNameReference `json:"bindPassword"`
// insecure, if true, indicates the connection should not use TLS
// WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always
// attempt to connect using TLS, even when `insecure` is set to `true`
// When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to
// a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.
Insecure bool `json:"insecure"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
// attributes maps LDAP attributes to identities
Attributes LDAPAttributeMapping `json:"attributes"`
}
// LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields
type LDAPAttributeMapping struct {
// id is the list of attributes whose values should be used as the user ID. Required.
// First non-empty attribute is used. At least one attribute is required. If none of the listed
// attribute have a value, authentication fails.
// LDAP standard identity attribute is "dn"
ID []string `json:"id"`
// preferredUsername is the list of attributes whose values should be used as the preferred username.
// LDAP standard login attribute is "uid"
// +optional
PreferredUsername []string `json:"preferredUsername,omitempty"`
// name is the list of attributes whose values should be used as the display name. Optional.
// If unspecified, no display name is set for the identity
// LDAP standard display name attribute is "cn"
// +optional
Name []string `json:"name,omitempty"`
// email is the list of attributes whose values should be used as the email address. Optional.
// If unspecified, no email is set for the identity
// +optional
Email []string `json:"email,omitempty"`
}
// KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials
type KeystoneIdentityProvider struct {
// OAuthRemoteConnectionInfo contains information about how to connect to the keystone server
OAuthRemoteConnectionInfo `json:",inline"`
// domainName is required for keystone v3
DomainName string `json:"domainName"`
// TODO if we ever add support for 3.11 to 4.0 upgrades, add this configuration
// useUsernameIdentity indicates that users should be authenticated by username, not keystone ID
// DEPRECATED - only use this option for legacy systems to ensure backwards compatibility
// +optional
// UseUsernameIdentity bool `json:"useUsernameIdentity"`
}
// RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials
type RequestHeaderIdentityProvider struct {
// loginURL is a URL to redirect unauthenticated /authorize requests to
// Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here
// ${url} is replaced with the current URL, escaped to be safe in a query parameter
// https://www.example.com/sso-login?then=${url}
// ${query} is replaced with the current query string
// https://www.example.com/auth-proxy/oauth/authorize?${query}
// Required when login is set to true.
LoginURL string `json:"loginURL"`
// challengeURL is a URL to redirect unauthenticated /authorize requests to
// Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be
// redirected here.
// ${url} is replaced with the current URL, escaped to be safe in a query parameter
// https://www.example.com/sso-login?then=${url}
// ${query} is replaced with the current query string
// https://www.example.com/auth-proxy/oauth/authorize?${query}
// Required when challenge is set to true.
ChallengeURL string `json:"challengeURL"`
// ca is a required reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// Specifically, it allows verification of incoming requests to prevent header spoofing.
// The key "ca.crt" is used to locate the data.
// If the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// The namespace for this config map is openshift-config.
ClientCA ConfigMapNameReference `json:"ca"`
// clientCommonNames is an optional list of common names to require a match from. If empty, any
// client certificate validated against the clientCA bundle is considered authoritative.
// +optional
ClientCommonNames []string `json:"clientCommonNames,omitempty"`
// headers is the set of headers to check for identity information
Headers []string `json:"headers"`
// preferredUsernameHeaders is the set of headers to check for the preferred username
PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"`
// nameHeaders is the set of headers to check for the display name
NameHeaders []string `json:"nameHeaders"`
// emailHeaders is the set of headers to check for the email address
EmailHeaders []string `json:"emailHeaders"`
}
// GitHubIdentityProvider provides identities for users authenticating using GitHub credentials
type GitHubIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// organizations optionally restricts which organizations are allowed to log in
// +optional
Organizations []string `json:"organizations,omitempty"`
// teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.
// +optional
Teams []string `json:"teams,omitempty"`
// hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of
// GitHub Enterprise.
// It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
// +optional
Hostname string `json:"hostname"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// This can only be configured when hostname is set to a non-empty value.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
}
// GitLabIdentityProvider provides identities for users authenticating using GitLab credentials
type GitLabIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// url is the oauth server base URL
URL string `json:"url"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
}
// GoogleIdentityProvider provides identities for users authenticating using Google credentials
type GoogleIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to
// +optional
HostedDomain string `json:"hostedDomain"`
}
// OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials
type OpenIDIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
// extraScopes are any scopes to request in addition to the standard "openid" scope.
// +optional
ExtraScopes []string `json:"extraScopes,omitempty"`
// extraAuthorizeParameters are any custom parameters to add to the authorize request.
// +optional
ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"`
// issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
// It must use the https scheme with no query or fragment component.
Issuer string `json:"issuer"`
// claims mappings
Claims OpenIDClaims `json:"claims"`
}
// UserIDClaim is the claim used to provide a stable identifier for OIDC identities.
// Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
// "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can
// rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique
// and never reassigned within the Issuer for a particular End-User, as described in Section 2.
// Therefore, the only guaranteed unique identifier for a given End-User is the combination of the
// iss Claim and the sub Claim."
const UserIDClaim = "sub"
// OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider
type OpenIDClaims struct {
// preferredUsername is the list of claims whose values should be used as the preferred username.
// If unspecified, the preferred username is determined from the value of the sub claim
// +optional
PreferredUsername []string `json:"preferredUsername,omitempty"`
// name is the list of claims whose values should be used as the display name. Optional.
// If unspecified, no display name is set for the identity
// +optional
Name []string `json:"name,omitempty"`
// email is the list of claims whose values should be used as the email address. Optional.
// If unspecified, no email is set for the identity
// +optional
Email []string `json:"email,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OAuthList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []OAuth `json:"items"`
}

69
vendor/github.com/openshift/api/config/v1/types_operatorhub.go generated vendored Normal file
View File

@ -0,0 +1,69 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// OperatorHubSpec defines the desired state of OperatorHub
type OperatorHubSpec struct {
// sources is the list of default hub sources and their configuration.
// If the list is empty, it indicates that the default hub sources are
// enabled on the cluster. The list of default hub sources and their
// current state will always be reflected in the status block.
// +optional
Sources []HubSource `json:"sources,omitempty"`
}
// OperatorHubStatus defines the observed state of OperatorHub. The current
// state of the default hub sources will always be reflected here.
type OperatorHubStatus struct {
// sources encapsulates the result of applying the configuration for each
// hub source
Sources []HubSourceStatus `json:"sources,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OperatorHub is the Schema for the operatorhubs API. It can be used to change
// the state of the default hub sources for OperatorHub on the cluster from
// enabled to disabled and vice versa.
// +kubebuilder:subresource:status
// +genclient:nonNamespaced
type OperatorHub struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec OperatorHubSpec `json:"spec"`
Status OperatorHubStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OperatorHubList contains a list of OperatorHub
type OperatorHubList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []OperatorHub `json:"items"`
}
// HubSource is used to specify the hub source and its configuration
type HubSource struct {
// name is the name of one of the default hub sources
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:MinLength=1
// +kubebuilder:Required
Name string `json:"name"`
// disabled is used to disable a default hub source on cluster
// +kubebuilder:Required
Disabled bool `json:"disabled"`
}
// HubSourceStatus is used to reflect the current state of applying the
// configuration to a default source
type HubSourceStatus struct {
HubSource
// status indicates success or failure in applying the configuration
Status string `json:"status"`
// message provides more information regarding failures
Message string `json:"message,omitempty"`
}

55
vendor/github.com/openshift/api/config/v1/types_project.go generated vendored Normal file
View File

@ -0,0 +1,55 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Project holds cluster-wide information about Project. The canonical name is `cluster`
type Project struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ProjectSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ProjectStatus `json:"status"`
}
// TemplateReference references a template in a specific namespace.
// The namespace must be specified at the point of use.
type TemplateReference struct {
// name is the metadata.name of the referenced project request template
Name string `json:"name"`
}
// ProjectSpec holds the project creation configuration.
type ProjectSpec struct {
// projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint
// +optional
ProjectRequestMessage string `json:"projectRequestMessage"`
// projectRequestTemplate is the template to use for creating projects in response to projectrequest.
// This must point to a template in 'openshift-config' namespace. It is optional.
// If it is not specified, a default template is used.
//
// +optional
ProjectRequestTemplate TemplateReference `json:"projectRequestTemplate"`
}
type ProjectStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ProjectList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Project `json:"items"`
}

89
vendor/github.com/openshift/api/config/v1/types_proxy.go generated vendored Normal file
View File

@ -0,0 +1,89 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
type Proxy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds user-settable values for the proxy configuration
// +kubebuilder:validation:Required
// +required
Spec ProxySpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ProxyStatus `json:"status"`
}
// ProxySpec contains cluster proxy creation configuration.
type ProxySpec struct {
// httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
// +optional
HTTPProxy string `json:"httpProxy,omitempty"`
// httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
// +optional
HTTPSProxy string `json:"httpsProxy,omitempty"`
// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
// Empty means unset and will not result in an env var.
// +optional
NoProxy string `json:"noProxy,omitempty"`
// readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
// +optional
ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"`
// trustedCA is a reference to a ConfigMap containing a CA certificate bundle used
// for client egress HTTPS connections. The certificate bundle must be from the CA
// that signed the proxy's certificate and be signed for everything. The trustedCA
// field should only be consumed by a proxy validator. The validator is responsible
// for reading the certificate bundle from required key "ca-bundle.crt" and copying
// it to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed"
// namespace. The namespace for the ConfigMap referenced by trustedCA is
// "openshift-config". Here is an example ConfigMap (in yaml):
//
// apiVersion: v1
// kind: ConfigMap
// metadata:
// name: user-ca-bundle
// namespace: openshift-config
// data:
// ca-bundle.crt: |
// -----BEGIN CERTIFICATE-----
// Custom CA certificate bundle.
// -----END CERTIFICATE-----
//
// +optional
TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"`
}
// ProxyStatus shows current known state of the cluster proxy.
type ProxyStatus struct {
// httpProxy is the URL of the proxy for HTTP requests.
// +optional
HTTPProxy string `json:"httpProxy,omitempty"`
// httpsProxy is the URL of the proxy for HTTPS requests.
// +optional
HTTPSProxy string `json:"httpsProxy,omitempty"`
// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
// +optional
NoProxy string `json:"noProxy,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ProxyList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Proxy `json:"items"`
}

75
vendor/github.com/openshift/api/config/v1/types_scheduling.go generated vendored Normal file
View File

@ -0,0 +1,75 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Scheduler holds cluster-wide config information to run the Kubernetes Scheduler
// and influence its placement decisions. The canonical name for this config is `cluster`.
type Scheduler struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec SchedulerSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status SchedulerStatus `json:"status"`
}
type SchedulerSpec struct {
// policy is a reference to a ConfigMap containing scheduler policy which has
// user specified predicates and priorities. If this ConfigMap is not available
// scheduler will default to use DefaultAlgorithmProvider.
// The namespace for this configmap is openshift-config.
// +optional
Policy ConfigMapNameReference `json:"policy"`
// defaultNodeSelector helps set the cluster-wide default node selector to
// restrict pod placement to specific nodes. This is applied to the pods
// created in all namespaces without a specified nodeSelector value.
// For example,
// defaultNodeSelector: "type=user-node,region=east" would set nodeSelector
// field in pod spec to "type=user-node,region=east" to all pods created
// in all namespaces. Namespaces having project-wide node selectors won't be
// impacted even if this field is set. This adds an annotation section to
// the namespace.
// For example, if a new namespace is created with
// node-selector='type=user-node,region=east',
// the annotation openshift.io/node-selector: type=user-node,region=east
// gets added to the project. When the openshift.io/node-selector annotation
// is set on the project the value is used in preference to the value we are setting
// for defaultNodeSelector field.
// For instance,
// openshift.io/node-selector: "type=user-node,region=west" means
// that the default of "type=user-node,region=east" set in defaultNodeSelector
// would not be applied.
// +optional
DefaultNodeSelector string `json:"defaultNodeSelector,omitempty"`
// MastersSchedulable allows masters nodes to be schedulable. When this flag is
// turned on, all the master nodes in the cluster will be made schedulable,
// so that workload pods can run on them. The default value for this field is false,
// meaning none of the master nodes are schedulable.
// Important Note: Once the workload pods start running on the master nodes,
// extreme care must be taken to ensure that cluster-critical control plane components
// are not impacted.
// Please turn on this field after doing due diligence.
// +optional
MastersSchedulable bool `json:"mastersSchedulable"`
}
type SchedulerStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type SchedulerList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Scheduler `json:"items"`
}

3200
vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1312
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff