var (
GroupName = "kubecontrolplane.config.openshift.io"
GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
// Install is a function which adds this version to a scheme
Install = schemeBuilder.AddToScheme
// SchemeGroupVersion generated code relies on this name
// Deprecated
SchemeGroupVersion = GroupVersion
// AddToScheme exists solely to keep the old generators creating valid code
// DEPRECATED
AddToScheme = schemeBuilder.AddToScheme
)
func Resource(resource string) schema.GroupResource
Resource generated code relies on this being here, but it logically belongs to the group DEPRECATED
AggregatorConfig holds information required to make the aggregator function.
type AggregatorConfig struct {
// proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers
ProxyClientInfo configv1.CertInfo `json:"proxyClientInfo"`
}
func (in *AggregatorConfig) DeepCopy() *AggregatorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AggregatorConfig.
func (in *AggregatorConfig) DeepCopyInto(out *AggregatorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AggregatorConfig) SwaggerDoc() map[string]string
Arguments masks the value so protobuf can generate +protobuf.nullable=true +protobuf.options.(gogoproto.goproto_stringer)=false
type Arguments []string
func (in Arguments) DeepCopy() Arguments
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Arguments.
func (in Arguments) DeepCopyInto(out *Arguments)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (t Arguments) String() string
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +openshift:compatibility-gen:level=4 +openshift:compatibility-gen:internal
type KubeAPIServerConfig struct {
metav1.TypeMeta `json:",inline"`
// provides the standard apiserver configuration
configv1.GenericAPIServerConfig `json:",inline"`
// authConfig configures authentication options in addition to the standard
// oauth token and client certificate authenticators
AuthConfig MasterAuthConfig `json:"authConfig"`
// aggregatorConfig has options for configuring the aggregator component of the API server.
AggregatorConfig AggregatorConfig `json:"aggregatorConfig"`
// kubeletClientInfo contains information about how to connect to kubelets
KubeletClientInfo KubeletConnectionInfo `json:"kubeletClientInfo"`
// servicesSubnet is the subnet to use for assigning service IPs
ServicesSubnet string `json:"servicesSubnet"`
// servicesNodePortRange is the range to use for assigning service public ports on a host.
ServicesNodePortRange string `json:"servicesNodePortRange"`
// DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.
ConsolePublicURL string `json:"consolePublicURL"`
// UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!
// TODO I think we should just drop this feature.
UserAgentMatchingConfig UserAgentMatchingConfig `json:"userAgentMatchingConfig"`
// imagePolicyConfig feeds the image policy admission plugin
// TODO make it an admission plugin config
ImagePolicyConfig KubeAPIServerImagePolicyConfig `json:"imagePolicyConfig"`
// projectConfig feeds an admission plugin
// TODO make it an admission plugin config
ProjectConfig KubeAPIServerProjectConfig `json:"projectConfig"`
// serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key.
// (If any file contains a private key, the public portion of the key is used)
// The list of public keys is used to verify presented service account tokens.
// Each key is tried in order until the list is exhausted or verification succeeds.
// If no keys are specified, no service account authentication will be available.
ServiceAccountPublicKeyFiles []string `json:"serviceAccountPublicKeyFiles"`
// oauthConfig, if present start the /oauth endpoint in this process
OAuthConfig *osinv1.OAuthConfig `json:"oauthConfig"`
// TODO this needs to be removed.
APIServerArguments map[string]Arguments `json:"apiServerArguments"`
}
func (in *KubeAPIServerConfig) DeepCopy() *KubeAPIServerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerConfig.
func (in *KubeAPIServerConfig) DeepCopyInto(out *KubeAPIServerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *KubeAPIServerConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (KubeAPIServerConfig) SwaggerDoc() map[string]string
type KubeAPIServerImagePolicyConfig struct {
// internalRegistryHostname sets the hostname for the default internal image
// registry. The value must be in "hostname[:port]" format.
// For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY
// environment variable but this setting overrides the environment variable.
InternalRegistryHostname string `json:"internalRegistryHostname"`
// externalRegistryHostnames provides the hostnames for the default external image
// registry. The external hostname should be set only when the image registry
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
ExternalRegistryHostnames []string `json:"externalRegistryHostnames"`
}
func (in *KubeAPIServerImagePolicyConfig) DeepCopy() *KubeAPIServerImagePolicyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerImagePolicyConfig.
func (in *KubeAPIServerImagePolicyConfig) DeepCopyInto(out *KubeAPIServerImagePolicyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeAPIServerImagePolicyConfig) SwaggerDoc() map[string]string
type KubeAPIServerProjectConfig struct {
// defaultNodeSelector holds default project node label selector
DefaultNodeSelector string `json:"defaultNodeSelector"`
}
func (in *KubeAPIServerProjectConfig) DeepCopy() *KubeAPIServerProjectConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerProjectConfig.
func (in *KubeAPIServerProjectConfig) DeepCopyInto(out *KubeAPIServerProjectConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeAPIServerProjectConfig) SwaggerDoc() map[string]string
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +openshift:compatibility-gen:level=4 +openshift:compatibility-gen:internal
type KubeControllerManagerConfig struct {
metav1.TypeMeta `json:",inline"`
// serviceServingCert provides support for the old alpha service serving cert signer CA bundle
ServiceServingCert ServiceServingCert `json:"serviceServingCert"`
// projectConfig is an optimization for the daemonset controller
ProjectConfig KubeControllerManagerProjectConfig `json:"projectConfig"`
// extendedArguments is used to configure the kube-controller-manager
ExtendedArguments map[string]Arguments `json:"extendedArguments"`
}
func (in *KubeControllerManagerConfig) DeepCopy() *KubeControllerManagerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerConfig.
func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *KubeControllerManagerConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (KubeControllerManagerConfig) SwaggerDoc() map[string]string
type KubeControllerManagerProjectConfig struct {
// defaultNodeSelector holds default project node label selector
DefaultNodeSelector string `json:"defaultNodeSelector"`
}
func (in *KubeControllerManagerProjectConfig) DeepCopy() *KubeControllerManagerProjectConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerProjectConfig.
func (in *KubeControllerManagerProjectConfig) DeepCopyInto(out *KubeControllerManagerProjectConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeControllerManagerProjectConfig) SwaggerDoc() map[string]string
KubeletConnectionInfo holds information necessary for connecting to a kubelet
type KubeletConnectionInfo struct {
// port is the port to connect to kubelets on
Port uint32 `json:"port"`
// ca is the CA for verifying TLS connections to kubelets
CA string `json:"ca"`
// CertInfo is the TLS client cert information for securing communication to kubelets
// this is anonymous so that we can inline it for serialization
configv1.CertInfo `json:",inline"`
}
func (in *KubeletConnectionInfo) DeepCopy() *KubeletConnectionInfo
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConnectionInfo.
func (in *KubeletConnectionInfo) DeepCopyInto(out *KubeletConnectionInfo)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (KubeletConnectionInfo) SwaggerDoc() map[string]string
MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators
type MasterAuthConfig struct {
// requestHeader holds options for setting up a front proxy against the API. It is optional.
RequestHeader *RequestHeaderAuthenticationOptions `json:"requestHeader"`
// webhookTokenAuthenticators, if present configures remote token reviewers
WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators"`
// oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization
// Server Metadata for an external OAuth server.
// See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
// This option is mutually exclusive with OAuthConfig
OAuthMetadataFile string `json:"oauthMetadataFile"`
}
func (in *MasterAuthConfig) DeepCopy() *MasterAuthConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MasterAuthConfig.
func (in *MasterAuthConfig) DeepCopyInto(out *MasterAuthConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (MasterAuthConfig) SwaggerDoc() map[string]string
RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.
type RequestHeaderAuthenticationOptions struct {
// clientCA is a file with the trusted signer certs. It is required.
ClientCA string `json:"clientCA"`
// clientCommonNames is a required list of common names to require a match from.
ClientCommonNames []string `json:"clientCommonNames"`
// usernameHeaders is the list of headers to check for user information. First hit wins.
UsernameHeaders []string `json:"usernameHeaders"`
// groupHeaders is the set of headers to check for group information. All are unioned.
GroupHeaders []string `json:"groupHeaders"`
// extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.
ExtraHeaderPrefixes []string `json:"extraHeaderPrefixes"`
}
func (in *RequestHeaderAuthenticationOptions) DeepCopy() *RequestHeaderAuthenticationOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderAuthenticationOptions.
func (in *RequestHeaderAuthenticationOptions) DeepCopyInto(out *RequestHeaderAuthenticationOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (RequestHeaderAuthenticationOptions) SwaggerDoc() map[string]string
ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.
type ServiceServingCert struct {
// CertFile is a file containing a PEM-encoded certificate
CertFile string `json:"certFile"`
}
func (in *ServiceServingCert) DeepCopy() *ServiceServingCert
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceServingCert.
func (in *ServiceServingCert) DeepCopyInto(out *ServiceServingCert)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ServiceServingCert) SwaggerDoc() map[string]string
UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client
type UserAgentDenyRule struct {
UserAgentMatchRule `json:",inline"`
// RejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.
RejectionMessage string `json:"rejectionMessage"`
}
func (in *UserAgentDenyRule) DeepCopy() *UserAgentDenyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAgentDenyRule.
func (in *UserAgentDenyRule) DeepCopyInto(out *UserAgentDenyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (UserAgentDenyRule) SwaggerDoc() map[string]string
UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb
type UserAgentMatchRule struct {
// regex is a regex that is checked against the User-Agent.
// Known variants of oc clients
// 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d
// 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f
// 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d
// 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f
// 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d
// 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f
// 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d
// 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f
Regex string `json:"regex"`
// httpVerbs specifies which HTTP verbs should be matched. An empty list means "match all verbs".
HTTPVerbs []string `json:"httpVerbs"`
}
func (in *UserAgentMatchRule) DeepCopy() *UserAgentMatchRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAgentMatchRule.
func (in *UserAgentMatchRule) DeepCopyInto(out *UserAgentMatchRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (UserAgentMatchRule) SwaggerDoc() map[string]string
UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!
type UserAgentMatchingConfig struct {
// requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed
RequiredClients []UserAgentMatchRule `json:"requiredClients"`
// deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes
DeniedClients []UserAgentDenyRule `json:"deniedClients"`
// defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.
DefaultRejectionMessage string `json:"defaultRejectionMessage"`
}
func (in *UserAgentMatchingConfig) DeepCopy() *UserAgentMatchingConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAgentMatchingConfig.
func (in *UserAgentMatchingConfig) DeepCopyInto(out *UserAgentMatchingConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (UserAgentMatchingConfig) SwaggerDoc() map[string]string
WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators
type WebhookTokenAuthenticator struct {
// configFile is a path to a Kubeconfig file with the webhook configuration
ConfigFile string `json:"configFile"`
// cacheTTL indicates how long an authentication result should be cached.
// It takes a valid time duration string (e.g. "5m").
// If empty, you get a default timeout of 2 minutes.
// If zero (e.g. "0m"), caching is disabled
CacheTTL string `json:"cacheTTL"`
}
func (in *WebhookTokenAuthenticator) DeepCopy() *WebhookTokenAuthenticator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookTokenAuthenticator.
func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string