-
Notifications
You must be signed in to change notification settings - Fork 458
/
types.go
113 lines (101 loc) · 5.15 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1alpha1
import (
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
componentbaseconfigv1alpha1 "k8s.io/component-base/config/v1alpha1"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// AdmissionControllerConfiguration defines the configuration for the Gardener admission controller.
type AdmissionControllerConfiguration struct {
metav1.TypeMeta `json:",inline"`
// GardenClientConnection specifies the kubeconfig file and the client connection settings
// when communicating with the garden apiserver.
GardenClientConnection componentbaseconfigv1alpha1.ClientConnectionConfiguration `json:"gardenClientConnection"`
// LogLevel is the level/severity for the logs. Must be one of [info,debug,error].
LogLevel string `json:"logLevel"`
// Server defines the configuration of the HTTP server.
Server ServerConfiguration `json:"server"`
// Debugging holds configuration for Debugging related features.
// +optional
Debugging *componentbaseconfigv1alpha1.DebuggingConfiguration `json:"debugging,omitempty"`
}
// ServerConfiguration contains details for the HTTP(S) servers.
type ServerConfiguration struct {
// HTTPS is the configuration for the HTTPS webhook server.
// TODO: rename this to Webhooks
HTTPS HTTPSServer `json:"https"`
// HealthProbes is the configuration for serving the healthz and readyz endpoints.
// +optional
HealthProbes *Server `json:"healthProbes,omitempty"`
// Metrics is the configuration for serving the metrics endpoint.
// +optional
Metrics *Server `json:"metrics,omitempty"`
// ResourceAdmissionConfiguration is the configuration for the resource admission.
// +optional
ResourceAdmissionConfiguration *ResourceAdmissionConfiguration `json:"resourceAdmissionConfiguration,omitempty"`
// EnableDebugHandlers determines whether the /debug/ handlers are enabled.
// +optional
EnableDebugHandlers *bool `json:"enableDebugHandlers,omitempty"`
}
// ResourceAdmissionConfiguration contains settings about arbitrary kinds and the size each resource should have at most.
type ResourceAdmissionConfiguration struct {
// Limits contains configuration for resources which are subjected to size limitations.
Limits []ResourceLimit `json:"limits"`
// UnrestrictedSubjects contains references to users, groups, or service accounts which aren't subjected to any resource size limit.
// +optional
UnrestrictedSubjects []rbacv1.Subject `json:"unrestrictedSubjects,omitempty"`
// OperationMode specifies the mode the webhooks operates in. Allowed values are "block" and "log". Defaults to "block".
// +optional
OperationMode *ResourceAdmissionWebhookMode `json:"operationMode,omitempty"`
}
// ResourceAdmissionWebhookMode is an alias type for the resource admission webhook mode.
type ResourceAdmissionWebhookMode string
// WildcardAll is a character which represents all elements in a set.
const WildcardAll = "*"
// ResourceLimit contains settings about a kind and the size each resource should have at most.
type ResourceLimit struct {
// APIGroups is the name of the APIGroup that contains the limited resource. WildcardAll represents all groups.
// +optional
APIGroups []string `json:"apiGroups,omitempty"`
// APIVersions is the version of the resource. WildcardAll represents all versions.
// +optional
APIVersions []string `json:"apiVersions,omitempty"`
// Resources is the name of the resource this rule applies to. WildcardAll represents all resources.
Resources []string `json:"resources"`
// Size specifies the imposed limit.
Size resource.Quantity `json:"size"`
}
// Server contains information for HTTP(S) server configuration.
type Server struct {
// BindAddress is the IP address on which to listen for the specified port.
BindAddress string `json:"bindAddress"`
// Port is the port on which to serve requests.
Port int `json:"port"`
}
// HTTPSServer is the configuration for the HTTPSServer server.
type HTTPSServer struct {
// Server is the configuration for the bind address and the port.
Server `json:",inline"`
// TLSServer contains information about the TLS configuration for a HTTPS server.
TLS TLSServer `json:"tls"`
}
// TLSServer contains information about the TLS configuration for a HTTPS server.
type TLSServer struct {
// ServerCertDir is the path to a directory containing the server's TLS certificate and key (the files must be
// named tls.crt and tls.key respectively).
ServerCertDir string `json:"serverCertDir"`
}