-
Notifications
You must be signed in to change notification settings - Fork 473
/
types.go
104 lines (91 loc) · 4.25 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package config
import (
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
componentbaseconfig "k8s.io/component-base/config"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// AdmissionControllerConfiguration defines the configuration for the Gardener admission controller.
type AdmissionControllerConfiguration struct {
metav1.TypeMeta
// GardenClientConnection specifies the kubeconfig file and the client connection settings
// when communicating with the garden apiserver.
GardenClientConnection componentbaseconfig.ClientConnectionConfiguration
// LogLevel is the level/severity for the logs. Must be one of [info,debug,error].
// Defaults to "info".
LogLevel string
// LogFormat is the format for the logs. Must be one of [json,text].
// Defaults to "json".
LogFormat string
// Server defines the configuration of the HTTP server.
Server ServerConfiguration
// Debugging holds configuration for Debugging related features.
Debugging *componentbaseconfig.DebuggingConfiguration
}
// ServerConfiguration contains details for the HTTP(S) servers.
type ServerConfiguration struct {
// Webhooks is the configuration for the HTTPS webhook server.
Webhooks HTTPSServer
// HealthProbes is the configuration for serving the healthz and readyz endpoints.
HealthProbes *Server
// Metrics is the configuration for serving the metrics endpoint.
Metrics *Server
// ResourceAdmissionConfiguration is the configuration for the resource admission.
ResourceAdmissionConfiguration *ResourceAdmissionConfiguration
// EnableDebugHandlers determines whether the /debug/ handlers are enabled.
EnableDebugHandlers *bool
}
// ResourceAdmissionConfiguration contains settings about arbitrary kinds and the size each resource should have at most.
type ResourceAdmissionConfiguration struct {
// Limits contains configuration for resources which are subjected to size limitations.
Limits []ResourceLimit
// UnrestrictedSubjects contains references to users, groups, or service accounts which aren't subjected to any resource size limit.
UnrestrictedSubjects []rbacv1.Subject
// OperationMode specifies the mode the webhooks operates in. Allowed values are "block" and "log". Defaults to "block".
OperationMode *ResourceAdmissionWebhookMode
}
// ResourceAdmissionWebhookMode is an alias type for the resource admission webhook mode.
type ResourceAdmissionWebhookMode string
// WildcardAll is a character which represents all elements in a set.
const WildcardAll = "*"
// ResourceLimit contains settings about a kind and the size each resource should have at most.
type ResourceLimit struct {
// APIGroup is the name of the APIGroup that contains the limited resource. WildcardAll represents all groups.
APIGroups []string
// APIVersions is the version of the resource. WildcardAll represents all versions.
APIVersions []string
// Resource is the name of the resource this rule applies to. WildcardAll represents all resources.
Resources []string
// Size specifies the imposed limit.
Size resource.Quantity
}
// Server contains information for HTTP(S) server configuration.
type Server struct {
// BindAddress is the IP address on which to listen for the specified port.
BindAddress string
// Port is the port on which to serve requests.
Port int
}
// HTTPSServer is the configuration for the HTTPSServer server.
type HTTPSServer struct {
// Server is the configuration for the bind address and the port.
Server
// TLSServer contains information about the TLS configuration for a HTTPS server.
TLS TLSServer
}
// TLSServer contains information about the TLS configuration for a HTTPS server.
type TLSServer struct {
// ServerCertDir is the path to a directory containing the server's TLS certificate and key (the files must be
// named tls.crt and tls.key respectively).
ServerCertDir string
}
const (
// AdmissionModeBlock specifies that the webhook should block violating requests.
AdmissionModeBlock ResourceAdmissionWebhookMode = "block"
// AdmissionModeLog specifies that the webhook should only log violating requests.
AdmissionModeLog ResourceAdmissionWebhookMode = "log"
)