-
Notifications
You must be signed in to change notification settings - Fork 155
/
types.go
341 lines (287 loc) · 12.3 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
/*
Copyright 2020 The Kubermatic Kubernetes Platform contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v2
import (
"github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1"
apiv1 "k8c.io/kubermatic/v2/pkg/api/v1"
crdapiv1 "k8c.io/kubermatic/v2/pkg/crd/kubermatic/v1"
corev1 "k8s.io/api/core/v1"
)
// ConstraintTemplate represents a gatekeeper ConstraintTemplate
// swagger:model ConstraintTemplate
type ConstraintTemplate struct {
Name string `json:"name"`
Spec crdapiv1.ConstraintTemplateSpec `json:"spec"`
Status v1beta1.ConstraintTemplateStatus `json:"status"`
}
// Constraint represents a gatekeeper Constraint
// swagger:model Constraint
type Constraint struct {
Name string `json:"name"`
Labels map[string]string `json:"labels,omitempty"`
Spec crdapiv1.ConstraintSpec `json:"spec"`
Status *ConstraintStatus `json:"status,omitempty"`
}
// ConstraintStatus represents a constraint status which holds audit info
type ConstraintStatus struct {
Enforcement string `json:"enforcement,omitempty"`
AuditTimestamp string `json:"auditTimestamp,omitempty"`
Violations []Violation `json:"violations,omitempty"`
Synced *bool `json:"synced,omitempty"`
}
// Violation represents a gatekeeper constraint violation
type Violation struct {
EnforcementAction string `json:"enforcementAction,omitempty"`
Kind string `json:"kind,omitempty"`
Message string `json:"message,omitempty"`
Name string `json:"name,omitempty"`
Namespace string `json:"namespace,omitempty"`
}
// GatekeeperConfig represents a gatekeeper config
// swagger:model GatekeeperConfig
type GatekeeperConfig struct {
Spec GatekeeperConfigSpec `json:"spec"`
}
type GatekeeperConfigSpec struct {
// Configuration for syncing k8s objects
Sync Sync `json:"sync,omitempty"`
// Configuration for validation
Validation Validation `json:"validation,omitempty"`
// Configuration for namespace exclusion
Match []MatchEntry `json:"match,omitempty"`
// Configuration for readiness tracker
Readiness ReadinessSpec `json:"readiness,omitempty"`
}
type Sync struct {
// If non-empty, entries on this list will be replicated into OPA
SyncOnly []GVK `json:"syncOnly,omitempty"`
}
type Validation struct {
// List of requests to trace. Both "user" and "kinds" must be specified
Traces []Trace `json:"traces,omitempty"`
}
type Trace struct {
// Only trace requests from the specified user
User string `json:"user,omitempty"`
// Only trace requests of the following GroupVersionKind
Kind GVK `json:"kind,omitempty"`
// Also dump the state of OPA with the trace. Set to `All` to dump everything.
Dump string `json:"dump,omitempty"`
}
type MatchEntry struct {
// Namespaces which will be excluded
ExcludedNamespaces []string `json:"excludedNamespaces,omitempty"`
// Processes which will be excluded in the given namespaces (sync, webhook, audit, *)
Processes []string `json:"processes,omitempty"`
}
type ReadinessSpec struct {
// enables stats for gatekeeper audit
StatsEnabled bool `json:"statsEnabled,omitempty"`
}
// GVK group version kind of a resource
type GVK struct {
Group string `json:"group,omitempty"`
Version string `json:"version,omitempty"`
Kind string `json:"kind,omitempty"`
}
// PresetList represents a list of presets
// swagger:model PresetList
type PresetList struct {
Items []Preset `json:"items"`
}
// Preset represents a preset
// swagger:model Preset
type Preset struct {
Name string `json:"name"`
Enabled bool `json:"enabled"`
Providers []PresetProvider `json:"providers"`
}
// PresetProvider represents a preset provider
// swagger:model PresetProvider
type PresetProvider struct {
Name crdapiv1.ProviderType `json:"name"`
Enabled bool `json:"enabled"`
}
// Alertmanager represents an Alertmanager Configuration
// swagger:model Alertmanager
type Alertmanager struct {
Spec AlertmanagerSpec `json:"spec"`
}
type AlertmanagerSpec struct {
// Config contains the alertmanager configuration in YAML
Config []byte `json:"config"`
}
// SeedSettings represents settings for a Seed cluster
// swagger:model SeedSettings
type SeedSettings struct {
// the Seed level MLA (Monitoring, Logging, and Alerting) stack settings
MLA MLA `json:"mla"`
// the Seed level metering settings
Metering crdapiv1.MeteringConfigurations `json:"metering"`
// the Seed level seed dns overwrite
SeedDNSOverwrite string `json:"seedDNSOverwrite,omitempty"`
}
type MLA struct {
// whether the user cluster MLA (Monitoring, Logging & Alerting) stack is enabled in the seed
UserClusterMLAEnabled bool `json:"user_cluster_mla_enabled"`
}
// ClusterTemplate represents a ClusterTemplate object
// swagger:model ClusterTemplate
type ClusterTemplate struct {
Name string `json:"name"`
ID string `json:"id"`
ProjectID string `json:"projectID,omitempty"`
User string `json:"user,omitempty"`
Scope string `json:"scope"`
UserSSHKeys []ClusterTemplateSSHKey `json:"userSshKeys,omitempty"`
Cluster *apiv1.Cluster `json:"cluster,omitempty"`
NodeDeployment *apiv1.NodeDeployment `json:"nodeDeployment,omitempty"`
}
// ClusterTemplateSSHKey represents SSH Key object for Cluster Template
// swagger:model ClusterTemplateSSHKey
type ClusterTemplateSSHKey struct {
Name string `json:"name"`
ID string `json:"id"`
}
// ClusterTemplateList represents a ClusterTemplate list
// swagger:model ClusterTemplateList
type ClusterTemplateList []ClusterTemplate
// ClusterTemplateInstance represents a ClusterTemplateInstance object
// swagger:model ClusterTemplateInstance
type ClusterTemplateInstance struct {
Name string `json:"name"`
Spec crdapiv1.ClusterTemplateInstanceSpec `json:"spec"`
}
// RuleGroup represents a rule group of recording and alerting rules.
// swagger:model RuleGroup
type RuleGroup struct {
// contains the RuleGroup data. Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/#rule_group
Data []byte `json:"data"`
// the type of this ruleGroup applies to. It can be `Metrics`.
Type crdapiv1.RuleGroupType `json:"type"`
}
// AllowedRegistry represents a object containing a allowed image registry prefix
// swagger:model AllowedRegistry
type AllowedRegistry struct {
Name string `json:"name"`
Spec crdapiv1.AllowedRegistrySpec `json:"spec"`
}
// EtcdBackupConfig represents an object holding the configuration for etcd backups
// swagger:model EtcdBackupConfig
type EtcdBackupConfig struct {
apiv1.ObjectMeta
Spec EtcdBackupConfigSpec `json:"spec"`
Status EtcdBackupConfigStatus `json:"status"`
}
type EtcdBackupConfigStatus struct {
// CurrentBackups tracks the creation and deletion progress if all backups managed by the EtcdBackupConfig
CurrentBackups []BackupStatus `json:"lastBackups,omitempty"`
// Conditions contains conditions of the EtcdBackupConfig
Conditions []EtcdBackupConfigCondition `json:"conditions,omitempty"`
// If the controller was configured with a cleanupContainer, CleanupRunning keeps track of the corresponding job
CleanupRunning bool `json:"cleanupRunning,omitempty"`
}
type BackupStatus struct {
// ScheduledTime will always be set when the BackupStatus is created, so it'll never be nil
ScheduledTime *apiv1.Time `json:"scheduledTime,omitempty"`
BackupName string `json:"backupName,omitempty"`
JobName string `json:"jobName,omitempty"`
BackupStartTime *apiv1.Time `json:"backupStartTime,omitempty"`
BackupFinishedTime *apiv1.Time `json:"backupFinishedTime,omitempty"`
BackupPhase crdapiv1.BackupStatusPhase `json:"backupPhase,omitempty"`
BackupMessage string `json:"backupMessage,omitempty"`
DeleteJobName string `json:"deleteJobName,omitempty"`
DeleteStartTime *apiv1.Time `json:"deleteStartTime,omitempty"`
DeleteFinishedTime *apiv1.Time `json:"deleteFinishedTime,omitempty"`
DeletePhase crdapiv1.BackupStatusPhase `json:"deletePhase,omitempty"`
DeleteMessage string `json:"deleteMessage,omitempty"`
}
type EtcdBackupConfigCondition struct {
// Type of EtcdBackupConfig condition.
Type crdapiv1.EtcdBackupConfigConditionType `json:"type"`
// Status of the condition, one of True, False, Unknown.
Status corev1.ConditionStatus `json:"status"`
// Last time we got an update on a given condition.
// +optional
LastHeartbeatTime apiv1.Time `json:"lastHeartbeatTime,omitempty"`
// Last time the condition transit from one status to another.
// +optional
LastTransitionTime apiv1.Time `json:"lastTransitionTime,omitempty"`
// (brief) reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty"`
// Human readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty"`
}
// EtcdBackupConfigSpec represents an object holding the etcd backup configuration specification
// swagger:model EtcdBackupConfigSpec
type EtcdBackupConfigSpec struct {
// ClusterID is the id of the cluster which will be backed up
ClusterID string `json:"clusterId"`
// Schedule is a cron expression defining when to perform
// the backup. If not set, the backup is performed exactly
// once, immediately.
Schedule string `json:"schedule,omitempty"`
// Keep is the number of backups to keep around before deleting the oldest one
// If not set, defaults to DefaultKeptBackupsCount. Only used if Schedule is set.
Keep *int `json:"keep,omitempty"`
}
// EtcdRestore represents an object holding the configuration for etcd backup restore
// swagger:model EtcdRestore
type EtcdRestore struct {
Name string `json:"name"`
Spec EtcdRestoreSpec `json:"spec"`
Status EtcdRestoreStatus `json:"status"`
}
type EtcdRestoreStatus struct {
Phase crdapiv1.EtcdRestorePhase `json:"phase"`
RestoreTime *apiv1.Time `json:"restoreTime,omitempty"`
}
// EtcdRestoreSpec represents an object holding the etcd backup restore configuration specification
// swagger:model EtcdRestoreSpec
type EtcdRestoreSpec struct {
// ClusterID is the id of the cluster which will be restored from the backup
ClusterID string `json:"clusterId"`
// BackupName is the name of the backup to restore from
BackupName string `json:"backupName"`
// BackupDownloadCredentialsSecret is the name of a secret in the cluster-xxx namespace containing
// credentials needed to download the backup
BackupDownloadCredentialsSecret string `json:"backupDownloadCredentialsSecret,omitempty"`
}
// OIDCSpec contains OIDC params that can be used to access user cluster.
// swagger:model OIDCSpec
type OIDCSpec struct {
IssuerURL string `json:"issuerUrl,omitempty"`
ClientID string `json:"clientId,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
}
// BackupCredentials contains credentials for etcd backups
// swagger:model BackupCredentials
type BackupCredentials struct {
S3BackupCredentials S3BackupCredentials `json:"s3,omitempty"`
}
// S3BackupCredentials contains credentials for S3 etcd backups
// swagger:model S3BackupCredentials
type S3BackupCredentials struct {
AccessKeyID string `json:"accessKeyId,omitempty"`
SecretAccessKey string `json:"secretAccessKey,omitempty"`
}
// MLAAdminSetting represents an object holding admin setting options for user cluster MLA (Monitoring, Logging and Alerting).
// swagger:model MLAAdminSetting
type MLAAdminSetting struct {
// MonitoringRateLimits contains rate-limiting configuration for monitoring in the user cluster.
MonitoringRateLimits *crdapiv1.MonitoringRateLimitSettings `json:"monitoringRateLimits,omitempty"`
// LoggingRateLimits contains rate-limiting configuration logging in the user cluster.
LoggingRateLimits *crdapiv1.LoggingRateLimitSettings `json:"loggingRateLimits,omitempty"`
}