Documentation
¶
Index ¶
Constants ¶
const (
// The stage for events generated after the audit handler receives the request, but before it
// is delegated down the handler chain.
StageRequestReceived = "RequestReceived"
// The stage for events generated after the response headers are sent, but before the response body
// is sent. This stage is only generated for long-running requests (e.g. watch).
StageResponseStarted = "ResponseStarted"
// The stage for events generated after the response body has been completed, and no more bytes
// will be sent.
StageResponseComplete = "ResponseComplete"
// The stage for events generated when a panic occurred.
StagePanic = "Panic"
)
Valid audit stages.
const GroupName = "auditregistration.k8s.io"
GroupName is the group name use in this package
Variables ¶
var (
// SchemeBuilder for audit registration
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// AddToScheme audit registration
AddToScheme = SchemeBuilder.AddToScheme
)
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
Types ¶
type AuditSink ¶
type AuditSink struct {
metav1.TypeMeta
// +optional
metav1.ObjectMeta
// Spec defines the audit sink spec
Spec AuditSinkSpec
}
AuditSink represents a cluster level sink for audit data
func (*AuditSink) DeepCopy ¶
func (in *AuditSink) DeepCopy() *AuditSink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSink.
func (*AuditSink) DeepCopyInto ¶
func (in *AuditSink) DeepCopyInto(out *AuditSink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuditSink) DeepCopyObject ¶
func (in *AuditSink) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuditSinkList ¶
type AuditSinkList struct {
metav1.TypeMeta
// +optional
metav1.ListMeta
// List of audit configurations.
Items []AuditSink
}
AuditSinkList is a list of a audit sink items.
func (*AuditSinkList) DeepCopy ¶
func (in *AuditSinkList) DeepCopy() *AuditSinkList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkList.
func (*AuditSinkList) DeepCopyInto ¶
func (in *AuditSinkList) DeepCopyInto(out *AuditSinkList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuditSinkList) DeepCopyObject ¶
func (in *AuditSinkList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuditSinkSpec ¶
type AuditSinkSpec struct {
// Policy defines the policy for selecting which events should be sent to the backend
// required
Policy Policy
// Webhook to send events
// required
Webhook Webhook
}
AuditSinkSpec is the spec for the audit sink object
func (*AuditSinkSpec) DeepCopy ¶
func (in *AuditSinkSpec) DeepCopy() *AuditSinkSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkSpec.
func (*AuditSinkSpec) DeepCopyInto ¶
func (in *AuditSinkSpec) DeepCopyInto(out *AuditSinkSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Level ¶
type Level string
Level defines the amount of information logged during auditing
const (
// LevelNone disables auditing
LevelNone Level = "None"
// LevelMetadata provides the basic level of auditing.
LevelMetadata Level = "Metadata"
// LevelRequest provides Metadata level of auditing, and additionally
// logs the request object (does not apply for non-resource requests).
LevelRequest Level = "Request"
// LevelRequestResponse provides Request level of auditing, and additionally
// logs the response object (does not apply for non-resource requests and watches).
LevelRequestResponse Level = "RequestResponse"
)
Valid audit levels
type Policy ¶
type Policy struct {
// The Level that all requests are recorded at.
// available options: None, Metadata, Request, RequestResponse
// required
Level Level
// Stages is a list of stages for which events are created.
// +optional
Stages []Stage
}
Policy defines the configuration of how audit events are logged
func (*Policy) DeepCopy ¶
func (in *Policy) DeepCopy() *Policy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶
func (in *Policy) DeepCopyInto(out *Policy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceReference ¶
type ServiceReference struct {
// `namespace` is the namespace of the service.
// Required
Namespace string
// `name` is the name of the service.
// Required
Name string
// `path` is an optional URL path which will be sent in any request to
// this service.
// +optional
Path *string
}
ServiceReference holds a reference to Service.legacy.k8s.io
func (*ServiceReference) DeepCopy ¶
func (in *ServiceReference) DeepCopy() *ServiceReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.
func (*ServiceReference) DeepCopyInto ¶
func (in *ServiceReference) DeepCopyInto(out *ServiceReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Stage ¶
type Stage string
Stage defines the stages in request handling during which audit events may be generated.
type Webhook ¶
type Webhook struct {
// Throttle holds the options for throttling the webhook
// +optional
Throttle *WebhookThrottleConfig
// ClientConfig holds the connection parameters for the webhook
// required
ClientConfig WebhookClientConfig
}
Webhook holds the configuration of the webhooks
func (*Webhook) DeepCopy ¶
func (in *Webhook) DeepCopy() *Webhook
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Webhook.
func (*Webhook) DeepCopyInto ¶
func (in *Webhook) DeepCopyInto(out *Webhook)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookClientConfig ¶
type WebhookClientConfig struct {
// `url` gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
URL *string
// `service` is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte
}
WebhookClientConfig contains the information to make a connection with the webhook
func (*WebhookClientConfig) DeepCopy ¶
func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.
func (*WebhookClientConfig) DeepCopyInto ¶
func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookThrottleConfig ¶
type WebhookThrottleConfig struct {
// QPS maximum number of batches per second
// default 10 QPS
// +optional
QPS *int64
// Burst is the maximum number of events sent at the same moment
// default 15 QPS
// +optional
Burst *int64
}
WebhookThrottleConfig holds the configuration for throttling
func (*WebhookThrottleConfig) DeepCopy ¶
func (in *WebhookThrottleConfig) DeepCopy() *WebhookThrottleConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookThrottleConfig.
func (*WebhookThrottleConfig) DeepCopyInto ¶
func (in *WebhookThrottleConfig) DeepCopyInto(out *WebhookThrottleConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package install adds the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install adds the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |