/* Copyright 2017 The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package apiserver import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // AdmissionConfiguration provides versioned configuration for admission controllers. type AdmissionConfiguration struct { metav1.TypeMeta // Plugins allows specifying a configuration per admission control plugin. // +optional Plugins []AdmissionPluginConfiguration } // AdmissionPluginConfiguration provides the configuration for a single plug-in. type AdmissionPluginConfiguration struct { // Name is the name of the admission controller. // It must match the registered admission plugin name. Name string // Path is the path to a configuration file that contains the plugin's // configuration // +optional Path string // Configuration is an embedded configuration object to be used as the plugin's // configuration. If present, it will be used instead of the path to the configuration file. // +optional Configuration *runtime.Unknown } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // EgressSelectorConfiguration provides versioned configuration for egress selector clients. type EgressSelectorConfiguration struct { metav1.TypeMeta // EgressSelections contains a list of egress selection client configurations EgressSelections []EgressSelection } // EgressSelection provides the configuration for a single egress selection client. type EgressSelection struct { // Name is the name of the egress selection. // Currently supported values are "controlplane", "etcd" and "cluster" Name string // Connection is the exact information used to configure the egress selection Connection Connection } // Connection provides the configuration for a single egress selection client. type Connection struct { // Protocol is the protocol used to connect from client to the konnectivity server. ProxyProtocol ProtocolType // Transport defines the transport configurations we use to dial to the konnectivity server. // This is required if ProxyProtocol is HTTPConnect or GRPC. // +optional Transport *Transport } // ProtocolType is a set of valid values for Connection.ProtocolType type ProtocolType string // Valid types for ProtocolType for konnectivity server const ( // Use HTTPConnect to connect to konnectivity server ProtocolHTTPConnect ProtocolType = "HTTPConnect" // Use grpc to connect to konnectivity server ProtocolGRPC ProtocolType = "GRPC" // Connect directly (skip konnectivity server) ProtocolDirect ProtocolType = "Direct" ) // Transport defines the transport configurations we use to dial to the konnectivity server type Transport struct { // TCP is the TCP configuration for communicating with the konnectivity server via TCP // ProxyProtocol of GRPC is not supported with TCP transport at the moment // Requires at least one of TCP or UDS to be set // +optional TCP *TCPTransport // UDS is the UDS configuration for communicating with the konnectivity server via UDS // Requires at least one of TCP or UDS to be set // +optional UDS *UDSTransport } // TCPTransport provides the information to connect to konnectivity server via TCP type TCPTransport struct { // URL is the location of the konnectivity server to connect to. // As an example it might be "https://127.0.0.1:8131" URL string // TLSConfig is the config needed to use TLS when connecting to konnectivity server // +optional TLSConfig *TLSConfig } // UDSTransport provides the information to connect to konnectivity server via UDS type UDSTransport struct { // UDSName is the name of the unix domain socket to connect to konnectivity server // This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket) UDSName string } // TLSConfig provides the authentication information to connect to konnectivity server // Only used with TCPTransport type TLSConfig struct { // caBundle is the file location of the CA to be used to determine trust with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // If absent while TCPTransport.URL is prefixed with https://, default to system trust roots. // +optional CABundle string // clientKey is the file location of the client key to authenticate with the konnectivity server // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string // clientCert is the file location of the client certificate to authenticate with the konnectivity server // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientCert string } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // TracingConfiguration provides versioned configuration for tracing clients. type TracingConfiguration struct { metav1.TypeMeta // +optional // Endpoint of the collector that's running on the control-plane node. // The APIServer uses the egressType ControlPlane when sending data to the collector. // The syntax is defined in https://github.com/grpc/grpc/blob/master/doc/naming.md. // Defaults to the otlp grpc default, localhost:4317 // The connection is insecure, and does not currently support TLS. Endpoint *string // +optional // SamplingRatePerMillion is the number of samples to collect per million spans. // Defaults to 0. SamplingRatePerMillion *int32 }