Documentation
¶
Overview ¶
Code generated by "tools/audit_policy.go" DO NOT EDIT.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultKubernetesVersion = "<autogenerated on the build stage>"
This value is set on the controller build in the deckhouse-controller/go-build.sh script. Do not touch it !!!
View Source
var FeatureGatesMap = map[string]ComponentFeatures{ "1.30": { Kubelet: []string{ "InPlacePodVerticalScaling", "KubeletPodResourcesGet", "KubeletSeparateDiskGC", "MemoryQoS", "MutatingAdmissionPolicy", "SELinuxMount", "RecoverVolumeExpansionFailure", "RecursiveReadOnlyMounts", }, APIServer: []string{ "CrossNamespaceVolumeDataSource", "HPAScaleToZero", "InPlacePodVerticalScaling", "JobManagedBy", "MaxUnavailableStatefulSet", "MutatingAdmissionPolicy", "PortForwardWebsockets", "ProcMountType", "SELinuxMount", "ConsistentListFromCache", "CustomResourceFieldSelectors", "JobSuccessPolicy", "LoadBalancerIPMode", "MatchLabelKeysInPodAffinity", "OrderedNamespaceDeletion", "RecoverVolumeExpansionFailure", "RecursiveReadOnlyMounts", "RelaxedEnvironmentVariableValidation", "RetryGenerateName", "ServiceAccountTokenNodeBinding", "StrictCostEnforcementForVAP", }, KubeControllerManager: []string{ "CrossNamespaceVolumeDataSource", "InPlacePodVerticalScaling", "JobManagedBy", "MaxUnavailableStatefulSet", "SELinuxMount", "HonorPVReclaimPolicy", "JobSuccessPolicy", "RecoverVolumeExpansionFailure", }, KubeScheduler: []string{ "InPlacePodVerticalScaling", "SchedulerQueueingHints", }, }, "1.31": { Deprecated: []string{ "AllowDNSOnlyNodeCSR", "AllowInsecureKubeletCertificateSigningRequests", "DisableNodeKubeProxyVersion", }, Kubelet: []string{ "ConcurrentWatchObjectDecode", "ImageVolume", "InPlacePodVerticalScaling", "KubeletPodResourcesGet", "MemoryQoS", "MutatingAdmissionPolicy", "ResourceHealthStatus", "SELinuxMount", "RecoverVolumeExpansionFailure", }, APIServer: []string{ "ConcurrentWatchObjectDecode", "CrossNamespaceVolumeDataSource", "HPAScaleToZero", "ImageVolume", "InPlacePodVerticalScaling", "JobManagedBy", "MaxUnavailableStatefulSet", "MutatingAdmissionPolicy", "ProcMountType", "ResourceHealthStatus", "SELinuxMount", "AuthorizeNodeWithSelectors", "AuthorizeWithSelectors", "DisableAllocatorDualWrite", "OrderedNamespaceDeletion", "RecoverVolumeExpansionFailure", "RelaxedEnvironmentVariableValidation", "StrictCostEnforcementForVAP", "StrictCostEnforcementForWebhooks", }, KubeControllerManager: []string{ "ConcurrentWatchObjectDecode", "CrossNamespaceVolumeDataSource", "InPlacePodVerticalScaling", "JobManagedBy", "MaxUnavailableStatefulSet", "SELinuxMount", "RecoverVolumeExpansionFailure", }, KubeScheduler: []string{ "ConcurrentWatchObjectDecode", "InPlacePodVerticalScaling", "SchedulerQueueingHints", }, }, "1.32": { Deprecated: []string{ "DisableNodeKubeProxyVersion", }, Kubelet: []string{ "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ImageVolume", "InPlacePodVerticalScaling", "KubeletPodResourcesGet", "MemoryQoS", "MutatingAdmissionPolicy", "PodLogsQuerySplitStreams", "ResourceHealthStatus", "SELinuxMount", "InPlacePodVerticalScalingAllocatedStatus", }, APIServer: []string{ "AllowUnsafeMalformedObjectDeletion", "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "CrossNamespaceVolumeDataSource", "HPAScaleToZero", "ImageVolume", "InPlacePodVerticalScaling", "MaxUnavailableStatefulSet", "MutatingAdmissionPolicy", "PodLogsQuerySplitStreams", "ProcMountType", "ResourceHealthStatus", "SELinuxChangePolicy", "SELinuxMount", "DisableAllocatorDualWrite", "InPlacePodVerticalScalingAllocatedStatus", "OrderedNamespaceDeletion", "PodLifecycleSleepActionAllowZero", "RelaxedDNSSearchValidation", }, KubeControllerManager: []string{ "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "CrossNamespaceVolumeDataSource", "InPlacePodVerticalScaling", "MaxUnavailableStatefulSet", "SELinuxChangePolicy", "SELinuxMount", }, KubeScheduler: []string{ "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "InPlacePodVerticalScaling", "SchedulerAsyncPreemption", }, }, "1.33": { Deprecated: []string{ "DisableNodeKubeProxyVersion", "GitRepoVolumeDriver", "InPlacePodVerticalScalingAllocatedStatus", "SeparateCacheWatchRPC", "StorageNamespaceIndex", "WatchFromStorageWithoutResourceVersion", "WindowsHostNetwork", }, Kubelet: []string{ "AllowParsingUserUIDFromCertAuth", "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ContainerStopSignals", "ImageVolume", "KubeletEnsureSecretPulledImages", "KubeletPodResourcesGet", "KubeletPSI", "MemoryQoS", "MutatingAdmissionPolicy", "PodLogsQuerySplitStreams", "PodObservedGenerationTracking", "ResourceHealthStatus", "SELinuxMount", }, APIServer: []string{ "AllowParsingUserUIDFromCertAuth", "AllowUnsafeMalformedObjectDeletion", "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ContainerStopSignals", "CrossNamespaceVolumeDataSource", "DeploymentReplicaSetTerminatingReplicas", "HPAConfigurableTolerance", "HPAScaleToZero", "ImageVolume", "ListFromCacheSnapshot", "MaxUnavailableStatefulSet", "MutatingAdmissionPolicy", "PodLogsQuerySplitStreams", "PreferSameTrafficDistribution", "ResourceHealthStatus", "SELinuxMount", "StrictIPCIDRValidation", "DisableAllocatorDualWrite", }, KubeControllerManager: []string{ "AllowParsingUserUIDFromCertAuth", "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "CrossNamespaceVolumeDataSource", "DeploymentReplicaSetTerminatingReplicas", "HPAConfigurableTolerance", "MaxUnavailableStatefulSet", "PodObservedGenerationTracking", "PreferSameTrafficDistribution", "SELinuxMount", }, KubeScheduler: []string{ "AllowParsingUserUIDFromCertAuth", "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "PodObservedGenerationTracking", }, }, "1.34": { Kubelet: []string{ "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ContainerRestartRules", "ContainerStopSignals", "EnvFiles", "HostnameOverride", "ImageVolume", "KubeletEnsureSecretPulledImages", "MemoryQoS", "MutatingAdmissionPolicy", "PodLogsQuerySplitStreams", "ResourceHealthStatus", "SELinuxMount", }, APIServer: []string{ "AllowUnsafeMalformedObjectDeletion", "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ContainerRestartRules", "ContainerStopSignals", "CrossNamespaceVolumeDataSource", "DeploymentReplicaSetTerminatingReplicas", "EnvFiles", "HPAConfigurableTolerance", "HPAScaleToZero", "ImageVolume", "MaxUnavailableStatefulSet", "MutatingAdmissionPolicy", "PodLogsQuerySplitStreams", "ResourceHealthStatus", "SELinuxMount", "StrictIPCIDRValidation", }, KubeControllerManager: []string{ "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ContainerRestartRules", "CrossNamespaceVolumeDataSource", "DeploymentReplicaSetTerminatingReplicas", "HPAConfigurableTolerance", "MaxUnavailableStatefulSet", "SELinuxMount", }, KubeScheduler: []string{ "ComponentFlagz", "ComponentStatusz", "ConcurrentWatchObjectDecode", "ContainerRestartRules", }, }, }
Functions ¶
This section is empty.
Types ¶
type ComponentFeatures ¶ added in v1.74.0
type ComponentFeatures struct {
Deprecated []string
Forbidden []string
Kubelet []string
APIServer []string
KubeControllerManager []string
KubeScheduler []string
}
func (*ComponentFeatures) GetFeatureGateInfo ¶ added in v1.74.0
func (cf *ComponentFeatures) GetFeatureGateInfo(component, featureName string) FeatureGateInfo
func (*ComponentFeatures) IsDeprecated ¶ added in v1.74.0
func (cf *ComponentFeatures) IsDeprecated(feature string) bool
func (*ComponentFeatures) IsForbidden ¶ added in v1.74.0
func (cf *ComponentFeatures) IsForbidden(feature string) bool
func (*ComponentFeatures) ValidateFeature ¶ added in v1.74.0
func (cf *ComponentFeatures) ValidateFeature(feature string) error
type ConfigMapInfo ¶ added in v1.64.0
type ConfigMapInfo struct {
ServiceAccounts []string
}
type FeatureGateInfo ¶ added in v1.74.0
type KubeSchedulerWebhook ¶ added in v1.64.0
type KubeSchedulerWebhook struct {
Weight int `json:"weight" yaml:"weight"`
FailurePolicy string `json:"failurePolicy" yaml:"failurePolicy"`
ClientConfig KubeSchedulerWebhookClientConfig `json:"clientConfig" yaml:"clientConfig"`
TimeoutSeconds int `json:"timeoutSeconds" yaml:"timeoutSeconds"`
}
type KubeSchedulerWebhookClientConfig ¶ added in v1.64.0
type KubeSchedulerWebhookClientConfig struct {
Service KubeSchedulerWebhookService `json:"service" yaml:"service"`
CABundle string `json:"caBundle" yaml:"caBundle"`
}
type KubeSchedulerWebhookConfiguration ¶ added in v1.64.0
type KubeSchedulerWebhookConfiguration struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Webhooks []KubeSchedulerWebhook `json:"webhooks" yaml:"webhooks"`
}
type KubeSchedulerWebhookService ¶ added in v1.64.0
type KubernetesVersion ¶ added in v1.74.0
type KubernetesVersion string
func (KubernetesVersion) IsGreaterThan ¶ added in v1.74.0
func (v KubernetesVersion) IsGreaterThan(other KubernetesVersion) bool
func (KubernetesVersion) Normalize ¶ added in v1.74.0
func (v KubernetesVersion) Normalize() KubernetesVersion
type SecretEncryptionKey ¶
type SecretEncryptionKey []byte
Source Files
¶
- arguments.go
- audit_policy.go
- audit_policy_basic_targets_generated.go
- check_etcd_peer_urls.go
- common.go
- discover_modules.go
- effective_kubernetes_version.go
- ensure_secret_encryption_key.go
- etcd_quota_backend_bytes.go
- feature_gates_generated.go
- get_feature_gates.go
- get_pki_checksum.go
- kube_scheduler_extenders.go
- kubeadm_config_cleanup.go
- label_heritage_on_kube_system.go
- lock_main_queue.go
- reconcile_etcd_members.go
- reconcile_masters_node.go
- rollout_epoch.go
- set_nodes_count.go
- update_approval.go
Click to show internal directories.
Click to hide internal directories.