Documentation
¶
Overview ¶
+kubebuilder:validation:Optional +groupName=operator.openshift.io
Package v1alpha1 contains API Schema definitions for the operator.openshift.io v1alpha1 API group +kubebuilder:object:generate=true +groupName=operator.openshift.io
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type CertManager
- type CertManagerConfig
- type CertManagerList
- type CertManagerResourceRequirements
- type CertManagerScheduling
- type CertManagerSpec
- type CertManagerStatus
- type ConditionalStatus
- type ControllerConfig
- type DeploymentConfig
- type IstioCSR
- type IstioCSRConfig
- type IstioCSRList
- type IstioCSRSpec
- type IstioCSRStatus
- type IstioConfig
- type IstiodTLSConfig
- type ServerConfig
- type UnsupportedConfigOverrides
- type UnsupportedConfigOverridesForCertManagerCAInjector
- type UnsupportedConfigOverridesForCertManagerController
- type UnsupportedConfigOverridesForCertManagerWebhook
Constants ¶
const ( // Degraded is the condition type used to inform state of the operator when // it has failed with irrecoverable error like permission issues. // DebugEnabled has the following options: // Status: // - True // - False // Reason: // - Failed Degraded string = "Degraded" // Ready is the condition type used to inform state of readiness of the // operator to process istio-csr enabling requests. // Status: // - True // - False // Reason: // - Progressing // - Failed // - Ready: operand successfully deployed and ready Ready string = "Ready" )
const ( ReasonFailed string = "Failed" ReasonReady string = "Ready" ReasonInProgress string = "Progressing" )
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "operator.openshift.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( // TechPreview: v1.15 // // IstioCSR enables the controller for istiocsr.operator.openshift.io resource, // which extends cert-manager-operator to deploy and manage the istio-csr agent. // OpenShift Service Mesh facilitates the integration and istio-csr is an agent that // allows Istio workload and control plane components to be secured using cert-manager. // // For more details, // https://github.com/openshift/enhancements/blob/master/enhancements/cert-manager/istio-csr-controller.md FeatureIstioCSR featuregate.Feature = "IstioCSR" )
var OperatorFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ FeatureIstioCSR: {Default: false, PreRelease: "TechPreview"}, }
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Manually added to conform to k8s code-generator lister-gen. Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type CertManager ¶
type CertManager struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// +kubebuilder:validation:Required
// +required
Spec CertManagerSpec `json:"spec,omitempty"`
// +optional
Status CertManagerStatus `json:"status,omitempty"`
}
CertManager is the Schema for the certmanagers API +operator-sdk:csv:customresourcedefinitions:displayName="CertManager"
func (*CertManager) DeepCopy ¶
func (in *CertManager) DeepCopy() *CertManager
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManager.
func (*CertManager) DeepCopyInto ¶
func (in *CertManager) DeepCopyInto(out *CertManager)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertManager) DeepCopyObject ¶
func (in *CertManager) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertManagerConfig ¶
type CertManagerConfig struct {
// issuerRef contains details to the referenced object used for
// obtaining the certificates. When issuerRef.Kind is Issuer, it must exist in the
// .spec.istioCSRConfig.istio.namespace.
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="issuerRef is immutable once set"
// +kubebuilder:validation:XValidation:rule="self.kind.lowerAscii() == 'issuer' || self.kind.lowerAscii() == 'clusterissuer'",message="kind must be either 'Issuer' or 'ClusterIssuer'"
// +kubebuilder:validation:XValidation:rule="self.group.lowerAscii() == 'cert-manager.io'",message="group must be 'cert-manager.io'"
// +kubebuilder:validation:Required
// +required
IssuerRef certmanagerv1.ObjectReference `json:"issuerRef,omitempty"`
}
CertManagerConfig is for configuring cert-manager specifics. +kubebuilder:validation:XValidation:rule="!has(oldSelf.issuerRef) && !has(self.issuerRef) || has(oldSelf.issuerRef) && has(self.issuerRef)",message="issuerRef may only be configured during creation"
func (*CertManagerConfig) DeepCopy ¶
func (in *CertManagerConfig) DeepCopy() *CertManagerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerConfig.
func (*CertManagerConfig) DeepCopyInto ¶
func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertManagerList ¶
type CertManagerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []CertManager `json:"items"`
}
CertManagerList contains a list of CertManager
func (*CertManagerList) DeepCopy ¶
func (in *CertManagerList) DeepCopy() *CertManagerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerList.
func (*CertManagerList) DeepCopyInto ¶
func (in *CertManagerList) DeepCopyInto(out *CertManagerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertManagerList) DeepCopyObject ¶
func (in *CertManagerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertManagerResourceRequirements ¶
type CertManagerResourceRequirements struct {
// Limits describes the maximum amount of compute resources allowed.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// +optional
Limits corev1.ResourceList `json:"limits,omitempty" protobuf:"bytes,1,rep,name=limits,casttype=ResourceList,castkey=ResourceName"`
// Requests describes the minimum amount of compute resources required.
// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
// otherwise to an implementation-defined value.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// +optional
Requests corev1.ResourceList `json:"requests,omitempty" protobuf:"bytes,2,rep,name=requests,casttype=ResourceList,castkey=ResourceName"`
}
CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands, namely the controller, webhook and cainjector.
func (*CertManagerResourceRequirements) DeepCopy ¶
func (in *CertManagerResourceRequirements) DeepCopy() *CertManagerResourceRequirements
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerResourceRequirements.
func (*CertManagerResourceRequirements) DeepCopyInto ¶
func (in *CertManagerResourceRequirements) DeepCopyInto(out *CertManagerResourceRequirements)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertManagerScheduling ¶
type CertManagerScheduling struct {
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
// +mapType=atomic
NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"`
// Tolerations are attached to the pod to tolerate any taint that matches the
// taint's key, value and effect using the toleration's matching operator.
// More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
// +optional
// +listType=atomic
Tolerations []corev1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"`
}
CertManagerScheduling describes the scheduling configurations for the cert-manager operands, namely the controller, webhook and cainjector.
func (*CertManagerScheduling) DeepCopy ¶
func (in *CertManagerScheduling) DeepCopy() *CertManagerScheduling
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerScheduling.
func (*CertManagerScheduling) DeepCopyInto ¶
func (in *CertManagerScheduling) DeepCopyInto(out *CertManagerScheduling)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertManagerSpec ¶
type CertManagerSpec struct {
apiv1.OperatorSpec `json:",inline"`
// ControllerConfig specifies further customization options for the controller's deployment spec.
//
// Possible customizations include the following,
//
// For OverrideArgs,
// This field appends values to .spec.template.spec.containers[...].args. The container
// that will be selected will be based on image present on the spec. Possible values are,
// Eg:
// - "--acme-http01-solver-nameservers="8.8.8.8:53,1.1.1.1:53"
// - "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53"
// - "--dns01-recursive-nameservers-only"
//
// For OverrideEnvs,
// This field appends values to .spec.template.spec.containers[...].env. The container
// that will be selected will be based on image present on the spec. Possible values are,
// Eg:
// - "HTTP_PROXY": "http://proxy:8080"
//
// +kubebuilder:validation:Optional
// +optional
ControllerConfig *DeploymentConfig `json:"controllerConfig,omitempty"`
// WebhookConfig specifies further customization options for the webhook's deployment spec.
//
// Possible customizations include the following,
//
// For OverrideArgs,
// --config string Path to a file containing a WebhookConfiguration object used to configure the webhook
// --dynamic-serving-ca-secret-name string name of the secret used to store the CA that signs serving certificates certificates
// --dynamic-serving-ca-secret-namespace string namespace of the secret used to store the CA that signs serving certificates
// --dynamic-serving-dns-names strings DNS names that should be present on certificates generated by the dynamic serving CA
// --v Level number for the log level verbosity
//
// +kubebuilder:validation:Optional
// +optional
WebhookConfig *DeploymentConfig `json:"webhookConfig,omitempty"`
// CAInjectorConfig specifies further customization options for the cainjector's deployment spec.
//
// Possible customizations include the following,
//
// For OverrideArgs,
// --namespace string If set, this limits the scope of cainjector to a single namespace. If set, cainjector
// will not update resources with certificates outside of the configured namespace.
// --v Level number for the log level verbosity
//
// +kubebuilder:validation:Optional
// +optional
CAInjectorConfig *DeploymentConfig `json:"cainjectorConfig,omitempty"`
}
CertManagerSpec defines the desired state of CertManager
func (*CertManagerSpec) DeepCopy ¶
func (in *CertManagerSpec) DeepCopy() *CertManagerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerSpec.
func (*CertManagerSpec) DeepCopyInto ¶
func (in *CertManagerSpec) DeepCopyInto(out *CertManagerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertManagerStatus ¶
type CertManagerStatus struct {
apiv1.OperatorStatus `json:",inline"`
}
CertManagerStatus defines the observed state of CertManager
func (*CertManagerStatus) DeepCopy ¶
func (in *CertManagerStatus) DeepCopy() *CertManagerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerStatus.
func (*CertManagerStatus) DeepCopyInto ¶
func (in *CertManagerStatus) DeepCopyInto(out *CertManagerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionalStatus ¶
type ConditionalStatus struct {
// conditions holds information of the current state of the istio-csr agent deployment.
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
func (*ConditionalStatus) DeepCopy ¶
func (in *ConditionalStatus) DeepCopy() *ConditionalStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalStatus.
func (*ConditionalStatus) DeepCopyInto ¶
func (in *ConditionalStatus) DeepCopyInto(out *ConditionalStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ConditionalStatus) GetCondition ¶
func (c *ConditionalStatus) GetCondition(t string) *metav1.Condition
func (*ConditionalStatus) SetCondition ¶
func (c *ConditionalStatus) SetCondition(t string, cs metav1.ConditionStatus, reason, msg string) bool
type ControllerConfig ¶
type ControllerConfig struct {
// labels to apply to all resources created for istio-csr agent deployment.
// +mapType=granular
// +kubebuilder:validation:Optional
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
ControllerConfig is for configuring the controller for setting up defaults to enable istio-csr agent.
func (*ControllerConfig) DeepCopy ¶
func (in *ControllerConfig) DeepCopy() *ControllerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfig.
func (*ControllerConfig) DeepCopyInto ¶
func (in *ControllerConfig) DeepCopyInto(out *ControllerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DeploymentConfig ¶
type DeploymentConfig struct {
// +kubebuilder:validation:Optional
// +optional
OverrideArgs []string `json:"overrideArgs,omitempty"`
// +kubebuilder:validation:Optional
// +optional
OverrideEnv []corev1.EnvVar `json:"overrideEnv,omitempty"`
// +kubebuilder:validation:Optional
// +optional
OverrideLabels map[string]string `json:"overrideLabels,omitempty"`
// +kubebuilder:validation:Optional
// +optional
OverrideResources CertManagerResourceRequirements `json:"overrideResources,omitempty"`
// +kubebuilder:validation:Optional
// +optional
OverrideScheduling CertManagerScheduling `json:"overrideScheduling,omitempty"`
}
DeploymentConfig defines the schema for overriding deployment of cert-manager operands, namely the controller, webhook and cainjector.
func (*DeploymentConfig) DeepCopy ¶
func (in *DeploymentConfig) DeepCopy() *DeploymentConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentConfig.
func (*DeploymentConfig) DeepCopyInto ¶
func (in *DeploymentConfig) DeepCopyInto(out *DeploymentConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IstioCSR ¶
type IstioCSR struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec is the specification of the desired behavior of the IstioCSR.
// +kubebuilder:validation:Required
// +required
Spec IstioCSRSpec `json:"spec,omitempty"`
// status is the most recently observed status of the IstioCSR.
Status IstioCSRStatus `json:"status,omitempty"`
}
IstioCSR describes configuration and information about the managed istio-csr agent. The name must be `default` to make istiocsr a singleton that is, to allow only one instance of istiocsr per namespace.
When an IstioCSR is created, a new deployment is created which manages the istio-csr agent and keeps it in the desired state.
+kubebuilder:object:root=true +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="GRPC Endpoint",type="string",JSONPath=".status.istioCSRGRPCEndpoint" +kubebuilder:validation:XValidation:rule="self.metadata.name == 'default'",message="istiocsr is a singleton, .metadata.name must be 'default'" +operator-sdk:csv:customresourcedefinitions:displayName="IstioCSR"
func (*IstioCSR) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCSR.
func (*IstioCSR) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IstioCSR) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IstioCSRConfig ¶
type IstioCSRConfig struct {
// logLevel supports value range as per [kubernetes logging guidelines](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use).
// +kubebuilder:default:=1
// +kubebuilder:validation:Minimum:=1
// +kubebuilder:validation:Maximum:=5
// +kubebuilder:validation:Optional
// +optional
LogLevel int32 `json:"logLevel,omitempty"`
// logFormat is for specifying the output format of istio-csr agent logging.
// Support log formats are text and json.
// +kubebuilder:default:=text
// +kubebuilder:validation:Optional
// +optional
LogFormat string `json:"logFormat,omitempty"`
// certManager is for configuring cert-manager specifics.
// +kubebuilder:validation:Required
// +required
CertManager *CertManagerConfig `json:"certManager,omitempty"`
// istiodTLSConfig is for configuring istiod certificate specifics.
// +kubebuilder:validation:Required
// +required
IstiodTLSConfig *IstiodTLSConfig `json:"istiodTLSConfig,omitempty"`
// server is for configuring the server endpoint used by istio
// for obtaining the certificates.
// +kubebuilder:validation:Optional
// +optional
Server *ServerConfig `json:"server,omitempty"`
// istio is for configuring the istio specifics.
// +kubebuilder:validation:Required
// +required
Istio *IstioConfig `json:"istio,omitempty"`
// resources is for defining the resource requirements.
// Cannot be updated.
// ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// +kubebuilder:validation:Optional
// +optional
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// affinity is for setting scheduling affinity rules.
// ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
// +kubebuilder:validation:Optional
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// tolerations is for setting the pod tolerations.
// ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
// +kubebuilder:validation:Optional
// +optional
// +listType=atomic
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// nodeSelector is for defining the scheduling criteria using node labels.
// ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +kubebuilder:validation:Optional
// +optional
// +mapType=atomic
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
}
IstioCSRConfig is for configuring the istio-csr agent behavior.
func (*IstioCSRConfig) DeepCopy ¶
func (in *IstioCSRConfig) DeepCopy() *IstioCSRConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCSRConfig.
func (*IstioCSRConfig) DeepCopyInto ¶
func (in *IstioCSRConfig) DeepCopyInto(out *IstioCSRConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IstioCSRList ¶
type IstioCSRList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []IstioCSR `json:"items"`
}
IstioCSRList is a list of IstioCSR objects.
func (*IstioCSRList) DeepCopy ¶
func (in *IstioCSRList) DeepCopy() *IstioCSRList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCSRList.
func (*IstioCSRList) DeepCopyInto ¶
func (in *IstioCSRList) DeepCopyInto(out *IstioCSRList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IstioCSRList) DeepCopyObject ¶
func (in *IstioCSRList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IstioCSRSpec ¶
type IstioCSRSpec struct {
// istioCSRConfig is for configuring the istio-csr agent behavior.
// +kubebuilder:validation:Required
// +required
IstioCSRConfig *IstioCSRConfig `json:"istioCSRConfig,omitempty"`
// controllerConfig is for configuring the controller for setting up
// defaults to enable istio-csr agent.
ControllerConfig *ControllerConfig `json:"controllerConfig,omitempty"`
}
IstioCSRSpec is the specification of the desired behavior of the IstioCSR.
func (*IstioCSRSpec) DeepCopy ¶
func (in *IstioCSRSpec) DeepCopy() *IstioCSRSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCSRSpec.
func (*IstioCSRSpec) DeepCopyInto ¶
func (in *IstioCSRSpec) DeepCopyInto(out *IstioCSRSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IstioCSRStatus ¶
type IstioCSRStatus struct {
// conditions holds information of the current state of the istio-csr agent deployment.
ConditionalStatus `json:",inline,omitempty"`
// istioCSRImage is the name of the image and the tag used for deploying istio-csr.
IstioCSRImage string `json:"istioCSRImage,omitempty"`
// istioCSRGRPCEndpoint is the service endpoint of istio-csr made available for user
// to configure the same in istiod config to enable istio to use istio-csr for
// certificate requests.
IstioCSRGRPCEndpoint string `json:"istioCSRGRPCEndpoint,omitempty"`
// serviceAccount created by the controller for the istio-csr agent.
ServiceAccount string `json:"serviceAccount,omitempty"`
// clusterRole created by the controller for the istio-csr agent.
ClusterRole string `json:"clusterRole,omitempty"`
// clusterRoleBinding created by the controller for the istio-csr agent.
ClusterRoleBinding string `json:"clusterRoleBinding,omitempty"`
}
IstioCSRStatus is the most recently observed status of the IstioCSR.
func (*IstioCSRStatus) DeepCopy ¶
func (in *IstioCSRStatus) DeepCopy() *IstioCSRStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCSRStatus.
func (*IstioCSRStatus) DeepCopyInto ¶
func (in *IstioCSRStatus) DeepCopyInto(out *IstioCSRStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IstioConfig ¶
type IstioConfig struct {
// revisions are the istio revisions that are currently installed in the cluster.
// Changing this field will modify the DNS names that will be requested for
// the istiod certificate.
// +listType=set
// +kubebuilder:default:={"default"}
// +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="revisions is immutable once set"
// +kubebuilder:validation:MaxItems=10
// +kubebuilder:validation:Optional
// +optional
Revisions []string `json:"revisions,omitempty"`
// namespace of the istio control-plane.
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="namespace is immutable once set"
// +kubebuilder:validation:Required
// +required
Namespace string `json:"namespace,omitempty"`
}
IstioConfig is for configuring the istio specifics.
func (*IstioConfig) DeepCopy ¶
func (in *IstioConfig) DeepCopy() *IstioConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioConfig.
func (*IstioConfig) DeepCopyInto ¶
func (in *IstioConfig) DeepCopyInto(out *IstioConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IstiodTLSConfig ¶
type IstiodTLSConfig struct {
// commonName is the common name to be set in the certificate.cert-manager.io
// created for istiod. CommonName will be of the form `istiod.<istio_namespace>.svc`
// when not set.
// +kubebuilder:validation:Optional
// +optional
CommonName string `json:"commonName,omitempty"`
// trustDomain is the istio cluster's trust domain, which will also be used for deriving
// spiffe URI.
// +kubebuilder:validation:Required
// +required
TrustDomain string `json:"trustDomain,omitempty"`
// certificateDNSNames contains the additional DNS names to be added to the istiod certificate SAN.
// +listType=set
// +kubebuilder:validation:Optional
// +optional
CertificateDNSNames []string `json:"certificateDNSNames,omitempty"`
// certificateDuration is the istio-csr and the istiod certificates validity period.
// +kubebuilder:default:="1h"
// +kubebuilder:validation:Optional
// +optional
CertificateDuration *metav1.Duration `json:"certificateDuration,omitempty"`
// certificateRenewBefore is the ahead time to renew the istio-csr and the istiod certificates
// before expiry.
// +kubebuilder:default:="30m"
// +kubebuilder:validation:Optional
// +optional
CertificateRenewBefore *metav1.Duration `json:"certificateRenewBefore,omitempty"`
// privateKeySize is the istio-csr and the istiod certificate's key size. When the SignatureAlgorithm
// is RSA, must be >= 2048 and for ECDSA, can only be 256 or 384, corresponding to P-256 and P-384 respectively.
// +kubebuilder:default:=2048
// +kubebuilder:validation:XValidation:rule="oldSelf == 0 || self == oldSelf",message="privateKeySize is immutable once set"
// +kubebuilder:validation:Optional
// +optional
PrivateKeySize int `json:"privateKeySize,omitempty"`
// signatureAlgorithm is the signature algorithm to use when generating
// private keys. At present only RSA and ECDSA are supported.
// +kubebuilder:default:="RSA"
// +kubebuilder:validation:Enum:="RSA";"ECDSA"
// +kubebuilder:validation:XValidation:rule="oldSelf == ” || self == oldSelf",message="signatureAlgorithm is immutable once set"
// +kubebuilder:validation:Optional
// +optional
SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"`
// MaxCertificateDuration is the maximum validity duration that can be
// requested for a certificate.
// +kubebuilder:default:="1h"
// +kubebuilder:validation:Optional
// +optional
MaxCertificateDuration *metav1.Duration `json:"maxCertificateDuration,omitempty"`
}
IstiodTLSConfig is for configuring istiod certificate specifics. +kubebuilder:validation:XValidation:rule="!has(oldSelf.signatureAlgorithm) && !has(self.signatureAlgorithm) || has(oldSelf.signatureAlgorithm) && has(self.signatureAlgorithm)",message="signatureAlgorithm may only be configured during creation" +kubebuilder:validation:XValidation:rule="!has(oldSelf.privateKeySize) && !has(self.privateKeySize) || has(oldSelf.privateKeySize) && has(self.privateKeySize)",message="privateKeySize may only be configured during creation"
func (*IstiodTLSConfig) DeepCopy ¶
func (in *IstiodTLSConfig) DeepCopy() *IstiodTLSConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstiodTLSConfig.
func (*IstiodTLSConfig) DeepCopyInto ¶
func (in *IstiodTLSConfig) DeepCopyInto(out *IstiodTLSConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServerConfig ¶
type ServerConfig struct {
// port to serve istio-csr gRPC service.
// +kubebuilder:default:=443
// +kubebuilder:validation:XValidation:rule="oldSelf == 0 || self == oldSelf",message="port is immutable once set"
// +kubebuilder:validation:Optional
// +optional
Port int32 `json:"port,omitempty"`
}
ServerConfig is for configuring the server endpoint used by istio for obtaining the certificates.
func (*ServerConfig) DeepCopy ¶
func (in *ServerConfig) DeepCopy() *ServerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerConfig.
func (*ServerConfig) DeepCopyInto ¶
func (in *ServerConfig) DeepCopyInto(out *ServerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UnsupportedConfigOverrides ¶
type UnsupportedConfigOverrides struct {
Controller UnsupportedConfigOverridesForCertManagerController `json:"controller,omitempty"`
Webhook UnsupportedConfigOverridesForCertManagerWebhook `json:"webhook,omitempty"`
CAInjector UnsupportedConfigOverridesForCertManagerCAInjector `json:"cainjector,omitempty"`
}
func (*UnsupportedConfigOverrides) DeepCopy ¶
func (in *UnsupportedConfigOverrides) DeepCopy() *UnsupportedConfigOverrides
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsupportedConfigOverrides.
func (*UnsupportedConfigOverrides) DeepCopyInto ¶
func (in *UnsupportedConfigOverrides) DeepCopyInto(out *UnsupportedConfigOverrides)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UnsupportedConfigOverridesForCertManagerCAInjector ¶
type UnsupportedConfigOverridesForCertManagerCAInjector struct {
Args []string `json:"args,omitempty"`
}
func (*UnsupportedConfigOverridesForCertManagerCAInjector) DeepCopy ¶
func (in *UnsupportedConfigOverridesForCertManagerCAInjector) DeepCopy() *UnsupportedConfigOverridesForCertManagerCAInjector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsupportedConfigOverridesForCertManagerCAInjector.
func (*UnsupportedConfigOverridesForCertManagerCAInjector) DeepCopyInto ¶
func (in *UnsupportedConfigOverridesForCertManagerCAInjector) DeepCopyInto(out *UnsupportedConfigOverridesForCertManagerCAInjector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UnsupportedConfigOverridesForCertManagerController ¶
type UnsupportedConfigOverridesForCertManagerController struct {
Args []string `json:"args,omitempty"`
}
func (*UnsupportedConfigOverridesForCertManagerController) DeepCopy ¶
func (in *UnsupportedConfigOverridesForCertManagerController) DeepCopy() *UnsupportedConfigOverridesForCertManagerController
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsupportedConfigOverridesForCertManagerController.
func (*UnsupportedConfigOverridesForCertManagerController) DeepCopyInto ¶
func (in *UnsupportedConfigOverridesForCertManagerController) DeepCopyInto(out *UnsupportedConfigOverridesForCertManagerController)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UnsupportedConfigOverridesForCertManagerWebhook ¶
type UnsupportedConfigOverridesForCertManagerWebhook struct {
Args []string `json:"args,omitempty"`
}
func (*UnsupportedConfigOverridesForCertManagerWebhook) DeepCopy ¶
func (in *UnsupportedConfigOverridesForCertManagerWebhook) DeepCopy() *UnsupportedConfigOverridesForCertManagerWebhook
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsupportedConfigOverridesForCertManagerWebhook.
func (*UnsupportedConfigOverridesForCertManagerWebhook) DeepCopyInto ¶
func (in *UnsupportedConfigOverridesForCertManagerWebhook) DeepCopyInto(out *UnsupportedConfigOverridesForCertManagerWebhook)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files