v1alpha1

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the spire v1alpha1 API group +kubebuilder:object:generate=true +groupName=spire.spiffe.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "spire.spiffe.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func ParseClusterFederatedTrustDomainSpec 

func ParseClusterFederatedTrustDomainSpec(spec *ClusterFederatedTrustDomainSpec) (*spireapi.FederationRelationship, error)

Types

type BundleEndpointProfile 

type BundleEndpointProfile struct {
	// Type is the type of the bundle endpoint profile.
	Type BundleEndpointProfileType `json:"type"`

	// EndpointSPIFFEID is the SPIFFE ID of the bundle endpoint. It is
	// required for the "https_spiffe" profile.
	// +kubebuilder:validation:Optional
	EndpointSPIFFEID string `json:"endpointSPIFFEID,omitempty"`
}

BundleEndpointProfile is the profile for the federated trust domain

func (*BundleEndpointProfile) DeepCopy 

func (in *BundleEndpointProfile) DeepCopy() *BundleEndpointProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BundleEndpointProfile.

func (*BundleEndpointProfile) DeepCopyInto 

func (in *BundleEndpointProfile) DeepCopyInto(out *BundleEndpointProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BundleEndpointProfileType 

type BundleEndpointProfileType string

+kubebuilder:validation:Enum=https_spiffe;https_web 

const (
	// HTTPSSPIFFEProfileType indicates an "https_spiffe" SPIFFE federation profile
	HTTPSSPIFFEProfileType BundleEndpointProfileType = "https_spiffe"

	// HTTPSWebProfileType indicates an "https_web" SPIFFE federation profile
	HTTPSWebProfileType BundleEndpointProfileType = "https_web"
)

type ClusterFederatedTrustDomain 

type ClusterFederatedTrustDomain struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterFederatedTrustDomainSpec   `json:"spec,omitempty"`
	Status ClusterFederatedTrustDomainStatus `json:"status,omitempty"`
}

+kubebuilder:printcolumn:name="Trust Domain",type=string,JSONPath=`.spec.trustDomain` +kubebuilder:printcolumn:name="Endpoint URL",type=string,JSONPath=`.spec.bundleEndpointURL` ClusterFederatedTrustDomain is the Schema for the clusterfederatedtrustdomains API

func (*ClusterFederatedTrustDomain) DeepCopy 

func (in *ClusterFederatedTrustDomain) DeepCopy() *ClusterFederatedTrustDomain

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomain.

func (*ClusterFederatedTrustDomain) DeepCopyInto 

func (in *ClusterFederatedTrustDomain) DeepCopyInto(out *ClusterFederatedTrustDomain)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterFederatedTrustDomain) DeepCopyObject 

func (in *ClusterFederatedTrustDomain) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterFederatedTrustDomain) SetupWebhookWithManager 

func (r *ClusterFederatedTrustDomain) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ClusterFederatedTrustDomain) ValidateCreate 

func (r *ClusterFederatedTrustDomain) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ClusterFederatedTrustDomain) ValidateDelete 

func (r *ClusterFederatedTrustDomain) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ClusterFederatedTrustDomain) ValidateUpdate 

func (r *ClusterFederatedTrustDomain) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ClusterFederatedTrustDomainList 

type ClusterFederatedTrustDomainList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterFederatedTrustDomain `json:"items"`
}

ClusterFederatedTrustDomainList contains a list of ClusterFederatedTrustDomain

func (*ClusterFederatedTrustDomainList) DeepCopy 

func (in *ClusterFederatedTrustDomainList) DeepCopy() *ClusterFederatedTrustDomainList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomainList.

func (*ClusterFederatedTrustDomainList) DeepCopyInto 

func (in *ClusterFederatedTrustDomainList) DeepCopyInto(out *ClusterFederatedTrustDomainList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterFederatedTrustDomainList) DeepCopyObject 

func (in *ClusterFederatedTrustDomainList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterFederatedTrustDomainSpec 

type ClusterFederatedTrustDomainSpec struct {
	// TrustDomain is the name of the trust domain to federate with (e.g. example.org)
	// +kubebuilder:validation:Pattern="[a-z0-9._-]{1,255}"
	TrustDomain string `json:"trustDomain"`

	// BundleEndpointURL is the URL of the bundle endpoint. It must be an
	// HTTPS URL and cannot contain userinfo (i.e. username/password).
	BundleEndpointURL string `json:"bundleEndpointURL"`

	// BundleEndpointProfile is the profile for the bundle endpoint.
	BundleEndpointProfile BundleEndpointProfile `json:"bundleEndpointProfile"`

	// TrustDomainBundle is the contents of the bundle for the referenced trust
	// domain. This field is optional when the resource is created.
	// +kubebuilder:validation:Optional
	TrustDomainBundle string `json:"trustDomainBundle,omitempty"`
}

ClusterFederatedTrustDomainSpec defines the desired state of ClusterFederatedTrustDomain

func (*ClusterFederatedTrustDomainSpec) DeepCopy 

func (in *ClusterFederatedTrustDomainSpec) DeepCopy() *ClusterFederatedTrustDomainSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomainSpec.

func (*ClusterFederatedTrustDomainSpec) DeepCopyInto 

func (in *ClusterFederatedTrustDomainSpec) DeepCopyInto(out *ClusterFederatedTrustDomainSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterFederatedTrustDomainStatus 

type ClusterFederatedTrustDomainStatus struct {
}

ClusterFederatedTrustDomainStatus defines the observed state of ClusterFederatedTrustDomain

func (*ClusterFederatedTrustDomainStatus) DeepCopy 

func (in *ClusterFederatedTrustDomainStatus) DeepCopy() *ClusterFederatedTrustDomainStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterFederatedTrustDomainStatus.

func (*ClusterFederatedTrustDomainStatus) DeepCopyInto 

func (in *ClusterFederatedTrustDomainStatus) DeepCopyInto(out *ClusterFederatedTrustDomainStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSPIFFEID 

type ClusterSPIFFEID struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterSPIFFEIDSpec   `json:"spec,omitempty"`
	Status ClusterSPIFFEIDStatus `json:"status,omitempty"`
}

ClusterSPIFFEID is the Schema for the clusterspiffeids API

func (*ClusterSPIFFEID) DeepCopy 

func (in *ClusterSPIFFEID) DeepCopy() *ClusterSPIFFEID

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEID.

func (*ClusterSPIFFEID) DeepCopyInto 

func (in *ClusterSPIFFEID) DeepCopyInto(out *ClusterSPIFFEID)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSPIFFEID) DeepCopyObject 

func (in *ClusterSPIFFEID) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterSPIFFEID) SetupWebhookWithManager 

func (r *ClusterSPIFFEID) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ClusterSPIFFEID) ValidateCreate 

func (r *ClusterSPIFFEID) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ClusterSPIFFEID) ValidateDelete 

func (r *ClusterSPIFFEID) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ClusterSPIFFEID) ValidateUpdate 

func (r *ClusterSPIFFEID) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ClusterSPIFFEIDList 

type ClusterSPIFFEIDList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterSPIFFEID `json:"items"`
}

ClusterSPIFFEIDList contains a list of ClusterSPIFFEID

func (*ClusterSPIFFEIDList) DeepCopy 

func (in *ClusterSPIFFEIDList) DeepCopy() *ClusterSPIFFEIDList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDList.

func (*ClusterSPIFFEIDList) DeepCopyInto 

func (in *ClusterSPIFFEIDList) DeepCopyInto(out *ClusterSPIFFEIDList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSPIFFEIDList) DeepCopyObject 

func (in *ClusterSPIFFEIDList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterSPIFFEIDSpec 

type ClusterSPIFFEIDSpec struct {

	// SPIFFEID is the SPIFFE ID template. The node and pod spec are made
	// available to the template under .NodeSpec, .PodSpec respectively.
	SPIFFEIDTemplate string `json:"spiffeIDTemplate"`

	// TTL indicates an upper-bound time-to-live for SVIDs minted for this
	// ClusterSPIFFEID. If unset, a default will be chosen.
	TTL metav1.Duration `json:"ttl,omitempty"`

	// DNSNameTemplate represents templates for extra DNS names that are
	// applicable to SVIDs minted for this ClusterSPIFFEID.
	// The node and pod spec are made available to the template under
	// .NodeSpec, .PodSpec respectively.
	DNSNameTemplates []string `json:"dnsNameTemplates,omitempty"`

	// WorkloadSelectorTemplates are templates to produce arbitrary workload
	// selectors that apply to a given workload before it will receive this
	// SPIFFE ID. The rendered value is interpreted by SPIRE and are of the
	// form type:value, where the value may, and often does, contain
	// semicolons, .e.g., k8s:container-image:docker/hello-world
	// The node and pod spec are made available to the template under
	// .NodeSpec, .PodSpec respectively.
	WorkloadSelectorTemplates []string `json:"workloadSelectorTemplates,omitempty"`

	// FederatesWith is a list of trust domain names that workloads that
	// obtain this SPIFFE ID will federate with.
	FederatesWith []string `json:"federatesWith,omitempty"`

	// NamespaceSelector selects the namespaces that are targeted by this
	// CRD.
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`

	// PodSelector selects the pods that are targeted by this
	// CRD.
	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`

	// Admin indicates whether or not the SVID can be used to access the SPIRE
	// administrative APIs. Extra care should be taken to only apply this
	// SPIFFE ID to admin workloads.
	Admin bool `json:"admin,omitempty"`

	// Downstream indicates that the entry describes a downstream SPIRE server.
	Downstream bool `json:"downstream,omitempty"`
}

ClusterSPIFFEIDSpec defines the desired state of ClusterSPIFFEID

func (*ClusterSPIFFEIDSpec) DeepCopy 

func (in *ClusterSPIFFEIDSpec) DeepCopy() *ClusterSPIFFEIDSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDSpec.

func (*ClusterSPIFFEIDSpec) DeepCopyInto 

func (in *ClusterSPIFFEIDSpec) DeepCopyInto(out *ClusterSPIFFEIDSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSPIFFEIDStats 

type ClusterSPIFFEIDStats struct {
	// How many namespaces were selected.
	// +kubebuilder:validation:Optional
	NamespacesSelected int `json:"namespacesSelected"`

	// How many (selected) namespaces were ignored (based on configuration).
	// +kubebuilder:validation:Optional
	NamespacesIgnored int `json:"namespacesIgnored"`

	// How many pods were selected out of the namespaces.
	// +kubebuilder:validation:Optional
	PodsSelected int `json:"podsSelected"`

	// How many failures were encountered rendering an entry selected pods.
	// This could be due to either a bad template in the ClusterSPIFFEID or
	// Pod metadata that when applied to the template did not produce valid
	// entry values.
	// +kubebuilder:validation:Optional
	PodEntryRenderFailures int `json:"podEntryRenderFailures"`

	// How many entries were masked by entries for other ClusterSPIFFEIDs.
	// This happens when one or more ClusterSPIFFEIDs produce an entry for
	// the same pod with the same set of workload selectors.
	// +kubebuilder:validation:Optional
	EntriesMasked int `json:"entriesMasked"`

	// How many entries are to be set for this ClusterSPIFFEID. In nominal
	// conditions, this should reflect the number of pods selected, but not
	// always if there were problems encountered rendering an entry for the pod
	// (RenderFailures) or entries are masked (EntriesMasked).
	// +kubebuilder:validation:Optional
	EntriesToSet int `json:"entriesToSet"`

	// How many entries were unable to be set due to failures to create or
	// update the entries via the SPIRE Server API.
	// +kubebuilder:validation:Optional
	EntryFailures int `json:"entryFailures"`
}

ClusterSPIFFEIDStats contain entry reconciliation statistics.

func (*ClusterSPIFFEIDStats) DeepCopy 

func (in *ClusterSPIFFEIDStats) DeepCopy() *ClusterSPIFFEIDStats

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDStats.

func (*ClusterSPIFFEIDStats) DeepCopyInto 

func (in *ClusterSPIFFEIDStats) DeepCopyInto(out *ClusterSPIFFEIDStats)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSPIFFEIDStatus 

type ClusterSPIFFEIDStatus struct {

	// Stats produced by the last entry reconciliation run
	// +kubebuilder:validation:Optional
	Stats ClusterSPIFFEIDStats `json:"stats"`
}

ClusterSPIFFEIDStatus defines the observed state of ClusterSPIFFEID

func (*ClusterSPIFFEIDStatus) DeepCopy 

func (in *ClusterSPIFFEIDStatus) DeepCopy() *ClusterSPIFFEIDStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSPIFFEIDStatus.

func (*ClusterSPIFFEIDStatus) DeepCopyInto 

func (in *ClusterSPIFFEIDStatus) DeepCopyInto(out *ClusterSPIFFEIDStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ControllerManagerConfig 

type ControllerManagerConfig struct {
	metav1.TypeMeta `json:",inline"`

	// ControllerManagerConfigurationSpec returns the contfigurations for controllers
	cfgv1alpha1.ControllerManagerConfigurationSpec `json:",inline"`

	// ClusterName is the cluster name
	ClusterName string `json:"clusterName"`

	// TrustDomain is the name of the SPIFFE trust domain
	TrustDomain string `json:"trustDomain"`

	// IgnoreNamespaces are the namespaces to ignore
	IgnoreNamespaces []string `json:"ignoreNamespaces"`

	// ValidatingWebhookConfigurationName selects the webhook configuration to manage.
	// Defaults to spire-controller-manager-webhook.
	ValidatingWebhookConfigurationName string `json:"validatingWebhookConfigurationName"`

	// GCInterval is how often SPIRE state is reconciled when the controller
	// is otherwise idle. This impacts how quickly SPIRE state will converge
	// after CRDs are removed or SPIRE state is mutated out from underneath
	// the controller.
	GCInterval time.Duration `json:"gcInterval"`

	// SPIREServerSocketPath is the path to the SPIRE Server API socket
	SPIREServerSocketPath string `json:"spireServerSocketPath"`
}

ControllerManagerConfig is the Schema for the controller manager configuration

func (*ControllerManagerConfig) DeepCopy 

func (in *ControllerManagerConfig) DeepCopy() *ControllerManagerConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerManagerConfig.

func (*ControllerManagerConfig) DeepCopyInto 

func (in *ControllerManagerConfig) DeepCopyInto(out *ControllerManagerConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ControllerManagerConfig) DeepCopyObject 

func (in *ControllerManagerConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ParsedClusterSPIFFEIDSpec 

type ParsedClusterSPIFFEIDSpec struct {
	SPIFFEIDTemplate          *template.Template
	NamespaceSelector         labels.Selector
	PodSelector               labels.Selector
	TTL                       time.Duration
	FederatesWith             []spiffeid.TrustDomain
	DNSNameTemplates          []*template.Template
	WorkloadSelectorTemplates []*template.Template
	Admin                     bool
	Downstream                bool
}

+kubebuilder:object:generate=false ParsedClusterSPIFFEIDSpec is a parsed and validated ClusterSPIFFEIDSpec

func ParseClusterSPIFFEIDSpec 

func ParseClusterSPIFFEIDSpec(spec *ClusterSPIFFEIDSpec) (*ParsedClusterSPIFFEIDSpec, error)

ParseClusterSPIFFEIDSpec parses and validates the fields in the ClusterSPIFFEIDSpec

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.