k8s

type AdmissionServerConfig struct {
	// Address the Admission WebHook Server should be listening on.
	Address string `yaml:"address" envconfig:"kuma_runtime_kubernetes_admission_server_address"`
	// Port the Admission WebHook Server should be listening on.
	Port uint32 `yaml:"port" envconfig:"kuma_runtime_kubernetes_admission_server_port"`
	// Directory with a TLS cert and private key for the Admission WebHook Server.
	// TLS certificate file must be named `tls.crt`.
	// TLS key file must be named `tls.key`.
	CertDir string `yaml:"certDir" envconfig:"kuma_runtime_kubernetes_admission_server_cert_dir"`
}

type BuiltinDNS struct {
	// Use the built-in DNS
	Enabled bool `yaml:"enabled,omitempty" envconfig:"kuma_runtime_kubernetes_injector_builtin_dns_enabled"`
	// Redirect port for DNS
	Port uint32 `yaml:"port,omitempty" envconfig:"kuma_runtime_kubernetes_injector_builtin_dns_port"`
}

type DataplaneContainer struct {
	// Image name.
	Image string `yaml:"image,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_image"`
	// User ID.
	UID int64 `yaml:"uid,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_uid"`
	// Group ID.
	GID int64 `yaml:"gid,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_gui"`
	// Deprecated: Use KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT instead.
	AdminPort uint32 `yaml:"adminPort,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_admin_port"`
	// Drain time for listeners.
	DrainTime time.Duration `yaml:"drainTime,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_drain_time"`
	// Readiness probe.
	ReadinessProbe SidecarReadinessProbe `yaml:"readinessProbe,omitempty"`
	// Liveness probe.
	LivenessProbe SidecarLivenessProbe `yaml:"livenessProbe,omitempty"`
	// Compute resource requirements.
	Resources SidecarResources `yaml:"resources,omitempty"`
	// EnvVars are additional environment variables that can be placed on Kuma DP sidecar
	EnvVars map[string]string `yaml:"envVars" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_env_vars"`
}

type Exceptions struct {
	// Labels is a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value.
	Labels map[string]string `yaml:"labels" envconfig:"kuma_runtime_kubernetes_exceptions_labels"`
}

type InitContainer struct {
	// Image name.
	Image string `yaml:"image,omitempty" envconfig:"kuma_injector_init_container_image"`
}

type Injector struct {
	// SidecarContainer defines configuration of the Kuma sidecar container.
	SidecarContainer SidecarContainer `yaml:"sidecarContainer,omitempty"`
	// InitContainer defines configuration of the Kuma init container.
	InitContainer InitContainer `yaml:"initContainer,omitempty"`
	// ContainerPatches is an optional list of ContainerPatch names which will be applied
	// to init and sidecar containers if workload is not annotated with a patch list.
	ContainerPatches []string `yaml:"containerPatches" envconfig:"kuma_runtime_kubernetes_injector_container_patches"`
	// CNIEnabled if true runs kuma-cp in CNI compatible mode
	CNIEnabled bool `yaml:"cniEnabled" envconfig:"kuma_runtime_kubernetes_injector_cni_enabled"`
	// VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe
	// serves on sub-path of insecure port 'virtualProbesPort',
	// i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort
	VirtualProbesEnabled bool `yaml:"virtualProbesEnabled" envconfig:"kuma_runtime_kubernetes_virtual_probes_enabled"`
	// VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS
	VirtualProbesPort uint32 `yaml:"virtualProbesPort" envconfig:"kuma_runtime_kubernetes_virtual_probes_port"`
	// SidecarTraffic is a configuration for a traffic that is intercepted by sidecar
	SidecarTraffic SidecarTraffic `yaml:"sidecarTraffic"`
	// Exceptions defines list of exceptions for Kuma injection
	Exceptions Exceptions `yaml:"exceptions"`
	// CaCertFile is CA certificate which will be used to verify a connection to the control plane
	CaCertFile string     `yaml:"caCertFile" envconfig:"kuma_runtime_kubernetes_injector_ca_cert_file"`
	BuiltinDNS BuiltinDNS `yaml:"builtinDNS"`
}

type KubernetesRuntimeConfig struct {
	// Admission WebHook Server implemented by the Control Plane.
	AdmissionServer AdmissionServerConfig `yaml:"admissionServer"`
	// Injector-specific configuration
	Injector Injector `yaml:"injector,omitempty"`
	// MarshalingCacheExpirationTime defines a duration for how long
	// marshaled objects will be stored in the cache. If equal to 0s then
	// cache is turned off
	MarshalingCacheExpirationTime time.Duration `yaml:"marshalingCacheExpirationTime" envconfig:"kuma_runtime_kubernetes_marshaling_cache_expiration_time"`
	// Name of Service Account that is used to run the Control Plane
	ServiceAccountName string `yaml:"serviceAccountName,omitempty" envconfig:"kuma_runtime_kubernetes_service_account_name"`
	// ControlPlaneServiceName defines service name of the Kuma control plane. It is used to point Kuma DP to proper URL.
	ControlPlaneServiceName string `yaml:"controlPlaneServiceName,omitempty" envconfig:"kuma_runtime_kubernetes_control_plane_service_name"`
	// NodeTaintController that prevents applications from scheduling until CNI is ready.
	NodeTaintController NodeTaintController `yaml:"nodeTaintController"`
}

type NodeTaintController struct {
	// If true enables the taint controller.
	Enabled bool `yaml:"enabled" envconfig:"kuma_runtime_kubernetes_node_taint_controller_enabled"`
	// Value of app label on CNI pod that indicates if node can be ready.
	CniApp string `yaml:"cniApp" envconfig:"kuma_runtime_kubernetes_node_taint_controller_cni_app"`
}

type SidecarContainer struct {
	DataplaneContainer `yaml:",inline"`
	// Redirect port for inbound traffic.
	RedirectPortInbound uint32 `yaml:"redirectPortInbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound"`
	// Redirect port for inbound IPv6 traffic.
	RedirectPortInboundV6 uint32 `` /* 126-byte string literal not displayed */
	// Redirect port for outbound traffic.
	RedirectPortOutbound uint32 `yaml:"redirectPortOutbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_outbound"`
}

type SidecarLivenessProbe struct {
	// Number of seconds after the container has started before liveness probes are initiated.
	InitialDelaySeconds int32 `` /* 136-byte string literal not displayed */
	// Number of seconds after which the probe times out.
	TimeoutSeconds int32 `yaml:"timeoutSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_liveness_probe_timeout_seconds"`
	// How often (in seconds) to perform the probe.
	PeriodSeconds int32 `yaml:"periodSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_liveness_probe_period_seconds"`
	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
	FailureThreshold int32 `` /* 129-byte string literal not displayed */
}

type SidecarReadinessProbe struct {
	// Number of seconds after the container has started before readiness probes are initiated.
	InitialDelaySeconds int32 `` /* 137-byte string literal not displayed */
	// Number of seconds after which the probe times out.
	TimeoutSeconds int32 `` /* 126-byte string literal not displayed */
	// Number of seconds after which the probe times out.
	PeriodSeconds int32 `yaml:"periodSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_readiness_probe_period_seconds"`
	// Minimum consecutive successes for the probe to be considered successful after having failed.
	SuccessThreshold int32 `` /* 130-byte string literal not displayed */
	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
	FailureThreshold int32 `` /* 130-byte string literal not displayed */
}

type SidecarResourceLimits struct {
	// CPU, in cores. (500m = .5 cores)
	CPU string `yaml:"cpu,omitempty" envconfig:"kuma_injector_sidecar_container_resources_limits_cpu"`
	// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
	Memory string `yaml:"memory,omitempty" envconfig:"kuma_injector_sidecar_container_resources_limits_memory"`
}

type SidecarResourceRequests struct {
	// CPU, in cores. (500m = .5 cores)
	CPU string `yaml:"cpu,omitempty" envconfig:"kuma_injector_sidecar_container_resources_requests_cpu"`
	// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
	Memory string `yaml:"memory,omitempty" envconfig:"kuma_injector_sidecar_container_resources_requests_memory"`
}

type SidecarResources struct {
	// Minimum amount of compute resources required.
	Requests SidecarResourceRequests `yaml:"requests,omitempty"`
	// Maximum amount of compute resources allowed.
	Limits SidecarResourceLimits `yaml:"limits,omitempty"`
}

type SidecarTraffic struct {
	// List of inbound ports that will be excluded from interception.
	// This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod.
	ExcludeInboundPorts []uint32 `yaml:"excludeInboundPorts" envconfig:"kuma_runtime_kubernetes_sidecar_traffic_exclude_inbound_ports"`
	// List of outbound ports that will be excluded from interception.
	// This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod.
	ExcludeOutboundPorts []uint32 `yaml:"excludeOutboundPorts" envconfig:"kuma_runtime_kubernetes_sidecar_traffic_exclude_outbound_ports"`
}