kubernetes: k8s.io/kubernetes/pkg/apis/admission Index | Files | Directories

package admission

import "k8s.io/kubernetes/pkg/apis/admission"

Index

Package Files

doc.go register.go types.go zz_generated.deepcopy.go

Constants

const GroupName = "admission.k8s.io"

GroupName is the group name use in this package

Variables

var (
    // SchemeBuilder the schema builder
    SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
    // AddToScheme handler to add items to the schema
    AddToScheme = SchemeBuilder.AddToScheme
)
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

func Kind Uses

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource Uses

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

type AdmissionRequest Uses

type AdmissionRequest struct {
    // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
    // otherwise identical (parallel requests, requests when earlier requests did not modify etc)
    // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
    // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
    UID types.UID
    // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
    Kind metav1.GroupVersionKind
    // Resource is the fully-qualified resource being requested (for example, v1.pods)
    Resource metav1.GroupVersionResource
    // SubResource is the subresource being requested, if any (for example, "status" or "scale")
    // +optional
    SubResource string

    // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
    // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
    //
    // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
    // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
    // an API request to apps/v1beta1 deployments would be converted and sent to the webhook
    // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
    // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
    //
    // See documentation for the "matchPolicy" field in the webhook configuration type for more details.
    // +optional
    RequestKind *metav1.GroupVersionKind
    // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
    // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
    //
    // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
    // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
    // an API request to apps/v1beta1 deployments would be converted and sent to the webhook
    // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
    // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
    //
    // See documentation for the "matchPolicy" field in the webhook configuration type.
    // +optional
    RequestResource *metav1.GroupVersionResource
    // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
    // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
    // See documentation for the "matchPolicy" field in the webhook configuration type.
    // +optional
    RequestSubResource string

    // Name is the name of the object as presented in the request.  On a CREATE operation, the client may omit name and
    // rely on the server to generate the name.  If that is the case, this method will return the empty string.
    // +optional
    Name string
    // Namespace is the namespace associated with the request (if any).
    // +optional
    Namespace string
    // Operation is the operation being performed. This may be different than the operation
    // requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
    Operation Operation
    // UserInfo is information about the requesting user
    UserInfo authentication.UserInfo
    // Object is the object from the incoming request.
    // +optional
    Object runtime.Object
    // OldObject is the existing object. Only populated for DELETE and UPDATE requests.
    // +optional
    OldObject runtime.Object
    // DryRun indicates that modifications will definitely not be persisted for this request.
    // Calls to webhooks must have no side effects if DryRun is true.
    // Defaults to false.
    // +optional
    DryRun *bool
    // Options is the operation option structure of the operation being performed.
    // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
    // different than the options the caller provided. e.g. for a patch request the performed
    // Operation might be a CREATE, in which case the Options will a
    // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
    // +optional
    Options runtime.Object
}

AdmissionRequest describes the admission.Attributes for the admission request.

func (*AdmissionRequest) DeepCopy Uses

func (in *AdmissionRequest) DeepCopy() *AdmissionRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionRequest.

func (*AdmissionRequest) DeepCopyInto Uses

func (in *AdmissionRequest) DeepCopyInto(out *AdmissionRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AdmissionResponse Uses

type AdmissionResponse struct {
    // UID is an identifier for the individual request/response.
    // This should be copied over from the corresponding AdmissionRequest.
    UID types.UID
    // Allowed indicates whether or not the admission request was permitted.
    Allowed bool
    // Result contains extra details into why an admission request was denied.
    // This field IS NOT consulted in any way if "Allowed" is "true".
    // +optional
    Result *metav1.Status
    // Patch contains the actual patch. Currently we only support a response in the form of JSONPatch, RFC 6902.
    // +optional
    Patch []byte
    // PatchType indicates the form the Patch will take. Currently we only support "JSONPatch".
    // +optional
    PatchType *PatchType
    // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
    // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
    // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
    // the admission webhook to add additional context to the audit log for this request.
    // +optional
    AuditAnnotations map[string]string
}

AdmissionResponse describes an admission response.

func (*AdmissionResponse) DeepCopy Uses

func (in *AdmissionResponse) DeepCopy() *AdmissionResponse

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionResponse.

func (*AdmissionResponse) DeepCopyInto Uses

func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AdmissionReview Uses

type AdmissionReview struct {
    metav1.TypeMeta

    // Request describes the attributes for the admission request.
    // +optional
    Request *AdmissionRequest

    // Response describes the attributes for the admission response.
    // +optional
    Response *AdmissionResponse
}

AdmissionReview describes an admission review request/response.

func (*AdmissionReview) DeepCopy Uses

func (in *AdmissionReview) DeepCopy() *AdmissionReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReview.

func (*AdmissionReview) DeepCopyInto Uses

func (in *AdmissionReview) DeepCopyInto(out *AdmissionReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AdmissionReview) DeepCopyObject Uses

func (in *AdmissionReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type Operation Uses

type Operation string

Operation is the type of resource operation being checked for admission control

const (
    Create  Operation = "CREATE"
    Update  Operation = "UPDATE"
    Delete  Operation = "DELETE"
    Connect Operation = "CONNECT"
)

Operation constants

type PatchType Uses

type PatchType string

PatchType is the type of patch being used to represent the mutated object

const (
    PatchTypeJSONPatch PatchType = "JSONPatch"
)

PatchType constants.

Directories

PathSynopsis
fuzzer
installPackage install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
v1
v1beta1

Package admission imports 5 packages (graph) and is imported by 38 packages. Updated 2019-09-13. Refresh now. Tools for package owners.