package v1beta2
- Alphabetic
- Public
- All
Type Members
-
case class
FlowDistinguisherMethod(type: String) extends Product with Serializable
FlowDistinguisherMethod specifies the method of a flow distinguisher.
FlowDistinguisherMethod specifies the method of a flow distinguisher.
- type
type
is the type of flow distinguisher method The supported types are "ByUser" and "ByNamespace". Required.
- class FlowDistinguisherMethodFields extends AnyRef
-
case class
FlowSchema(metadata: Optional[ObjectMeta] = Optional.Absent, spec: Optional[FlowSchemaSpec] = Optional.Absent, status: Optional[FlowSchemaStatus] = Optional.Absent) extends Product with Serializable
FlowSchema defines the schema of a group of flows.
FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
-
case class
FlowSchemaCondition(lastTransitionTime: Optional[Time] = Optional.Absent, message: Optional[String] = Optional.Absent, reason: Optional[String] = Optional.Absent, status: Optional[String] = Optional.Absent, type: Optional[String] = Optional.Absent) extends Product with Serializable
FlowSchemaCondition describes conditions for a FlowSchema.
FlowSchemaCondition describes conditions for a FlowSchema.
- message
message
is a human-readable message indicating details about last transition.- reason
reason
is a unique, one-word, CamelCase reason for the condition's last transition.- status
status
is the status of the condition. Can be True, False, Unknown. Required.- type
type
is the type of the condition. Required.
- class FlowSchemaConditionFields extends AnyRef
- class FlowSchemaFields extends AnyRef
-
case class
FlowSchemaSpec(distinguisherMethod: Optional[FlowDistinguisherMethod] = Optional.Absent, matchingPrecedence: Optional[Int] = Optional.Absent, priorityLevelConfiguration: PriorityLevelConfigurationReference, rules: Optional[Vector[PolicyRulesWithSubjects]] = Optional.Absent) extends Product with Serializable
FlowSchemaSpec describes how the FlowSchema's specification looks like.
FlowSchemaSpec describes how the FlowSchema's specification looks like.
- matchingPrecedence
matchingPrecedence
is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default.- rules
rules
describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
- class FlowSchemaSpecFields extends AnyRef
-
case class
FlowSchemaStatus(conditions: Optional[Vector[FlowSchemaCondition]] = Optional.Absent) extends Product with Serializable
FlowSchemaStatus represents the current state of a FlowSchema.
FlowSchemaStatus represents the current state of a FlowSchema.
- conditions
conditions
is a list of the current states of FlowSchema.
- class FlowSchemaStatusFields extends AnyRef
-
case class
GroupSubject(name: String) extends Product with Serializable
GroupSubject holds detailed information for group-kind subject.
GroupSubject holds detailed information for group-kind subject.
- name
name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.
- class GroupSubjectFields extends AnyRef
-
case class
LimitResponse(queuing: Optional[QueuingConfiguration] = Optional.Absent, type: String) extends Product with Serializable
LimitResponse defines how to handle requests that can not be executed right now.
LimitResponse defines how to handle requests that can not be executed right now.
- type
type
is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required.
- class LimitResponseFields extends AnyRef
-
case class
LimitedPriorityLevelConfiguration(assuredConcurrencyShares: Optional[Int] = Optional.Absent, limitResponse: Optional[LimitResponse] = Optional.Absent) extends Product with Serializable
LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits.
LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues: How are requests for this priority level limited? What should be done with requests that exceed the limit?
- assuredConcurrencyShares
assuredConcurrencyShares
(ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level: ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) ) bigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30.
- class LimitedPriorityLevelConfigurationFields extends AnyRef
-
case class
NonResourcePolicyRule(nonResourceURLs: Vector[String], verbs: Vector[String]) extends Product with Serializable
NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL.
NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
- nonResourceURLs
nonResourceURLs
is a set of url prefixes that a user should have access to and may not be empty. For example: \- "/healthz" is legal \- "/hea*" is illegal \- "/hea" is legal but matches nothing \- "/hea/*" also matches nothing \- "/healthz/*" matches all per-component health checks. "*" matches all non-resource urls. if it is present, it must be the only entry. Required.- verbs
verbs
is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required.
- class NonResourcePolicyRuleFields extends AnyRef
-
case class
PolicyRulesWithSubjects(nonResourceRules: Optional[Vector[NonResourcePolicyRule]] = Optional.Absent, resourceRules: Optional[Vector[ResourcePolicyRule]] = Optional.Absent, subjects: Vector[Subject]) extends Product with Serializable
PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver.
PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
- nonResourceRules
nonResourceRules
is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.- resourceRules
resourceRules
is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one ofresourceRules
andnonResourceRules
has to be non-empty.- subjects
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
- class PolicyRulesWithSubjectsFields extends AnyRef
-
case class
PriorityLevelConfiguration(metadata: Optional[ObjectMeta] = Optional.Absent, spec: Optional[PriorityLevelConfigurationSpec] = Optional.Absent, status: Optional[PriorityLevelConfigurationStatus] = Optional.Absent) extends Product with Serializable
PriorityLevelConfiguration represents the configuration of a priority level.
-
case class
PriorityLevelConfigurationCondition(lastTransitionTime: Optional[Time] = Optional.Absent, message: Optional[String] = Optional.Absent, reason: Optional[String] = Optional.Absent, status: Optional[String] = Optional.Absent, type: Optional[String] = Optional.Absent) extends Product with Serializable
PriorityLevelConfigurationCondition defines the condition of priority level.
PriorityLevelConfigurationCondition defines the condition of priority level.
- message
message
is a human-readable message indicating details about last transition.- reason
reason
is a unique, one-word, CamelCase reason for the condition's last transition.- status
status
is the status of the condition. Can be True, False, Unknown. Required.- type
type
is the type of the condition. Required.
- class PriorityLevelConfigurationConditionFields extends AnyRef
- class PriorityLevelConfigurationFields extends AnyRef
-
case class
PriorityLevelConfigurationReference(name: String) extends Product with Serializable
PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
- name
name
is the name of the priority level configuration being referenced Required.
- class PriorityLevelConfigurationReferenceFields extends AnyRef
-
case class
PriorityLevelConfigurationSpec(limited: Optional[LimitedPriorityLevelConfiguration] = Optional.Absent, type: String) extends Product with Serializable
PriorityLevelConfigurationSpec specifies the configuration of a priority level.
PriorityLevelConfigurationSpec specifies the configuration of a priority level.
- type
type
indicates whether this priority level is subject to limitation on request execution. A value of"Exempt"
means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of"Limited"
means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.
- class PriorityLevelConfigurationSpecFields extends AnyRef
-
case class
PriorityLevelConfigurationStatus(conditions: Optional[Vector[PriorityLevelConfigurationCondition]] = Optional.Absent) extends Product with Serializable
PriorityLevelConfigurationStatus represents the current state of a "request-priority".
PriorityLevelConfigurationStatus represents the current state of a "request-priority".
- conditions
conditions
is the current state of "request-priority".
- class PriorityLevelConfigurationStatusFields extends AnyRef
-
case class
QueuingConfiguration(handSize: Optional[Int] = Optional.Absent, queueLengthLimit: Optional[Int] = Optional.Absent, queues: Optional[Int] = Optional.Absent) extends Product with Serializable
QueuingConfiguration holds the configuration parameters for queuing
QueuingConfiguration holds the configuration parameters for queuing
- handSize
handSize
is a small positive number that configures the shuffle sharding of requests into queues. When enqueuing a request at this priority level the request's flow identifier (a string pair) is hashed and the hash value is used to shuffle the list of queues and deal a hand of the size specified here. The request is put into one of the shortest queues in that hand.handSize
must be no larger thanqueues
, and should be significantly smaller (so that a few heavy flows do not saturate most of the queues). See the user-facing documentation for more extensive guidance on setting this field. This field has a default value of 8.- queueLengthLimit
queueLengthLimit
is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected. This value must be positive. If not specified, it will be defaulted to 50.- queues
queues
is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive. Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant. This field has a default value of 64.
- class QueuingConfigurationFields extends AnyRef
-
case class
ResourcePolicyRule(apiGroups: Vector[String], clusterScope: Optional[Boolean] = Optional.Absent, namespaces: Optional[Vector[String]] = Optional.Absent, resources: Vector[String], verbs: Vector[String]) extends Product with Serializable
ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource.
ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e.,
Namespace==""
) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace.- apiGroups
apiGroups
is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. Required.- clusterScope
clusterScope
indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then thenamespaces
field must contain a non-empty list.- namespaces
namespaces
is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*". Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see theclusterScope
field for that). This list may be empty, but only ifclusterScope
is true.- resources
resources
is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ "services", "nodes/status" ]. This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required.- verbs
verbs
is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required.
- class ResourcePolicyRuleFields extends AnyRef
-
case class
ServiceAccountSubject(name: String, namespace: String) extends Product with Serializable
ServiceAccountSubject holds detailed information for service-account-kind subject.
ServiceAccountSubject holds detailed information for service-account-kind subject.
- name
name
is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.- namespace
namespace
is the namespace of matching ServiceAccount objects. Required.
- class ServiceAccountSubjectFields extends AnyRef
-
case class
Subject(group: Optional[GroupSubject] = Optional.Absent, kind: String, serviceAccount: Optional[ServiceAccountSubject] = Optional.Absent, user: Optional[UserSubject] = Optional.Absent) extends Product with Serializable
Subject matches the originator of a request, as identified by the request authentication system.
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
- kind
kind
indicates which one of the other fields is non-empty. Required
- class SubjectFields extends AnyRef
-
case class
UserSubject(name: String) extends Product with Serializable
UserSubject holds detailed information for user-kind subject.
UserSubject holds detailed information for user-kind subject.
- name
name
is the username that matches, or "*" to match all usernames. Required.
- class UserSubjectFields extends AnyRef
Value Members
- object FlowDistinguisherMethod extends FlowDistinguisherMethodFields with Serializable
- object FlowSchema extends FlowSchemaFields with Serializable
- object FlowSchemaCondition extends FlowSchemaConditionFields with Serializable
- object FlowSchemaSpec extends FlowSchemaSpecFields with Serializable
- object FlowSchemaStatus extends FlowSchemaStatusFields with Serializable
- object GroupSubject extends GroupSubjectFields with Serializable
- object LimitResponse extends LimitResponseFields with Serializable
- object LimitedPriorityLevelConfiguration extends LimitedPriorityLevelConfigurationFields with Serializable
- object NonResourcePolicyRule extends NonResourcePolicyRuleFields with Serializable
- object PolicyRulesWithSubjects extends PolicyRulesWithSubjectsFields with Serializable
- object PriorityLevelConfiguration extends PriorityLevelConfigurationFields with Serializable
- object PriorityLevelConfigurationCondition extends PriorityLevelConfigurationConditionFields with Serializable
- object PriorityLevelConfigurationReference extends PriorityLevelConfigurationReferenceFields with Serializable
- object PriorityLevelConfigurationSpec extends PriorityLevelConfigurationSpecFields with Serializable
- object PriorityLevelConfigurationStatus extends PriorityLevelConfigurationStatusFields with Serializable
- object QueuingConfiguration extends QueuingConfigurationFields with Serializable
- object ResourcePolicyRule extends ResourcePolicyRuleFields with Serializable
- object ServiceAccountSubject extends ServiceAccountSubjectFields with Serializable
- object Subject extends SubjectFields with Serializable
- object UserSubject extends UserSubjectFields with Serializable