mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
kubelet: add CredentialProviderConfig API
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
This commit is contained in:
parent
3146daf433
commit
359c6e2623
@ -385,6 +385,10 @@ API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1,Policy,Pri
|
||||
API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1,RequestedToCapacityRatioArguments,Resources
|
||||
API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1,RequestedToCapacityRatioArguments,Shape
|
||||
API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1,ServiceAffinity,Labels
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProvider,Args
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProvider,Env
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProvider,MatchImages
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProviderConfig,Providers
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1beta1,KubeletConfiguration,AllowedUnsafeSysctls
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1beta1,KubeletConfiguration,ClusterDNS
|
||||
API rule violation: list_type_missing,k8s.io/kubelet/config/v1beta1,KubeletConfiguration,EnforceNodeAllocatable
|
||||
|
@ -101,6 +101,7 @@ tags_values_pkgs = {"openapi-gen": {
|
||||
"staging/src/k8s.io/kube-proxy/config/v1alpha1",
|
||||
"staging/src/k8s.io/kube-scheduler/config/v1",
|
||||
"staging/src/k8s.io/kube-scheduler/config/v1beta1",
|
||||
"staging/src/k8s.io/kubelet/config/v1alpha1",
|
||||
"staging/src/k8s.io/kubelet/config/v1beta1",
|
||||
"staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1beta1",
|
||||
"staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1beta2",
|
||||
@ -188,6 +189,7 @@ tags_pkgs_values = {"openapi-gen": {
|
||||
"staging/src/k8s.io/kube-proxy/config/v1alpha1": ["true"],
|
||||
"staging/src/k8s.io/kube-scheduler/config/v1": ["true"],
|
||||
"staging/src/k8s.io/kube-scheduler/config/v1beta1": ["true"],
|
||||
"staging/src/k8s.io/kubelet/config/v1alpha1": ["true"],
|
||||
"staging/src/k8s.io/kubelet/config/v1beta1": ["true"],
|
||||
"staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1beta1": ["true"],
|
||||
"staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1beta2": ["true"],
|
||||
|
@ -38,6 +38,7 @@ filegroup(
|
||||
":package-srcs",
|
||||
"//pkg/kubelet/apis/config/fuzzer:all-srcs",
|
||||
"//pkg/kubelet/apis/config/scheme:all-srcs",
|
||||
"//pkg/kubelet/apis/config/v1alpha1:all-srcs",
|
||||
"//pkg/kubelet/apis/config/v1beta1:all-srcs",
|
||||
"//pkg/kubelet/apis/config/validation:all-srcs",
|
||||
],
|
||||
|
@ -39,6 +39,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&KubeletConfiguration{},
|
||||
&SerializedNodeConfigSource{},
|
||||
&CredentialProviderConfig{},
|
||||
)
|
||||
return nil
|
||||
}
|
||||
|
@ -440,3 +440,78 @@ type SerializedNodeConfigSource struct {
|
||||
// +optional
|
||||
Source v1.NodeConfigSource
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// CredentialProviderConfig is the configuration containing information about
|
||||
// each exec credential provider. Kubelet reads this configuration from disk and enables
|
||||
// each provider as specified by the CredentialProvider type.
|
||||
type CredentialProviderConfig struct {
|
||||
metav1.TypeMeta
|
||||
|
||||
// providers is a list of credential provider plugins that will be enabled by the kubelet.
|
||||
// Multiple providers may match against a single image, in which case credentials
|
||||
// from all providers will be returned to the kubelet. If multiple providers are called
|
||||
// for a single image, the results are combined. If providers return overlapping
|
||||
// auth keys, the value from the provider earlier in this list is used.
|
||||
Providers []CredentialProvider
|
||||
}
|
||||
|
||||
// CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only
|
||||
// invoked when an image being pulled matches the images handled by the plugin (see matchImages).
|
||||
type CredentialProvider struct {
|
||||
// name is the required name of the credential provider. It must match the name of the
|
||||
// provider executable as seen by the kubelet. The executable must be in the kubelet's
|
||||
// bin directory (set by the --credential-provider-bin-dir flag).
|
||||
Name string
|
||||
|
||||
// matchImages is a required list of strings used to match against images in order to
|
||||
// determine if this provider should be invoked. If one of the strings matches the
|
||||
// requested image from the kubelet, the plugin will be invoked and given a chance
|
||||
// to provide credentials. Images are expected to contain the registry domain
|
||||
// and URL path.
|
||||
//
|
||||
// Each entry in matchImages is a pattern which can optionally contain a port and a path.
|
||||
// Globs can be used in the domain, but not in the port or the path. Globs are supported
|
||||
// as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'.
|
||||
// Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match
|
||||
// a single subdomain segment, so *.io does not match *.k8s.io.
|
||||
//
|
||||
// A match exists between an image and a matchImage when all of the below are true:
|
||||
// - Both contain the same number of domain parts and each part matches.
|
||||
// - The URL path of an imageMatch must be a prefix of the target image URL path.
|
||||
// - If the imageMatch contains a port, then the port must match in the image as well.
|
||||
//
|
||||
// Example values of matchImages:
|
||||
// - 123456789.dkr.ecr.us-east-1.amazonaws.com
|
||||
// - *.azurecr.io
|
||||
// - gcr.io
|
||||
// - *.*.registry.io
|
||||
// - registry.io:8080/path
|
||||
MatchImages []string
|
||||
|
||||
// defaultCacheDuration is the default duration the plugin will cache credentials in-memory
|
||||
// if a cache duration is not provided in the plugin response. This field is required.
|
||||
DefaultCacheDuration *metav1.Duration
|
||||
|
||||
// Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
|
||||
// MUST use the same encoding version as the input.
|
||||
APIVersion string
|
||||
|
||||
// Arguments to pass to the command when executing it.
|
||||
// +optional
|
||||
Args []string
|
||||
|
||||
// Env defines additional environment variables to expose to the process. These
|
||||
// are unioned with the host's environment, as well as variables client-go uses
|
||||
// to pass argument to the plugin.
|
||||
// +optional
|
||||
Env []ExecEnvVar
|
||||
}
|
||||
|
||||
// ExecEnvVar is used for setting environment variables when executing an exec-based
|
||||
// credential plugin.
|
||||
type ExecEnvVar struct {
|
||||
Name string
|
||||
Value string
|
||||
}
|
||||
|
36
pkg/kubelet/apis/config/v1alpha1/BUILD
Normal file
36
pkg/kubelet/apis/config/v1alpha1/BUILD
Normal file
@ -0,0 +1,36 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_library")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
"doc.go",
|
||||
"register.go",
|
||||
"zz_generated.conversion.go",
|
||||
"zz_generated.deepcopy.go",
|
||||
"zz_generated.defaults.go",
|
||||
],
|
||||
importpath = "k8s.io/kubernetes/pkg/kubelet/apis/config/v1alpha1",
|
||||
visibility = ["//visibility:public"],
|
||||
deps = [
|
||||
"//pkg/kubelet/apis/config:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||
"//staging/src/k8s.io/kubelet/config/v1alpha1:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
24
pkg/kubelet/apis/config/v1alpha1/doc.go
Normal file
24
pkg/kubelet/apis/config/v1alpha1/doc.go
Normal file
@ -0,0 +1,24 @@
|
||||
/*
|
||||
Copyright 2020 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/kubelet/apis/config
|
||||
// +k8s:conversion-gen-external-types=k8s.io/kubelet/config/v1alpha1
|
||||
// +k8s:defaulter-gen=TypeMeta
|
||||
// +k8s:defaulter-gen-input=../../../../../vendor/k8s.io/kubelet/config/v1alpha1
|
||||
// +groupName=kubelet.config.k8s.io
|
||||
|
||||
package v1alpha1 // import "k8s.io/kubernetes/pkg/kubelet/apis/config/v1alpha1"
|
36
pkg/kubelet/apis/config/v1alpha1/register.go
Normal file
36
pkg/kubelet/apis/config/v1alpha1/register.go
Normal file
@ -0,0 +1,36 @@
|
||||
/*
|
||||
Copyright 2020 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
kubeletconfigv1alpha1 "k8s.io/kubelet/config/v1alpha1"
|
||||
)
|
||||
|
||||
// GroupName is the group name used in this package
|
||||
const GroupName = "kubelet.config.k8s.io"
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
||||
|
||||
var (
|
||||
// localSchemeBuilder extends the SchemeBuilder instance with the external types. In this package,
|
||||
// defaulting and conversion init funcs are registered as well.
|
||||
localSchemeBuilder = &kubeletconfigv1alpha1.SchemeBuilder
|
||||
// AddToScheme is a global function that registers this API group & version to a scheme
|
||||
AddToScheme = localSchemeBuilder.AddToScheme
|
||||
)
|
143
pkg/kubelet/apis/config/v1alpha1/zz_generated.conversion.go
generated
Normal file
143
pkg/kubelet/apis/config/v1alpha1/zz_generated.conversion.go
generated
Normal file
@ -0,0 +1,143 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by conversion-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
unsafe "unsafe"
|
||||
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
v1alpha1 "k8s.io/kubelet/config/v1alpha1"
|
||||
config "k8s.io/kubernetes/pkg/kubelet/apis/config"
|
||||
)
|
||||
|
||||
func init() {
|
||||
localSchemeBuilder.Register(RegisterConversions)
|
||||
}
|
||||
|
||||
// RegisterConversions adds conversion functions to the given scheme.
|
||||
// Public to allow building arbitrary schemes.
|
||||
func RegisterConversions(s *runtime.Scheme) error {
|
||||
if err := s.AddGeneratedConversionFunc((*v1alpha1.CredentialProvider)(nil), (*config.CredentialProvider)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_v1alpha1_CredentialProvider_To_config_CredentialProvider(a.(*v1alpha1.CredentialProvider), b.(*config.CredentialProvider), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddGeneratedConversionFunc((*config.CredentialProvider)(nil), (*v1alpha1.CredentialProvider)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_config_CredentialProvider_To_v1alpha1_CredentialProvider(a.(*config.CredentialProvider), b.(*v1alpha1.CredentialProvider), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddGeneratedConversionFunc((*v1alpha1.CredentialProviderConfig)(nil), (*config.CredentialProviderConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_v1alpha1_CredentialProviderConfig_To_config_CredentialProviderConfig(a.(*v1alpha1.CredentialProviderConfig), b.(*config.CredentialProviderConfig), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddGeneratedConversionFunc((*config.CredentialProviderConfig)(nil), (*v1alpha1.CredentialProviderConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_config_CredentialProviderConfig_To_v1alpha1_CredentialProviderConfig(a.(*config.CredentialProviderConfig), b.(*v1alpha1.CredentialProviderConfig), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddGeneratedConversionFunc((*v1alpha1.ExecEnvVar)(nil), (*config.ExecEnvVar)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_v1alpha1_ExecEnvVar_To_config_ExecEnvVar(a.(*v1alpha1.ExecEnvVar), b.(*config.ExecEnvVar), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddGeneratedConversionFunc((*config.ExecEnvVar)(nil), (*v1alpha1.ExecEnvVar)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_config_ExecEnvVar_To_v1alpha1_ExecEnvVar(a.(*config.ExecEnvVar), b.(*v1alpha1.ExecEnvVar), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func autoConvert_v1alpha1_CredentialProvider_To_config_CredentialProvider(in *v1alpha1.CredentialProvider, out *config.CredentialProvider, s conversion.Scope) error {
|
||||
out.Name = in.Name
|
||||
out.MatchImages = *(*[]string)(unsafe.Pointer(&in.MatchImages))
|
||||
out.DefaultCacheDuration = (*v1.Duration)(unsafe.Pointer(in.DefaultCacheDuration))
|
||||
out.APIVersion = in.APIVersion
|
||||
out.Args = *(*[]string)(unsafe.Pointer(&in.Args))
|
||||
out.Env = *(*[]config.ExecEnvVar)(unsafe.Pointer(&in.Env))
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_v1alpha1_CredentialProvider_To_config_CredentialProvider is an autogenerated conversion function.
|
||||
func Convert_v1alpha1_CredentialProvider_To_config_CredentialProvider(in *v1alpha1.CredentialProvider, out *config.CredentialProvider, s conversion.Scope) error {
|
||||
return autoConvert_v1alpha1_CredentialProvider_To_config_CredentialProvider(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_config_CredentialProvider_To_v1alpha1_CredentialProvider(in *config.CredentialProvider, out *v1alpha1.CredentialProvider, s conversion.Scope) error {
|
||||
out.Name = in.Name
|
||||
out.MatchImages = *(*[]string)(unsafe.Pointer(&in.MatchImages))
|
||||
out.DefaultCacheDuration = (*v1.Duration)(unsafe.Pointer(in.DefaultCacheDuration))
|
||||
out.APIVersion = in.APIVersion
|
||||
out.Args = *(*[]string)(unsafe.Pointer(&in.Args))
|
||||
out.Env = *(*[]v1alpha1.ExecEnvVar)(unsafe.Pointer(&in.Env))
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_config_CredentialProvider_To_v1alpha1_CredentialProvider is an autogenerated conversion function.
|
||||
func Convert_config_CredentialProvider_To_v1alpha1_CredentialProvider(in *config.CredentialProvider, out *v1alpha1.CredentialProvider, s conversion.Scope) error {
|
||||
return autoConvert_config_CredentialProvider_To_v1alpha1_CredentialProvider(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_v1alpha1_CredentialProviderConfig_To_config_CredentialProviderConfig(in *v1alpha1.CredentialProviderConfig, out *config.CredentialProviderConfig, s conversion.Scope) error {
|
||||
out.Providers = *(*[]config.CredentialProvider)(unsafe.Pointer(&in.Providers))
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_v1alpha1_CredentialProviderConfig_To_config_CredentialProviderConfig is an autogenerated conversion function.
|
||||
func Convert_v1alpha1_CredentialProviderConfig_To_config_CredentialProviderConfig(in *v1alpha1.CredentialProviderConfig, out *config.CredentialProviderConfig, s conversion.Scope) error {
|
||||
return autoConvert_v1alpha1_CredentialProviderConfig_To_config_CredentialProviderConfig(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_config_CredentialProviderConfig_To_v1alpha1_CredentialProviderConfig(in *config.CredentialProviderConfig, out *v1alpha1.CredentialProviderConfig, s conversion.Scope) error {
|
||||
out.Providers = *(*[]v1alpha1.CredentialProvider)(unsafe.Pointer(&in.Providers))
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_config_CredentialProviderConfig_To_v1alpha1_CredentialProviderConfig is an autogenerated conversion function.
|
||||
func Convert_config_CredentialProviderConfig_To_v1alpha1_CredentialProviderConfig(in *config.CredentialProviderConfig, out *v1alpha1.CredentialProviderConfig, s conversion.Scope) error {
|
||||
return autoConvert_config_CredentialProviderConfig_To_v1alpha1_CredentialProviderConfig(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_v1alpha1_ExecEnvVar_To_config_ExecEnvVar(in *v1alpha1.ExecEnvVar, out *config.ExecEnvVar, s conversion.Scope) error {
|
||||
out.Name = in.Name
|
||||
out.Value = in.Value
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_v1alpha1_ExecEnvVar_To_config_ExecEnvVar is an autogenerated conversion function.
|
||||
func Convert_v1alpha1_ExecEnvVar_To_config_ExecEnvVar(in *v1alpha1.ExecEnvVar, out *config.ExecEnvVar, s conversion.Scope) error {
|
||||
return autoConvert_v1alpha1_ExecEnvVar_To_config_ExecEnvVar(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_config_ExecEnvVar_To_v1alpha1_ExecEnvVar(in *config.ExecEnvVar, out *v1alpha1.ExecEnvVar, s conversion.Scope) error {
|
||||
out.Name = in.Name
|
||||
out.Value = in.Value
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_config_ExecEnvVar_To_v1alpha1_ExecEnvVar is an autogenerated conversion function.
|
||||
func Convert_config_ExecEnvVar_To_v1alpha1_ExecEnvVar(in *config.ExecEnvVar, out *v1alpha1.ExecEnvVar, s conversion.Scope) error {
|
||||
return autoConvert_config_ExecEnvVar_To_v1alpha1_ExecEnvVar(in, out, s)
|
||||
}
|
21
pkg/kubelet/apis/config/v1alpha1/zz_generated.deepcopy.go
generated
Normal file
21
pkg/kubelet/apis/config/v1alpha1/zz_generated.deepcopy.go
generated
Normal file
@ -0,0 +1,21 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
32
pkg/kubelet/apis/config/v1alpha1/zz_generated.defaults.go
generated
Normal file
32
pkg/kubelet/apis/config/v1alpha1/zz_generated.defaults.go
generated
Normal file
@ -0,0 +1,32 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by defaulter-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// RegisterDefaults adds defaulters functions to the given scheme.
|
||||
// Public to allow building arbitrary schemes.
|
||||
// All generated defaulters are covering - they call all nested defaulters.
|
||||
func RegisterDefaults(scheme *runtime.Scheme) error {
|
||||
return nil
|
||||
}
|
85
pkg/kubelet/apis/config/zz_generated.deepcopy.go
generated
85
pkg/kubelet/apis/config/zz_generated.deepcopy.go
generated
@ -21,9 +21,94 @@ limitations under the License.
|
||||
package config
|
||||
|
||||
import (
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CredentialProvider) DeepCopyInto(out *CredentialProvider) {
|
||||
*out = *in
|
||||
if in.MatchImages != nil {
|
||||
in, out := &in.MatchImages, &out.MatchImages
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.DefaultCacheDuration != nil {
|
||||
in, out := &in.DefaultCacheDuration, &out.DefaultCacheDuration
|
||||
*out = new(v1.Duration)
|
||||
**out = **in
|
||||
}
|
||||
if in.Args != nil {
|
||||
in, out := &in.Args, &out.Args
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.Env != nil {
|
||||
in, out := &in.Env, &out.Env
|
||||
*out = make([]ExecEnvVar, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialProvider.
|
||||
func (in *CredentialProvider) DeepCopy() *CredentialProvider {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(CredentialProvider)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CredentialProviderConfig) DeepCopyInto(out *CredentialProviderConfig) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
if in.Providers != nil {
|
||||
in, out := &in.Providers, &out.Providers
|
||||
*out = make([]CredentialProvider, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialProviderConfig.
|
||||
func (in *CredentialProviderConfig) DeepCopy() *CredentialProviderConfig {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(CredentialProviderConfig)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *CredentialProviderConfig) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar.
|
||||
func (in *ExecEnvVar) DeepCopy() *ExecEnvVar {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(ExecEnvVar)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication) {
|
||||
*out = *in
|
||||
|
@ -9,6 +9,7 @@ filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [
|
||||
":package-srcs",
|
||||
"//staging/src/k8s.io/kubelet/config/v1alpha1:all-srcs",
|
||||
"//staging/src/k8s.io/kubelet/config/v1beta1:all-srcs",
|
||||
"//staging/src/k8s.io/kubelet/pkg/apis/deviceplugin/v1alpha:all-srcs",
|
||||
"//staging/src/k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1:all-srcs",
|
||||
|
33
staging/src/k8s.io/kubelet/config/v1alpha1/BUILD
Normal file
33
staging/src/k8s.io/kubelet/config/v1alpha1/BUILD
Normal file
@ -0,0 +1,33 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_library")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
"doc.go",
|
||||
"register.go",
|
||||
"types.go",
|
||||
"zz_generated.deepcopy.go",
|
||||
],
|
||||
importmap = "k8s.io/kubernetes/vendor/k8s.io/kubelet/config/v1alpha1",
|
||||
importpath = "k8s.io/kubelet/config/v1alpha1",
|
||||
visibility = ["//visibility:public"],
|
||||
deps = [
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
21
staging/src/k8s.io/kubelet/config/v1alpha1/doc.go
Normal file
21
staging/src/k8s.io/kubelet/config/v1alpha1/doc.go
Normal file
@ -0,0 +1,21 @@
|
||||
/*
|
||||
Copyright 2020 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +k8s:openapi-gen=true
|
||||
// +groupName=kubelet.config.k8s.io
|
||||
|
||||
package v1alpha1 // import "k8s.io/kubelet/config/v1alpha1"
|
43
staging/src/k8s.io/kubelet/config/v1alpha1/register.go
Normal file
43
staging/src/k8s.io/kubelet/config/v1alpha1/register.go
Normal file
@ -0,0 +1,43 @@
|
||||
/*
|
||||
Copyright 2020 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
// GroupName is the group name used in this package
|
||||
const GroupName = "kubelet.config.k8s.io"
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
||||
|
||||
var (
|
||||
// SchemeBuilder is the scheme builder with scheme init functions to run for this API package
|
||||
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
|
||||
// AddToScheme is a global function that registers this API group & version to a scheme
|
||||
AddToScheme = SchemeBuilder.AddToScheme
|
||||
)
|
||||
|
||||
// addKnownTypes registers known types to the given scheme
|
||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&CredentialProviderConfig{},
|
||||
)
|
||||
return nil
|
||||
}
|
96
staging/src/k8s.io/kubelet/config/v1alpha1/types.go
Normal file
96
staging/src/k8s.io/kubelet/config/v1alpha1/types.go
Normal file
@ -0,0 +1,96 @@
|
||||
/*
|
||||
Copyright 2020 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// CredentialProviderConfig is the configuration containing information about
|
||||
// each exec credential provider. Kubelet reads this configuration from disk and enables
|
||||
// each provider as specified by the CredentialProvider type.
|
||||
type CredentialProviderConfig struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
|
||||
// providers is a list of credential provider plugins that will be enabled by the kubelet.
|
||||
// Multiple providers may match against a single image, in which case credentials
|
||||
// from all providers will be returned to the kubelet. If multiple providers are called
|
||||
// for a single image, the results are combined. If providers return overlapping
|
||||
// auth keys, the value from the provider earlier in this list is used.
|
||||
Providers []CredentialProvider `json:"providers"`
|
||||
}
|
||||
|
||||
// CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only
|
||||
// invoked when an image being pulled matches the images handled by the plugin (see matchImages).
|
||||
type CredentialProvider struct {
|
||||
// name is the required name of the credential provider. It must match the name of the
|
||||
// provider executable as seen by the kubelet. The executable must be in the kubelet's
|
||||
// bin directory (set by the --image-credential-provider-bin-dir flag).
|
||||
Name string `json:"name"`
|
||||
|
||||
// matchImages is a required list of strings used to match against images in order to
|
||||
// determine if this provider should be invoked. If one of the strings matches the
|
||||
// requested image from the kubelet, the plugin will be invoked and given a chance
|
||||
// to provide credentials. Images are expected to contain the registry domain
|
||||
// and URL path.
|
||||
//
|
||||
// Each entry in matchImages is a pattern which can optionally contain a port and a path.
|
||||
// Globs can be used in the domain, but not in the port or the path. Globs are supported
|
||||
// as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'.
|
||||
// Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match
|
||||
// a single subdomain segment, so *.io does not match *.k8s.io.
|
||||
//
|
||||
// A match exists between an image and a matchImage when all of the below are true:
|
||||
// - Both contain the same number of domain parts and each part matches.
|
||||
// - The URL path of an imageMatch must be a prefix of the target image URL path.
|
||||
// - If the imageMatch contains a port, then the port must match in the image as well.
|
||||
//
|
||||
// Example values of matchImages:
|
||||
// - 123456789.dkr.ecr.us-east-1.amazonaws.com
|
||||
// - *.azurecr.io
|
||||
// - gcr.io
|
||||
// - *.*.registry.io
|
||||
// - registry.io:8080/path
|
||||
MatchImages []string `json:"matchImages"`
|
||||
|
||||
// defaultCacheDuration is the default duration the plugin will cache credentials in-memory
|
||||
// if a cache duration is not provided in the plugin response. This field is required.
|
||||
DefaultCacheDuration *metav1.Duration `json:"defaultCacheDuration"`
|
||||
|
||||
// Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
|
||||
// MUST use the same encoding version as the input.
|
||||
APIVersion string `json:"apiVersion"`
|
||||
|
||||
// Arguments to pass to the command when executing it.
|
||||
// +optional
|
||||
Args []string `json:"args,omitempty"`
|
||||
|
||||
// Env defines additional environment variables to expose to the process. These
|
||||
// are unioned with the host's environment, as well as variables client-go uses
|
||||
// to pass argument to the plugin.
|
||||
// +optional
|
||||
Env []ExecEnvVar `json:"env,omitempty"`
|
||||
}
|
||||
|
||||
// ExecEnvVar is used for setting environment variables when executing an exec-based
|
||||
// credential plugin.
|
||||
type ExecEnvVar struct {
|
||||
Name string `json:"name"`
|
||||
Value string `json:"value"`
|
||||
}
|
110
staging/src/k8s.io/kubelet/config/v1alpha1/zz_generated.deepcopy.go
generated
Normal file
110
staging/src/k8s.io/kubelet/config/v1alpha1/zz_generated.deepcopy.go
generated
Normal file
@ -0,0 +1,110 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CredentialProvider) DeepCopyInto(out *CredentialProvider) {
|
||||
*out = *in
|
||||
if in.MatchImages != nil {
|
||||
in, out := &in.MatchImages, &out.MatchImages
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.DefaultCacheDuration != nil {
|
||||
in, out := &in.DefaultCacheDuration, &out.DefaultCacheDuration
|
||||
*out = new(v1.Duration)
|
||||
**out = **in
|
||||
}
|
||||
if in.Args != nil {
|
||||
in, out := &in.Args, &out.Args
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.Env != nil {
|
||||
in, out := &in.Env, &out.Env
|
||||
*out = make([]ExecEnvVar, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialProvider.
|
||||
func (in *CredentialProvider) DeepCopy() *CredentialProvider {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(CredentialProvider)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CredentialProviderConfig) DeepCopyInto(out *CredentialProviderConfig) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
if in.Providers != nil {
|
||||
in, out := &in.Providers, &out.Providers
|
||||
*out = make([]CredentialProvider, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialProviderConfig.
|
||||
func (in *CredentialProviderConfig) DeepCopy() *CredentialProviderConfig {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(CredentialProviderConfig)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *CredentialProviderConfig) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar.
|
||||
func (in *ExecEnvVar) DeepCopy() *ExecEnvVar {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(ExecEnvVar)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
1
vendor/modules.txt
vendored
1
vendor/modules.txt
vendored
@ -2426,6 +2426,7 @@ k8s.io/kubectl/pkg/validation
|
||||
# k8s.io/kubelet v0.0.0 => ./staging/src/k8s.io/kubelet
|
||||
## explicit
|
||||
# k8s.io/kubelet => ./staging/src/k8s.io/kubelet
|
||||
k8s.io/kubelet/config/v1alpha1
|
||||
k8s.io/kubelet/config/v1beta1
|
||||
k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1
|
||||
k8s.io/kubelet/pkg/apis/pluginregistration/v1
|
||||
|
Loading…
Reference in New Issue
Block a user