admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2039 from zryfish/master

Browse Source 
Merge dev branch
This commit is contained in:
zryfish
2020-04-29 20:46:18 +08:00
committed by GitHub
parent 8af14d79ef c62254696c
commit cdd116242a
2389 changed files with 214440 additions and 256682 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/build.yml vendored
View File

@@ -41,19 +41,26 @@ jobs:
- name: Build
run: make all
- name: Make OpenAPI Spec
run: make openapi
- name: Uploading code coverage
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
run: bash <(curl -s https://codecov.io/bash)
uses: codecov/codecov-action@v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage.txt
flags: unittests
name: codecov-umbrella
fail_ci_if_error: true
- name: Get branch name
id: extract_branch
shell: bash
run: echo "##[set-output name=branch;]$(ehco ${GITHUB_REF#refs/heads/})"
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
- name: Build and push docker images
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name == 'push'
run: bash hack/docker_build.sh ${{ steps.extract_branch.outputs.branch }}
run: bash hack/docker_build.sh ${{ steps.extract_branch.outputs.branch }}

30
Makefile
View File

@@ -1,14 +1,6 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License
# described in the file LICENSE.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:trivialVersions=true"
@@ -42,20 +34,12 @@ define ALL_HELP_INFO
# debugging tools like delve.
endef
.PHONY: all
all: test hypersphere ks-apiserver ks-apigateway ks-iam controller-manager
all: test hypersphere ks-apiserver controller-manager
# Build ks-apiserver binary
ks-apiserver: fmt vet
hack/gobuild.sh cmd/ks-apiserver
# Build ks-apigateway binary
ks-apigateway: fmt vet
hack/gobuild.sh cmd/ks-apigateway
# Build ks-iam binary
ks-iam: fmt vet
hack/gobuild.sh cmd/ks-iam
# Build controller-manager binary
controller-manager: fmt vet
hack/gobuild.sh cmd/controller-manager
@@ -74,7 +58,7 @@ vet: generate
# Generate manifests e.g. CRD, RBAC etc.
manifests:
go run ./vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go all
go run ./vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go object:headerFile=./hack/boilerplate.go.txt paths=./pkg/apis/... rbac:roleName=controller-perms ${CRD_OPTIONS} output:crd:artifacts:config=config/crd/bases
deploy: manifests
kubectl apply -f config/crds
@@ -92,8 +76,10 @@ deepcopy:
openapi:
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/tenant/v1alpha1 -p kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/servicemesh/v1alpha2 -p kubesphere.io/kubesphere/pkg/apis/servicemesh/v1alpha2 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/api/networking/v1,./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/network/v1alpha1 -p kubesphere.io/kubesphere/pkg/apis/network/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/devops/v1alpha1 -p kubesphere.io/kubesphere/pkg/apis/devops/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/api/networking/v1,./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/k8s.io/apimachinery/pkg/util/intstr,./pkg/apis/network/v1alpha1 -p kubesphere.io/kubesphere/pkg/apis/network/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/devops/v1alpha1,./vendor/k8s.io/apimachinery/pkg/runtime,./vendor/k8s.io/api/core/v1 -p kubesphere.io/kubesphere/pkg/apis/devops/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/cluster/v1alpha1,./vendor/k8s.io/apimachinery/pkg/runtime,./vendor/k8s.io/api/core/v1 -p kubesphere.io/kubesphere/pkg/apis/cluster/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./pkg/apis/devops/v1alpha3,./vendor/k8s.io/apimachinery/pkg/runtime -p kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list
go run ./tools/cmd/crd-doc-gen/main.go
# Build the docker image
docker-build: all

55
api/api-rules/violation_exceptions.list
View File

@@ -24,7 +24,11 @@ API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Cells
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Conditions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,UpdateOptions,DryRun
API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha1,S2iBinaryList,Items
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,RawExtension,Raw
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,DevOpsProjectList,Items
API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,Parameters
API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,PipelineList,Items
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Duration,Duration
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Object
@@ -32,4 +36,51 @@ API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEve
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,MicroTime,Time
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,StatusCause,Type
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Time,Time
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha1,S2iBinarySpec,MD5
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentEncoding
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentType
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,ApiUri
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,CloneOption
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,CredentialId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromForks
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromOrigin
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,RegexFilter
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,ScmId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,DiscarderProperty,DaysToKeep
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,DiscarderProperty,NumToKeep
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,CloneOption
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,CredentialId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,RegexFilter
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,ScmId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,ApiUri
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,CloneOption
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,CredentialId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,DiscoverPRFromForks
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,DiscoverPRFromOrigin
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,RegexFilter
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,ScmId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchJobTrigger,CreateActionJobsToTrigger
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchJobTrigger,DeleteActionJobsToTrigger
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,BitbucketServerSource
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,Description
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitHubSource
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitSource
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,MultiBranchJobTrigger
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,ScriptPath
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,SingleSvnSource
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,SourceType
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,SvnSource
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,TimerTrigger
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,Description
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,DisableConcurrent
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,RemoteTrigger
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,TimerTrigger
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,Parameter,DefaultValue
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,PipelineSpec,MultiBranchPipeline
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SingleSvnSource,CredentialId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SingleSvnSource,ScmId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SvnSource,CredentialId
API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SvnSource,ScmId

9126
api/ks-openapi-spec/swagger.json
View File

File diff suppressed because it is too large Load Diff

6319
api/openapi-spec/swagger.json
View File

File diff suppressed because it is too large Load Diff

20
build/ks-apigateway/Dockerfile
View File

@@ -1,20 +0,0 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.12 as ks-apigateway-builder
COPY / /go/src/kubesphere.io/kubesphere
WORKDIR /go/src/kubesphere.io/kubesphere
RUN CGO_ENABLED=0 GO111MODULE=on GOOS=linux GOARCH=amd64 GOFLAGS=-mod=vendor go build -i -ldflags '-w -s' -o ks-apigateway cmd/ks-apigateway/apiserver.go && \
go run tools/cmd/doc-gen/main.go --output=install/swagger-ui/api.json
FROM alpine:3.9
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=ks-apigateway-builder /go/src/kubesphere.io/kubesphere/ks-apigateway /usr/local/bin/
COPY --from=ks-apigateway-builder /go/src/kubesphere.io/kubesphere/install/swagger-ui /var/static/swagger-ui
CMD ["sh"]

18
build/ks-iam/Dockerfile
View File

@@ -1,18 +0,0 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.12 as ks-iam-builder
COPY / /go/src/kubesphere.io/kubesphere
WORKDIR /go/src/kubesphere.io/kubesphere
RUN CGO_ENABLED=0 GO111MODULE=on GOOS=linux GOARCH=amd64 GOFLAGS=-mod=vendor go build -i -ldflags '-w -s' -o ks-iam cmd/ks-iam/apiserver.go
FROM alpine:3.9
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=ks-iam-builder /go/src/kubesphere.io/kubesphere/ks-iam /usr/local/bin/
CMD ["sh"]

4
build/ks-network/Dockerfile
View File

@@ -1,4 +0,0 @@
FROM gcr.io/distroless/static:latest
WORKDIR /
COPY ks-network .
ENTRYPOINT ["/ks-network"]

205
cmd/controller-manager/app/controllers.go
View File

@@ -18,137 +18,146 @@
package app
import (
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/klog"
"kubesphere.io/kubesphere/pkg/controller/application"
"kubesphere.io/kubesphere/pkg/controller/cluster"
"kubesphere.io/kubesphere/pkg/controller/destinationrule"
"kubesphere.io/kubesphere/pkg/controller/devopscredential"
"kubesphere.io/kubesphere/pkg/controller/devopsproject"
"kubesphere.io/kubesphere/pkg/controller/job"
"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
"kubesphere.io/kubesphere/pkg/controller/network/provider"
"kubesphere.io/kubesphere/pkg/controller/pipeline"
"kubesphere.io/kubesphere/pkg/controller/s2ibinary"
"kubesphere.io/kubesphere/pkg/controller/s2irun"
"kubesphere.io/kubesphere/pkg/controller/storage/expansion"
//"kubesphere.io/kubesphere/pkg/controller/job"
"kubesphere.io/kubesphere/pkg/controller/user"
"kubesphere.io/kubesphere/pkg/controller/virtualservice"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/simple/client/devops"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
"sigs.k8s.io/controller-runtime/pkg/manager"
"time"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
applicationclientset "github.com/kubernetes-sigs/application/pkg/client/clientset/versioned"
applicationinformers "github.com/kubernetes-sigs/application/pkg/client/informers/externalversions"
s2iclientset "github.com/kubesphere/s2ioperator/pkg/client/clientset/versioned"
s2iinformers "github.com/kubesphere/s2ioperator/pkg/client/informers/externalversions"
istioclientset "istio.io/client-go/pkg/clientset/versioned"
istioinformers "istio.io/client-go/pkg/informers/externalversions"
kubesphereclientset "kubesphere.io/kubesphere/pkg/client/clientset/versioned"
kubesphereinformers "kubesphere.io/kubesphere/pkg/client/informers/externalversions"
)
const defaultResync = 600 * time.Second
func AddControllers(
mgr manager.Manager,
client k8s.Client,
informerFactory informers.InformerFactory,
devopsClient devops.Interface,
s3Client s3.Interface,
stopCh <-chan struct{}) error {
var log = logf.Log.WithName("controller-manager")
kubernetesInformer := informerFactory.KubernetesSharedInformerFactory()
istioInformer := informerFactory.IstioSharedInformerFactory()
kubesphereInformer := informerFactory.KubeSphereSharedInformerFactory()
applicationInformer := informerFactory.ApplicationSharedInformerFactory()
func AddControllers(mgr manager.Manager, cfg *rest.Config, stopCh <-chan struct{}) error {
kubeClient, err := kubernetes.NewForConfig(cfg)
if err != nil {
log.Error(err, "building kubernetes client failed")
}
istioclient, err := istioclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create istio client failed")
return err
}
applicationClient, err := applicationclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create application client failed")
return err
}
s2iclient, err := s2iclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create s2i client failed")
return err
}
kubesphereclient, err := kubesphereclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create kubesphere client failed")
return err
}
informerFactory := informers.NewSharedInformerFactory(kubeClient, defaultResync)
istioInformer := istioinformers.NewSharedInformerFactory(istioclient, defaultResync)
applicationInformer := applicationinformers.NewSharedInformerFactory(applicationClient, defaultResync)
s2iInformer := s2iinformers.NewSharedInformerFactory(s2iclient, defaultResync)
kubesphereInformer := kubesphereinformers.NewSharedInformerFactory(kubesphereclient, defaultResync)
vsController := virtualservice.NewVirtualServiceController(informerFactory.Core().V1().Services(),
vsController := virtualservice.NewVirtualServiceController(kubernetesInformer.Core().V1().Services(),
istioInformer.Networking().V1alpha3().VirtualServices(),
istioInformer.Networking().V1alpha3().DestinationRules(),
kubesphereInformer.Servicemesh().V1alpha2().Strategies(),
kubeClient,
istioclient,
kubesphereclient)
client.Kubernetes(),
client.Istio(),
client.KubeSphere())
drController := destinationrule.NewDestinationRuleController(informerFactory.Apps().V1().Deployments(),
drController := destinationrule.NewDestinationRuleController(kubernetesInformer.Apps().V1().Deployments(),
istioInformer.Networking().V1alpha3().DestinationRules(),
informerFactory.Core().V1().Services(),
kubernetesInformer.Core().V1().Services(),
kubesphereInformer.Servicemesh().V1alpha2().ServicePolicies(),
kubeClient,
istioclient,
kubesphereclient)
client.Kubernetes(),
client.Istio(),
client.KubeSphere())
apController := application.NewApplicationController(informerFactory.Core().V1().Services(),
informerFactory.Apps().V1().Deployments(),
informerFactory.Apps().V1().StatefulSets(),
apController := application.NewApplicationController(kubernetesInformer.Core().V1().Services(),
kubernetesInformer.Apps().V1().Deployments(),
kubernetesInformer.Apps().V1().StatefulSets(),
kubesphereInformer.Servicemesh().V1alpha2().Strategies(),
kubesphereInformer.Servicemesh().V1alpha2().ServicePolicies(),
applicationInformer.App().V1beta1().Applications(),
kubeClient,
applicationClient)
client.Kubernetes(),
client.Application())
jobController := job.NewJobController(informerFactory.Batch().V1().Jobs(), kubeClient)
jobController := job.NewJobController(kubernetesInformer.Batch().V1().Jobs(), client.Kubernetes())
s2iBinaryController := s2ibinary.NewController(kubesphereclient,
kubeClient,
kubesphereInformer.Devops().V1alpha1().S2iBinaries())
s2iRunController := s2irun.NewController(kubesphereclient, s2iclient, kubeClient,
s2iBinaryController := s2ibinary.NewController(client.Kubernetes(),
client.KubeSphere(),
kubesphereInformer.Devops().V1alpha1().S2iBinaries(),
s2iInformer.Devops().V1alpha1().S2iRuns())
s3Client,
)
s2iRunController := s2irun.NewS2iRunController(client.Kubernetes(),
client.KubeSphere(),
kubesphereInformer.Devops().V1alpha1().S2iBinaries(),
kubesphereInformer.Devops().V1alpha1().S2iRuns())
devopsProjectController := devopsproject.NewController(client.Kubernetes(),
client.KubeSphere(), devopsClient,
informerFactory.KubernetesSharedInformerFactory().Core().V1().Namespaces(),
informerFactory.KubeSphereSharedInformerFactory().Devops().V1alpha3().DevOpsProjects(),
)
devopsPipelineController := pipeline.NewController(client.Kubernetes(),
client.KubeSphere(),
devopsClient,
informerFactory.KubernetesSharedInformerFactory().Core().V1().Namespaces(),
informerFactory.KubeSphereSharedInformerFactory().Devops().V1alpha3().Pipelines())
devopsCredentialController := devopscredential.NewController(client.Kubernetes(),
devopsClient,
informerFactory.KubernetesSharedInformerFactory().Core().V1().Namespaces(),
informerFactory.KubernetesSharedInformerFactory().Core().V1().Secrets())
volumeExpansionController := expansion.NewVolumeExpansionController(
kubeClient,
informerFactory.Core().V1().PersistentVolumeClaims(),
informerFactory.Storage().V1().StorageClasses(),
informerFactory.Core().V1().Pods(),
informerFactory.Apps().V1().Deployments(),
informerFactory.Apps().V1().ReplicaSets(),
informerFactory.Apps().V1().StatefulSets())
client.Kubernetes(),
kubernetesInformer.Core().V1().PersistentVolumeClaims(),
kubernetesInformer.Storage().V1().StorageClasses(),
kubernetesInformer.Core().V1().Pods(),
kubernetesInformer.Apps().V1().Deployments(),
kubernetesInformer.Apps().V1().ReplicaSets(),
kubernetesInformer.Apps().V1().StatefulSets())
kubesphereInformer.Start(stopCh)
istioInformer.Start(stopCh)
informerFactory.Start(stopCh)
applicationInformer.Start(stopCh)
s2iInformer.Start(stopCh)
userController := user.NewController(
client.Kubernetes(),
client.KubeSphere(),
kubesphereInformer.Iam().V1alpha2().Users())
clusterController := cluster.NewClusterController(
client.Kubernetes(),
client.Config(),
kubesphereInformer.Cluster().V1alpha1().Clusters(),
client.KubeSphere().ClusterV1alpha1().Clusters())
nsnpProvider, err := provider.NewNsNetworkPolicyProvider(client.Kubernetes(),
kubernetesInformer.Networking().V1().NetworkPolicies())
if err != nil {
return err
}
nsnpController := nsnetworkpolicy.NewNSNetworkPolicyController(client.Kubernetes(),
client.KubeSphere().NetworkV1alpha1(), kubesphereInformer.Network().V1alpha1().NamespaceNetworkPolicies(),
kubernetesInformer.Core().V1().Services(), kubernetesInformer.Core().V1().Nodes(),
kubesphereInformer.Tenant().V1alpha1().Workspaces(),
kubernetesInformer.Core().V1().Namespaces(), nsnpProvider)
controllers := map[string]manager.Runnable{
"virtualservice-controller": vsController,
"destinationrule-controller": drController,
"application-controller": apController,
"job-controller": jobController,
"s2ibinary-controller": s2iBinaryController,
"s2irun-controller": s2iRunController,
"volumeexpansion-controller": volumeExpansionController,
"virtualservice-controller": vsController,
"destinationrule-controller": drController,
"application-controller": apController,
"job-controller": jobController,
"s2ibinary-controller": s2iBinaryController,
"s2irun-controller": s2iRunController,
"volumeexpansion-controller": volumeExpansionController,
"devopsprojects-controller": devopsProjectController,
"pipeline-controller": devopsPipelineController,
"devopscredential-controller": devopsCredentialController,
"user-controller": userController,
"cluster-controller": clusterController,
"nsnp-controller": nsnpController,
}
for name, ctrl := range controllers {
err = mgr.Add(ctrl)
if err != nil {
log.Error(err, "add controller to manager failed", "name", name)
if err := mgr.Add(ctrl); err != nil {
klog.Error(err, "add controller to manager failed", "name", name)
return err
}
}

43
cmd/controller-manager/app/options/options.go
View File

@@ -6,35 +6,39 @@ import (
"k8s.io/client-go/tools/leaderelection"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
kubesphereconfig "kubesphere.io/kubesphere/pkg/server/config"
"kubesphere.io/kubesphere/pkg/simple/client/devops"
kubesphereconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
"kubesphere.io/kubesphere/pkg/simple/client/s2is3"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
"strings"
"time"
)
type KubeSphereControllerManagerOptions struct {
KubernetesOptions *k8s.KubernetesOptions
DevopsOptions *devops.DevopsOptions
S3Options *s2is3.S3Options
OpenPitrixOptions *openpitrix.OpenPitrixOptions
LeaderElection *leaderelection.LeaderElectionConfig
KubernetesOptions *k8s.KubernetesOptions
DevopsOptions *jenkins.Options
S3Options *s3.Options
OpenPitrixOptions *openpitrix.Options
MultiClusterOptions *multicluster.Options
LeaderElect bool
LeaderElection *leaderelection.LeaderElectionConfig
}
func NewKubeSphereControllerManagerOptions() *KubeSphereControllerManagerOptions {
s := &KubeSphereControllerManagerOptions{
KubernetesOptions: k8s.NewKubernetesOptions(),
DevopsOptions: devops.NewDevopsOptions(),
S3Options: s2is3.NewS3Options(),
OpenPitrixOptions: openpitrix.NewOpenPitrixOptions(),
KubernetesOptions: k8s.NewKubernetesOptions(),
DevopsOptions: jenkins.NewDevopsOptions(),
S3Options: s3.NewS3Options(),
OpenPitrixOptions: openpitrix.NewOptions(),
MultiClusterOptions: multicluster.NewOptions(),
LeaderElection: &leaderelection.LeaderElectionConfig{
LeaseDuration: 30 * time.Second,
RenewDeadline: 15 * time.Second,
RetryPeriod: 5 * time.Second,
},
LeaderElect: false,
}
return s
@@ -50,14 +54,19 @@ func (s *KubeSphereControllerManagerOptions) ApplyTo(conf *kubesphereconfig.Conf
func (s *KubeSphereControllerManagerOptions) Flags() cliflag.NamedFlagSets {
fss := cliflag.NamedFlagSets{}
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"))
s.DevopsOptions.AddFlags(fss.FlagSet("devops"))
s.S3Options.AddFlags(fss.FlagSet("s3"))
s.OpenPitrixOptions.AddFlags(fss.FlagSet("openpitrix"))
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"), s.KubernetesOptions)
s.DevopsOptions.AddFlags(fss.FlagSet("devops"), s.DevopsOptions)
s.S3Options.AddFlags(fss.FlagSet("s3"), s.S3Options)
s.OpenPitrixOptions.AddFlags(fss.FlagSet("openpitrix"), s.OpenPitrixOptions)
s.MultiClusterOptions.AddFlags(fss.FlagSet("multicluster"), s.MultiClusterOptions)
fs := fss.FlagSet("leaderelection")
s.bindLeaderElectionFlags(s.LeaderElection, fs)
fs.BoolVar(&s.LeaderElect, "leader-elect", s.LeaderElect, ""+
"Whether to enable leader election. This field should be enabled when controller manager"+
"deployed with multiple replicas.")
kfs := fss.FlagSet("klog")
local := flag.NewFlagSet("klog", flag.ExitOnError)
klog.InitFlags(local)

136
cmd/controller-manager/app/server.go
View File

@@ -32,10 +32,19 @@ import (
"k8s.io/klog"
"kubesphere.io/kubesphere/cmd/controller-manager/app/options"
"kubesphere.io/kubesphere/pkg/apis"
controllerconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/client/clientset/versioned/scheme"
"kubesphere.io/kubesphere/pkg/controller"
controllerconfig "kubesphere.io/kubesphere/pkg/server/config"
"kubesphere.io/kubesphere/pkg/simple/client"
"kubesphere.io/kubesphere/pkg/controller/namespace"
"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
"kubesphere.io/kubesphere/pkg/controller/user"
"kubesphere.io/kubesphere/pkg/controller/workspace"
"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
"kubesphere.io/kubesphere/pkg/utils/term"
"os"
"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -44,20 +53,24 @@ import (
func NewControllerManagerCommand() *cobra.Command {
s := options.NewKubeSphereControllerManagerOptions()
conf, err := controllerconfig.TryLoadFromDisk()
if err == nil {
// make sure LeaderElection is not nil
s = &options.KubeSphereControllerManagerOptions{
KubernetesOptions: conf.KubernetesOptions,
DevopsOptions: conf.DevopsOptions,
S3Options: conf.S3Options,
OpenPitrixOptions: conf.OpenPitrixOptions,
MultiClusterOptions: conf.MultiClusterOptions,
LeaderElection: s.LeaderElection,
LeaderElect: s.LeaderElect,
}
}
cmd := &cobra.Command{
Use: "controller-manager",
Long: `KubeSphere controller manager is a daemon that`,
Run: func(cmd *cobra.Command, args []string) {
err := controllerconfig.Load()
if err != nil {
klog.Fatal(err)
os.Exit(1)
}
s = Complete(s)
if errs := s.Validate(); len(errs) != 0 {
klog.Error(utilerrors.NewAggregate(errs))
os.Exit(1)
@@ -85,52 +98,36 @@ func NewControllerManagerCommand() *cobra.Command {
return cmd
}
func Complete(s *options.KubeSphereControllerManagerOptions) *options.KubeSphereControllerManagerOptions {
conf := controllerconfig.Get()
conf.Apply(&controllerconfig.Config{
DevopsOptions: s.DevopsOptions,
KubernetesOptions: s.KubernetesOptions,
S3Options: s.S3Options,
OpenPitrixOptions: s.OpenPitrixOptions,
})
out := &options.KubeSphereControllerManagerOptions{
KubernetesOptions: conf.KubernetesOptions,
DevopsOptions: conf.DevopsOptions,
S3Options: conf.S3Options,
OpenPitrixOptions: conf.OpenPitrixOptions,
LeaderElection: s.LeaderElection,
}
return out
}
func CreateClientSet(conf *controllerconfig.Config, stopCh <-chan struct{}) error {
csop := &client.ClientSetOptions{}
csop.SetKubernetesOptions(conf.KubernetesOptions).
SetDevopsOptions(conf.DevopsOptions).
SetS3Options(conf.S3Options).
SetOpenPitrixOptions(conf.OpenPitrixOptions).
SetKubeSphereOptions(conf.KubeSphereOptions)
client.NewClientSetFactory(csop, stopCh)
return nil
}
func Run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{}) error {
err := CreateClientSet(controllerconfig.Get(), stopCh)
kubernetesClient, err := k8s.NewKubernetesClient(s.KubernetesOptions)
if err != nil {
klog.Error(err)
klog.Errorf("Failed to create kubernetes clientset %v", err)
return err
}
config := client.ClientSets().K8s().Config()
openpitrixClient, err := openpitrix.NewClient(s.OpenPitrixOptions)
if err != nil {
klog.Errorf("Failed to create openpitrix client %v", err)
return err
}
devopsClient, err := jenkins.NewDevopsClient(s.DevopsOptions)
if err != nil {
klog.Errorf("Failed to create devops client %v", err)
return err
}
s3Client, err := s3.NewS3Client(s.S3Options)
if err != nil {
klog.Errorf("Failed to create s3 client %v", err)
return err
}
informerFactory := informers.NewInformerFactories(kubernetesClient.Kubernetes(), kubernetesClient.KubeSphere(), kubernetesClient.Istio(), kubernetesClient.Application())
run := func(ctx context.Context) {
klog.V(0).Info("setting up manager")
mgr, err := manager.New(config, manager.Options{})
mgr, err := manager.New(kubernetesClient.Config(), manager.Options{})
if err != nil {
klog.Fatalf("unable to set up overall controller manager: %v", err)
}
@@ -141,16 +138,34 @@ func Run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
}
klog.V(0).Info("Setting up controllers")
if err := controller.AddToManager(mgr); err != nil {
err = workspace.Add(mgr)
if err != nil {
klog.Fatal("Unable to create workspace controller")
}
err = namespace.Add(mgr, openpitrixClient)
if err != nil {
klog.Fatal("Unable to create namespace controller")
}
if err := AddControllers(mgr, kubernetesClient, informerFactory, devopsClient, s3Client, stopCh); err != nil {
klog.Fatalf("unable to register controllers to the manager: %v", err)
}
if err := AddControllers(mgr, config, stopCh); err != nil {
klog.Fatalf("unable to register controllers to the manager: %v", err)
}
// Start cache data after all informer is registered
informerFactory.Start(stopCh)
klog.V(0).Info("Starting the Cmd.")
if err := mgr.Start(stopCh); err != nil {
// Setup webhooks
klog.Info("setting up webhook server")
hookServer := mgr.GetWebhookServer()
klog.Info("registering webhooks to the webhook server")
hookServer.Register("/mutating-encrypt-password-iam-kubesphere-io-v1alpha2-user", &webhook.Admission{Handler: &user.PasswordCipher{Client: mgr.GetClient()}})
hookServer.Register("/validate-email-iam-kubesphere-io-v1alpha2-user", &webhook.Admission{Handler: &user.EmailValidator{Client: mgr.GetClient()}})
hookServer.Register("/validate-service-nsnp-kubesphere-io-v1alpha1-network", &webhook.Admission{Handler: &nsnetworkpolicy.ServiceValidator{}})
klog.V(0).Info("Starting the controllers.")
if err = mgr.Start(stopCh); err != nil {
klog.Fatalf("unable to run the manager: %v", err)
}
@@ -165,6 +180,11 @@ func Run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
cancel()
}()
if !s.LeaderElect {
run(ctx)
return nil
}
id, err := os.Hostname()
if err != nil {
return err
@@ -179,8 +199,8 @@ func Run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
lock, err := resourcelock.New(resourcelock.LeasesResourceLock,
"kubesphere-system",
"ks-controller-manager",
client.ClientSets().K8s().Kubernetes().CoreV1(),
client.ClientSets().K8s().Kubernetes().CoordinationV1(),
kubernetesClient.Kubernetes().CoreV1(),
kubernetesClient.Kubernetes().CoordinationV1(),
resourcelock.ResourceLockConfig{
Identity: id,
EventRecorder: record.NewBroadcaster().NewRecorder(scheme.Scheme, v1.EventSource{

6
cmd/hypersphere/hypersphere.go
View File

@@ -8,9 +8,7 @@ import (
"github.com/spf13/cobra"
"github.com/spf13/pflag"
controllermanager "kubesphere.io/kubesphere/cmd/controller-manager/app"
ksapigateway "kubesphere.io/kubesphere/cmd/ks-apigateway/app"
ksapiserver "kubesphere.io/kubesphere/cmd/ks-apiserver/app"
ksaiam "kubesphere.io/kubesphere/cmd/ks-iam/app"
"os"
)
@@ -46,14 +44,10 @@ func commandFor(basename string, defaultCommand *cobra.Command, commands []func(
func NewHyperSphereCommand() (*cobra.Command, []func() *cobra.Command) {
apiserver := func() *cobra.Command { return ksapiserver.NewAPIServerCommand() }
controllermanager := func() *cobra.Command { return controllermanager.NewControllerManagerCommand() }
iam := func() *cobra.Command { return ksaiam.NewAPIServerCommand() }
apigateway := func() *cobra.Command { return ksapigateway.NewAPIGatewayCommand() }
commandFns := []func() *cobra.Command{
apiserver,
controllermanager,
iam,
apigateway,
}
cmd := &cobra.Command{

32
cmd/ks-apigateway/apiserver.go
View File

@@ -1,32 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"kubesphere.io/kubesphere/cmd/ks-apigateway/app"
"os"
)
func main() {
cmd := app.NewAPIGatewayCommand()
if err := cmd.Execute(); err != nil {
os.Exit(1)
}
}

53
cmd/ks-apigateway/app/server.go
View File

@@ -1,53 +0,0 @@
package app
import (
"flag"
"github.com/mholt/caddy/caddy/caddymain"
"github.com/mholt/caddy/caddyhttp/httpserver"
"github.com/spf13/cobra"
apiserverconfig "kubesphere.io/kubesphere/pkg/server/config"
"kubesphere.io/kubesphere/pkg/simple/client"
"kubesphere.io/kubesphere/pkg/utils/signals"
"kubesphere.io/kubesphere/pkg/apigateway"
)
func NewAPIGatewayCommand() *cobra.Command {
cmd := &cobra.Command{
Use: "ks-apigateway",
Long: `The KubeSphere API Gateway, which is responsible
for proxy request to the right backend. API Gateway also proxy
Kubernetes API Server for KubeSphere authorization purpose.
`,
RunE: func(cmd *cobra.Command, args []string) error {
err := apiserverconfig.Load()
if err != nil {
return err
}
apigateway.RegisterPlugins()
return Run(signals.SetupSignalHandler())
},
}
cmd.Flags().AddGoFlagSet(flag.CommandLine)
return cmd
}
func Run(stopCh <-chan struct{}) error {
csop := &client.ClientSetOptions{}
csop.SetKubernetesOptions(apiserverconfig.Get().KubernetesOptions)
client.NewClientSetFactory(csop, stopCh)
httpserver.RegisterDevDirective("authenticate", "jwt")
httpserver.RegisterDevDirective("authentication", "jwt")
httpserver.RegisterDevDirective("swagger", "jwt")
caddymain.Run()
return nil
}

196
cmd/ks-apiserver/app/options/options.go
View File

@@ -1,68 +1,85 @@
package options
import (
"crypto/tls"
"flag"
"fmt"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
"kubesphere.io/kubesphere/pkg/apiserver"
authoptions "kubesphere.io/kubesphere/pkg/apiserver/authentication/options"
apiserverconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/informers"
genericoptions "kubesphere.io/kubesphere/pkg/server/options"
"kubesphere.io/kubesphere/pkg/simple/client/devops"
esclient "kubesphere.io/kubesphere/pkg/simple/client/elasticsearch"
"kubesphere.io/kubesphere/pkg/simple/client/cache"
"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/mysql"
"kubesphere.io/kubesphere/pkg/simple/client/ldap"
esclient "kubesphere.io/kubesphere/pkg/simple/client/logging/elasticsearch"
"kubesphere.io/kubesphere/pkg/simple/client/monitoring/prometheus"
"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
"kubesphere.io/kubesphere/pkg/simple/client/network"
"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
"kubesphere.io/kubesphere/pkg/simple/client/prometheus"
"kubesphere.io/kubesphere/pkg/simple/client/s2is3"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
fakes3 "kubesphere.io/kubesphere/pkg/simple/client/s3/fake"
"kubesphere.io/kubesphere/pkg/simple/client/servicemesh"
"kubesphere.io/kubesphere/pkg/simple/client/sonarqube"
"net/http"
"strings"
)
type ServerRunOptions struct {
ConfigFile string
GenericServerRunOptions *genericoptions.ServerRunOptions
*apiserverconfig.Config
KubernetesOptions *k8s.KubernetesOptions
DevopsOptions *devops.DevopsOptions
SonarQubeOptions *sonarqube.SonarQubeOptions
ServiceMeshOptions *servicemesh.ServiceMeshOptions
MySQLOptions *mysql.MySQLOptions
MonitoringOptions *prometheus.PrometheusOptions
S3Options *s2is3.S3Options
OpenPitrixOptions *openpitrix.OpenPitrixOptions
LoggingOptions *esclient.ElasticSearchOptions
//
DebugMode bool
}
func NewServerRunOptions() *ServerRunOptions {
s := ServerRunOptions{
s := &ServerRunOptions{
GenericServerRunOptions: genericoptions.NewServerRunOptions(),
KubernetesOptions: k8s.NewKubernetesOptions(),
DevopsOptions: devops.NewDevopsOptions(),
SonarQubeOptions: sonarqube.NewSonarQubeOptions(),
ServiceMeshOptions: servicemesh.NewServiceMeshOptions(),
MySQLOptions: mysql.NewMySQLOptions(),
MonitoringOptions: prometheus.NewPrometheusOptions(),
S3Options: s2is3.NewS3Options(),
OpenPitrixOptions: openpitrix.NewOpenPitrixOptions(),
LoggingOptions: esclient.NewElasticSearchOptions(),
Config: &apiserverconfig.Config{
KubernetesOptions: k8s.NewKubernetesOptions(),
DevopsOptions: jenkins.NewDevopsOptions(),
SonarQubeOptions: sonarqube.NewSonarQubeOptions(),
ServiceMeshOptions: servicemesh.NewServiceMeshOptions(),
NetworkOptions: network.NewNetworkOptions(),
MonitoringOptions: prometheus.NewPrometheusOptions(),
S3Options: s3.NewS3Options(),
OpenPitrixOptions: openpitrix.NewOptions(),
LoggingOptions: esclient.NewElasticSearchOptions(),
LdapOptions: ldap.NewOptions(),
RedisOptions: cache.NewRedisOptions(),
AuthenticationOptions: authoptions.NewAuthenticateOptions(),
MultiClusterOptions: multicluster.NewOptions(),
},
}
return &s
return s
}
func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
fs := fss.FlagSet("generic")
fs.BoolVar(&s.DebugMode, "debug", false, "Don't enable this if you don't know what it means.")
s.GenericServerRunOptions.AddFlags(fs, s.GenericServerRunOptions)
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"), s.KubernetesOptions)
s.AuthenticationOptions.AddFlags(fss.FlagSet("authentication"), s.AuthenticationOptions)
s.AuthorizationOptions.AddFlags(fss.FlagSet("authorization"), s.AuthorizationOptions)
s.DevopsOptions.AddFlags(fss.FlagSet("devops"), s.DevopsOptions)
s.SonarQubeOptions.AddFlags(fss.FlagSet("sonarqube"), s.SonarQubeOptions)
s.LdapOptions.AddFlags(fss.FlagSet("ldap"), s.LdapOptions)
s.RedisOptions.AddFlags(fss.FlagSet("redis"), s.RedisOptions)
s.S3Options.AddFlags(fss.FlagSet("s3"), s.S3Options)
s.OpenPitrixOptions.AddFlags(fss.FlagSet("openpitrix"), s.OpenPitrixOptions)
s.NetworkOptions.AddFlags(fss.FlagSet("network"), s.NetworkOptions)
s.ServiceMeshOptions.AddFlags(fss.FlagSet("servicemesh"), s.ServiceMeshOptions)
s.MonitoringOptions.AddFlags(fss.FlagSet("monitoring"), s.MonitoringOptions)
s.LoggingOptions.AddFlags(fss.FlagSet("logging"), s.LoggingOptions)
s.MultiClusterOptions.AddFlags(fss.FlagSet("multicluster"), s.MultiClusterOptions)
s.GenericServerRunOptions.AddFlags(fss.FlagSet("generic"))
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"))
s.MySQLOptions.AddFlags(fss.FlagSet("mysql"))
s.DevopsOptions.AddFlags(fss.FlagSet("devops"))
s.SonarQubeOptions.AddFlags(fss.FlagSet("sonarqube"))
s.S3Options.AddFlags(fss.FlagSet("s3"))
s.OpenPitrixOptions.AddFlags(fss.FlagSet("openpitrix"))
s.ServiceMeshOptions.AddFlags(fss.FlagSet("servicemesh"))
s.MonitoringOptions.AddFlags(fss.FlagSet("monitoring"))
s.LoggingOptions.AddFlags(fss.FlagSet("logging"))
fs := fss.FlagSet("klog")
fs = fss.FlagSet("klog")
local := flag.NewFlagSet("klog", flag.ExitOnError)
klog.InitFlags(local)
local.VisitAll(func(fl *flag.Flag) {
@@ -72,3 +89,106 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
return fss
}
const fakeInterface string = "FAKE"
// NewAPIServer creates an APIServer instance using given options
func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIServer, error) {
apiServer := &apiserver.APIServer{
Config: s.Config,
}
kubernetesClient, err := k8s.NewKubernetesClient(s.KubernetesOptions)
if err != nil {
return nil, err
}
apiServer.KubernetesClient = kubernetesClient
informerFactory := informers.NewInformerFactories(kubernetesClient.Kubernetes(), kubernetesClient.KubeSphere(), kubernetesClient.Istio(), kubernetesClient.Application())
apiServer.InformerFactory = informerFactory
if s.MonitoringOptions.Endpoint != "" {
monitoringClient, err := prometheus.NewPrometheus(s.MonitoringOptions)
if err != nil {
return nil, err
}
apiServer.MonitoringClient = monitoringClient
}
if s.LoggingOptions.Host != "" {
loggingClient, err := esclient.NewElasticsearch(s.LoggingOptions)
if err != nil {
return nil, err
}
apiServer.LoggingClient = loggingClient
}
if s.S3Options.Endpoint != "" {
if s.S3Options.Endpoint == fakeInterface && s.DebugMode {
apiServer.S3Client = fakes3.NewFakeS3()
} else {
s3Client, err := s3.NewS3Client(s.S3Options)
if err != nil {
return nil, err
}
apiServer.S3Client = s3Client
}
}
if s.DevopsOptions.Host != "" {
devopsClient, err := jenkins.NewDevopsClient(s.DevopsOptions)
if err != nil {
return nil, err
}
apiServer.DevopsClient = devopsClient
}
if s.SonarQubeOptions.Host != "" {
sonarClient, err := sonarqube.NewSonarQubeClient(s.SonarQubeOptions)
if err != nil {
return nil, err
}
apiServer.SonarClient = sonarqube.NewSonar(sonarClient.SonarQube())
}
if s.LdapOptions.Host != "" {
if s.LdapOptions.Host == fakeInterface && s.DebugMode {
apiServer.LdapClient = ldap.NewSimpleLdap()
} else {
ldapClient, err := ldap.NewLdapClient(s.LdapOptions, stopCh)
if err != nil {
return nil, err
}
apiServer.LdapClient = ldapClient
}
}
var cacheClient cache.Interface
if s.RedisOptions.Host != "" {
if s.RedisOptions.Host == fakeInterface && s.DebugMode {
apiServer.CacheClient = cache.NewSimpleCache()
} else {
cacheClient, err = cache.NewRedisClient(s.RedisOptions, stopCh)
if err != nil {
return nil, err
}
apiServer.CacheClient = cacheClient
}
}
server := &http.Server{
Addr: fmt.Sprintf(":%d", s.GenericServerRunOptions.InsecurePort),
}
if s.GenericServerRunOptions.SecurePort != 0 {
certificate, err := tls.LoadX509KeyPair(s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey)
if err != nil {
return nil, err
}
server.TLSConfig.Certificates = []tls.Certificate{certificate}
}
apiServer.Server = server
return apiServer, nil
}

4
cmd/ks-apiserver/app/options/validation.go
View File

@@ -5,15 +5,17 @@ package options
func (s *ServerRunOptions) Validate() []error {
var errors []error
errors = append(errors, s.GenericServerRunOptions.Validate()...)
errors = append(errors, s.DevopsOptions.Validate()...)
errors = append(errors, s.KubernetesOptions.Validate()...)
errors = append(errors, s.MySQLOptions.Validate()...)
errors = append(errors, s.ServiceMeshOptions.Validate()...)
errors = append(errors, s.MonitoringOptions.Validate()...)
errors = append(errors, s.SonarQubeOptions.Validate()...)
errors = append(errors, s.S3Options.Validate()...)
errors = append(errors, s.OpenPitrixOptions.Validate()...)
errors = append(errors, s.NetworkOptions.Validate()...)
errors = append(errors, s.LoggingOptions.Validate()...)
errors = append(errors, s.AuthorizationOptions.Validate()...)
return errors
}

280
cmd/ks-apiserver/app/server.go
View File

@@ -21,43 +21,32 @@ import (
"fmt"
kconfig "github.com/kiali/kiali/config"
"github.com/spf13/cobra"
"k8s.io/apimachinery/pkg/runtime/schema"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
"kubesphere.io/kubesphere/cmd/ks-apiserver/app/options"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/apiserver/servicemesh/tracing"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/kapis"
"kubesphere.io/kubesphere/pkg/server"
apiserverconfig "kubesphere.io/kubesphere/pkg/server/config"
"kubesphere.io/kubesphere/pkg/server/filter"
"kubesphere.io/kubesphere/pkg/simple/client"
apiserverconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/utils/signals"
"kubesphere.io/kubesphere/pkg/utils/term"
"net/http"
)
func NewAPIServerCommand() *cobra.Command {
s := options.NewServerRunOptions()
// Load configuration from file
conf, err := apiserverconfig.TryLoadFromDisk()
if err == nil {
s = &options.ServerRunOptions{
GenericServerRunOptions: s.GenericServerRunOptions,
Config: conf,
}
}
cmd := &cobra.Command{
Use: "ks-apiserver",
Long: `The KubeSphere API server validates and configures data for the api objects.
The API Server services REST operations and provides the frontend to the
cluster's shared state through which all other components interact.`,
RunE: func(cmd *cobra.Command, args []string) error {
err := apiserverconfig.Load()
if err != nil {
return err
}
err = Complete(s)
if err != nil {
return err
}
if errs := s.Validate(); len(errs) != 0 {
return utilerrors.NewAggregate(errs)
}
@@ -68,7 +57,6 @@ cluster's shared state through which all other components interact.`,
fs := cmd.Flags()
namedFlagSets := s.Flags()
for _, f := range namedFlagSets.FlagSets {
fs.AddFlagSet(f)
}
@@ -84,31 +72,26 @@ cluster's shared state through which all other components interact.`,
func Run(s *options.ServerRunOptions, stopCh <-chan struct{}) error {
err := CreateClientSet(apiserverconfig.Get(), stopCh)
if err != nil {
return err
}
err = WaitForResourceSync(stopCh)
if err != nil {
return err
}
initializeServicemeshConfig(s)
err = CreateAPIServer(s)
apiserver, err := s.NewAPIServer(stopCh)
if err != nil {
return err
}
return nil
err = apiserver.PrepareRun()
if err != nil {
return nil
}
return apiserver.Run(stopCh)
}
func initializeServicemeshConfig(s *options.ServerRunOptions) {
// Initialize kiali config
config := kconfig.NewConfig()
tracing.JaegerQueryUrl = s.ServiceMeshOptions.JaegerQueryHost
//tracing.JaegerQueryUrl = s.ServiceMeshOptions.JaegerQueryHost
// Exclude system namespaces
config.API.Namespaces.Exclude = []string{"istio-system", "kubesphere*", "kube*"}
@@ -123,230 +106,3 @@ func initializeServicemeshConfig(s *options.ServerRunOptions) {
kconfig.Set(config)
}
//
func CreateAPIServer(s *options.ServerRunOptions) error {
var err error
container := runtime.Container
container.DoNotRecover(false)
container.Filter(filter.Logging)
container.RecoverHandler(server.LogStackOnRecover)
kapis.InstallAPIs(container)
// install config api
apiserverconfig.InstallAPI(container)
if s.GenericServerRunOptions.InsecurePort != 0 {
err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort), container)
if err == nil {
klog.V(0).Infof("Server listening on insecure port %d.", s.GenericServerRunOptions.InsecurePort)
}
}
if s.GenericServerRunOptions.SecurePort != 0 && len(s.GenericServerRunOptions.TlsCertFile) > 0 && len(s.GenericServerRunOptions.TlsPrivateKey) > 0 {
err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort), s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey, container)
if err == nil {
klog.V(0).Infof("Server listening on secure port %d.", s.GenericServerRunOptions.SecurePort)
}
}
return err
}
func CreateClientSet(conf *apiserverconfig.Config, stopCh <-chan struct{}) error {
csop := &client.ClientSetOptions{}
csop.SetDevopsOptions(conf.DevopsOptions).
SetSonarQubeOptions(conf.SonarQubeOptions).
SetKubernetesOptions(conf.KubernetesOptions).
SetMySQLOptions(conf.MySQLOptions).
SetLdapOptions(conf.LdapOptions).
SetS3Options(conf.S3Options).
SetOpenPitrixOptions(conf.OpenPitrixOptions).
SetPrometheusOptions(conf.MonitoringOptions).
SetKubeSphereOptions(conf.KubeSphereOptions).
SetElasticSearchOptions(conf.LoggingOptions)
client.NewClientSetFactory(csop, stopCh)
return nil
}
func WaitForResourceSync(stopCh <-chan struct{}) error {
klog.V(0).Info("Start cache objects")
discoveryClient := client.ClientSets().K8s().Discovery()
apiResourcesList, err := discoveryClient.ServerResources()
if err != nil {
return err
}
isResourceExists := func(resource schema.GroupVersionResource) bool {
for _, apiResource := range apiResourcesList {
if apiResource.GroupVersion == resource.GroupVersion().String() {
for _, rsc := range apiResource.APIResources {
if rsc.Name == resource.Resource {
return true
}
}
}
}
return false
}
informerFactory := informers.SharedInformerFactory()
// resources we have to create informer first
k8sGVRs := []schema.GroupVersionResource{
{Group: "", Version: "v1", Resource: "namespaces"},
{Group: "", Version: "v1", Resource: "nodes"},
{Group: "", Version: "v1", Resource: "resourcequotas"},
{Group: "", Version: "v1", Resource: "pods"},
{Group: "", Version: "v1", Resource: "services"},
{Group: "", Version: "v1", Resource: "persistentvolumeclaims"},
{Group: "", Version: "v1", Resource: "secrets"},
{Group: "", Version: "v1", Resource: "configmaps"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "roles"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "rolebindings"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterroles"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterrolebindings"},
{Group: "apps", Version: "v1", Resource: "deployments"},
{Group: "apps", Version: "v1", Resource: "daemonsets"},
{Group: "apps", Version: "v1", Resource: "replicasets"},
{Group: "apps", Version: "v1", Resource: "statefulsets"},
{Group: "apps", Version: "v1", Resource: "controllerrevisions"},
{Group: "storage.k8s.io", Version: "v1", Resource: "storageclasses"},
{Group: "batch", Version: "v1", Resource: "jobs"},
{Group: "batch", Version: "v1beta1", Resource: "cronjobs"},
{Group: "extensions", Version: "v1beta1", Resource: "ingresses"},
{Group: "autoscaling", Version: "v2beta2", Resource: "horizontalpodautoscalers"},
}
for _, gvr := range k8sGVRs {
if !isResourceExists(gvr) {
klog.Warningf("resource %s not exists in the cluster", gvr)
} else {
_, err := informerFactory.ForResource(gvr)
if err != nil {
klog.Errorf("cannot create informer for %s", gvr)
return err
}
}
}
informerFactory.Start(stopCh)
informerFactory.WaitForCacheSync(stopCh)
s2iInformerFactory := informers.S2iSharedInformerFactory()
s2iGVRs := []schema.GroupVersionResource{
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2ibuildertemplates"},
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2iruns"},
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2ibuilders"},
}
for _, gvr := range s2iGVRs {
if !isResourceExists(gvr) {
klog.Warningf("resource %s not exists in the cluster", gvr)
} else {
_, err := s2iInformerFactory.ForResource(gvr)
if err != nil {
return err
}
}
}
s2iInformerFactory.Start(stopCh)
s2iInformerFactory.WaitForCacheSync(stopCh)
ksInformerFactory := informers.KsSharedInformerFactory()
ksGVRs := []schema.GroupVersionResource{
{Group: "tenant.kubesphere.io", Version: "v1alpha1", Resource: "workspaces"},
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2ibinaries"},
{Group: "servicemesh.kubesphere.io", Version: "v1alpha2", Resource: "strategies"},
{Group: "servicemesh.kubesphere.io", Version: "v1alpha2", Resource: "servicepolicies"},
}
for _, gvr := range ksGVRs {
if !isResourceExists(gvr) {
klog.Warningf("resource %s not exists in the cluster", gvr)
} else {
_, err := ksInformerFactory.ForResource(gvr)
if err != nil {
return err
}
}
}
ksInformerFactory.Start(stopCh)
ksInformerFactory.WaitForCacheSync(stopCh)
appInformerFactory := informers.AppSharedInformerFactory()
appGVRs := []schema.GroupVersionResource{
{Group: "app.k8s.io", Version: "v1beta1", Resource: "applications"},
}
for _, gvr := range appGVRs {
if !isResourceExists(gvr) {
klog.Warningf("resource %s not exists in the cluster", gvr)
} else {
_, err := appInformerFactory.ForResource(gvr)
if err != nil {
return err
}
}
}
appInformerFactory.Start(stopCh)
appInformerFactory.WaitForCacheSync(stopCh)
klog.V(0).Info("Finished caching objects")
return nil
}
// apply server run options to configuration
func Complete(s *options.ServerRunOptions) error {
// loading configuration file
conf := apiserverconfig.Get()
conf.Apply(&apiserverconfig.Config{
MySQLOptions: s.MySQLOptions,
DevopsOptions: s.DevopsOptions,
SonarQubeOptions: s.SonarQubeOptions,
KubernetesOptions: s.KubernetesOptions,
ServiceMeshOptions: s.ServiceMeshOptions,
MonitoringOptions: s.MonitoringOptions,
S3Options: s.S3Options,
OpenPitrixOptions: s.OpenPitrixOptions,
LoggingOptions: s.LoggingOptions,
})
*s = options.ServerRunOptions{
GenericServerRunOptions: s.GenericServerRunOptions,
KubernetesOptions: conf.KubernetesOptions,
DevopsOptions: conf.DevopsOptions,
SonarQubeOptions: conf.SonarQubeOptions,
ServiceMeshOptions: conf.ServiceMeshOptions,
MySQLOptions: conf.MySQLOptions,
MonitoringOptions: conf.MonitoringOptions,
S3Options: conf.S3Options,
OpenPitrixOptions: conf.OpenPitrixOptions,
LoggingOptions: conf.LoggingOptions,
}
return nil
}

32
cmd/ks-iam/apiserver.go
View File

@@ -1,32 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"kubesphere.io/kubesphere/cmd/ks-iam/app"
"log"
)
func main() {
cmd := app.NewAPIServerCommand()
if err := cmd.Execute(); err != nil {
log.Fatalln(err)
}
}

86
cmd/ks-iam/app/options/options.go
View File

@@ -1,86 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"flag"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
genericoptions "kubesphere.io/kubesphere/pkg/server/options"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/ldap"
"kubesphere.io/kubesphere/pkg/simple/client/mysql"
"kubesphere.io/kubesphere/pkg/simple/client/redis"
"strings"
"time"
)
type ServerRunOptions struct {
GenericServerRunOptions *genericoptions.ServerRunOptions
KubernetesOptions *k8s.KubernetesOptions
LdapOptions *ldap.LdapOptions
RedisOptions *redis.RedisOptions
MySQLOptions *mysql.MySQLOptions
AdminEmail string
AdminPassword string
TokenIdleTimeout time.Duration
JWTSecret string
AuthRateLimit string
EnableMultiLogin bool
GenerateKubeConfig bool
}
func NewServerRunOptions() *ServerRunOptions {
s := &ServerRunOptions{
GenericServerRunOptions: genericoptions.NewServerRunOptions(),
KubernetesOptions: k8s.NewKubernetesOptions(),
LdapOptions: ldap.NewLdapOptions(),
MySQLOptions: mysql.NewMySQLOptions(),
RedisOptions: redis.NewRedisOptions(),
}
return s
}
func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
fs := fss.FlagSet("generic")
s.GenericServerRunOptions.AddFlags(fs)
fs.StringVar(&s.AdminEmail, "admin-email", "admin@kubesphere.io", "default administrator's email")
fs.StringVar(&s.AdminPassword, "admin-password", "passw0rd", "default administrator's password")
fs.DurationVar(&s.TokenIdleTimeout, "token-idle-timeout", 30*time.Minute, "tokens that are idle beyond that time will expire,0s means the token has no expiration time. valid time units are \"ns\",\"us\",\"ms\",\"s\",\"m\",\"h\"")
fs.StringVar(&s.JWTSecret, "jwt-secret", "", "jwt secret")
fs.StringVar(&s.AuthRateLimit, "auth-rate-limit", "5/30m", "specifies the maximum number of authentication attempts permitted and time interval,valid time units are \"s\",\"m\",\"h\"")
fs.BoolVar(&s.EnableMultiLogin, "enable-multi-login", false, "allow one account to have multiple sessions")
fs.BoolVar(&s.GenerateKubeConfig, "generate-kubeconfig", true, "generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops.")
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"))
s.LdapOptions.AddFlags(fss.FlagSet("ldap"))
s.RedisOptions.AddFlags(fss.FlagSet("redis"))
s.MySQLOptions.AddFlags(fss.FlagSet("mysql"))
kfs := fss.FlagSet("klog")
local := flag.NewFlagSet("klog", flag.ExitOnError)
klog.InitFlags(local)
local.VisitAll(func(fl *flag.Flag) {
fl.Name = strings.Replace(fl.Name, "_", "-", -1)
kfs.AddGoFlag(fl)
})
return fss
}

11
cmd/ks-iam/app/options/validation.go
View File

@@ -1,11 +0,0 @@
package options
func (s *ServerRunOptions) Validate() []error {
errs := []error{}
errs = append(errs, s.KubernetesOptions.Validate()...)
errs = append(errs, s.GenericServerRunOptions.Validate()...)
errs = append(errs, s.LdapOptions.Validate()...)
return errs
}

161
cmd/ks-iam/app/server.go
View File

@@ -1,161 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"fmt"
"github.com/spf13/cobra"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
"kubesphere.io/kubesphere/cmd/ks-iam/app/options"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/kapis"
"kubesphere.io/kubesphere/pkg/models/iam"
"kubesphere.io/kubesphere/pkg/server"
apiserverconfig "kubesphere.io/kubesphere/pkg/server/config"
"kubesphere.io/kubesphere/pkg/server/filter"
"kubesphere.io/kubesphere/pkg/simple/client"
"kubesphere.io/kubesphere/pkg/utils/jwtutil"
"kubesphere.io/kubesphere/pkg/utils/signals"
"kubesphere.io/kubesphere/pkg/utils/term"
"net/http"
)
func NewAPIServerCommand() *cobra.Command {
s := options.NewServerRunOptions()
cmd := &cobra.Command{
Use: "ks-iam",
Long: `The KubeSphere account server validates and configures data
for the api objects. The API Server services REST operations and provides the frontend to the
cluster's shared state through which all other components interact.`,
RunE: func(cmd *cobra.Command, args []string) error {
err := apiserverconfig.Load()
if err != nil {
return err
}
err = Complete(s)
if err != nil {
return err
}
if errs := s.Validate(); len(errs) != 0 {
return utilerrors.NewAggregate(errs)
}
return Run(s, signals.SetupSignalHandler())
},
}
fs := cmd.Flags()
namedFlagSets := s.Flags()
for _, f := range namedFlagSets.FlagSets {
fs.AddFlagSet(f)
}
usageFmt := "Usage:\n %s\n"
cols, _, _ := term.TerminalSize(cmd.OutOrStdout())
cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols)
})
return cmd
}
func Run(s *options.ServerRunOptions, stopChan <-chan struct{}) error {
csop := client.NewClientSetOptions()
csop.SetKubernetesOptions(s.KubernetesOptions).
SetLdapOptions(s.LdapOptions).
SetRedisOptions(s.RedisOptions).
SetMySQLOptions(s.MySQLOptions)
client.NewClientSetFactory(csop, stopChan)
waitForResourceSync(stopChan)
err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin, s.GenerateKubeConfig)
jwtutil.Setup(s.JWTSecret)
if err != nil {
return err
}
container := runtime.Container
container.Filter(filter.Logging)
container.DoNotRecover(false)
container.RecoverHandler(server.LogStackOnRecover)
kapis.InstallAuthorizationAPIs(container)
if s.GenericServerRunOptions.InsecurePort != 0 {
klog.Infof("Server listening on %s:%d ", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort)
err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort), container)
}
if s.GenericServerRunOptions.SecurePort != 0 && len(s.GenericServerRunOptions.TlsCertFile) > 0 && len(s.GenericServerRunOptions.TlsPrivateKey) > 0 {
klog.Infof("Server listening on %s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort)
err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort), s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey, container)
}
return err
}
func Complete(s *options.ServerRunOptions) error {
conf := apiserverconfig.Get()
conf.Apply(&apiserverconfig.Config{
KubernetesOptions: s.KubernetesOptions,
LdapOptions: s.LdapOptions,
RedisOptions: s.RedisOptions,
MySQLOptions: s.MySQLOptions,
})
s.KubernetesOptions = conf.KubernetesOptions
s.LdapOptions = conf.LdapOptions
s.RedisOptions = conf.RedisOptions
s.MySQLOptions = conf.MySQLOptions
return nil
}
func waitForResourceSync(stopCh <-chan struct{}) {
informerFactory := informers.SharedInformerFactory()
informerFactory.Rbac().V1().Roles().Lister()
informerFactory.Rbac().V1().RoleBindings().Lister()
informerFactory.Rbac().V1().ClusterRoles().Lister()
informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
informerFactory.Core().V1().Namespaces().Lister()
informerFactory.Start(stopCh)
informerFactory.WaitForCacheSync(stopCh)
ksInformerFactory := informers.KsSharedInformerFactory()
ksInformerFactory.Tenant().V1alpha1().Workspaces().Lister()
ksInformerFactory.Start(stopCh)
ksInformerFactory.WaitForCacheSync(stopCh)
}

25
cmd/ks-network/main.go
View File

@@ -1,25 +0,0 @@
package main
import (
"flag"
"k8s.io/klog"
"kubesphere.io/kubesphere/pkg/controller/network/runoption"
)
var opt runoption.RunOption
func init() {
flag.StringVar(&opt.ProviderName, "np-provider", "calico", "specify the network policy provider, k8s or calico")
flag.BoolVar(&opt.AllowInsecureEtcd, "allow-insecure-etcd", false, "specify allow connect to etcd using insecure http")
flag.StringVar(&opt.DataStoreType, "datastore-type", "k8s", "specify the datastore type of calico")
//TODO add more flags
}
func main() {
klog.InitFlags(nil)
flag.Set("logtostderr", "true")
flag.Parse()
klog.V(1).Info("Preparing kubernetes client")
klog.Fatal(opt.Run())
}

114
config/crd/bases/cluster.kubesphere.io_agents.yaml Normal file
View File

@@ -0,0 +1,114 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: agents.cluster.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.Paused
name: Paused
type: bool
group: cluster.kubesphere.io
names:
kind: Agent
listKind: AgentList
plural: agents
singular: agent
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: Agent is the Schema for the agents API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AgentSpec defines the desired state of Agent
properties:
kubernetesAPIServerPort:
description: KubeAPIServerPort is the port which listens for forwarding
kube-apiserver traffic
type: integer
kubesphereAPIServerPort:
description: KubeSphereAPIServerPort is the port which listens for forwarding
kubesphere apigateway traffic
type: integer
paused:
description: Indicates that the agent is paused.
type: boolean
proxy:
description: Proxy address
type: string
token:
description: Token used by agents to connect to proxy.
type: string
type: object
status:
description: AgentStatus defines the observed state of Agent
properties:
conditions:
description: Represents the latest available observations of a agent's
current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of AgentCondition
type: string
required:
- status
type: object
type: array
kubeconfig:
description: Issued new kubeconfig by proxy server
format: byte
type: string
ping:
description: Represents the connection quality, in ms
format: int64
type: integer
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

168
config/crd/bases/cluster.kubesphere.io_clusters.yaml Normal file
View File

@@ -0,0 +1,168 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: clusters.cluster.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.joinFederation
name: Federated
type: boolean
- JSONPath: .spec.provider
name: Provider
type: string
- JSONPath: .spec.enable
name: Active
type: boolean
- JSONPath: .status.kubernetesVersion
name: Version
type: string
group: cluster.kubesphere.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: Cluster is the schema for the clusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
connection:
description: Connection holds info to connect to the member cluster
properties:
kubeconfig:
description: KubeConfig content used to connect to cluster api server
Should provide this field explicitly if connection type is direct.
Will be populated by ks-proxy if connection type is proxy.
format: byte
type: string
kubernetesAPIEndpoint:
description: Kubernetes API Server endpoint. This can be a hostname,
hostname:port, IP or IP:port. Should provide this field explicitly
if connection type is direct. Will be populated by ks-apiserver
if connection type is proxy.
type: string
kubernetesAPIServerPort:
description: KubeAPIServerPort is the port which listens for forwarding
kube-apiserver traffic Only applicable when connection type is
proxy.
type: integer
kubesphereAPIEndpoint:
description: KubeSphere API Server endpoint. This can be a hostname,
hostname:port, IP or IP:port. Should provide this field explicitly
if connection type is direct. Will be populated by ks-apiserver
if connection type is proxy.
type: string
kubesphereAPIServerPort:
description: KubeSphereAPIServerPort is the port which listens for
forwarding kubesphere apigateway traffic Only applicable when
connection type is proxy.
type: integer
token:
description: Token used by agents of member cluster to connect to
host cluster proxy. This field is populated by apiserver only
if connection type is proxy.
type: string
type:
description: type defines how host cluster will connect to host
cluster ConnectionTypeDirect means direct connection, this requires kubeconfig
and kubesphere apiserver endpoint provided ConnectionTypeProxy
means using kubesphere proxy, no kubeconfig or kubesphere apiserver
endpoint required
type: string
type: object
enable:
description: Desired state of the cluster
type: boolean
joinFederation:
description: Join cluster as a kubefed cluster
type: boolean
provider:
description: Provider of the cluster, this field is just for description
type: string
type: object
status:
properties:
conditions:
description: Represents the latest available observations of a cluster's
current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of the condition
type: string
required:
- status
- type
type: object
type: array
kubernetesVersion:
description: GitVersion of the kubernetes cluster, this field is populated
by cluster controller
type: string
nodeCount:
description: Count of the kubernetes cluster nodes This field may not
reflect the instant status of the cluster.
type: integer
region:
description: Region is the name of the region in which all of the nodes
in the cluster exist. e.g. 'us-east1'.
type: string
zones:
description: Zones are the names of availability zones in which the
nodes of the cluster exist, e.g. 'us-east1-a'.
items:
type: string
type: array
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

59
config/crd/bases/devops.kubesphere.io_devopsprojects.yaml Normal file
View File

@@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: devopsprojects.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
categories:
- devops
kind: DevOpsProject
listKind: DevOpsProjectList
plural: devopsprojects
singular: devopsproject
scope: Cluster
validation:
openAPIV3Schema:
description: DevOpsProject is the Schema for the devopsprojects API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DevOpsProjectSpec defines the desired state of DevOpsProject
type: object
status:
description: DevOpsProjectStatus defines the observed state of DevOpsProject
properties:
adminNamespace:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
of cluster Important: Run "make" to regenerate code after modifying
this file'
type: string
type: object
type: object
version: v1alpha3
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

260
config/crd/bases/devops.kubesphere.io_pipelines.yaml Normal file
View File

@@ -0,0 +1,260 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: pipelines.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
kind: Pipeline
listKind: PipelineList
plural: pipelines
singular: pipeline
scope: Namespaced
validation:
openAPIV3Schema:
description: Pipeline is the Schema for the pipelines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PipelineSpec defines the desired state of Pipeline
properties:
multi_branch_pipeline:
properties:
bitbucket_server_source:
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
type: object
descriptio:
type: string
discarder:
properties:
days_to_keep:
type: string
num_to_keep:
type: string
type: object
git_source:
properties:
credential_id:
type: string
discover_branches:
type: boolean
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
regex_filter:
type: string
scm_id:
type: string
url:
type: string
type: object
github_source:
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
type: object
multibranch_job_trigger:
properties:
create_action_job_to_trigger:
type: string
delete_action_job_to_trigger:
type: string
type: object
name:
type: string
script_path:
type: string
single_svn_source:
properties:
credential_id:
type: string
remote:
type: string
scm_id:
type: string
type: object
source_type:
type: string
svn_source:
properties:
credential_id:
type: string
excludes:
type: string
includes:
type: string
remote:
type: string
scm_id:
type: string
type: object
timer_trigger:
properties:
cron:
description: user in no scm job
type: string
interval:
description: use in multi-branch job
type: string
type: object
required:
- name
- script_path
- source_type
type: object
pipeline:
properties:
descriptio:
type: string
disable_concurrent:
type: boolean
discarder:
properties:
days_to_keep:
type: string
num_to_keep:
type: string
type: object
jenkinsfile:
type: string
name:
type: string
parameters:
items:
properties:
default_value:
type: string
description:
type: string
name:
type: string
type:
type: string
required:
- name
- type
type: object
type: array
remote_trigger:
properties:
token:
type: string
type: object
timer_trigger:
properties:
cron:
description: user in no scm job
type: string
interval:
description: use in multi-branch job
type: string
type: object
required:
- name
type: object
type:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
type: string
required:
- type
type: object
status:
description: PipelineStatus defines the observed state of Pipeline
type: object
type: object
version: v1alpha3
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

86
config/crd/bases/devops.kubesphere.io_s2ibinaries.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2ibinaries.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.fileName
name: FileName
type: string
- JSONPath: .spec.md5
name: MD5
type: string
- JSONPath: .spec.size
name: Size
type: string
- JSONPath: .status.phase
name: Phase
type: string
group: devops.kubesphere.io
names:
kind: S2iBinary
listKind: S2iBinaryList
plural: s2ibinaries
singular: s2ibinary
scope: Namespaced
subresources: {}
validation:
openAPIV3Schema:
description: S2iBinary is the Schema for the s2ibinaries API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBinarySpec defines the desired state of S2iBinary
properties:
downloadURL:
description: DownloadURL in KubeSphere
type: string
fileName:
description: FileName is filename of binary
type: string
md5:
description: MD5 is Binary's MD5 Hash
type: string
size:
description: Size is the file size of file
type: string
uploadTimeStamp:
description: UploadTime is last upload time
format: date-time
type: string
type: object
status:
description: S2iBinaryStatus defines the observed state of S2iBinary
properties:
phase:
description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
type: string
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

578
config/crd/bases/devops.kubesphere.io_s2ibuilders.yaml Normal file
View File

@@ -0,0 +1,578 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2ibuilders.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .status.runCount
name: RunCount
type: integer
- JSONPath: .status.lastRunState
name: LastRunState
type: string
- JSONPath: .status.lastRunName
name: LastRunName
type: string
- JSONPath: .status.lastRunStartTime
name: LastRunStartTime
type: date
group: devops.kubesphere.io
names:
kind: S2iBuilder
listKind: S2iBuilderList
plural: s2ibuilders
shortNames:
- s2ib
singular: s2ibuilder
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: S2iBuilder is the Schema for the s2ibuilders API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBuilderSpec defines the desired state of S2iBuilder
properties:
config:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
properties:
addHost:
description: AddHost Add a line to /etc/hosts for test purpose or
private use in LAN. Its format is host:IP,muliple hosts can be
added by using multiple --add-host
items:
type: string
type: array
asDockerfile:
description: AsDockerfile indicates the path where the Dockerfile
should be written instead of building a new image.
type: string
assembleUser:
description: AssembleUser specifies the user to run the assemble
script in container
type: string
blockOnBuild:
description: BlockOnBuild prevents s2i from performing a docker
build operation if one is necessary to execute ONBUILD commands,
or to layer source code into the container for images that don't
have a tar binary available, if the image contains ONBUILD commands
that would be executed.
type: boolean
branchExpression:
description: Regular expressions, ignoring names that do not match
the provided regular expression
type: string
buildVolumes:
description: BuildVolumes specifies a list of volumes to mount to
container running the build.
items:
type: string
type: array
builderBaseImageVersion:
description: BuilderBaseImageVersion provides optional version information
about the builder base image.
type: string
builderImage:
description: BuilderImage describes which image is used for building
the result images.
type: string
builderImageVersion:
description: BuilderImageVersion provides optional version information
about the builder image.
type: string
builderPullPolicy:
description: BuilderPullPolicy specifies when to pull the builder
image
type: string
callbackUrl:
description: CallbackURL is a URL which is called upon successful
build to inform about that fact.
type: string
cgroupLimits:
description: CGroupLimits describes the cgroups limits that will
be applied to any containers run by s2i.
properties:
cpuPeriod:
format: int64
type: integer
cpuQuota:
format: int64
type: integer
cpuShares:
format: int64
type: integer
memoryLimitBytes:
format: int64
type: integer
memorySwap:
format: int64
type: integer
parent:
type: string
required:
- cpuPeriod
- cpuQuota
- cpuShares
- memoryLimitBytes
- memorySwap
- parent
type: object
contextDir:
description: Specify a relative directory inside the application
repository that should be used as a root directory for the application.
type: string
description:
description: Description is a result image description label. The
default is no description.
type: string
destination:
description: Destination specifies a location where the untar operation
will place its artifacts.
type: string
displayName:
description: DisplayName is a result image display-name label. This
defaults to the output image name.
type: string
dockerConfig:
description: DockerConfig describes how to access host docker daemon.
properties:
caFile:
description: CAFile is the certificate authority file path for
a TLS connection
type: string
certFile:
description: CertFile is the certificate file path for a TLS
connection
type: string
endPoint:
description: Endpoint is the docker network endpoint or socket
type: string
keyFile:
description: KeyFile is the key file path for a TLS connection
type: string
tlsVerify:
description: TLSVerify indicates if TLS peer must be verified
type: boolean
useTLS:
description: UseTLS indicates if TLS must be used
type: boolean
required:
- caFile
- certFile
- endPoint
- keyFile
- tlsVerify
- useTLS
type: object
dockerNetworkMode:
description: DockerNetworkMode is used to set the docker network
setting to --net=container:<id> when the builder is invoked from
a container.
type: string
dropCapabilities:
description: DropCapabilities contains a list of capabilities to
drop when executing containers
items:
type: string
type: array
environment:
description: Environment is a map of environment variables to be
passed to the image.
items:
description: EnvironmentSpec specifies a single environment variable.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
excludeRegExp:
description: ExcludeRegExp contains a string representation of the
regular expression desired for deciding which files to exclude
from the tar stream
type: string
export:
description: Export Push the result image to specify image registry
in tag
type: boolean
gitSecretRef:
description: GitSecretRef is the BasicAuth Secret of Git Clone
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
hasOnBuild:
description: HasOnBuild will be set to true if the builder image
contains ONBUILD instructions
type: boolean
imageName:
description: ImageName Contains the registry address and reponame,
tag should set by field tag alone
type: string
imageScriptsUrl:
description: ImageScriptsURL is the default location to find the
assemble/run scripts for a builder image. This url can be a reference
within the builder image if the scheme is specified as image://
type: string
imageWorkDir:
description: ImageWorkDir is the default working directory for the
builder image.
type: string
incremental:
description: Incremental describes whether to try to perform incremental
build.
type: boolean
incrementalAuthentication:
description: IncrementalAuthentication holds the authentication
information for pulling the previous image from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
incrementalFromTag:
description: IncrementalFromTag sets an alternative image tag to
look for existing artifacts. Tag is used by default if this is
not set.
type: string
injections:
description: Injections specifies a list source/destination folders
that are injected to the container that runs assemble. All files
we inject will be truncated after the assemble script finishes.
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to
- absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be
kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
isBinaryURL:
description: IsBinaryURL explain the type of SourceURL. If it is
IsBinaryURL, it will download the file directly without using
git.
type: boolean
keepSymlinks:
description: KeepSymlinks indicates to copy symlinks as symlinks.
Default behavior is to follow symlinks and copy files by content.
type: boolean
labelNamespace:
description: LabelNamespace provides the namespace under which the
labels will be generated.
type: string
labels:
additionalProperties:
type: string
description: Labels specify labels and their values to be applied
to the resulting image. Label keys must have non-zero length.
The labels defined here override generated labels in case they
have the same name.
type: object
layeredBuild:
description: LayeredBuild describes if this is build which layered
scripts and sources on top of BuilderImage.
type: boolean
nodeAffinityKey:
description: The key of Node Affinity.
type: string
nodeAffinityValues:
description: The values of Node Affinity.
items:
type: string
type: array
outputBuildResult:
description: Whether output build result to status.
type: boolean
outputImageName:
description: OutputImageName is a result image name without tag,
default is latest. tag will append to ImageName in the end
type: string
preserveWorkingDir:
description: PreserveWorkingDir describes if working directory should
be left after processing.
type: boolean
previousImagePullPolicy:
description: PreviousImagePullPolicy specifies when to pull the
previously build image when doing incremental build
type: string
pullAuthentication:
description: PullAuthentication holds the authentication information
for pulling the Docker images from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
pushAuthentication:
description: PullAuthentication holds the authentication information
for pulling the Docker images from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
removePreviousImage:
description: RemovePreviousImage describes if previous image should
be removed after successful build. This applies only to incremental
builds.
type: boolean
revisionId:
description: The RevisionId is a branch name or a SHA-1 hash of
every important thing about the commit
type: string
runImage:
description: RunImage will trigger a "docker run ..." invocation
of the produced image so the user can see if it operates as he
would expect
type: boolean
runtimeArtifacts:
description: RuntimeArtifacts specifies a list of source/destination
pairs that will be copied from builder to a runtime image. Source
can be a file or directory. Destination must be a directory. Regardless
whether it is an absolute or relative path, it will be placed
into image's WORKDIR. Destination also can be empty or equals
to ".", in this case it just refers to a root of WORKDIR. In case
it's empty, S2I will try to get this list from io.openshift.s2i.assemble-input-files
label on a RuntimeImage.
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to
- absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be
kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
runtimeAuthentication:
description: RuntimeAuthentication holds the authentication information
for pulling the runtime Docker images from private repositories.
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
runtimeImage:
description: RuntimeImage specifies the image that will be a base
for resulting image and will be used for running an application.
By default, BuilderImage is used for building and running, but
the latter may be overridden.
type: string
runtimeImagePullPolicy:
description: RuntimeImagePullPolicy specifies when to pull a runtime
image.
type: string
scriptDownloadProxyConfig:
description: ScriptDownloadProxyConfig optionally specifies the
http and https proxy to use when downloading scripts
properties:
httpProxy:
type: string
httpsProxy:
type: string
type: object
scriptsUrl:
description: ScriptsURL is a URL describing where to fetch the S2I
scripts from during build process. This url can be a reference
within the builder image if the scheme is specified as image://
type: string
secretCode:
description: SecretCode
type: string
securityOpt:
description: SecurityOpt are passed as options to the docker containers
launched by s2i.
items:
type: string
type: array
sourceUrl:
description: SourceURL is url of the codes such as https://github.com/a/b.git
type: string
tag:
description: Tag is a result image tag name.
type: string
taintKey:
description: The name of taint.
type: string
usage:
description: Usage allows for properly shortcircuiting s2i logic
when `s2i usage` is invoked
type: boolean
workingDir:
description: WorkingDir describes temporary directory used for downloading
sources, scripts and tar operations.
type: string
workingSourceDir:
description: WorkingSourceDir describes the subdirectory off of
WorkingDir set up during the repo download that is later used
as the root for ignore processing
type: string
required:
- imageName
- sourceUrl
type: object
fromTemplate:
description: FromTemplate define some inputs from user
properties:
builderImage:
description: BaseImage specify which version of this template to
use
type: string
name:
description: Name specify a template to use, so many fields in Config
can left empty
type: string
parameters:
description: Parameters must use with `template`, fill some parameters
which template will use
items:
properties:
defaultValue:
type: string
description:
type: string
key:
type: string
optValues:
items:
type: string
type: array
required:
type: boolean
type:
type: string
value:
type: string
type: object
type: array
type: object
type: object
status:
description: S2iBuilderStatus defines the observed state of S2iBuilder
properties:
lastRunName:
description: LastRunState return the name of the newest run of this
builder
type: string
lastRunStartTime:
description: LastRunStartTime return the startTime of the newest run
of this builder
format: date-time
type: string
lastRunState:
description: LastRunState return the state of the newest run of this
builder
type: string
runCount:
description: RunCount represent the sum of s2irun of this builder
type: integer
required:
- runCount
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

141
config/crd/bases/devops.kubesphere.io_s2ibuildertemplates.yaml Normal file
View File

@@ -0,0 +1,141 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2ibuildertemplates.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.codeFramework
name: Framework
type: string
- JSONPath: .spec.defaultBaseImage
name: DefaultBaseImage
type: string
- JSONPath: .spec.version
name: Version
type: string
group: devops.kubesphere.io
names:
categories:
- devops
kind: S2iBuilderTemplate
listKind: S2iBuilderTemplateList
plural: s2ibuildertemplates
shortNames:
- s2ibt
singular: s2ibuildertemplate
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: S2iBuilderTemplate is the Schema for the s2ibuildertemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBuilderTemplateSpec defines the desired state of S2iBuilderTemplate
properties:
codeFramework:
description: CodeFramework means which language this template is designed
for and which framework is using if has framework. Like Java, NodeJS
etc
type: string
containerInfo:
description: Images are the images this template will use.
items:
properties:
buildVolumes:
description: BuildVolumes specifies a list of volumes to mount
to container running the build.
items:
type: string
type: array
builderImage:
description: BaseImage are the images this template will use.
type: string
runtimeArtifacts:
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume
to - absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be
kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
runtimeImage:
type: string
type: object
type: array
defaultBaseImage:
description: DefaultBaseImage is the image that will be used by default
type: string
description:
description: Description illustrate the purpose of this template
type: string
environment:
description: Parameters is a set of environment variables to be passed
to the image.
items:
properties:
defaultValue:
type: string
description:
type: string
key:
type: string
optValues:
items:
type: string
type: array
required:
type: boolean
type:
type: string
value:
type: string
type: object
type: array
iconPath:
description: IconPath is used for frontend display
type: string
version:
description: Version of template
type: string
type: object
status:
description: S2iBuilderTemplateStatus defines the observed state of S2iBuilderTemplate
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

181
config/crd/bases/devops.kubesphere.io_s2iruns.yaml Normal file
View File

@@ -0,0 +1,181 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2iruns.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .status.runState
name: State
type: string
- JSONPath: .status.kubernetesJobName
name: K8sJobName
type: string
- JSONPath: .status.startTime
name: StartTime
type: date
- JSONPath: .status.completionTime
name: CompletionTime
type: date
- JSONPath: .status.s2iBuildResult.imageName
name: ImageName
type: string
group: devops.kubesphere.io
names:
kind: S2iRun
listKind: S2iRunList
plural: s2iruns
shortNames:
- s2ir
singular: s2irun
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: S2iRun is the Schema for the s2iruns API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iRunSpec defines the desired state of S2iRun
properties:
backoffLimit:
description: BackoffLimit limits the restart count of each s2irun. Default
is 0
format: int32
type: integer
builderName:
description: BuilderName specify the name of s2ibuilder, required
type: string
newRevisionId:
description: NewRevisionId override the default NewRevisionId in its
s2ibuilder.
type: string
newSourceURL:
description: NewSourceURL is used to download new binary artifacts
type: string
newTag:
description: NewTag override the default tag in its s2ibuilder, image
name cannot be changed.
type: string
secondsAfterFinished:
description: SecondsAfterFinished if is set and greater than zero, and
the job created by s2irun become successful or failed , the job will
be auto deleted after SecondsAfterFinished
format: int32
type: integer
required:
- builderName
type: object
status:
description: S2iRunStatus defines the observed state of S2iRun
properties:
completionTime:
description: Represents time when the job was completed. It is not guaranteed
to be set in happens-before order across separate operations. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
kubernetesJobName:
description: KubernetesJobName is the job name in k8s
type: string
logURL:
description: LogURL is uesd for external log handler to let user know
where is log located in
type: string
runState:
description: RunState indicates whether this job is done or failed
type: string
s2iBuildResult:
description: S2i build result info.
properties:
commandPull:
description: Command for pull image.
type: string
imageCreated:
description: Image created time.
type: string
imageID:
description: Image ID.
type: string
imageName:
description: ImageName is the name of artifact
type: string
imageRepoTags:
description: image tags.
items:
type: string
type: array
imageSize:
description: The size in bytes of the image
format: int64
type: integer
type: object
s2iBuildSource:
description: S2i build source info.
properties:
binaryName:
description: Binary file Name
type: string
binarySize:
description: Binary file Size
format: int64
type: integer
builderImage:
description: // BuilderImage describes which image is used for building
the result images.
type: string
commitID:
description: CommitID represents an arbitrary extended object reference
in Git as SHA-1
type: string
committerEmail:
description: CommitterEmail contains the e-mail of the committer
type: string
committerName:
description: CommitterName contains the name of the committer
type: string
description:
description: Description is a result image description label. The
default is no description.
type: string
revisionId:
description: The RevisionId is a branch name or a SHA-1 hash of
every important thing about the commit
type: string
sourceUrl:
description: SourceURL is url of the codes such as https://github.com/a/b.git
type: string
type: object
startTime:
description: StartTime represent when this run began
format: date-time
type: string
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

58
config/crd/bases/iam.kubesphere.io_policyrules.yaml Normal file
View File

@@ -0,0 +1,58 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: policyrules.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .scope
name: Scope
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: PolicyRule
listKind: PolicyRuleList
plural: policyrules
singular: policyrule
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
rego:
type: string
scope:
type: string
required:
- rego
- scope
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

104
config/crd/bases/iam.kubesphere.io_rolebindings.yaml Normal file
View File

@@ -0,0 +1,104 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: rolebindings.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .scope
name: Scope
type: string
- JSONPath: .roleRef.name
name: RoleRef
type: string
- JSONPath: .subjects[*].name
name: Subjects
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: RoleBinding
listKind: RoleBindingList
plural: rolebindings
singular: rolebinding
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: RoleBinding is the Schema for the rolebindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
roleRef:
description: RoleRef contains information that points to the role being
used
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
scope:
type: string
subjects:
description: Subjects holds references to the users the role applies to.
items:
description: or a value for non-objects such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced subject.
type: string
kind:
description: Kind of object being referenced. Values defined by this
API group are "User", "Group", and "ServiceAccount". If the Authorizer
does not recognized the kind value, the Authorizer should report
an error.
type: string
name:
description: Name of the object being referenced.
type: string
required:
- apiGroup
- kind
- name
type: object
type: array
required:
- roleRef
- scope
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

87
config/crd/bases/iam.kubesphere.io_roles.yaml Normal file
View File

@@ -0,0 +1,87 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: roles.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .target.scope
name: Scope
type: string
- JSONPath: .target.name
name: Target
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: Role
listKind: RoleList
plural: roles
singular: role
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
rules:
items:
description: RuleRef contains information that points to the role being
used
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
type: array
target:
properties:
name:
type: string
scope:
type: string
required:
- name
- scope
type: object
required:
- rules
- target
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

117
config/crd/bases/iam.kubesphere.io_users.yaml Normal file
View File

@@ -0,0 +1,117 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: users.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.email
name: Email
type: string
- JSONPath: .status.state
name: Status
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: User
listKind: UserList
plural: users
singular: user
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: User is the Schema for the users API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: UserSpec defines the desired state of User
properties:
description:
description: Description of the user.
type: string
displayName:
type: string
email:
description: Unique email address.
type: string
finalizers:
description: Finalizers is an opaque list of values that must be empty
to permanently remove object from storage.
items:
type: string
type: array
groups:
items:
type: string
type: array
lang:
description: The preferred written or spoken language for the user.
type: string
password:
type: string
required:
- email
- password
type: object
status:
description: UserStatus defines the observed state of User
properties:
conditions:
description: Represents the latest available observations of a namespace's
current state.
items:
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of namespace controller condition.
type: string
required:
- status
- type
type: object
type: array
state:
description: The user status
type: string
type: object
required:
- spec
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

762
config/crd/bases/network.kubesphere.io_namespacenetworkpolicies.yaml Normal file
View File

@@ -0,0 +1,762 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: namespacenetworkpolicies.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
categories:
- networking
kind: NamespaceNetworkPolicy
listKind: NamespaceNetworkPolicyList
plural: namespacenetworkpolicies
shortNames:
- nsnp
singular: namespacenetworkpolicy
scope: Namespaced
validation:
openAPIV3Schema:
description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NamespaceNetworkPolicySpec defines the desired state of NamespaceNetworkPolicy
properties:
egress:
description: The ordered set of egress rules. Each rule contains a
set of packet match criteria and a corresponding action to apply.
items:
description: "A Rule encapsulates a set of match criteria and an action.
\ Both selector-based security Policy and security Profiles reference
rules - separated out as a list of rules for both ingress and egress
packet matching. \n Each positive match criteria has a negated version,
prefixed with ”Not”. All the match criteria within a rule must be
satisfied for a packet to match. A single rule can contain the positive
and negative version of a match and both must be satisfied for the
rule to match."
properties:
action:
type: string
destination:
description: Destination contains the match criteria that apply
to destination entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
http:
description: HTTP contains match criteria that apply to HTTP requests.
properties:
methods:
description: Methods is an optional field that restricts the
rule to apply only to HTTP requests that use one of the
listed HTTP Methods (e.g. GET, PUT, etc.) Multiple methods
are OR'd together.
items:
type: string
type: array
paths:
description: 'Paths is an optional field that restricts the
rule to apply to HTTP requests that use one of the listed
HTTP Paths. Multiple paths are OR''d together. e.g: - exact:
/foo - prefix: /bar NOTE: Each entry may ONLY specify either
a `exact` or a `prefix` match. The validator will check
for it.'
items:
description: 'HTTPPath specifies an HTTP path to match.
It may be either of the form: exact: <path>: which matches
the path exactly or prefix: <path-prefix>: which matches
the path prefix'
properties:
exact:
type: string
prefix:
type: string
type: object
type: array
type: object
icmp:
description: ICMP is an optional field that restricts the rule
to apply to a specific type and code of ICMP traffic. This
should only be specified if the Protocol field is set to "ICMP"
or "ICMPv6".
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
ipVersion:
description: IPVersion is an optional field that restricts the
rule to only match a specific IP version.
type: integer
notICMP:
description: NotICMP is the negated version of the ICMP field.
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
notProtocol:
description: NotProtocol is the negated version of the Protocol
field.
type: string
protocol:
description: "Protocol is an optional field that restricts the
rule to only apply to traffic of a specific IP protocol. Required
if any of the EntityRules contain Ports (because ports only
apply to certain protocols). \n Must be one of these string
values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", \"UDPLite\"
or an integer in the range 1-255."
type: string
source:
description: Source contains the match criteria that apply to
source entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
required:
- action
type: object
type: array
ingress:
description: The ordered set of ingress rules. Each rule contains a
set of packet match criteria and a corresponding action to apply.
items:
description: "A Rule encapsulates a set of match criteria and an action.
\ Both selector-based security Policy and security Profiles reference
rules - separated out as a list of rules for both ingress and egress
packet matching. \n Each positive match criteria has a negated version,
prefixed with ”Not”. All the match criteria within a rule must be
satisfied for a packet to match. A single rule can contain the positive
and negative version of a match and both must be satisfied for the
rule to match."
properties:
action:
type: string
destination:
description: Destination contains the match criteria that apply
to destination entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
http:
description: HTTP contains match criteria that apply to HTTP requests.
properties:
methods:
description: Methods is an optional field that restricts the
rule to apply only to HTTP requests that use one of the
listed HTTP Methods (e.g. GET, PUT, etc.) Multiple methods
are OR'd together.
items:
type: string
type: array
paths:
description: 'Paths is an optional field that restricts the
rule to apply to HTTP requests that use one of the listed
HTTP Paths. Multiple paths are OR''d together. e.g: - exact:
/foo - prefix: /bar NOTE: Each entry may ONLY specify either
a `exact` or a `prefix` match. The validator will check
for it.'
items:
description: 'HTTPPath specifies an HTTP path to match.
It may be either of the form: exact: <path>: which matches
the path exactly or prefix: <path-prefix>: which matches
the path prefix'
properties:
exact:
type: string
prefix:
type: string
type: object
type: array
type: object
icmp:
description: ICMP is an optional field that restricts the rule
to apply to a specific type and code of ICMP traffic. This
should only be specified if the Protocol field is set to "ICMP"
or "ICMPv6".
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
ipVersion:
description: IPVersion is an optional field that restricts the
rule to only match a specific IP version.
type: integer
notICMP:
description: NotICMP is the negated version of the ICMP field.
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
notProtocol:
description: NotProtocol is the negated version of the Protocol
field.
type: string
protocol:
description: "Protocol is an optional field that restricts the
rule to only apply to traffic of a specific IP protocol. Required
if any of the EntityRules contain Ports (because ports only
apply to certain protocols). \n Must be one of these string
values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", \"UDPLite\"
or an integer in the range 1-255."
type: string
source:
description: Source contains the match criteria that apply to
source entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
properties:
maxPort:
type: integer
minPort:
type: integer
portName:
type: string
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
required:
- action
type: object
type: array
order:
description: Order is an optional field that specifies the order in
which the policy is applied. Policies with higher "order" are applied
after those with lower order. If the order is omitted, it may be
considered to be "infinite" - i.e. the policy will be applied last. Policies
with identical order will be applied in alphanumerical order based
on the Policy "Name".
type: integer
selector:
description: "The selector is an expression used to pick pick out the
endpoints that the policy should be applied to. \n Selector expressions
follow this syntax: \n \tlabel == \"string_literal\" -> comparison,
e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
equal; also matches if label is not present \tlabel in { \"a\", \"b\",
\"c\", ... } -> true if the value of label X is one of \"a\", \"b\",
\"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } -> true if the
value of label X is not one of \"a\", \"b\", \"c\" \thas(label_name)
\ -> True if that label is present \t! expr -> negation of expr \texpr
&& expr -> Short-circuit and \texpr || expr -> Short-circuit or
\t( expr ) -> parens for grouping \tall() or the empty selector ->
matches all endpoints. \n Label names are allowed to contain alphanumerics,
-, _ and /. String literals are more permissive but they do not support
escape characters. \n Examples (with made-up labels): \n \ttype ==
\"webserver\" && deployment == \"prod\" \ttype in {\"frontend\", \"backend\"}
\tdeployment != \"dev\" \t! has(label_name)"
type: string
types:
description: "Types indicates whether this policy applies to ingress,
or to egress, or to both. When not explicitly specified (and so the
value on creation is empty or nil), Calico defaults Types according
to what Ingress and Egress are present in the policy. The default
is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including
the case where there are also no Ingress rules) \n - [ PolicyTypeEgress
], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress,
PolicyTypeEgress ], if there are both Ingress and Egress rules. \n
When the policy is read back again, Types will always be one of these
values, never empty or nil."
items:
type: string
type: array
required:
- selector
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

1605
config/crd/bases/servicemesh.kubesphere.io_servicepolicies.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1166
config/crd/bases/servicemesh.kubesphere.io_strategies.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

54
config/crd/bases/tenant.kubesphere.io_workspaces.yaml Normal file
View File

@@ -0,0 +1,54 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspaces.tenant.kubesphere.io
spec:
group: tenant.kubesphere.io
names:
kind: Workspace
listKind: WorkspaceList
plural: workspaces
singular: workspace
scope: Namespaced
validation:
openAPIV3Schema:
description: Workspace is the Schema for the workspaces API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
type: object
status:
description: WorkspaceStatus defines the observed state of Workspace
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

59
config/crds/devops.kubesphere.io_devopsprojects.yaml generated Normal file
View File

@@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: devopsprojects.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
categories:
- devops
kind: DevOpsProject
listKind: DevOpsProjectList
plural: devopsprojects
singular: devopsproject
scope: Cluster
validation:
openAPIV3Schema:
description: DevOpsProject is the Schema for the devopsprojects API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DevOpsProjectSpec defines the desired state of DevOpsProject
type: object
status:
description: DevOpsProjectStatus defines the observed state of DevOpsProject
properties:
adminNamespace:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
of cluster Important: Run "make" to regenerate code after modifying
this file'
type: string
type: object
type: object
version: v1alpha3
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

260
config/crds/devops.kubesphere.io_pipelines.yaml generated Normal file
View File

@@ -0,0 +1,260 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: pipelines.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
kind: Pipeline
listKind: PipelineList
plural: pipelines
singular: pipeline
scope: Namespaced
validation:
openAPIV3Schema:
description: Pipeline is the Schema for the pipelines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PipelineSpec defines the desired state of Pipeline
properties:
multi_branch_pipeline:
properties:
bitbucket_server_source:
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
type: object
descriptio:
type: string
discarder:
properties:
days_to_keep:
type: string
num_to_keep:
type: string
type: object
git_source:
properties:
credential_id:
type: string
discover_branches:
type: boolean
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
regex_filter:
type: string
scm_id:
type: string
url:
type: string
type: object
github_source:
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
type: object
multibranch_job_trigger:
properties:
create_action_job_to_trigger:
type: string
delete_action_job_to_trigger:
type: string
type: object
name:
type: string
script_path:
type: string
single_svn_source:
properties:
credential_id:
type: string
remote:
type: string
scm_id:
type: string
type: object
source_type:
type: string
svn_source:
properties:
credential_id:
type: string
excludes:
type: string
includes:
type: string
remote:
type: string
scm_id:
type: string
type: object
timer_trigger:
properties:
cron:
description: user in no scm job
type: string
interval:
description: use in multi-branch job
type: string
type: object
required:
- name
- script_path
- source_type
type: object
pipeline:
properties:
descriptio:
type: string
disable_concurrent:
type: boolean
discarder:
properties:
days_to_keep:
type: string
num_to_keep:
type: string
type: object
jenkinsfile:
type: string
name:
type: string
parameters:
items:
properties:
default_value:
type: string
description:
type: string
name:
type: string
type:
type: string
required:
- name
- type
type: object
type: array
remote_trigger:
properties:
token:
type: string
type: object
timer_trigger:
properties:
cron:
description: user in no scm job
type: string
interval:
description: use in multi-branch job
type: string
type: object
required:
- name
type: object
type:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
type: string
required:
- type
type: object
status:
description: PipelineStatus defines the observed state of Pipeline
type: object
type: object
version: v1alpha3
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

86
config/crds/devops.kubesphere.io_s2ibinaries.yaml generated Normal file
View File

@@ -0,0 +1,86 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: s2ibinaries.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.fileName
name: FileName
type: string
- JSONPath: .spec.md5
name: MD5
type: string
- JSONPath: .spec.size
name: Size
type: string
- JSONPath: .status.phase
name: Phase
type: string
group: devops.kubesphere.io
names:
kind: S2iBinary
listKind: S2iBinaryList
plural: s2ibinaries
singular: s2ibinary
scope: Namespaced
subresources: {}
validation:
openAPIV3Schema:
description: S2iBinary is the Schema for the s2ibinaries API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBinarySpec defines the desired state of S2iBinary
properties:
downloadURL:
description: DownloadURL in KubeSphere
type: string
fileName:
description: FileName is filename of binary
type: string
md5:
description: MD5 is Binary's MD5 Hash
type: string
size:
description: Size is the file size of file
type: string
uploadTimeStamp:
description: UploadTime is last upload time
format: date-time
type: string
type: object
status:
description: S2iBinaryStatus defines the observed state of S2iBinary
properties:
phase:
description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
type: string
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

578
config/crds/devops.kubesphere.io_s2ibuilders.yaml generated Normal file
View File

@@ -0,0 +1,578 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: s2ibuilders.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .status.runCount
name: RunCount
type: integer
- JSONPath: .status.lastRunState
name: LastRunState
type: string
- JSONPath: .status.lastRunName
name: LastRunName
type: string
- JSONPath: .status.lastRunStartTime
name: LastRunStartTime
type: date
group: devops.kubesphere.io
names:
kind: S2iBuilder
listKind: S2iBuilderList
plural: s2ibuilders
shortNames:
- s2ib
singular: s2ibuilder
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: S2iBuilder is the Schema for the s2ibuilders API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBuilderSpec defines the desired state of S2iBuilder
properties:
config:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
properties:
addHost:
description: AddHost Add a line to /etc/hosts for test purpose or
private use in LAN. Its format is host:IP,muliple hosts can be
added by using multiple --add-host
items:
type: string
type: array
asDockerfile:
description: AsDockerfile indicates the path where the Dockerfile
should be written instead of building a new image.
type: string
assembleUser:
description: AssembleUser specifies the user to run the assemble
script in container
type: string
blockOnBuild:
description: BlockOnBuild prevents s2i from performing a docker
build operation if one is necessary to execute ONBUILD commands,
or to layer source code into the container for images that don't
have a tar binary available, if the image contains ONBUILD commands
that would be executed.
type: boolean
branchExpression:
description: Regular expressions, ignoring names that do not match
the provided regular expression
type: string
buildVolumes:
description: BuildVolumes specifies a list of volumes to mount to
container running the build.
items:
type: string
type: array
builderBaseImageVersion:
description: BuilderBaseImageVersion provides optional version information
about the builder base image.
type: string
builderImage:
description: BuilderImage describes which image is used for building
the result images.
type: string
builderImageVersion:
description: BuilderImageVersion provides optional version information
about the builder image.
type: string
builderPullPolicy:
description: BuilderPullPolicy specifies when to pull the builder
image
type: string
callbackUrl:
description: CallbackURL is a URL which is called upon successful
build to inform about that fact.
type: string
cgroupLimits:
description: CGroupLimits describes the cgroups limits that will
be applied to any containers run by s2i.
properties:
cpuPeriod:
format: int64
type: integer
cpuQuota:
format: int64
type: integer
cpuShares:
format: int64
type: integer
memoryLimitBytes:
format: int64
type: integer
memorySwap:
format: int64
type: integer
parent:
type: string
required:
- cpuPeriod
- cpuQuota
- cpuShares
- memoryLimitBytes
- memorySwap
- parent
type: object
contextDir:
description: Specify a relative directory inside the application
repository that should be used as a root directory for the application.
type: string
description:
description: Description is a result image description label. The
default is no description.
type: string
destination:
description: Destination specifies a location where the untar operation
will place its artifacts.
type: string
displayName:
description: DisplayName is a result image display-name label. This
defaults to the output image name.
type: string
dockerConfig:
description: DockerConfig describes how to access host docker daemon.
properties:
caFile:
description: CAFile is the certificate authority file path for
a TLS connection
type: string
certFile:
description: CertFile is the certificate file path for a TLS
connection
type: string
endPoint:
description: Endpoint is the docker network endpoint or socket
type: string
keyFile:
description: KeyFile is the key file path for a TLS connection
type: string
tlsVerify:
description: TLSVerify indicates if TLS peer must be verified
type: boolean
useTLS:
description: UseTLS indicates if TLS must be used
type: boolean
required:
- caFile
- certFile
- endPoint
- keyFile
- tlsVerify
- useTLS
type: object
dockerNetworkMode:
description: DockerNetworkMode is used to set the docker network
setting to --net=container:<id> when the builder is invoked from
a container.
type: string
dropCapabilities:
description: DropCapabilities contains a list of capabilities to
drop when executing containers
items:
type: string
type: array
environment:
description: Environment is a map of environment variables to be
passed to the image.
items:
description: EnvironmentSpec specifies a single environment variable.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
excludeRegExp:
description: ExcludeRegExp contains a string representation of the
regular expression desired for deciding which files to exclude
from the tar stream
type: string
export:
description: Export Push the result image to specify image registry
in tag
type: boolean
gitSecretRef:
description: GitSecretRef is the BasicAuth Secret of Git Clone
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
hasOnBuild:
description: HasOnBuild will be set to true if the builder image
contains ONBUILD instructions
type: boolean
imageName:
description: ImageName Contains the registry address and reponame,
tag should set by field tag alone
type: string
imageScriptsUrl:
description: ImageScriptsURL is the default location to find the
assemble/run scripts for a builder image. This url can be a reference
within the builder image if the scheme is specified as image://
type: string
imageWorkDir:
description: ImageWorkDir is the default working directory for the
builder image.
type: string
incremental:
description: Incremental describes whether to try to perform incremental
build.
type: boolean
incrementalAuthentication:
description: IncrementalAuthentication holds the authentication
information for pulling the previous image from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
incrementalFromTag:
description: IncrementalFromTag sets an alternative image tag to
look for existing artifacts. Tag is used by default if this is
not set.
type: string
injections:
description: Injections specifies a list source/destination folders
that are injected to the container that runs assemble. All files
we inject will be truncated after the assemble script finishes.
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to
- absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be
kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
isBinaryURL:
description: IsBinaryURL explain the type of SourceURL. If it is
IsBinaryURL, it will download the file directly without using
git.
type: boolean
keepSymlinks:
description: KeepSymlinks indicates to copy symlinks as symlinks.
Default behavior is to follow symlinks and copy files by content.
type: boolean
labelNamespace:
description: LabelNamespace provides the namespace under which the
labels will be generated.
type: string
labels:
additionalProperties:
type: string
description: Labels specify labels and their values to be applied
to the resulting image. Label keys must have non-zero length.
The labels defined here override generated labels in case they
have the same name.
type: object
layeredBuild:
description: LayeredBuild describes if this is build which layered
scripts and sources on top of BuilderImage.
type: boolean
nodeAffinityKey:
description: The key of Node Affinity.
type: string
nodeAffinityValues:
description: The values of Node Affinity.
items:
type: string
type: array
outputBuildResult:
description: Whether output build result to status.
type: boolean
outputImageName:
description: OutputImageName is a result image name without tag,
default is latest. tag will append to ImageName in the end
type: string
preserveWorkingDir:
description: PreserveWorkingDir describes if working directory should
be left after processing.
type: boolean
previousImagePullPolicy:
description: PreviousImagePullPolicy specifies when to pull the
previously build image when doing incremental build
type: string
pullAuthentication:
description: PullAuthentication holds the authentication information
for pulling the Docker images from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
pushAuthentication:
description: PullAuthentication holds the authentication information
for pulling the Docker images from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
removePreviousImage:
description: RemovePreviousImage describes if previous image should
be removed after successful build. This applies only to incremental
builds.
type: boolean
revisionId:
description: The RevisionId is a branch name or a SHA-1 hash of
every important thing about the commit
type: string
runImage:
description: RunImage will trigger a "docker run ..." invocation
of the produced image so the user can see if it operates as he
would expect
type: boolean
runtimeArtifacts:
description: RuntimeArtifacts specifies a list of source/destination
pairs that will be copied from builder to a runtime image. Source
can be a file or directory. Destination must be a directory. Regardless
whether it is an absolute or relative path, it will be placed
into image's WORKDIR. Destination also can be empty or equals
to ".", in this case it just refers to a root of WORKDIR. In case
it's empty, S2I will try to get this list from io.openshift.s2i.assemble-input-files
label on a RuntimeImage.
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to
- absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be
kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
runtimeAuthentication:
description: RuntimeAuthentication holds the authentication information
for pulling the runtime Docker images from private repositories.
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
runtimeImage:
description: RuntimeImage specifies the image that will be a base
for resulting image and will be used for running an application.
By default, BuilderImage is used for building and running, but
the latter may be overridden.
type: string
runtimeImagePullPolicy:
description: RuntimeImagePullPolicy specifies when to pull a runtime
image.
type: string
scriptDownloadProxyConfig:
description: ScriptDownloadProxyConfig optionally specifies the
http and https proxy to use when downloading scripts
properties:
httpProxy:
type: string
httpsProxy:
type: string
type: object
scriptsUrl:
description: ScriptsURL is a URL describing where to fetch the S2I
scripts from during build process. This url can be a reference
within the builder image if the scheme is specified as image://
type: string
secretCode:
description: SecretCode
type: string
securityOpt:
description: SecurityOpt are passed as options to the docker containers
launched by s2i.
items:
type: string
type: array
sourceUrl:
description: SourceURL is url of the codes such as https://github.com/a/b.git
type: string
tag:
description: Tag is a result image tag name.
type: string
taintKey:
description: The name of taint.
type: string
usage:
description: Usage allows for properly shortcircuiting s2i logic
when `s2i usage` is invoked
type: boolean
workingDir:
description: WorkingDir describes temporary directory used for downloading
sources, scripts and tar operations.
type: string
workingSourceDir:
description: WorkingSourceDir describes the subdirectory off of
WorkingDir set up during the repo download that is later used
as the root for ignore processing
type: string
required:
- imageName
- sourceUrl
type: object
fromTemplate:
description: FromTemplate define some inputs from user
properties:
builderImage:
description: BaseImage specify which version of this template to
use
type: string
name:
description: Name specify a template to use, so many fields in Config
can left empty
type: string
parameters:
description: Parameters must use with `template`, fill some parameters
which template will use
items:
properties:
defaultValue:
type: string
description:
type: string
key:
type: string
optValues:
items:
type: string
type: array
required:
type: boolean
type:
type: string
value:
type: string
type: object
type: array
type: object
type: object
status:
description: S2iBuilderStatus defines the observed state of S2iBuilder
properties:
lastRunName:
description: LastRunState return the name of the newest run of this
builder
type: string
lastRunStartTime:
description: LastRunStartTime return the startTime of the newest run
of this builder
format: date-time
type: string
lastRunState:
description: LastRunState return the state of the newest run of this
builder
type: string
runCount:
description: RunCount represent the sum of s2irun of this builder
type: integer
required:
- runCount
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

141
config/crds/devops.kubesphere.io_s2ibuildertemplates.yaml generated Normal file
View File

@@ -0,0 +1,141 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: s2ibuildertemplates.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.codeFramework
name: Framework
type: string
- JSONPath: .spec.defaultBaseImage
name: DefaultBaseImage
type: string
- JSONPath: .spec.version
name: Version
type: string
group: devops.kubesphere.io
names:
categories:
- devops
kind: S2iBuilderTemplate
listKind: S2iBuilderTemplateList
plural: s2ibuildertemplates
shortNames:
- s2ibt
singular: s2ibuildertemplate
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: S2iBuilderTemplate is the Schema for the s2ibuildertemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBuilderTemplateSpec defines the desired state of S2iBuilderTemplate
properties:
codeFramework:
description: CodeFramework means which language this template is designed
for and which framework is using if has framework. Like Java, NodeJS
etc
type: string
containerInfo:
description: Images are the images this template will use.
items:
properties:
buildVolumes:
description: BuildVolumes specifies a list of volumes to mount
to container running the build.
items:
type: string
type: array
builderImage:
description: BaseImage are the images this template will use.
type: string
runtimeArtifacts:
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume
to - absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be
kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
runtimeImage:
type: string
type: object
type: array
defaultBaseImage:
description: DefaultBaseImage is the image that will be used by default
type: string
description:
description: Description illustrate the purpose of this template
type: string
environment:
description: Parameters is a set of environment variables to be passed
to the image.
items:
properties:
defaultValue:
type: string
description:
type: string
key:
type: string
optValues:
items:
type: string
type: array
required:
type: boolean
type:
type: string
value:
type: string
type: object
type: array
iconPath:
description: IconPath is used for frontend display
type: string
version:
description: Version of template
type: string
type: object
status:
description: S2iBuilderTemplateStatus defines the observed state of S2iBuilderTemplate
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

181
config/crds/devops.kubesphere.io_s2iruns.yaml generated Normal file
View File

@@ -0,0 +1,181 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: s2iruns.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .status.runState
name: State
type: string
- JSONPath: .status.kubernetesJobName
name: K8sJobName
type: string
- JSONPath: .status.startTime
name: StartTime
type: date
- JSONPath: .status.completionTime
name: CompletionTime
type: date
- JSONPath: .status.s2iBuildResult.imageName
name: ImageName
type: string
group: devops.kubesphere.io
names:
kind: S2iRun
listKind: S2iRunList
plural: s2iruns
shortNames:
- s2ir
singular: s2irun
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: S2iRun is the Schema for the s2iruns API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iRunSpec defines the desired state of S2iRun
properties:
backoffLimit:
description: BackoffLimit limits the restart count of each s2irun. Default
is 0
format: int32
type: integer
builderName:
description: BuilderName specify the name of s2ibuilder, required
type: string
newRevisionId:
description: NewRevisionId override the default NewRevisionId in its
s2ibuilder.
type: string
newSourceURL:
description: NewSourceURL is used to download new binary artifacts
type: string
newTag:
description: NewTag override the default tag in its s2ibuilder, image
name cannot be changed.
type: string
secondsAfterFinished:
description: SecondsAfterFinished if is set and greater than zero, and
the job created by s2irun become successful or failed , the job will
be auto deleted after SecondsAfterFinished
format: int32
type: integer
required:
- builderName
type: object
status:
description: S2iRunStatus defines the observed state of S2iRun
properties:
completionTime:
description: Represents time when the job was completed. It is not guaranteed
to be set in happens-before order across separate operations. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
kubernetesJobName:
description: KubernetesJobName is the job name in k8s
type: string
logURL:
description: LogURL is uesd for external log handler to let user know
where is log located in
type: string
runState:
description: RunState indicates whether this job is done or failed
type: string
s2iBuildResult:
description: S2i build result info.
properties:
commandPull:
description: Command for pull image.
type: string
imageCreated:
description: Image created time.
type: string
imageID:
description: Image ID.
type: string
imageName:
description: ImageName is the name of artifact
type: string
imageRepoTags:
description: image tags.
items:
type: string
type: array
imageSize:
description: The size in bytes of the image
format: int64
type: integer
type: object
s2iBuildSource:
description: S2i build source info.
properties:
binaryName:
description: Binary file Name
type: string
binarySize:
description: Binary file Size
format: int64
type: integer
builderImage:
description: // BuilderImage describes which image is used for building
the result images.
type: string
commitID:
description: CommitID represents an arbitrary extended object reference
in Git as SHA-1
type: string
committerEmail:
description: CommitterEmail contains the e-mail of the committer
type: string
committerName:
description: CommitterName contains the name of the committer
type: string
description:
description: Description is a result image description label. The
default is no description.
type: string
revisionId:
description: The RevisionId is a branch name or a SHA-1 hash of
every important thing about the commit
type: string
sourceUrl:
description: SourceURL is url of the codes such as https://github.com/a/b.git
type: string
type: object
startTime:
description: StartTime represent when this run began
format: date-time
type: string
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

73
config/crds/devops_v1alpha1_s2ibinary.yaml generated
View File

@@ -1,73 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: s2ibinaries.devops.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.fileName
name: FileName
type: string
- JSONPath: .spec.md5
name: MD5
type: string
- JSONPath: .spec.size
name: Size
type: string
- JSONPath: .status.phase
name: Phase
type: string
group: devops.kubesphere.io
names:
kind: S2iBinary
plural: s2ibinaries
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
downloadURL:
description: DownloadURL in KubeSphere
type: string
fileName:
description: FileName is filename of binary
type: string
md5:
description: MD5 is Binary's MD5 Hash
type: string
size:
description: Size is the file size of file
type: string
uploadTimeStamp:
description: UploadTime is last upload time
format: date-time
type: string
type: object
status:
properties:
phase:
description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
type: string
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

99
config/crds/iam.kubesphere.io_globalrolebindings.yaml generated Normal file
View File

@@ -0,0 +1,99 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: globalrolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: GlobalRoleBinding
listKind: GlobalRoleBindingList
plural: globalrolebindings
singular: globalrolebinding
scope: Cluster
validation:
openAPIV3Schema:
description: RoleBinding is the Schema for the rolebindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: Standard object's metadata.
type: object
roleRef:
description: RoleRef can only reference a ClusterRole in the global namespace.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
subjects:
description: Subjects holds references to the objects the role applies to.
items:
description: Subject contains a reference to the object or user identities
a role binding applies to. This can either hold a direct API object
reference, or a value for non-objects such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined by this
API group are "User", "Group", and "ServiceAccount". If the Authorizer
does not recognized the kind value, the Authorizer should report
an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the object kind
is non-namespace, such as "User" or "Group", and this value is not
empty the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- roleRef
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

156
config/crds/iam.kubesphere.io_globalroles.yaml generated Normal file
View File

@@ -0,0 +1,156 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: globalroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: GlobalRole
listKind: GlobalRoleList
plural: globalroles
singular: globalrole
scope: Cluster
validation:
openAPIV3Schema:
properties:
aggregationRule:
description: AggregationRule is an optional field that describes how to
build the Rules for this GlobalRole. If AggregationRule is set, then the
Rules are controller managed and direct changes to Rules will be stomped
by the controller.
properties:
roleSelectors:
description: ClusterRoleSelectors holds a list of selectors which will
be used to find ClusterRoles and create the rules. If any of the selectors
match, then the ClusterRole's permissions will be added
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
type: array
type: object
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: Standard object's metadata.
type: object
rules:
description: Rules holds all the PolicyRules for this ClusterRole
items:
description: PolicyRule holds information that describes a policy rule,
but does not contain information about who the rule applies to or which
namespace the rule applies to.
properties:
apiGroups:
description: APIGroups is the name of the APIGroup that contains the
resources. If multiple API groups are specified, any action requested
against one of the enumerated resources in any API group will be
allowed.
items:
type: string
type: array
nonResourceURLs:
description: NonResourceURLs is a set of partial urls that a user
should have access to. *s are allowed, but only as the full, final
step in the path Since non-resource URLs are not namespaced, this
field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets")
or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies to. ResourceAll
represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
and AttributeRestrictions contained in this rule. VerbAll represents
all kinds.
items:
type: string
type: array
required:
- verbs
type: object
type: array
required:
- rules
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

119
config/crds/iam.kubesphere.io_users.yaml generated Normal file
View File

@@ -0,0 +1,119 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: users.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.email
name: Email
type: string
- JSONPath: .status.state
name: Status
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: User
listKind: UserList
plural: users
singular: user
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: User is the Schema for the users API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: Standard object's metadata.
type: object
spec:
description: UserSpec defines the desired state of User
properties:
description:
description: Description of the user.
type: string
displayName:
type: string
email:
description: Unique email address.
type: string
finalizers:
description: Finalizers is an opaque list of values that must be empty
to permanently remove object from storage.
items:
type: string
type: array
groups:
items:
type: string
type: array
lang:
description: The preferred written or spoken language for the user.
type: string
password:
description: password will be encrypted by mutating admission webhook
type: string
required:
- email
- password
type: object
status:
description: UserStatus defines the observed state of User
properties:
conditions:
description: Represents the latest available observations of a namespace's
current state.
items:
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of namespace controller condition.
type: string
required:
- status
- type
type: object
type: array
state:
description: The user status
type: string
type: object
required:
- spec
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

103
config/crds/iam.kubesphere.io_workspacerolebindings.yaml generated Normal file
View File

@@ -0,0 +1,103 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspacerolebindings.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: WorkspaceRoleBinding
listKind: WorkspaceRoleBindingList
plural: workspacerolebindings
singular: workspacerolebinding
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
description: RoleBinding is the Schema for the rolebindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
roleRef:
description: RoleRef can only reference a ClusterRole in the global namespace.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
subjects:
description: Subjects holds references to the objects the role applies to.
items:
description: Subject contains a reference to the object or user identities
a role binding applies to. This can either hold a direct API object
reference, or a value for non-objects such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined by this
API group are "User", "Group", and "ServiceAccount". If the Authorizer
does not recognized the kind value, the Authorizer should report
an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the object kind
is non-namespace, such as "User" or "Group", and this value is not
empty the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- roleRef
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

164
config/crds/iam.kubesphere.io_workspaceroles.yaml generated Normal file
View File

@@ -0,0 +1,164 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspaceroles.iam.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- JSONPath: .metadata.labels.kubesphere\.io/alias-name
name: Alias
type: string
group: iam.kubesphere.io
names:
categories:
- iam
kind: WorkspaceRole
listKind: WorkspaceRoleList
plural: workspaceroles
singular: workspacerole
scope: Cluster
subresources: {}
validation:
openAPIV3Schema:
properties:
aggregationRule:
description: AggregationRule is an optional field that describes how to
build the Rules for this WorkspaceRole. If AggregationRule is set, then
the Rules are controller managed and direct changes to Rules will be stomped
by the controller.
properties:
roleSelectors:
description: ClusterRoleSelectors holds a list of selectors which will
be used to find ClusterRoles and create the rules. If any of the selectors
match, then the ClusterRole's permissions will be added
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
type: array
type: object
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: Standard object's metadata.
type: object
rules:
description: Rules holds all the PolicyRules for this ClusterRole
items:
description: PolicyRule holds information that describes a policy rule,
but does not contain information about who the rule applies to or which
namespace the rule applies to.
properties:
apiGroups:
description: APIGroups is the name of the APIGroup that contains the
resources. If multiple API groups are specified, any action requested
against one of the enumerated resources in any API group will be
allowed.
items:
type: string
type: array
nonResourceURLs:
description: NonResourceURLs is a set of partial urls that a user
should have access to. *s are allowed, but only as the full, final
step in the path Since non-resource URLs are not namespaced, this
field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets")
or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies to. ResourceAll
represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
and AttributeRestrictions contained in this rule. VerbAll represents
all kinds.
items:
type: string
type: array
required:
- verbs
type: object
type: array
required:
- rules
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

271
config/crds/network.kubesphere.io_namespacenetworkpolicies.yaml generated Normal file
View File

@@ -0,0 +1,271 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: namespacenetworkpolicies.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
categories:
- networking
kind: NamespaceNetworkPolicy
listKind: NamespaceNetworkPolicyList
plural: namespacenetworkpolicies
shortNames:
- nsnp
singular: namespacenetworkpolicy
scope: Namespaced
validation:
openAPIV3Schema:
description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NetworkPolicySpec provides the specification of a NetworkPolicy
properties:
egress:
description: List of egress rules to be applied to the selected pods.
Outgoing traffic is allowed if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if the
traffic matches at least one egress rule across all of the NetworkPolicy
objects whose podSelector matches the pod. If this field is empty
then this NetworkPolicy limits all outgoing traffic (and serves solely
to ensure that the pods it selects are isolated by default). This
field is beta-level in 1.8
items:
description: NetworkPolicyEgressRule describes a particular set of
traffic that is allowed out of pods matched by a NetworkPolicySpec's
podSelector. The traffic must match both ports and to. This type
is beta-level in 1.8
properties:
ports:
description: List of destination ports for outgoing traffic. Each
item in this list is combined using a logical OR. If this field
is empty or missing, this rule matches all ports (traffic not
restricted by port). If this field is present and contains at
least one item, then this rule allows traffic only if the traffic
matches at least one port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
port:
anyOf:
- type: integer
- type: string
description: The port on the given protocol. This can either
be a numerical or named port on a pod. If this field is
not provided, this matches all port names and numbers.
x-kubernetes-int-or-string: true
protocol:
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to TCP.
type: string
type: object
type: array
to:
description: List of destinations for outgoing traffic of pods
selected for this rule. Items in this list are combined using
a logical OR operation. If this field is empty or missing, this
rule matches all destinations (traffic not restricted by destination).
If this field is present and contains at least one item, this
rule allows traffic only if the traffic matches at least one
item in the to list.
items:
description: NetworkPolicyPeer describes a peer to allow traffic
from. Only certain combinations of fields are allowed
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP Block
Valid examples are "192.168.1.1/24"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" Except values will be rejected
if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespace:
description: "Selects Namespaces using cluster-scoped labels.
This field follows standard label selector semantics;
if present but empty, it selects all namespaces. \n If
PodSelector is also set, then the NetworkPolicyPeer as
a whole selects the Pods matching PodSelector in the Namespaces
selected by NamespaceSelector. Otherwise it selects all
Pods in the Namespaces selected by NamespaceSelector."
properties:
name:
type: string
required:
- name
type: object
service:
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
type: object
type: array
type: object
type: array
ingress:
description: List of ingress rules to be applied to the selected pods.
Traffic is allowed to a pod if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if the
traffic source is the pod's local node, OR if the traffic matches
at least one ingress rule across all of the NetworkPolicy objects
whose podSelector matches the pod. If this field is empty then this
NetworkPolicy does not allow any traffic (and serves solely to ensure
that the pods it selects are isolated by default)
items:
description: NetworkPolicyIngressRule describes a particular set of
traffic that is allowed to the pods matched by a NetworkPolicySpec's
podSelector. The traffic must match both ports and from.
properties:
from:
description: List of sources which should be able to access the
pods selected for this rule. Items in this list are combined
using a logical OR operation. If this field is empty or missing,
this rule matches all sources (traffic not restricted by source).
If this field is present and contains at least one item, this
rule allows traffic only if the traffic matches at least one
item in the from list.
items:
description: NetworkPolicyPeer describes a peer to allow traffic
from. Only certain combinations of fields are allowed
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP Block
Valid examples are "192.168.1.1/24"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" Except values will be rejected
if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespace:
description: "Selects Namespaces using cluster-scoped labels.
This field follows standard label selector semantics;
if present but empty, it selects all namespaces. \n If
PodSelector is also set, then the NetworkPolicyPeer as
a whole selects the Pods matching PodSelector in the Namespaces
selected by NamespaceSelector. Otherwise it selects all
Pods in the Namespaces selected by NamespaceSelector."
properties:
name:
type: string
required:
- name
type: object
service:
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
type: object
type: array
ports:
description: List of ports which should be made accessible on
the pods selected for this rule. Each item in this list is combined
using a logical OR. If this field is empty or missing, this
rule matches all ports (traffic not restricted by port). If
this field is present and contains at least one item, then this
rule allows traffic only if the traffic matches at least one
port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
port:
anyOf:
- type: integer
- type: string
description: The port on the given protocol. This can either
be a numerical or named port on a pod. If this field is
not provided, this matches all port names and numbers.
x-kubernetes-int-or-string: true
protocol:
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to TCP.
type: string
type: object
type: array
type: object
type: array
policyTypes:
description: List of rule types that the NetworkPolicy relates to. Valid
options are "Ingress", "Egress", or "Ingress,Egress". If this field
is not specified, it will default based on the existence of Ingress
or Egress rules; policies that contain an Egress section are assumed
to affect Egress, and all policies (whether or not they contain an
Ingress section) are assumed to affect Ingress. If you want to write
an egress-only policy, you must explicitly specify policyTypes [ "Egress"
]. Likewise, if you want to write a policy that specifies that no
egress is allowed, you must specify a policyTypes value that include
"Egress" (since such a policy would not include an Egress section
and would otherwise default to just [ "Ingress" ]). This field is
beta-level in 1.8
items:
description: Policy Type string describes the NetworkPolicy type This
type is beta-level in 1.8
type: string
type: array
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

54
config/rbac/role.yaml generated Normal file
View File

@@ -0,0 +1,54 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- crd.projectcalico.org
resources:
- clusterinformations
- felixconfigurations
- globalfelixconfigs
- globalnetworkpolicies
- globalnetworksets
- hostendpoints
- ipamblocks
- ippools
- networkpolicies
- networksets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- network.kubesphere.io
resources:
- namespacenetworkpolicies
- workspacenetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

9
config/samples/devops_v1alpha3_devopsproject.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: devops.kubesphere.io/v1alpha3
kind: DevOpsProject
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: devopsproject-sample
spec:
# Add fields here
foo: bar

9
config/samples/devops_v1alpha3_pipeline.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: devops.kubesphere.io/v1alpha3
kind: Pipeline
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: pipeline-sample
spec:
# Add fields here
foo: bar

14
config/samples/iam_v1alpha2_globalrole.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: global-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'

14
config/samples/iam_v1alpha2_globalrolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRoleBinding
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: admin
roleRef:
apiGroup: iam.kubesphere.io/v1alpha2
kind: GlobalRole
name: global-admin
subjects:
- apiGroup: iam.kubesphere.io/v1alpha2
kind: User
name: admin

9
config/samples/iam_v1alpha2_user.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: User
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: admin
spec:
email: admin@kubesphere.io
password: P@88w0rd

69
config/webhook/iam.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: kubesphere-iam-validator
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: <caBundle>
service:
name: webhook-service
namespace: kubesphere-system
path: /validate-email-iam-kubesphere-io-v1alpha2-user
failurePolicy: Fail
name: vemail.iam.kubesphere.io
rules:
- apiGroups:
- iam.kubesphere.io
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- users
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: kubesphere-iam-injector
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: <caBundle>
service:
name: webhook-service
namespace: kubesphere-system
path: /mutating-encrypt-password-iam-kubesphere-io-v1alpha2-user
failurePolicy: Fail
name: mpassword.iam.kubesphere.io
reinvocationPolicy: Never
rules:
- apiGroups:
- iam.kubesphere.io
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- users
---
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: kubesphere-system
spec:
ports:
- port: 443
targetPort: 443
selector:
app: ks-controller-manager
tier: backend

24
config/webhook/nsnp.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: kubesphere-nsnp-validate-service
webhooks:
- clientConfig:
caBundle: <caBundle>
service:
name: kubesphere-controller-manager-service
namespace: kubesphere-system
path: /validate-service-nsnp-kubesphere-io-v1alpha1-network
failurePolicy: Fail
name: validate.nsnp.kubesphere.io
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- services

119
go.mod
View File

@@ -15,7 +15,6 @@ require (
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
github.com/aws/aws-sdk-go v1.22.2
github.com/beevik/etree v1.1.0
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/docker/distribution v2.7.1+incompatible
github.com/docker/docker v1.4.2-0.20190822205725-ed20165a37b4
@@ -31,77 +30,79 @@ require (
github.com/emirpasic/gods v1.12.0 // indirect
github.com/fatih/structs v1.1.0
github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-logr/logr v0.1.0
github.com/go-logr/zapr v0.1.1 // indirect
github.com/go-openapi/loads v0.19.2
github.com/go-openapi/spec v0.19.3
github.com/go-openapi/strfmt v0.19.0
github.com/go-playground/universal-translator v0.16.0 // indirect
github.com/go-openapi/validate v0.19.2
github.com/go-redis/redis v6.15.2+incompatible
github.com/go-sql-driver/mysql v1.4.1
github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6
github.com/golang/example v0.0.0-20170904185048-46695d81d1fa
github.com/golang/mock v1.2.0
github.com/golang/protobuf v1.3.2
github.com/google/go-cmp v0.3.0
github.com/google/go-querystring v1.0.0 // indirect
github.com/google/uuid v1.1.1
github.com/gophercloud/gophercloud v0.3.0 // indirect
github.com/gorilla/mux v1.7.1 // indirect
github.com/gorilla/websocket v1.4.0
github.com/hashicorp/go-version v1.2.0 // indirect
github.com/imdario/mergo v0.3.7 // indirect
github.com/json-iterator/go v1.1.8
github.com/json-iterator/go v1.1.9
github.com/kelseyhightower/envconfig v1.4.0 // indirect
github.com/kiali/kiali v0.15.1-0.20191210080139-edbbad1ef779
github.com/klauspost/cpuid v1.2.1 // indirect
github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
github.com/kubernetes-sigs/application v0.0.0-20191210100950-18cc93526ab4
github.com/kubesphere/s2ioperator v0.0.14
github.com/kubesphere/sonargo v0.0.2
github.com/leodido/go-urn v1.1.0 // indirect
github.com/lib/pq v1.2.0 // indirect
github.com/lucas-clemente/quic-go v0.11.1 // indirect
github.com/mattn/go-sqlite3 v1.11.0 // indirect
github.com/mholt/caddy v1.0.0
github.com/mholt/certmagic v0.5.1 // indirect
github.com/miekg/dns v1.1.9 // indirect
github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c // indirect
github.com/onsi/ginkgo v1.8.0
github.com/onsi/gomega v1.5.0
github.com/onsi/ginkgo v1.12.0
github.com/onsi/gomega v1.9.0
github.com/open-policy-agent/opa v0.18.0
github.com/opencontainers/go-digest v1.0.0-rc1
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/openshift/api v3.9.0+incompatible // indirect
github.com/openshift/api v0.0.0-20180801171038-322a19404e37 // indirect
github.com/opentracing/opentracing-go v1.1.0 // indirect
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
github.com/pkg/errors v0.9.1
github.com/projectcalico/kube-controllers v3.8.8+incompatible
github.com/projectcalico/libcalico-go v1.7.2-0.20191104213956-8f81e1e344ce
github.com/prometheus/common v0.4.0
github.com/prometheus/client_golang v1.0.0
github.com/prometheus/common v0.4.1
github.com/prometheus/prometheus v1.8.2
github.com/sony/sonyflake v0.0.0-20181109022403-6d5bd6181009
github.com/speps/go-hashids v2.0.0+incompatible
github.com/spf13/cobra v0.0.5
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.4.0
github.com/stretchr/testify v1.4.0
github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/xanzy/ssh-agent v0.2.1 // indirect
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392
golang.org/x/net v0.0.0-20190923162816-aa69164e4478
google.golang.org/grpc v1.23.1
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/go-playground/validator.v9 v9.29.1 // indirect
gopkg.in/square/go-jose.v2 v2.3.1 // indirect
gopkg.in/src-d/go-billy.v4 v4.3.0 // indirect
gopkg.in/src-d/go-git.v4 v4.11.0
gopkg.in/yaml.v2 v2.2.4
gopkg.in/yaml.v2 v2.2.8
istio.io/api v0.0.0-20191111210003-35e06ef8d838
istio.io/client-go v0.0.0-20191113122552-9bd0ba57c3d2
k8s.io/api v0.0.0-20191114100352-16d7abae0d2a
k8s.io/apiextensions-apiserver v0.0.0-20191114105449-027877536833
k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb
k8s.io/apiserver v0.0.0-20191114103151-9ca1dc586682
k8s.io/client-go v0.0.0-20191114101535-6c5935290e33
k8s.io/code-generator v0.0.0-20191004115455-8e001e5d1894
k8s.io/component-base v0.0.0-20191114102325-35a9586014f7
k8s.io/api v0.17.3
k8s.io/apiextensions-apiserver v0.17.3
k8s.io/apimachinery v0.17.3
k8s.io/apiserver v0.17.3
k8s.io/client-go v0.17.3
k8s.io/code-generator v0.17.3
k8s.io/component-base v0.17.3
k8s.io/gengo v0.0.0-20191120174120-e74f70b9b27e // indirect
k8s.io/klog v1.0.0
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f // indirect
kubesphere.io/im v0.1.0 // indirect
openpitrix.io/iam v0.1.0 // indirect
openpitrix.io/openpitrix v0.4.1-0.20190920134345-4d2be6e4965c
sigs.k8s.io/controller-runtime v0.4.0
sigs.k8s.io/controller-runtime v0.5.0
sigs.k8s.io/controller-tools v0.2.4
sigs.k8s.io/kubefed v0.2.0-alpha.1
)
replace (
@@ -115,6 +116,7 @@ replace (
github.com/Azure/go-autorest/logger => github.com/Azure/go-autorest/logger v0.1.0
github.com/Azure/go-autorest/tracing => github.com/Azure/go-autorest/tracing v0.5.0
github.com/BurntSushi/toml => github.com/BurntSushi/toml v0.3.1
github.com/MakeNowJust/heredoc => github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd
github.com/Masterminds/semver => github.com/Masterminds/semver v1.5.0
github.com/Microsoft/go-winio => github.com/Microsoft/go-winio v0.4.12
github.com/NYTimes/gziphandler => github.com/NYTimes/gziphandler v1.1.1
@@ -136,9 +138,8 @@ replace (
github.com/bitly/go-simplejson => github.com/bitly/go-simplejson v0.5.0
github.com/blang/semver => github.com/blang/semver v3.5.0+incompatible
github.com/bmizerany/assert => github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869
github.com/cenkalti/backoff => github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cespare/xxhash => github.com/cespare/xxhash v1.1.0
github.com/cheekybits/genny => github.com/cheekybits/genny v1.0.0
github.com/chai2010/gettext-go => github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5
github.com/client9/misspell => github.com/client9/misspell v0.3.4
github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.3
github.com/coreos/etcd => github.com/coreos/etcd v3.3.17+incompatible
@@ -148,17 +149,16 @@ replace (
github.com/coreos/pkg => github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
github.com/cpuguy83/go-md2man => github.com/cpuguy83/go-md2man v1.0.10
github.com/davecgh/go-spew => github.com/davecgh/go-spew v1.1.1
github.com/daviddengcn/go-colortext => github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd
github.com/deckarep/golang-set => github.com/deckarep/golang-set v1.7.1
github.com/denisenkom/go-mssqldb => github.com/denisenkom/go-mssqldb v0.0.0-20190204142019-df6d76eb9289
github.com/dgrijalva/jwt-go => github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/dgryski/go-sip13 => github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954
github.com/docker/distribution => github.com/docker/distribution v2.7.1+incompatible
github.com/docker/docker => github.com/docker/engine v1.4.2-0.20190822205725-ed20165a37b4
github.com/docker/go-connections => github.com/docker/go-connections v0.3.0
github.com/docker/go-units => github.com/docker/go-units v0.3.3
github.com/docker/spdystream => github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c
github.com/docopt/docopt-go => github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
github.com/dustin/go-humanize => github.com/dustin/go-humanize v1.0.0
github.com/elastic/go-elasticsearch/v5 => github.com/elastic/go-elasticsearch/v5 v5.6.1
github.com/elastic/go-elasticsearch/v6 => github.com/elastic/go-elasticsearch/v6 v6.8.2
github.com/elastic/go-elasticsearch/v7 => github.com/elastic/go-elasticsearch/v7 v7.3.0
@@ -169,6 +169,7 @@ replace (
github.com/emirpasic/gods => github.com/emirpasic/gods v1.12.0
github.com/erikstmartin/go-testdb => github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5
github.com/evanphx/json-patch => github.com/evanphx/json-patch v4.5.0+incompatible
github.com/exponent-io/jsonpath => github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d
github.com/fatih/camelcase => github.com/fatih/camelcase v1.0.0
github.com/fatih/color => github.com/fatih/color v1.7.0
github.com/fatih/structs => github.com/fatih/structs v1.1.0
@@ -177,7 +178,6 @@ replace (
github.com/ghodss/yaml => github.com/ghodss/yaml v1.0.0
github.com/gliderlabs/ssh => github.com/gliderlabs/ssh v0.1.1
github.com/globalsign/mgo => github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8
github.com/go-acme/lego => github.com/go-acme/lego v2.5.0+incompatible
github.com/go-kit/kit => github.com/go-kit/kit v0.8.0
github.com/go-ldap/ldap => github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-logfmt/logfmt => github.com/go-logfmt/logfmt v0.4.0
@@ -200,6 +200,7 @@ replace (
github.com/go-sql-driver/mysql => github.com/go-sql-driver/mysql v1.4.1
github.com/go-stack/stack => github.com/go-stack/stack v1.8.0
github.com/gobuffalo/flect => github.com/gobuffalo/flect v0.1.5
github.com/gobwas/glob => github.com/gobwas/glob v0.2.3
github.com/gocraft/dbr => github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6
github.com/gofrs/uuid => github.com/gofrs/uuid v3.2.0+incompatible
github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.0
@@ -208,6 +209,10 @@ replace (
github.com/golang/groupcache => github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6
github.com/golang/mock => github.com/golang/mock v1.2.0
github.com/golang/protobuf => github.com/golang/protobuf v1.3.2
github.com/golang/snappy => github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db
github.com/golangplus/bytes => github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450
github.com/golangplus/fmt => github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995
github.com/golangplus/testing => github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e
github.com/google/btree => github.com/google/btree v1.0.0
github.com/google/go-cmp => github.com/google/go-cmp v0.3.0
github.com/google/go-querystring => github.com/google/go-querystring v1.0.0
@@ -225,7 +230,6 @@ replace (
github.com/grpc-ecosystem/go-grpc-middleware => github.com/grpc-ecosystem/go-grpc-middleware v1.0.0
github.com/grpc-ecosystem/go-grpc-prometheus => github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.9.6
github.com/hashicorp/go-syslog => github.com/hashicorp/go-syslog v1.0.0
github.com/hashicorp/go-version => github.com/hashicorp/go-version v1.2.0
github.com/hashicorp/golang-lru => github.com/hashicorp/golang-lru v0.5.3
github.com/hashicorp/hcl => github.com/hashicorp/hcl v1.0.0
@@ -234,7 +238,6 @@ replace (
github.com/inconshreveable/mousetrap => github.com/inconshreveable/mousetrap v1.0.0
github.com/jbenet/go-context => github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99
github.com/jessevdk/go-flags => github.com/jessevdk/go-flags v1.4.0
github.com/jimstudt/http-authentication => github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a
github.com/jinzhu/gorm => github.com/jinzhu/gorm v1.9.2
github.com/jinzhu/inflection => github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a
github.com/jinzhu/now => github.com/jinzhu/now v1.0.0
@@ -250,7 +253,6 @@ replace (
github.com/kiali/kiali => github.com/kubesphere/kiali v0.15.1-0.20191210080139-edbbad1ef779
github.com/kisielk/errcheck => github.com/kisielk/errcheck v1.2.0
github.com/kisielk/gotool => github.com/kisielk/gotool v1.0.0
github.com/klauspost/cpuid => github.com/klauspost/cpuid v1.2.1
github.com/koding/multiconfig => github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7
github.com/konsorten/go-windows-terminal-sequences => github.com/konsorten/go-windows-terminal-sequences v1.0.2
github.com/kr/logfmt => github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515
@@ -258,42 +260,43 @@ replace (
github.com/kr/pty => github.com/kr/pty v1.1.5
github.com/kr/text => github.com/kr/text v0.1.0
github.com/kubernetes-sigs/application => github.com/kubesphere/application v0.0.0-20191210100950-18cc93526ab4
github.com/kubesphere/s2ioperator => github.com/kubesphere/s2ioperator v0.0.14
github.com/kubesphere/sonargo => github.com/kubesphere/sonargo v0.0.2
github.com/kylelemons/godebug => github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348
github.com/leodido/go-urn => github.com/leodido/go-urn v1.1.0
github.com/lib/pq => github.com/lib/pq v1.2.0
github.com/lucas-clemente/quic-go => github.com/lucas-clemente/quic-go v0.11.1
github.com/liggitt/tabwriter => github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
github.com/lithammer/dedent => github.com/lithammer/dedent v1.1.0
github.com/magiconair/properties => github.com/magiconair/properties v1.8.0
github.com/mailru/easyjson => github.com/mailru/easyjson v0.7.0
github.com/marten-seemann/qtls => github.com/marten-seemann/qtls v0.2.3
github.com/mattn/go-colorable => github.com/mattn/go-colorable v0.1.2
github.com/mattn/go-isatty => github.com/mattn/go-isatty v0.0.8
github.com/mattn/go-runewidth => github.com/mattn/go-runewidth v0.0.0-20181025052659-b20a3daf6a39
github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.11.0
github.com/matttproud/golang_protobuf_extensions => github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/mholt/caddy => github.com/mholt/caddy v1.0.0
github.com/mholt/certmagic => github.com/mholt/certmagic v0.5.1
github.com/miekg/dns => github.com/miekg/dns v1.1.9
github.com/mitchellh/go-homedir => github.com/mitchellh/go-homedir v1.1.0
github.com/mitchellh/go-wordwrap => github.com/mitchellh/go-wordwrap v1.0.0
github.com/mitchellh/mapstructure => github.com/mitchellh/mapstructure v1.1.2
github.com/mna/pigeon => github.com/mna/pigeon v0.0.0-20180808201053-bb0192cfc2ae
github.com/modern-go/concurrent => github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 => github.com/modern-go/reflect2 v1.0.1
github.com/morikuni/aec => github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c
github.com/munnerz/goautoneg => github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d
github.com/mwitkow/go-conntrack => github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223
github.com/mxk/go-flowrate => github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f
github.com/naoina/go-stringutil => github.com/naoina/go-stringutil v0.1.0
github.com/naoina/toml => github.com/naoina/toml v0.1.1
github.com/oklog/ulid => github.com/oklog/ulid v1.3.1
github.com/olekukonko/tablewriter => github.com/olekukonko/tablewriter v0.0.1
github.com/onsi/ginkgo => github.com/onsi/ginkgo v1.8.0
github.com/onsi/gomega => github.com/onsi/gomega v1.5.0
github.com/open-policy-agent/opa => github.com/open-policy-agent/opa v0.18.0
github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.0-rc1
github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.1
github.com/openshift/api => github.com/openshift/api v3.9.0+incompatible
github.com/openshift/api => github.com/openshift/api v0.0.0-20180801171038-322a19404e37
github.com/openshift/generic-admission-server => github.com/openshift/generic-admission-server v1.14.0
github.com/opentracing/opentracing-go => github.com/opentracing/opentracing-go v1.1.0
github.com/patrickmn/go-cache => github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pborman/uuid => github.com/pborman/uuid v1.2.0
github.com/pelletier/go-buffruneio => github.com/pelletier/go-buffruneio v0.2.0
github.com/pelletier/go-toml => github.com/pelletier/go-toml v1.2.0
github.com/peterbourgon/diskv => github.com/peterbourgon/diskv v2.0.1+incompatible
github.com/peterh/liner => github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d
github.com/philhofer/fwd => github.com/philhofer/fwd v1.0.0
github.com/pkg/errors => github.com/pkg/errors v0.8.1
github.com/pmezard/go-difflib => github.com/pmezard/go-difflib v1.0.0
@@ -302,12 +305,14 @@ replace (
github.com/projectcalico/go-json => github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba
github.com/projectcalico/go-yaml => github.com/projectcalico/go-yaml v0.0.0-20161201183616-955bc3e451ef
github.com/projectcalico/go-yaml-wrapper => github.com/projectcalico/go-yaml-wrapper v0.0.0-20161127220527-598e54215bee
github.com/projectcalico/kube-controllers => github.com/projectcalico/kube-controllers v3.8.8+incompatible
github.com/projectcalico/libcalico-go => github.com/projectcalico/libcalico-go v1.7.2-0.20191104213956-8f81e1e344ce
github.com/prometheus/client_golang => github.com/prometheus/client_golang v0.9.3
github.com/prometheus/client_golang => github.com/prometheus/client_golang v0.9.4
github.com/prometheus/client_model => github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90
github.com/prometheus/common => github.com/prometheus/common v0.4.0
github.com/prometheus/procfs => github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084
github.com/prometheus/tsdb => github.com/prometheus/tsdb v0.7.1
github.com/prometheus/procfs => github.com/prometheus/procfs v0.0.2
github.com/prometheus/prometheus => github.com/prometheus/prometheus v1.8.2
github.com/rcrowley/go-metrics => github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a
github.com/remyoudompheng/bigfft => github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446
github.com/rogpeppe/fastuuid => github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af
github.com/rogpeppe/go-charset => github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4
@@ -330,14 +335,17 @@ replace (
github.com/src-d/gcfg => github.com/src-d/gcfg v1.4.0
github.com/stretchr/objx => github.com/stretchr/objx v0.2.0
github.com/stretchr/testify => github.com/stretchr/testify v1.4.0
github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.0
github.com/tinylib/msgp => github.com/tinylib/msgp v1.1.0
github.com/tmc/grpc-websocket-proxy => github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5
github.com/ugorji/go => github.com/ugorji/go v1.1.4
github.com/urfave/cli => github.com/urfave/cli v1.20.0
github.com/xanzy/ssh-agent => github.com/xanzy/ssh-agent v0.2.1
github.com/xiang90/probing => github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
github.com/xlab/handysort => github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1
github.com/xlab/treeprint => github.com/xlab/treeprint v0.0.0-20180616005107-d6fb6747feb6
github.com/xordataexchange/crypt => github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77
github.com/yashtewari/glob-intersection => github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b
go.etcd.io/bbolt => go.etcd.io/bbolt v1.3.3
go.opencensus.io => go.opencensus.io v0.21.0
go.uber.org/atomic => go.uber.org/atomic v1.4.0
@@ -370,7 +378,6 @@ replace (
gopkg.in/go-playground/assert.v1 => gopkg.in/go-playground/assert.v1 v1.2.1
gopkg.in/go-playground/validator.v9 => gopkg.in/go-playground/validator.v9 v9.29.1
gopkg.in/inf.v0 => gopkg.in/inf.v0 v0.9.1
gopkg.in/mcuadros/go-syslog.v2 => gopkg.in/mcuadros/go-syslog.v2 v2.2.1
gopkg.in/natefinch/lumberjack.v2 => gopkg.in/natefinch/lumberjack.v2 v2.0.0
gopkg.in/resty.v1 => gopkg.in/resty.v1 v1.12.0
gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.3.1
@@ -392,12 +399,15 @@ replace (
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20191114105449-027877536833
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb
k8s.io/apiserver => k8s.io/apiserver v0.0.0-20191114103151-9ca1dc586682
k8s.io/cli-runtime => k8s.io/cli-runtime v0.17.3
k8s.io/client-go => k8s.io/client-go v0.0.0-20191114101535-6c5935290e33
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20191004115455-8e001e5d1894
k8s.io/component-base => k8s.io/component-base v0.0.0-20191114102325-35a9586014f7
k8s.io/gengo => k8s.io/gengo v0.0.0-20191120174120-e74f70b9b27e
k8s.io/klog => k8s.io/klog v1.0.0
k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
k8s.io/kubectl => k8s.io/kubectl v0.17.3
k8s.io/metrics => k8s.io/metrics v0.17.3
k8s.io/utils => k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
kubesphere.io/application => kubesphere.io/application v0.0.0-20190404151855-67ae7f915d4e
kubesphere.io/im => kubesphere.io/im v0.1.0
@@ -412,7 +422,10 @@ replace (
rsc.io/goversion => rsc.io/goversion v1.0.0
sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.4.0
sigs.k8s.io/controller-tools => sigs.k8s.io/controller-tools v0.2.4
sigs.k8s.io/kubefed => sigs.k8s.io/kubefed v0.2.0-alpha.1
sigs.k8s.io/kustomize => sigs.k8s.io/kustomize v2.0.3+incompatible
sigs.k8s.io/structured-merge-diff => sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca
sigs.k8s.io/testing_frameworks => sigs.k8s.io/testing_frameworks v0.1.2
sigs.k8s.io/yaml => sigs.k8s.io/yaml v1.1.0
vbom.ml/util => vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc
)

107
go.sum
View File

@@ -18,12 +18,14 @@ github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VY
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Microsoft/go-winio v0.4.12 h1:xAfWHN1IrQ0NJ9TBC0KBZoqLjzDTr1ML+4MywiUOryc=
github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/PuerkitoBio/goquery v1.5.0 h1:uGvmFXOA73IKluu/F84Xd1tt/z07GYm8X49XKHP7EJk=
github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
@@ -57,11 +59,9 @@ github.com/blang/semver v3.5.0+incompatible h1:CGxCgetQ64DKk7rdZ++Vfnb1+ogGNnB17
github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/coreos/bbolt v1.3.3 h1:n6AiVyVRKQFNb6mJlwESEvvLoDyiTzXX7ORAUlkeBdY=
github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -77,12 +77,12 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
github.com/denisenkom/go-mssqldb v0.0.0-20190204142019-df6d76eb9289/go.mod h1:xN/JuLBIz4bjkxNmByTiV1IbhfnYb6oo99phBn4Eqhc=
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/engine v1.4.2-0.20190822205725-ed20165a37b4 h1:+VAGRKyn9Ca+ckzV/PJsaRO7UXO9KQjFmSffcSDrWdE=
@@ -94,8 +94,6 @@ github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD
github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c h1:ZfSZ3P3BedhKGUhzj7BQlPSU4OvT6tfOKe3DVHzOA7s=
github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/elastic/go-elasticsearch/v5 v5.6.1 h1:RnL2wcXepOT5SdoKMMO1j1OBX0vxHYbBtkQNL2E3xs4=
github.com/elastic/go-elasticsearch/v5 v5.6.1/go.mod h1:r7uV7HidpfkYh7D8SB4lkS13TNlNy3oa5GNmTZvuVqY=
github.com/elastic/go-elasticsearch/v6 v6.8.2 h1:rp5DGrd63V5c6nHLjF6QEXUpZSvs0+QM3ld7m9VhV2g=
@@ -115,6 +113,7 @@ github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3
github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8=
github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
@@ -131,13 +130,9 @@ github.com/gliderlabs/ssh v0.1.1 h1:j3L6gSLQalDETeEg/Jg0mGY0/y/N6zI2xX1978P0Uqw=
github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8 h1:DujepqpGd1hyOd7aW59XpK7Qymp8iy83xq74fLr21is=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/go-acme/lego v2.5.0+incompatible h1:5fNN9yRQfv8ymH3DSsxla+4aYeQt2IgfZqHKVnK8f0s=
github.com/go-acme/lego v2.5.0+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG94USbYxYrZfTkIn0M=
github.com/go-kit/kit v0.8.0 h1:Wz+5lgoB0kkuqLEc6NVmwRknTKP6dTGbSqvhZtBI/j0=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-logfmt/logfmt v0.4.0 h1:MP4Eh7ZCb31lleYCFuwm0oe4/YGak+5l1vA2NOE80nA=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
@@ -172,10 +167,11 @@ github.com/go-redis/redis v6.15.2+incompatible h1:9SpNVG76gr6InJGxoZ6IuuxaCOQwDA
github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gobuffalo/flect v0.1.5 h1:xpKq9ap8MbYfhuPCF0dBH854Gp9CxZjr/IocxELFflo=
github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6 h1:kumyNm8Vr8cbVm/aLQYTbDE3SKCbbn5HEVoDp/Dyyfc=
github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6/go.mod h1:K/9g3pPouf13kP5K7pdriQEJAy272R9yXuWuDIEWJTM=
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
@@ -191,6 +187,11 @@ github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w=
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450/go.mod h1:Bk6SMAONeMXrxql8uvOKuAZSu8aM5RUGv+1C6IJaEho=
github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995/go.mod h1:lJgMEyOkYFkPcDKwRXegd+iM6E7matEszMG5HhwytU8=
github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
@@ -220,8 +221,6 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.9.6 h1:8p0pcgLlw2iuZVsdHdPaMUXFOA+6gDixcXbHEMzSyW8=
github.com/grpc-ecosystem/grpc-gateway v1.9.6/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E=
github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk=
@@ -237,8 +236,6 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a h1:BcF8coBl0QFVhe8vAMMlD+CV8EISiu9MGKLoj6ZEyJA=
github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8=
github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.0.0/go.mod h1:oHTiXerJ20+SfYcrdlBO7rzZRJWGwSTQ0iUY2jI6Gfc=
@@ -258,13 +255,10 @@ github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT
github.com/keybase/go-ps v0.0.0-20161005175911-668c8856d999/go.mod h1:hY+WOq6m2FpbvyrI93sMaypsttvaIL5nhVR92dTMUcQ=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w=
github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7 h1:SWlt7BoQNASbhTUD0Oy5yysI2seJ7vWuGUp///OM4TM=
github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7/go.mod h1:Y2SaZf2Rzd0pXkLVhLlCiAXFCLSXAIbTKDivVgff/AM=
github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -275,42 +269,33 @@ github.com/kubesphere/application v0.0.0-20191210100950-18cc93526ab4 h1:pugSGmj8
github.com/kubesphere/application v0.0.0-20191210100950-18cc93526ab4/go.mod h1:sILRE7W0CquRyC51JNRj4U7OP7CJl3o62TcX5E6IcWs=
github.com/kubesphere/kiali v0.15.1-0.20191210080139-edbbad1ef779 h1:52StEbBn6dRFF2DE9DBmVt26JQu9j4DOwagLUq6gZWg=
github.com/kubesphere/kiali v0.15.1-0.20191210080139-edbbad1ef779/go.mod h1:Y1EqeixoXkKkU8I+yvOfhdh21+8+etFE6wYOVT2XFdI=
github.com/kubesphere/s2ioperator v0.0.14 h1:oShV/MSn8bwwnRzXU8bY3RH/V4k0TmCcKZ50B0Q9gEk=
github.com/kubesphere/s2ioperator v0.0.14/go.mod h1:6stEM/ocFZxYhLYl2d5LRYE5WdggHMIX5ngJwloWR4g=
github.com/kubesphere/sonargo v0.0.2 h1:hsSRE3sv3mkPcUAeSABdp7rtfcNW2zzeHXzFa01CTkU=
github.com/kubesphere/sonargo v0.0.2/go.mod h1:ww8n9ANlDXhX5PBZ18iaRnCgEkXN0GMml3/KZXOZ11w=
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
github.com/leodido/go-urn v1.1.0 h1:Sm1gr51B1kKyfD2BlRcLSiEkffoG96g6TPv6eRoEiB8=
github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lucas-clemente/quic-go v0.11.1 h1:zasajC848Dqq/+WqfqBCkmPw+YHNe1MBts/z7y7nXf4=
github.com/lucas-clemente/quic-go v0.11.1/go.mod h1:PpMmPfPKO9nKJ/psF49ESTAGQSdfXxlg1otPbEB2nOw=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
github.com/marten-seemann/qtls v0.2.3 h1:0yWJ43C62LsZt08vuQJDK1uC1czUc3FJeCLPoNAI4vA=
github.com/marten-seemann/qtls v0.2.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk=
github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-runewidth v0.0.0-20181025052659-b20a3daf6a39/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-sqlite3 v1.11.0 h1:LDdKkqtYlom37fkvqs8rMPFKAMe8+SgjbwZ6ex1/A/Q=
github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mholt/caddy v1.0.0 h1:KI6RPGih2GFzWRPG8s9clKK28Ns4ZlVMKR/v7mxq6+c=
github.com/mholt/caddy v1.0.0/go.mod h1:PzUpQ3yGCTuEuy0KSxEeB4TZOi3zBZ8BR/zY0RBP414=
github.com/mholt/certmagic v0.5.1 h1:8Pf6Hwwlh5sbT3nwn3ovXyXWxHCEM54wvfLzTrQ+UiM=
github.com/mholt/certmagic v0.5.1/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/miekg/dns v1.1.9 h1:OIdC9wT96RzuZMf2PfKRhFgsStHUUBZLM/lo1LqiM9E=
github.com/miekg/dns v1.1.9/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mna/pigeon v0.0.0-20180808201053-bb0192cfc2ae/go.mod h1:Iym28+kJVnC1hfQvv5MUtI6AiFFzvQjHcvI4RFTG/04=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
@@ -322,21 +307,24 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks=
github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0=
github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8=
github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/open-policy-agent/opa v0.18.0 h1:EC81mO3/517Kq5brJHydqKE5MLzJ+4cdJvUQKxLzHy8=
github.com/open-policy-agent/opa v0.18.0/go.mod h1:6pC1cMYDI92i9EY/GoA2m+HcZlcCrh3jbfny5F7JVTA=
github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/openshift/api v3.9.0+incompatible h1:fJ/KsefYuZAjmrr3+5U9yZIZbTOpVkDDLDLFresAeYs=
github.com/openshift/api v3.9.0+incompatible/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY=
github.com/openshift/api v0.0.0-20180801171038-322a19404e37 h1:05irGU4HK4IauGGDbsk+ZHrm1wOzMLYjMlfaiqMrBYc=
github.com/openshift/api v0.0.0-20180801171038-322a19404e37/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY=
github.com/openshift/generic-admission-server v1.14.0/go.mod h1:GD9KN/W4KxqRQGVMbqQHpHzb2XcQVvLCaBaSciqXvfM=
github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-buffruneio v0.2.0 h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA=
@@ -344,6 +332,7 @@ github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtb
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -357,22 +346,25 @@ github.com/projectcalico/go-yaml v0.0.0-20161201183616-955bc3e451ef h1:Di9BaA9ap
github.com/projectcalico/go-yaml v0.0.0-20161201183616-955bc3e451ef/go.mod h1:1Ra2BftSa7Go38Gbq1q0bfmBFSSgUv+Cdc3SY8IL/C0=
github.com/projectcalico/go-yaml-wrapper v0.0.0-20161127220527-598e54215bee h1:yVWsNSlAuYoJ0CznHsYRPiFgsotoj07k00k5rQvGlHM=
github.com/projectcalico/go-yaml-wrapper v0.0.0-20161127220527-598e54215bee/go.mod h1:UgC0aTQ2KMDxlX3lU/stndk7DMUBJqzN40yFiILHgxc=
github.com/projectcalico/kube-controllers v3.8.8+incompatible h1:ZbCg0wJ+gd7i81CB6vOASiUN//oR4ZBl+wEdy0Vk1uI=
github.com/projectcalico/kube-controllers v3.8.8+incompatible/go.mod h1:ZEafKeKN5wiNARRw1LZP8l10uEfp04C7redU848MMZw=
github.com/projectcalico/libcalico-go v1.7.2-0.20191104213956-8f81e1e344ce h1:O/R67iwUe8TvZwgKbDB2cvF2/8L8PR4zVOcBtYEHD5Y=
github.com/projectcalico/libcalico-go v1.7.2-0.20191104213956-8f81e1e344ce/go.mod h1:z4tuFqrAg/423AMSaDamY5LgqeOZ5ETui6iOxDwJ/ag=
github.com/prometheus/client_golang v0.9.3 h1:9iH4JKXLzFbOAdtqv/a+j8aewx2Y8lAjAydhbaScPF8=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v0.9.4 h1:Y8E/JaaPbmFSW2V81Ab/d8yZFYQQGbni1b1jPcG9Y6A=
github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.4.0 h1:7etb9YClo3a6HjLzfl6rIQaU+FDfi0VSX39io3aQ+DM=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084 h1:sofwID9zm4tzrgykg80hfFph1mryUeLRsUfoocVVmRY=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/tsdb v0.7.1 h1:YZcsG11NqnK4czYLrWd9mpEuAJIHVQLwdrleYfszMAA=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/prometheus v1.8.2 h1:PAL466mnJw1VolZPm1OarpdUpqukUy/eX4tagia17DM=
github.com/prometheus/prometheus v1.8.2/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
@@ -386,6 +378,7 @@ github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/sony/sonyflake v0.0.0-20181109022403-6d5bd6181009 h1:3wBL/e/qjpSYaXacpbIV+Bsj/nwQ4UO1llG/av54zzw=
github.com/sony/sonyflake v0.0.0-20181109022403-6d5bd6181009/go.mod h1:dVvZuWJd174umvm5g8CmZD6S2GWwHKtpK/0ZPHswuNo=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/speps/go-hashids v2.0.0+incompatible h1:kSfxGfESueJKTx0mpER9Y/1XHl+FVQjtCqRyYcviFbw=
github.com/speps/go-hashids v2.0.0+incompatible/go.mod h1:P7hqPzMdnZOfyIk+xrlG1QaSMw+gCBdHKsBDnhpaZvc=
@@ -407,6 +400,8 @@ github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc/wtumK+WB441p7ynQJzVuNRJiqddSIE3IlSEQ=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -416,8 +411,11 @@ github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70
github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8=
github.com/xlab/treeprint v0.0.0-20180616005107-d6fb6747feb6/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b h1:vVRagRXf67ESqAb72hG2C/ZwI8NtJF2u2V76EsuOHGY=
github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co=
go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -429,15 +427,12 @@ go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4 h1:c2HOrn5iMezYjSlGPncknSEr/8x5LELb/ilJbXi9DEA=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f h1:hX65Cu3JDlGH3uEdK7I99Ii+9kjD6mvnnpfLdEAH0x4=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a h1:tImsplftrFpALCYumobsd0K86vlAs/eXGFms2txfJfA=
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e h1:ZytStCyV048ZqDsWHiYDdoI2Vd4msMcrDECFxS+tL9c=
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -451,7 +446,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+y
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.0.1 h1:xyiBuvkD2g5n7cYzx6u2sxQvsAy4QJsZFCzGVdzOXZ0=
gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU=
gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485 h1:OB/uP/Puiu5vS5QMRPrXCDWUPb+kt8f1KW8oQzFejQw=
gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -477,12 +471,9 @@ gopkg.in/go-playground/validator.v9 v9.29.1 h1:SvGtYmN60a5CVKTOzMSyfzWDeZRxRuGvR
gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/mcuadros/go-syslog.v2 v2.2.1 h1:60g8zx1BijSVSgLTzLCW9UC4/+i1Ih9jJ1DR5Tgp9vE=
gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/src-d/go-billy.v4 v4.3.0 h1:KtlZ4c1OWbIs4jCv5ZXrTqG8EQocr0g/d4DjNg70aek=
gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
@@ -517,6 +508,7 @@ k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb h1:ZUNsbuPdXWrj0rZziRfCWc
k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12tQ=
k8s.io/apiserver v0.0.0-20191114103151-9ca1dc586682 h1:+FvAOv/4JyYgZanQI8h+UW9FCmLzyEz7EZunuET6p5g=
k8s.io/apiserver v0.0.0-20191114103151-9ca1dc586682/go.mod h1:Idob8Va6/sMX5SmwPLsU0pdvFlkwxuJ5x+fXMG8NbKE=
k8s.io/cli-runtime v0.17.3/go.mod h1:X7idckYphH4SZflgNpOOViSxetiMj6xI0viMAjM81TA=
k8s.io/client-go v0.0.0-20191114101535-6c5935290e33 h1:07mhG/2oEoo3N+sHVOo0L9PJ/qvbk3N5n2dj8IWefnQ=
k8s.io/client-go v0.0.0-20191114101535-6c5935290e33/go.mod h1:4L/zQOBkEf4pArQJ+CMk1/5xjA30B5oyWv+Bzb44DOw=
k8s.io/code-generator v0.0.0-20191004115455-8e001e5d1894 h1:NMYlxaF7rYQJk2E2IyrUhaX81zX24+dmoZdkPw0gJqI=
@@ -529,6 +521,9 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
k8s.io/kubectl v0.17.3 h1:9HHYj07kuFkM+sMJMOyQX29CKWq4lvKAG1UIPxNPMQ4=
k8s.io/kubectl v0.17.3/go.mod h1:NUn4IBY7f7yCMwSop2HCXlw/MVYP4HJBiUmOR3n9w28=
k8s.io/metrics v0.17.3/go.mod h1:HEJGy1fhHOjHggW9rMDBJBD3YuGroH3Y1pnIRw9FFaI=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
kubesphere.io/application v0.0.0-20190404151855-67ae7f915d4e/go.mod h1:NhUQ0ZUdFz8NTQ+SvQG0JUKAn+q71v3TPExjsjRPIZI=
@@ -549,9 +544,13 @@ sigs.k8s.io/controller-runtime v0.4.0 h1:wATM6/m+3w8lj8FXNaO6Fs/rq/vqoOjO1Q116Z9
sigs.k8s.io/controller-runtime v0.4.0/go.mod h1:ApC79lpY3PHW9xj/w9pj+lYkLgwAAUZwfXkME1Lajns=
sigs.k8s.io/controller-tools v0.2.4 h1:la1h46EzElvWefWLqfsXrnsO3lZjpkI0asTpX6h8PLA=
sigs.k8s.io/controller-tools v0.2.4/go.mod h1:m/ztfQNocGYBgTTCmFdnK94uVvgxeZeE3LtJvd/jIzA=
sigs.k8s.io/kubefed v0.2.0-alpha.1 h1:nzaQ4HDReHLECXMv7iszHBLx3+GO3/Iwlw7dkS71qCw=
sigs.k8s.io/kubefed v0.2.0-alpha.1/go.mod h1:/X4yMEvaclI6CAeVwFBjtGJ1E3gwXcuVwNbGPXPz+CM=
sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca h1:6dsH6AYQWbyZmtttJNe8Gq1cXOeS1BdV3eW37zHilAQ=
sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA=
sigs.k8s.io/testing_frameworks v0.1.2 h1:vK0+tvjF0BZ/RYFeZ1E6BYBwHJJXhjuZ3TdsEKH+UQM=
sigs.k8s.io/testing_frameworks v0.1.2/go.mod h1:ToQrwSC3s8Xf/lADdZp3Mktcql9CG0UAmdJG9th5i0w=
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI=

22
hack/docker_build.sh
View File

@@ -3,25 +3,23 @@
set -ex
set -o pipefail
# Default image repo
# push to kubespheredev with default latest tag
REPO=${REPO:-kubespheredev}
# Set tag to latest if no argument was given, normally was branch name
TAG=${TAG:-latest}
TAG=${TRAVIS_BRANCH:-latest}
# check if build was triggered by a travis cronjob
if [[ -z "$TRAVIS_EVENT_TYPE" ]]; then
echo "TRAVIS_EVENT_TYPE is empty, also normaly build"
elif [[ $TRAVIS_EVENT_TYPE == "cron" ]]; then
TAG=dev-$(date +%Y%m%d)
fi
docker build -f build/ks-apigateway/Dockerfile -t $REPO/ks-apigateway:$TAG .
docker build -f build/ks-apiserver/Dockerfile -t $REPO/ks-apiserver:$TAG .
docker build -f build/ks-iam/Dockerfile -t $REPO/ks-account:$TAG .
docker build -f build/ks-controller-manager/Dockerfile -t $REPO/ks-controller-manager:$TAG .
docker build -f build/hypersphere/Dockerfile -t $REPO/hypersphere:$TAG .
docker build -f ./pkg/db/Dockerfile -t $REPO/ks-devops:flyway-$TAG ./pkg/db/
# Push image to dockerhub, need to support multiple push
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push $REPO/ks-apigateway:$TAG
docker push $REPO/ks-apiserver:$TAG
docker push $REPO/ks-account:$TAG
docker push $REPO/ks-controller-manager:$TAG
docker push $REPO/hypersphere:$TAG
docker push $REPO/ks-devops:flyway-$TAG

2
hack/generate_client.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
set -e
GV="network:v1alpha1 servicemesh:v1alpha2 tenant:v1alpha1 devops:v1alpha1"
GV="network:v1alpha1 servicemesh:v1alpha2 tenant:v1alpha1 devops:v1alpha1 iam:v1alpha2 devops:v1alpha3 cluster:v1alpha1"
rm -rf ./pkg/client
./hack/generate_group.sh "client,lister,informer" kubesphere.io/kubesphere/pkg/client kubesphere.io/kubesphere/pkg/apis "$GV" --output-base=./ -h "$PWD/hack/boilerplate.go.txt"

11
kustomize/network/OWNERS
View File

@@ -1,11 +0,0 @@
approvers:
- magicsong
- zheng1
reviewers:
- magicsong
- zheng1
labels:
- area/deploy
- area/networking

23
kustomize/network/calico-etcd/kustomization.yaml
View File

@@ -1,23 +0,0 @@
bases:
- ../crds
resources:
- network.yaml
- rbac/role.yaml
- rbac/role_binding.yaml
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: calico-etcd-secrets
files:
- etcd-ca=etcd/ca
- etcd-key=etcd/key
- etcd-cert=etcd/crt
type: Opaque
patchesStrategicMerge:
- patch_image_name.yaml
namespace: network-test-f22e8ea9

57
kustomize/network/calico-etcd/network.yaml
View File

@@ -1,57 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: network-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: network-manager
namespace: network-system
labels:
control-plane: network-manager
spec:
selector:
matchLabels:
control-plane: network-manager
replicas: 1
template:
metadata:
labels:
control-plane: network-manager
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
effect: NoSchedule
containers:
- command:
- /ks-network
args:
- -v=4
- np-provider=calico
image: network:latest
imagePullPolicy: Always
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /calicocerts
name: etcd-certs
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: etcd-certs
secret:
secretName: calico-etcd-secrets
defaultMode: 0400

12
kustomize/network/calico-etcd/patch_image_name.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: network-manager
namespace: network-system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: magicsong/ks-network:f22e8ea9
name: manager

8
kustomize/network/calico-etcd/patch_role_binding.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
subjects:
- kind: ServiceAccount
name: default
namespace: network-test-f22e8ea9

33
kustomize/network/calico-etcd/role.yaml
View File

@@ -1,33 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: network-manager
rules:
- apiGroups:
- network.kubesphere.io
resources:
- namespacenetworkpolicies
- workspacenetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

12
kustomize/network/calico-etcd/role_binding.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: net-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: network-system

11
kustomize/network/calico-k8s/kustomization.yaml
View File

@@ -1,11 +0,0 @@
bases:
- ../crds
resources:
- network.yaml
- role.yaml
patchesStrategicMerge:
- patch_image_name.yaml
namespace: network-test-f22e8ea9

69
kustomize/network/calico-k8s/network.yaml
View File

@@ -1,69 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: network-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: network-manager
namespace: network-system
labels:
control-plane: network-manager
spec:
selector:
matchLabels:
control-plane: network-manager
replicas: 1
template:
metadata:
labels:
control-plane: network-manager
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
effect: NoSchedule
serviceAccountName: network-manager
containers:
- command:
- /ks-network
args:
- -v=4
- np-provider=calico
- datastore-type=k8s
image: network:latest
imagePullPolicy: Always
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
terminationGracePeriodSeconds: 10
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: net-role-binding
namespace: network-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: network-manager
subjects:
- kind: ServiceAccount
name: network-manager
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: network-manager

12
kustomize/network/calico-k8s/patch_image_name.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: network-manager
namespace: network-system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: magicsong/ks-network:f22e8ea9
name: manager

8
kustomize/network/calico-k8s/patch_role_binding.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: net-role-binding
subjects:
- kind: ServiceAccount
name: network-manager
namespace: network-test-f22e8ea9

54
kustomize/network/calico-k8s/role.yaml
View File

@@ -1,54 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: network-manager
rules:
- apiGroups:
- crd.projectcalico.org
resources:
- clusterinformations
- felixconfigurations
- globalfelixconfigs
- globalnetworkpolicies
- globalnetworksets
- hostendpoints
- ipamblocks
- ippools
- networkpolicies
- networksets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- network.kubesphere.io
resources:
- namespacenetworkpolicies
- workspacenetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

3
kustomize/network/crds/kustomization.yaml
View File

@@ -1,3 +0,0 @@
resources:
- wsnp.yaml
- nsnp.yaml

711
kustomize/network/crds/nsnp.yaml
View File

@@ -1,711 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: namespacenetworkpolicies.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
categories:
- networking
kind: NamespaceNetworkPolicy
plural: namespacenetworkpolicies
shortNames:
- nsnp
scope: Namespaced
validation:
openAPIV3Schema:
description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NamespaceNetworkPolicySpec defines the desired state of NamespaceNetworkPolicy
properties:
egress:
description: The ordered set of egress rules. Each rule contains a
set of packet match criteria and a corresponding action to apply.
items:
description: "A Rule encapsulates a set of match criteria and an action.
\ Both selector-based security Policy and security Profiles reference
rules - separated out as a list of rules for both ingress and egress
packet matching. \n Each positive match criteria has a negated version,
prefixed with ”Not”. All the match criteria within a rule must be
satisfied for a packet to match. A single rule can contain the positive
and negative version of a match and both must be satisfied for the
rule to match."
properties:
action:
type: string
destination:
description: Destination contains the match criteria that apply
to destination entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
items:
type: object
x-kubernetes-int-or-string: true
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
http:
description: HTTP contains match criteria that apply to HTTP requests.
properties:
methods:
description: Methods is an optional field that restricts the
rule to apply only to HTTP requests that use one of the
listed HTTP Methods (e.g. GET, PUT, etc.) Multiple methods
are OR'd together.
items:
type: string
type: array
paths:
description: 'Paths is an optional field that restricts the
rule to apply to HTTP requests that use one of the listed
HTTP Paths. Multiple paths are OR''d together. e.g: - exact:
/foo - prefix: /bar NOTE: Each entry may ONLY specify either
a `exact` or a `prefix` match. The validator will check
for it.'
items:
description: 'HTTPPath specifies an HTTP path to match.
It may be either of the form: exact: <path>: which matches
the path exactly or prefix: <path-prefix>: which matches
the path prefix'
properties:
exact:
type: string
prefix:
type: string
type: object
type: array
type: object
icmp:
description: ICMP is an optional field that restricts the rule
to apply to a specific type and code of ICMP traffic. This
should only be specified if the Protocol field is set to "ICMP"
or "ICMPv6".
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
ipVersion:
description: IPVersion is an optional field that restricts the
rule to only match a specific IP version.
type: integer
notICMP:
description: NotICMP is the negated version of the ICMP field.
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
notProtocol:
description: NotProtocol is the negated version of the Protocol
field.
type: string
protocol:
description: "Protocol is an optional field that restricts the
rule to only apply to traffic of a specific IP protocol. Required
if any of the EntityRules contain Ports (because ports only
apply to certain protocols). \n Must be one of these string
values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", \"UDPLite\"
or an integer in the range 1-255."
type: string
source:
description: Source contains the match criteria that apply to
source entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
type: object
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
required:
- action
type: object
type: array
ingress:
description: The ordered set of ingress rules. Each rule contains a
set of packet match criteria and a corresponding action to apply.
items:
description: "A Rule encapsulates a set of match criteria and an action.
\ Both selector-based security Policy and security Profiles reference
rules - separated out as a list of rules for both ingress and egress
packet matching. \n Each positive match criteria has a negated version,
prefixed with ”Not”. All the match criteria within a rule must be
satisfied for a packet to match. A single rule can contain the positive
and negative version of a match and both must be satisfied for the
rule to match."
properties:
action:
type: string
destination:
description: Destination contains the match criteria that apply
to destination entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
anyOf:
- type: integer
- type: string
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
anyOf:
- type: integer
- type: string
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
http:
description: HTTP contains match criteria that apply to HTTP requests.
properties:
methods:
description: Methods is an optional field that restricts the
rule to apply only to HTTP requests that use one of the
listed HTTP Methods (e.g. GET, PUT, etc.) Multiple methods
are OR'd together.
items:
type: string
type: array
paths:
description: 'Paths is an optional field that restricts the
rule to apply to HTTP requests that use one of the listed
HTTP Paths. Multiple paths are OR''d together. e.g: - exact:
/foo - prefix: /bar NOTE: Each entry may ONLY specify either
a `exact` or a `prefix` match. The validator will check
for it.'
items:
description: 'HTTPPath specifies an HTTP path to match.
It may be either of the form: exact: <path>: which matches
the path exactly or prefix: <path-prefix>: which matches
the path prefix'
properties:
exact:
type: string
prefix:
type: string
type: object
type: array
type: object
icmp:
description: ICMP is an optional field that restricts the rule
to apply to a specific type and code of ICMP traffic. This
should only be specified if the Protocol field is set to "ICMP"
or "ICMPv6".
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
ipVersion:
description: IPVersion is an optional field that restricts the
rule to only match a specific IP version.
type: integer
notICMP:
description: NotICMP is the negated version of the ICMP field.
properties:
code:
description: Match on a specific ICMP code. If specified,
the Type value must also be specified. This is a technical
limitation imposed by the kernels iptables firewall, which
Calico uses to enforce the rule.
type: integer
type:
description: Match on a specific ICMP type. For example a
value of 8 refers to ICMP Echo Request (i.e. pings).
type: integer
type: object
notProtocol:
description: NotProtocol is the negated version of the Protocol
field.
type: string
protocol:
description: "Protocol is an optional field that restricts the
rule to only apply to traffic of a specific IP protocol. Required
if any of the EntityRules contain Ports (because ports only
apply to certain protocols). \n Must be one of these string
values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", \"UDPLite\"
or an integer in the range 1-255."
type: string
source:
description: Source contains the match criteria that apply to
source entity.
properties:
namespaceSelector:
description: "NamespaceSelector is an optional field that
contains a selector expression. Only traffic that originates
from (or terminates at) endpoints within the selected namespaces
will be matched. When both NamespaceSelector and Selector
are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the
rule. \n For NetworkPolicy, an empty NamespaceSelector implies
that the Selector is limited to selecting only workload
endpoints in the same namespace as the NetworkPolicy. \n
For GlobalNetworkPolicy, an empty NamespaceSelector implies
the Selector applies to workload endpoints across all namespaces."
type: string
nets:
description: Nets is an optional field that restricts the
rule to only apply to traffic that originates from (or terminates
at) IP addresses in any of the given subnets.
items:
type: string
type: array
notNets:
description: NotNets is the negated version of the Nets field.
items:
type: string
type: array
notPorts:
description: NotPorts is the negated version of the Ports
field. Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to "TCP" or "UDP".
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
type: object
type: array
notSelector:
description: NotSelector is the negated version of the Selector
field. See Selector field for subtleties with negated selectors.
type: string
ports:
description: "Ports is an optional field that restricts the
rule to only apply to traffic that has a source (destination)
port that matches one of these ranges/values. This value
is a list of integers or strings that represent ranges of
ports. \n Since only some protocols have ports, if any ports
are specified it requires the Protocol match in the Rule
to be set to \"TCP\" or \"UDP\"."
items:
description: "Port represents either a range of numeric
ports or a named port. \n - For a named port, set
the PortName, leaving MinPort and MaxPort as 0. -
For a port range, set MinPort and MaxPort to the (inclusive)
port numbers. Set PortName to \"\". - For a
single port, set MinPort = MaxPort and PortName = \"\"."
x-kubernetes-int-or-string: true
anyOf:
- type: integer
- type: string
type: object
type: array
selector:
description: "Selector is an optional field that contains
a selector expression (see Policy for sample syntax). Only
traffic that originates from (terminates at) endpoints matching
the selector will be matched. \n Note that: in addition
to the negated version of the Selector (see NotSelector
below), the selector expression syntax itself supports negation.
\ The two types of negation are subtly different. One negates
the set of matched endpoints, the other negates the whole
match: \n \tSelector = \"!has(my_label)\" matches packets
that are from other Calico-controlled \tendpoints that do
not have the label “my_label”. \n \tNotSelector = \"has(my_label)\"
matches packets that are not from Calico-controlled \tendpoints
that do have the label “my_label”. \n The effect is that
the latter will accept packets from non-Calico sources whereas
the former is limited to packets from Calico-controlled
endpoints."
type: string
serviceAccounts:
description: ServiceAccounts is an optional field that restricts
the rule to only apply to traffic that originates from (or
terminates at) a pod running as a matching service account.
properties:
names:
description: Names is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
whose name is in the list.
items:
type: string
type: array
selector:
description: Selector is an optional field that restricts
the rule to only apply to traffic that originates from
(or terminates at) a pod running as a service account
that matches the given label selector. If both Names
and Selector are specified then they are AND'ed.
type: string
type: object
type: object
required:
- action
type: object
type: array
order:
description: Order is an optional field that specifies the order in
which the policy is applied. Policies with higher "order" are applied
after those with lower order. If the order is omitted, it may be
considered to be "infinite" - i.e. the policy will be applied last. Policies
with identical order will be applied in alphanumerical order based
on the Policy "Name".
type: integer
selector:
description: "The selector is an expression used to pick pick out the
endpoints that the policy should be applied to. \n Selector expressions
follow this syntax: \n \tlabel == \"string_literal\" -> comparison,
e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
equal; also matches if label is not present \tlabel in { \"a\", \"b\",
\"c\", ... } -> true if the value of label X is one of \"a\", \"b\",
\"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } -> true if the
value of label X is not one of \"a\", \"b\", \"c\" \thas(label_name)
\ -> True if that label is present \t! expr -> negation of expr \texpr
&& expr -> Short-circuit and \texpr || expr -> Short-circuit or
\t( expr ) -> parens for grouping \tall() or the empty selector ->
matches all endpoints. \n Label names are allowed to contain alphanumerics,
-, _ and /. String literals are more permissive but they do not support
escape characters. \n Examples (with made-up labels): \n \ttype ==
\"webserver\" && deployment == \"prod\" \ttype in {\"frontend\", \"backend\"}
\tdeployment != \"dev\" \t! has(label_name)"
type: string
types:
description: "Types indicates whether this policy applies to ingress,
or to egress, or to both. When not explicitly specified (and so the
value on creation is empty or nil), Calico defaults Types according
to what Ingress and Egress are present in the policy. The default
is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including
the case where there are also no Ingress rules) \n - [ PolicyTypeEgress
], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress,
PolicyTypeEgress ], if there are both Ingress and Egress rules. \n
When the policy is read back again, Types will always be one of these
values, never empty or nil."
items:
type: string
type: array
required:
- selector
type: object
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

523
kustomize/network/crds/wsnp.yaml
View File

@@ -1,523 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: workspacenetworkpolicies.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
categories:
- networking
kind: WorkspaceNetworkPolicy
plural: workspacenetworkpolicies
shortNames:
- wsnp
scope: Cluster
validation:
openAPIV3Schema:
description: WorkspaceNetworkPolicy is a set of network policies applied to
the scope to workspace
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkspaceNetworkPolicySpec defines the desired state of WorkspaceNetworkPolicy
properties:
egress:
description: List of egress rules to be applied to the selected pods.
Outgoing traffic is allowed if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if the
traffic matches at least one egress rule across all of the NetworkPolicy
objects whose podSelector matches the pod. If this field is empty
then this NetworkPolicy limits all outgoing traffic (and serves solely
to ensure that the pods it selects are isolated by default). This
field is beta-level in 1.8
items:
description: WorkspaceNetworkPolicyEgressRule describes a particular
set of traffic that is allowed out of pods matched by a WorkspaceNetworkPolicySpec's
podSelector. The traffic must match both ports and to.
properties:
from:
description: List of sources which should be able to access the
pods selected for this rule. Items in this list are combined
using a logical OR operation. If this field is empty or missing,
this rule matches all sources (traffic not restricted by source).
If this field is present and contains at least on item, this
rule allows traffic only if the traffic matches at least one
item in the from list.
items:
description: WorkspaceNetworkPolicyPeer describes a peer to
allow traffic from. Only certain combinations of fields are
allowed. It is same as 'NetworkPolicyPeer' in k8s but with
an additional field 'WorkspaceSelector'
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP Block
Valid examples are "192.168.1.1/24"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" Except values will be rejected
if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespaceSelector:
description: "Selects Namespaces using cluster-scoped labels.
This field follows standard label selector semantics;
if present but empty, it selects all namespaces. \n If
PodSelector is also set, then the NetworkPolicyPeer as
a whole selects the Pods matching PodSelector in the Namespaces
selected by NamespaceSelector. Otherwise it selects all
Pods in the Namespaces selected by NamespaceSelector."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
podSelector:
description: "This is a label selector which selects Pods.
This field follows standard label selector semantics;
if present but empty, it selects all pods. \n If NamespaceSelector
is also set, then the NetworkPolicyPeer as a whole selects
the Pods matching PodSelector in the Namespaces selected
by NamespaceSelector. Otherwise it selects the Pods matching
PodSelector in the policy's own Namespace."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
workspaceSelector:
description: A label selector is a label query over a set
of resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects.
A null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
type: object
type: array
ports:
description: List of ports which should be made accessible on
the pods selected for this rule. Each item in this list is combined
using a logical OR. If this field is empty or missing, this
rule matches all ports (traffic not restricted by port). If
this field is present and contains at least one item, then this
rule allows traffic only if the traffic matches at least one
port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
port:
anyOf:
- type: string
- type: integer
description: The port on the given protocol. This can either
be a numerical or named port on a pod. If this field is
not provided, this matches all port names and numbers.
protocol:
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to TCP.
type: string
type: object
type: array
type: object
type: array
ingress:
description: List of ingress rules to be applied to the selected pods.
Traffic is allowed to a pod if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if the
traffic source is the pod's local node, OR if the traffic matches
at least one ingress rule across all of the NetworkPolicy objects
whose podSelector matches the pod. If this field is empty then this
NetworkPolicy does not allow any traffic (and serves solely to ensure
that the pods it selects are isolated by default)
items:
description: WorkspaceNetworkPolicyIngressRule describes a particular
set of traffic that is allowed to the pods matched by a WorkspaceNetworkPolicySpec's
podSelector. The traffic must match both ports and from.
properties:
from:
description: List of sources which should be able to access the
pods selected for this rule. Items in this list are combined
using a logical OR operation. If this field is empty or missing,
this rule matches all sources (traffic not restricted by source).
If this field is present and contains at least on item, this
rule allows traffic only if the traffic matches at least one
item in the from list.
items:
description: WorkspaceNetworkPolicyPeer describes a peer to
allow traffic from. Only certain combinations of fields are
allowed. It is same as 'NetworkPolicyPeer' in k8s but with
an additional field 'WorkspaceSelector'
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP Block
Valid examples are "192.168.1.1/24"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" Except values will be rejected
if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespaceSelector:
description: "Selects Namespaces using cluster-scoped labels.
This field follows standard label selector semantics;
if present but empty, it selects all namespaces. \n If
PodSelector is also set, then the NetworkPolicyPeer as
a whole selects the Pods matching PodSelector in the Namespaces
selected by NamespaceSelector. Otherwise it selects all
Pods in the Namespaces selected by NamespaceSelector."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
podSelector:
description: "This is a label selector which selects Pods.
This field follows standard label selector semantics;
if present but empty, it selects all pods. \n If NamespaceSelector
is also set, then the NetworkPolicyPeer as a whole selects
the Pods matching PodSelector in the Namespaces selected
by NamespaceSelector. Otherwise it selects the Pods matching
PodSelector in the policy's own Namespace."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
workspaceSelector:
description: A label selector is a label query over a set
of resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects.
A null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
type: object
type: array
ports:
description: List of ports which should be made accessible on
the pods selected for this rule. Each item in this list is combined
using a logical OR. If this field is empty or missing, this
rule matches all ports (traffic not restricted by port). If
this field is present and contains at least one item, then this
rule allows traffic only if the traffic matches at least one
port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
port:
anyOf:
- type: string
- type: integer
description: The port on the given protocol. This can either
be a numerical or named port on a pod. If this field is
not provided, this matches all port names and numbers.
protocol:
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to TCP.
type: string
type: object
type: array
type: object
type: array
policyTypes:
description: List of rule types that the WorkspaceNetworkPolicy relates
to. Valid options are Ingress, Egress, or Ingress,Egress. If this
field is not specified, it will default based on the existence of
Ingress or Egress rules; policies that contain an Egress section are
assumed to affect Egress, and all policies (whether or not they contain
an Ingress section) are assumed to affect Ingress. If you want to
write an egress-only policy, you must explicitly specify policyTypes
[ "Egress" ]. Likewise, if you want to write a policy that specifies
that no egress is allowed, you must specify a policyTypes value that
include "Egress" (since such a policy would not include an Egress
section and would otherwise default to just [ "Ingress" ]).
items:
description: Policy Type string describes the NetworkPolicy type This
type is beta-level in 1.8
type: string
type: array
workspace:
description: Workspace specify the name of ws to apply this workspace
network policy
type: string
type: object
status:
description: WorkspaceNetworkPolicyStatus defines the observed state of
WorkspaceNetworkPolicy
type: object
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

30
kustomize/network/rbac/role.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: net-manager-role
rules:
- apiGroups:
- network.kubesphere.io
resources:
- namespacenetworkpolicies
- workspacenetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

48
pkg/api/auth/types.go Normal file
View File

@@ -0,0 +1,48 @@
/*
*
* Copyright 2020 The KubeSphere Authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* /
*/
package auth
import "fmt"
const (
KindTokenReview = "TokenReview"
)
type Spec struct {
Token string `json:"token" description:"access token"`
}
type Status struct {
Authenticated bool `json:"authenticated" description:"is authenticated"`
User map[string]interface{} `json:"user,omitempty" description:"user info"`
}
type TokenReview struct {
APIVersion string `json:"apiVersion" description:"Kubernetes API version"`
Kind string `json:"kind" description:"kind of the API object"`
Spec *Spec `json:"spec,omitempty"`
Status *Status `json:"status,omitempty" description:"token review status"`
}
func (request *TokenReview) Validate() error {
if request.Spec == nil || request.Spec.Token == "" {
return fmt.Errorf("token must not be null")
}
return nil
}

230
pkg/api/logging/v1alpha2/types.go
View File

@@ -1,229 +1,9 @@
package v1alpha2
import (
"encoding/json"
"time"
)
import "kubesphere.io/kubesphere/pkg/simple/client/logging"
const (
OperationQuery int = iota
OperationStatistics
OperationHistogram
OperationExport
)
// elasticsearch client config
type Config struct {
Host string
Port string
Index string
VersionMajor string
}
type QueryParameters struct {
// when true, indicates the provided `namespaces` or `namespace_query` doesn't match any namespace
NamespaceNotFound bool
// a map of namespace with creation time
NamespaceWithCreationTime map[string]string
// filter for literally matching
// query for fuzzy matching
WorkloadFilter []string
WorkloadQuery []string
PodFilter []string
PodQuery []string
ContainerFilter []string
ContainerQuery []string
LogQuery []string
Operation int
Interval string
StartTime string
EndTime string
Sort string
From int64
Size int64
ScrollTimeout time.Duration
}
// elasticsearch request body
type Request struct {
From int64 `json:"from"`
Size int64 `json:"size"`
Sorts []Sort `json:"sort,omitempty"`
MainQuery BoolQuery `json:"query"`
Aggs interface{} `json:"aggs,omitempty"`
}
type Sort struct {
Order Order `json:"time"`
}
type Order struct {
Order string `json:"order"`
}
type BoolQuery struct {
Bool interface{} `json:"bool"`
}
// user filter instead of must
// filter ignores scoring
type BoolFilter struct {
Filter []interface{} `json:"filter"`
}
type BoolShould struct {
Should []interface{} `json:"should"`
MinimumShouldMatch int64 `json:"minimum_should_match"`
}
type RangeQuery struct {
RangeSpec RangeSpec `json:"range"`
}
type RangeSpec struct {
TimeRange TimeRange `json:"time"`
}
type TimeRange struct {
Gte string `json:"gte,omitempty"`
Lte string `json:"lte,omitempty"`
}
type MatchPhrase struct {
MatchPhrase map[string]string `json:"match_phrase"`
}
type MatchPhrasePrefix struct {
MatchPhrasePrefix interface{} `json:"match_phrase_prefix"`
}
type RegexpQuery struct {
Regexp interface{} `json:"regexp"`
}
// StatisticsAggs, the struct for `aggs` of type Request, holds a cardinality aggregation for distinct container counting
type StatisticsAggs struct {
ContainerAgg ContainerAgg `json:"containers"`
}
type ContainerAgg struct {
Cardinality AggField `json:"cardinality"`
}
type AggField struct {
Field string `json:"field"`
}
type HistogramAggs struct {
HistogramAgg HistogramAgg `json:"histogram"`
}
type HistogramAgg struct {
DateHistogram DateHistogram `json:"date_histogram"`
}
type DateHistogram struct {
Field string `json:"field"`
Interval string `json:"interval"`
}
// Fore more info, refer to https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-search-API.html
// Response body from the elasticsearch engine
type Response struct {
ScrollId string `json:"_scroll_id"`
Shards Shards `json:"_shards"`
Hits Hits `json:"hits"`
Aggregations json.RawMessage `json:"aggregations"`
}
type Shards struct {
Total int64 `json:"total"`
Successful int64 `json:"successful"`
Skipped int64 `json:"skipped"`
Failed int64 `json:"failed"`
}
type Hits struct {
// As of ElasticSearch v7.x, hits.total is changed
Total interface{} `json:"total"`
Hits []Hit `json:"hits"`
}
type Hit struct {
Source Source `json:"_source"`
Sort []int64 `json:"sort"`
}
type Source struct {
Log string `json:"log"`
Time string `json:"time"`
Kubernetes Kubernetes `json:"kubernetes"`
}
type Kubernetes struct {
Namespace string `json:"namespace_name"`
Pod string `json:"pod_name"`
Container string `json:"container_name"`
Host string `json:"host"`
}
type LogRecord struct {
Time string `json:"time,omitempty" description:"log timestamp"`
Log string `json:"log,omitempty" description:"log message"`
Namespace string `json:"namespace,omitempty" description:"namespace"`
Pod string `json:"pod,omitempty" description:"pod name"`
Container string `json:"container,omitempty" description:"container name"`
Host string `json:"host,omitempty" description:"node id"`
}
type ReadResult struct {
ScrollID string `json:"_scroll_id,omitempty"`
Total int64 `json:"total" description:"total number of matched results"`
Records []LogRecord `json:"records,omitempty" description:"actual array of results"`
}
// StatisticsResponseAggregations, the struct for `aggregations` of type Response, holds return results from the aggregation StatisticsAggs
type StatisticsResponseAggregations struct {
ContainerCount ContainerCount `json:"containers"`
}
type ContainerCount struct {
Value int64 `json:"value"`
}
type HistogramAggregations struct {
HistogramAggregation HistogramAggregation `json:"histogram"`
}
type HistogramAggregation struct {
Histograms []HistogramStatistics `json:"buckets"`
}
type HistogramStatistics struct {
Time int64 `json:"key"`
Count int64 `json:"doc_count"`
}
type HistogramRecord struct {
Time int64 `json:"time" description:"timestamp"`
Count int64 `json:"count" description:"total number of logs at intervals"`
}
type StatisticsResult struct {
Containers int64 `json:"containers" description:"total number of containers"`
Logs int64 `json:"logs" description:"total number of logs"`
}
type HistogramResult struct {
Total int64 `json:"total" description:"total number of logs"`
Histograms []HistogramRecord `json:"histograms" description:"actual array of histogram results"`
}
// Wrap elasticsearch response
type QueryResult struct {
Read *ReadResult `json:"query,omitempty" description:"query results"`
Statistics *StatisticsResult `json:"statistics,omitempty" description:"statistics results"`
Histogram *HistogramResult `json:"histogram,omitempty" description:"histogram results"`
type APIResponse struct {
Logs *logging.Logs `json:"query,omitempty" description:"query results"`
Statistics *logging.Statistics `json:"statistics,omitempty" description:"statistics results"`
Histogram *logging.Histogram `json:"histogram,omitempty" description:"histogram results"`
}

23
pkg/api/monitoring/v1alpha2/types.go
View File

@@ -1,23 +0,0 @@
package v1alpha2
// Prometheus query api response
type APIResponse struct {
Status string `json:"status" description:"result status, one of error, success"`
Data QueryResult `json:"data" description:"actual metric result"`
ErrorType string `json:"errorType,omitempty"`
Error string `json:"error,omitempty"`
Warnings []string `json:"warnings,omitempty"`
}
// QueryResult includes result data from a query.
type QueryResult struct {
ResultType string `json:"resultType" description:"result type, one of matrix, vector"`
Result []QueryValue `json:"result" description:"metric data including labels, time series and values"`
}
// Time Series
type QueryValue struct {
Metric map[string]string `json:"metric,omitempty" description:"time series labels"`
Value []interface{} `json:"value,omitempty" description:"time series, values of vector type"`
Values [][]interface{} `json:"values,omitempty" description:"time series, values of matrix type"`
}

1
pkg/api/resource/resource.go Normal file
View File

@@ -0,0 +1 @@
package resource

29
pkg/api/resource/v1alpha2/types.go Normal file
View File

@@ -0,0 +1,29 @@
package v1alpha2
import "time"
// ComponentStatus represents system component status.
type ComponentStatus struct {
Name string `json:"name" description:"component name"`
Namespace string `json:"namespace" description:"the name of the namespace"`
SelfLink string `json:"selfLink" description:"self link"`
Label interface{} `json:"label" description:"labels"`
StartedAt time.Time `json:"startedAt" description:"started time"`
TotalBackends int `json:"totalBackends" description:"the total replicas of each backend system component"`
HealthyBackends int `json:"healthyBackends" description:"the number of healthy backend components"`
}
// NodeStatus assembles cluster nodes status, simply wrap unhealthy and total nodes.
type NodeStatus struct {
// total nodes of cluster, including master nodes
TotalNodes int `json:"totalNodes" description:"total number of nodes"`
// healthy nodes means nodes whose state is NodeReady
HealthyNodes int `json:"healthyNodes" description:"the number of healthy nodes"`
}
//
type HealthStatus struct {
KubeSphereComponents []ComponentStatus `json:"kubesphereStatus" description:"kubesphere components status"`
NodeStatus NodeStatus `json:"nodeStatus" description:"nodes status"`
}

161
pkg/api/types.go Normal file
View File

@@ -0,0 +1,161 @@
package api
import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
)
type ListResult struct {
Items []interface{} `json:"items"`
TotalItems int `json:"totalItems"`
}
type ResourceQuota struct {
Namespace string `json:"namespace" description:"namespace"`
Data corev1.ResourceQuotaStatus `json:"data" description:"resource quota status"`
}
type NamespacedResourceQuota struct {
Namespace string `json:"namespace,omitempty"`
Data struct {
corev1.ResourceQuotaStatus
// quota left status, do the math on the side, cause it's
// a lot easier with go-client library
Left corev1.ResourceList `json:"left,omitempty"`
} `json:"data,omitempty"`
}
type Router struct {
RouterType string `json:"type"`
Annotations map[string]string `json:"annotations"`
}
type GitCredential struct {
RemoteUrl string `json:"remoteUrl" description:"git server url"`
SecretRef *corev1.SecretReference `json:"secretRef,omitempty" description:"auth secret reference"`
}
type RegistryCredential struct {
Username string `json:"username" description:"username"`
Password string `json:"password" description:"password"`
ServerHost string `json:"serverhost" description:"registry server host"`
}
type Workloads struct {
Namespace string `json:"namespace" description:"the name of the namespace"`
Count map[string]int `json:"data" description:"the number of unhealthy workloads"`
Items map[string]interface{} `json:"items,omitempty" description:"unhealthy workloads"`
}
type ClientType string
const (
ClientKubernetes ClientType = "Kubernetes"
ClientKubeSphere ClientType = "Kubesphere"
ClientIstio ClientType = "Istio"
ClientS2i ClientType = "S2i"
ClientApplication ClientType = "Application"
StatusOK = "ok"
)
var SupportedGroupVersionResources = map[ClientType][]schema.GroupVersionResource{
// all supported kubernetes api objects
ClientKubernetes: {
{Group: "", Version: "v1", Resource: "namespaces"},
{Group: "", Version: "v1", Resource: "nodes"},
{Group: "", Version: "v1", Resource: "resourcequotas"},
{Group: "", Version: "v1", Resource: "pods"},
{Group: "", Version: "v1", Resource: "services"},
{Group: "", Version: "v1", Resource: "persistentvolumeclaims"},
{Group: "", Version: "v1", Resource: "secrets"},
{Group: "", Version: "v1", Resource: "configmaps"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "roles"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "rolebindings"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterroles"},
{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterrolebindings"},
{Group: "apps", Version: "v1", Resource: "deployments"},
{Group: "apps", Version: "v1", Resource: "daemonsets"},
{Group: "apps", Version: "v1", Resource: "replicasets"},
{Group: "apps", Version: "v1", Resource: "statefulsets"},
{Group: "apps", Version: "v1", Resource: "controllerrevisions"},
{Group: "storage.k8s.io", Version: "v1", Resource: "storageclasses"},
{Group: "batch", Version: "v1", Resource: "jobs"},
{Group: "batch", Version: "v1beta1", Resource: "cronjobs"},
{Group: "extensions", Version: "v1beta1", Resource: "ingresses"},
{Group: "autoscaling", Version: "v2beta2", Resource: "horizontalpodautoscalers"},
},
// all supported kubesphere api objects
ClientKubeSphere: {
{Group: "tenant.kubesphere.io", Version: "v1alpha1", Resource: "workspaces"},
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2ibinaries"},
{Group: "servicemesh.kubesphere.io", Version: "v1alpha2", Resource: "strategies"},
{Group: "servicemesh.kubesphere.io", Version: "v1alpha2", Resource: "servicepolicies"},
},
// all supported istio api objects
ClientIstio: {},
// all supported s2i api objects
// TODO: move s2i clientset into kubesphere
ClientS2i: {
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2ibuildertemplates"},
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2iruns"},
{Group: "devops.kubesphere.io", Version: "v1alpha1", Resource: "s2ibuilders"},
},
// kubernetes-sigs application api objects
ClientApplication: {
{Group: "app.k8s.io", Version: "v1beta1", Resource: "applications"},
},
}
// List of all resource kinds supported by the UI.
const (
ResourceKindConfigMap = "configmaps"
ResourceKindDaemonSet = "daemonsets"
ResourceKindDeployment = "deployments"
ResourceKindEvent = "events"
ResourceKindHorizontalPodAutoscaler = "horizontalpodautoscalers"
ResourceKindIngress = "ingresses"
ResourceKindJob = "jobs"
ResourceKindCronJob = "cronjobs"
ResourceKindLimitRange = "limitranges"
ResourceKindNamespace = "namespaces"
ResourceKindNode = "nodes"
ResourceKindPersistentVolumeClaim = "persistentvolumeclaims"
ResourceKindPersistentVolume = "persistentvolumes"
ResourceKindCustomResourceDefinition = "customresourcedefinitions"
ResourceKindPod = "pods"
ResourceKindReplicaSet = "replicasets"
ResourceKindResourceQuota = "resourcequota"
ResourceKindSecret = "secrets"
ResourceKindService = "services"
ResourceKindStatefulSet = "statefulsets"
ResourceKindStorageClass = "storageclasses"
ResourceKindClusterRole = "clusterroles"
ResourceKindClusterRoleBinding = "clusterrolebindings"
ResourceKindRole = "roles"
ResourceKindRoleBinding = "rolebindings"
ResourceKindWorkspace = "workspaces"
ResourceKindS2iBinary = "s2ibinaries"
ResourceKindStrategy = "strategy"
ResourceKindServicePolicy = "servicepolicies"
ResourceKindS2iBuilderTemplate = "s2ibuildertemplates"
ResourceKindeS2iRun = "s2iruns"
ResourceKindS2iBuilder = "s2ibuilders"
ResourceKindApplication = "applications"
WorkspaceNone = ""
ClusterNone = ""
)

23
pkg/api/utils.go Normal file
View File

@@ -0,0 +1,23 @@
package api
import (
"github.com/emicklei/go-restful"
"net/http"
)
func HandleInternalError(response *restful.Response, req *restful.Request, err error) {
response.WriteError(http.StatusInternalServerError, err)
}
// HandleBadRequest writes http.StatusBadRequest and log error
func HandleBadRequest(response *restful.Response, req *restful.Request, err error) {
response.WriteError(http.StatusBadRequest, err)
}
func HandleNotFound(response *restful.Response, req *restful.Request, err error) {
response.WriteError(http.StatusNotFound, err)
}
func HandleForbidden(response *restful.Response, req *restful.Request, err error) {
response.WriteError(http.StatusForbidden, err)
}

248
pkg/apigateway/caddy-plugin/authenticate/authenticate.go
View File

@@ -1,248 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"errors"
"fmt"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/klog"
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/internal"
"kubesphere.io/kubesphere/pkg/simple/client/redis"
"log"
"net/http"
"strconv"
"strings"
"time"
"github.com/dgrijalva/jwt-go"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
type Auth struct {
Rule *Rule
Next httpserver.Handler
}
type Rule struct {
Secret []byte
Path string
RedisOptions *redis.RedisOptions
TokenIdleTimeout time.Duration
RedisClient *redis.RedisClient
ExclusionRules []internal.ExclusionRule
}
type User struct {
Username string `json:"username"`
UID string `json:"uid"`
Groups *[]string `json:"groups,omitempty"`
Extra *map[string]interface{} `json:"extra,omitempty"`
}
var requestInfoFactory = request.RequestInfoFactory{
APIPrefixes: sets.NewString("api", "apis", "kapis", "kapi"),
GrouplessAPIPrefixes: sets.NewString("api")}
func (h Auth) ServeHTTP(resp http.ResponseWriter, req *http.Request) (int, error) {
for _, rule := range h.Rule.ExclusionRules {
if httpserver.Path(req.URL.Path).Matches(rule.Path) && (rule.Method == internal.AllMethod || req.Method == rule.Method) {
return h.Next.ServeHTTP(resp, req)
}
}
if httpserver.Path(req.URL.Path).Matches(h.Rule.Path) {
uToken, err := h.ExtractToken(req)
if err != nil {
return h.HandleUnauthorized(resp, err), nil
}
token, err := h.Validate(uToken)
if err != nil {
return h.HandleUnauthorized(resp, err), nil
}
req, err = h.InjectContext(req, token)
if err != nil {
return h.HandleUnauthorized(resp, err), nil
}
}
return h.Next.ServeHTTP(resp, req)
}
func (h Auth) InjectContext(req *http.Request, token *jwt.Token) (*http.Request, error) {
payload, ok := token.Claims.(jwt.MapClaims)
if !ok {
return nil, errors.New("invalid payload")
}
for header := range req.Header {
if strings.HasPrefix(header, "X-Token-") {
req.Header.Del(header)
}
}
usr := &user.DefaultInfo{}
username, ok := payload["username"].(string)
if ok && username != "" {
req.Header.Set("X-Token-Username", username)
usr.Name = username
}
uid := payload["uid"]
if uid != nil {
switch uid.(type) {
case int:
req.Header.Set("X-Token-UID", strconv.Itoa(uid.(int)))
usr.UID = strconv.Itoa(uid.(int))
break
case string:
req.Header.Set("X-Token-UID", uid.(string))
usr.UID = uid.(string)
break
}
}
groups, ok := payload["groups"].([]string)
if ok && len(groups) > 0 {
req.Header.Set("X-Token-Groups", strings.Join(groups, ","))
usr.Groups = groups
}
// hard code, support jenkins auth plugin
if httpserver.Path(req.URL.Path).Matches("/kapis/jenkins.kubesphere.io") ||
httpserver.Path(req.URL.Path).Matches("job") ||
httpserver.Path(req.URL.Path).Matches("/kapis/devops.kubesphere.io/v1alpha2") {
req.SetBasicAuth(username, token.Raw)
}
context := request.WithUser(req.Context(), usr)
requestInfo, err := requestInfoFactory.NewRequestInfo(req)
if err == nil {
context = request.WithRequestInfo(context, requestInfo)
} else {
return nil, err
}
req = req.WithContext(context)
return req, nil
}
func (h Auth) Validate(uToken string) (*jwt.Token, error) {
if len(uToken) == 0 {
return nil, fmt.Errorf("token length is zero")
}
token, err := jwt.Parse(uToken, h.ProvideKey)
if err != nil {
klog.Errorln(err)
return nil, err
}
payload, ok := token.Claims.(jwt.MapClaims)
if !ok {
err := fmt.Errorf("invalid payload")
klog.Errorln(err)
return nil, err
}
username, ok := payload["username"].(string)
if !ok {
err := fmt.Errorf("invalid payload")
klog.Errorln(err)
return nil, err
}
if _, ok = payload["exp"]; ok {
// allow static token has expiration time
return token, nil
}
tokenKey := fmt.Sprintf("kubesphere:users:%s:token:%s", username, uToken)
exist, err := h.Rule.RedisClient.Redis().Exists(tokenKey).Result()
if err != nil {
klog.Error(err)
return nil, err
}
if exist == 1 {
// reset expiration time if token exist
h.Rule.RedisClient.Redis().Expire(tokenKey, h.Rule.TokenIdleTimeout)
return token, nil
} else {
return nil, errors.New("illegal token")
}
}
func (h Auth) HandleUnauthorized(w http.ResponseWriter, err error) int {
message := fmt.Sprintf("Unauthorized,%v", err)
w.Header().Add("WWW-Authenticate", message)
log.Println(message)
return http.StatusUnauthorized
}
func (h Auth) ExtractToken(r *http.Request) (string, error) {
jwtHeader := strings.Split(r.Header.Get("Authorization"), " ")
if jwtHeader[0] == "Bearer" && len(jwtHeader) == 2 {
return jwtHeader[1], nil
}
jwtCookie, err := r.Cookie("token")
if err == nil {
return jwtCookie.Value, nil
}
jwtQuery := r.URL.Query().Get("token")
if jwtQuery != "" {
return jwtQuery, nil
}
return "", fmt.Errorf("no token found")
}
func (h Auth) ProvideKey(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok {
return h.Rule.Secret, nil
} else {
return nil, fmt.Errorf("expect token signed with HMAC but got %v", token.Header["alg"])
}
}

152
pkg/apigateway/caddy-plugin/authenticate/auto_load.go
View File

@@ -1,152 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"fmt"
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/internal"
"kubesphere.io/kubesphere/pkg/simple/client/redis"
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
"time"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
func Setup(c *caddy.Controller) error {
rule, err := parse(c)
if err != nil {
return err
}
c.OnStartup(func() error {
rule.RedisClient, err = redis.NewRedisClient(rule.RedisOptions, nil)
// ensure redis is connected when startup
if err != nil {
return err
}
fmt.Println("Authenticate middleware is initiated")
return nil
})
c.OnShutdown(func() error {
return rule.RedisClient.Redis().Close()
})
httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
return &Auth{Next: next, Rule: rule}
})
return nil
}
func parse(c *caddy.Controller) (*Rule, error) {
rule := &Rule{}
rule.ExclusionRules = make([]internal.ExclusionRule, 0)
if c.Next() {
args := c.RemainingArgs()
switch len(args) {
case 0:
for c.NextBlock() {
switch c.Val() {
case "path":
if !c.NextArg() {
return nil, c.ArgErr()
}
rule.Path = c.Val()
if c.NextArg() {
return nil, c.ArgErr()
}
case "token-idle-timeout":
if !c.NextArg() {
return nil, c.ArgErr()
}
if timeout, err := time.ParseDuration(c.Val()); err != nil {
return nil, c.ArgErr()
} else {
rule.TokenIdleTimeout = timeout
}
if c.NextArg() {
return nil, c.ArgErr()
}
case "redis-url":
if !c.NextArg() {
return nil, c.ArgErr()
}
options := &redis.RedisOptions{RedisURL: c.Val()}
if err := options.Validate(); len(err) > 0 {
return nil, c.ArgErr()
} else {
rule.RedisOptions = options
}
if c.NextArg() {
return nil, c.ArgErr()
}
case "secret":
if !c.NextArg() {
return nil, c.ArgErr()
}
rule.Secret = []byte(c.Val())
if c.NextArg() {
return nil, c.ArgErr()
}
case "except":
if !c.NextArg() {
return nil, c.ArgErr()
}
method := c.Val()
if !sliceutil.HasString(internal.HttpMethods, method) {
return nil, c.ArgErr()
}
for c.NextArg() {
path := c.Val()
rule.ExclusionRules = append(rule.ExclusionRules, internal.ExclusionRule{Method: method, Path: path})
}
}
}
default:
return nil, c.ArgErr()
}
}
if c.Next() {
return nil, c.ArgErr()
}
if rule.RedisOptions == nil {
return nil, c.Err("redis-url must be specified")
}
return rule, nil
}

306
pkg/apigateway/caddy-plugin/authentication/authentication.go
View File

@@ -1,306 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authentication
import (
"context"
"errors"
"fmt"
"k8s.io/apiserver/pkg/authorization/authorizer"
"k8s.io/apiserver/pkg/endpoints/request"
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/internal"
"kubesphere.io/kubesphere/pkg/utils/k8sutil"
"log"
"net/http"
"strings"
"github.com/mholt/caddy/caddyhttp/httpserver"
"k8s.io/api/rbac/v1"
k8serr "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
)
type Authentication struct {
Rule *Rule
Next httpserver.Handler
}
type Rule struct {
Path string
ExclusionRules []internal.ExclusionRule
}
func (c Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
if httpserver.Path(r.URL.Path).Matches(c.Rule.Path) {
for _, rule := range c.Rule.ExclusionRules {
if httpserver.Path(r.URL.Path).Matches(rule.Path) && (rule.Method == internal.AllMethod || r.Method == rule.Method) {
return c.Next.ServeHTTP(w, r)
}
}
attrs, err := getAuthorizerAttributes(r.Context())
// without authenticate, no requestInfo found in the context
if err != nil {
return c.Next.ServeHTTP(w, r)
}
permitted, err := permissionValidate(attrs)
if err != nil {
return http.StatusInternalServerError, err
}
if !permitted {
err = k8serr.NewForbidden(schema.GroupResource{Group: attrs.GetAPIGroup(), Resource: attrs.GetResource()}, attrs.GetName(), fmt.Errorf("permission undefined"))
return handleForbidden(w, err), nil
}
}
return c.Next.ServeHTTP(w, r)
}
func handleForbidden(w http.ResponseWriter, err error) int {
message := fmt.Sprintf("Forbidden,%s", err.Error())
w.Header().Add("WWW-Authenticate", message)
log.Println(message)
return http.StatusForbidden
}
func permissionValidate(attrs authorizer.Attributes) (bool, error) {
if attrs.GetResource() == "users" && attrs.GetUser().GetName() == attrs.GetName() {
return true, nil
}
permitted, err := clusterRoleValidate(attrs)
if err != nil {
log.Println("lister error", err)
return false, err
}
if permitted {
return true, nil
}
if attrs.GetNamespace() != "" {
permitted, err = roleValidate(attrs)
if err != nil {
log.Println("lister error", err)
return false, err
}
if permitted {
return true, nil
}
}
return false, nil
}
func roleValidate(attrs authorizer.Attributes) (bool, error) {
roleBindingLister := informers.SharedInformerFactory().Rbac().V1().RoleBindings().Lister()
roleLister := informers.SharedInformerFactory().Rbac().V1().Roles().Lister()
roleBindings, err := roleBindingLister.RoleBindings(attrs.GetNamespace()).List(labels.Everything())
if err != nil {
return false, err
}
fullSource := attrs.GetResource()
if attrs.GetSubresource() != "" {
fullSource = fullSource + "/" + attrs.GetSubresource()
}
for _, roleBinding := range roleBindings {
if k8sutil.ContainsUser(roleBinding.Subjects, attrs.GetUser().GetName()) {
role, err := roleLister.Roles(attrs.GetNamespace()).Get(roleBinding.RoleRef.Name)
if err != nil {
if k8serr.IsNotFound(err) {
continue
}
return false, err
}
for _, rule := range role.Rules {
if ruleMatchesRequest(rule, attrs.GetAPIGroup(), "", attrs.GetResource(), attrs.GetSubresource(), attrs.GetName(), attrs.GetVerb()) {
return true, nil
}
}
}
}
return false, nil
}
func clusterRoleValidate(attrs authorizer.Attributes) (bool, error) {
clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
clusterRoleBindings, err := clusterRoleBindingLister.List(labels.Everything())
clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
if err != nil {
return false, err
}
for _, clusterRoleBinding := range clusterRoleBindings {
if k8sutil.ContainsUser(clusterRoleBinding.Subjects, attrs.GetUser().GetName()) {
clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name)
if err != nil {
if k8serr.IsNotFound(err) {
continue
}
return false, err
}
for _, rule := range clusterRole.Rules {
if attrs.IsResourceRequest() {
if ruleMatchesRequest(rule, attrs.GetAPIGroup(), "", attrs.GetResource(), attrs.GetSubresource(), attrs.GetName(), attrs.GetVerb()) {
return true, nil
}
} else {
if ruleMatchesRequest(rule, "", attrs.GetPath(), "", "", "", attrs.GetVerb()) {
return true, nil
}
}
}
}
}
return false, nil
}
func ruleMatchesResources(rule v1.PolicyRule, apiGroup string, resource string, subresource string, resourceName string) bool {
if resource == "" {
return false
}
if !sliceutil.HasString(rule.APIGroups, apiGroup) && !sliceutil.HasString(rule.APIGroups, v1.ResourceAll) {
return false
}
if len(rule.ResourceNames) > 0 && !sliceutil.HasString(rule.ResourceNames, resourceName) {
return false
}
combinedResource := resource
if subresource != "" {
combinedResource = combinedResource + "/" + subresource
}
for _, res := range rule.Resources {
// match "*"
if res == v1.ResourceAll || res == combinedResource {
return true
}
// match "*/subresource"
if len(subresource) > 0 && strings.HasPrefix(res, "*/") && subresource == strings.TrimLeft(res, "*/") {
return true
}
// match "resource/*"
if strings.HasSuffix(res, "/*") && resource == strings.TrimRight(res, "/*") {
return true
}
}
return false
}
func ruleMatchesRequest(rule v1.PolicyRule, apiGroup string, nonResourceURL string, resource string, subresource string, resourceName string, verb string) bool {
if !sliceutil.HasString(rule.Verbs, verb) && !sliceutil.HasString(rule.Verbs, v1.VerbAll) {
return false
}
if nonResourceURL == "" {
return ruleMatchesResources(rule, apiGroup, resource, subresource, resourceName)
} else {
return ruleMatchesNonResource(rule, nonResourceURL)
}
}
func ruleMatchesNonResource(rule v1.PolicyRule, nonResourceURL string) bool {
if nonResourceURL == "" {
return false
}
for _, spec := range rule.NonResourceURLs {
if pathMatches(nonResourceURL, spec) {
return true
}
}
return false
}
func pathMatches(path, spec string) bool {
if spec == "*" {
return true
}
if spec == path {
return true
}
if strings.HasSuffix(spec, "*") && strings.HasPrefix(path, strings.TrimRight(spec, "*")) {
return true
}
return false
}
func getAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error) {
attribs := authorizer.AttributesRecord{}
user, ok := request.UserFrom(ctx)
if ok {
attribs.User = user
}
requestInfo, found := request.RequestInfoFrom(ctx)
if !found {
return nil, errors.New("no RequestInfo found in the context")
}
// Start with common attributes that apply to resource and non-resource requests
attribs.ResourceRequest = requestInfo.IsResourceRequest
attribs.Path = requestInfo.Path
attribs.Verb = requestInfo.Verb
attribs.APIGroup = requestInfo.APIGroup
attribs.APIVersion = requestInfo.APIVersion
attribs.Resource = requestInfo.Resource
attribs.Subresource = requestInfo.Subresource
attribs.Namespace = requestInfo.Namespace
attribs.Name = requestInfo.Name
return &attribs, nil
}

117
pkg/apigateway/caddy-plugin/authentication/auto_load.go
View File

@@ -1,117 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authentication
import (
"fmt"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/httpserver"
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/internal"
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
"kubesphere.io/kubesphere/pkg/informers"
)
// Setup is called by Caddy to parse the config block
func Setup(c *caddy.Controller) error {
rule, err := parse(c)
if err != nil {
return err
}
stopChan := make(chan struct{}, 0)
c.OnStartup(func() error {
informerFactory := informers.SharedInformerFactory()
informerFactory.Rbac().V1().Roles().Lister()
informerFactory.Rbac().V1().RoleBindings().Lister()
informerFactory.Rbac().V1().ClusterRoles().Lister()
informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
informerFactory.Start(stopChan)
informerFactory.WaitForCacheSync(stopChan)
fmt.Println("Authentication middleware is initiated")
return nil
})
c.OnShutdown(func() error {
close(stopChan)
return nil
})
httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
return &Authentication{Next: next, Rule: rule}
})
return nil
}
func parse(c *caddy.Controller) (*Rule, error) {
rule := &Rule{}
rule.ExclusionRules = make([]internal.ExclusionRule, 0)
if c.Next() {
args := c.RemainingArgs()
switch len(args) {
case 0:
for c.NextBlock() {
switch c.Val() {
case "path":
if !c.NextArg() {
return rule, c.ArgErr()
}
rule.Path = c.Val()
if c.NextArg() {
return rule, c.ArgErr()
}
break
case "except":
if !c.NextArg() {
return nil, c.ArgErr()
}
method := c.Val()
if !sliceutil.HasString(internal.HttpMethods, method) {
return nil, c.ArgErr()
}
for c.NextArg() {
path := c.Val()
rule.ExclusionRules = append(rule.ExclusionRules, internal.ExclusionRule{Method: method, Path: path})
}
break
}
}
case 1:
rule.Path = args[0]
if c.NextBlock() {
return rule, c.ArgErr()
}
default:
return rule, c.ArgErr()
}
}
if c.Next() {
return rule, c.ArgErr()
}
return rule, nil
}

32
pkg/apigateway/caddy-plugin/internal/exclusion_rule.go
View File

@@ -1,32 +0,0 @@
/*
*
* Copyright 2019 The KubeSphere Authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* /
*/
package internal
import "net/http"
const AllMethod = "*"
var HttpMethods = []string{AllMethod, http.MethodPost, http.MethodDelete,
http.MethodPatch, http.MethodPut, http.MethodGet, http.MethodOptions, http.MethodConnect}
// Path exclusion rule
type ExclusionRule struct {
Method string
Path string
}

93
pkg/apigateway/caddy-plugin/swagger/auto_load.go
View File

@@ -1,93 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"fmt"
"net/http"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
func Setup(c *caddy.Controller) error {
handler, err := parse(c)
if err != nil {
return err
}
c.OnStartup(func() error {
fmt.Println("Swagger middleware is initiated")
return nil
})
httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
return &Swagger{Next: next, Handler: handler}
})
return nil
}
func parse(c *caddy.Controller) (Handler, error) {
handler := Handler{URL: "/swagger-ui", FilePath: "/var/static/swagger-ui"}
if c.Next() {
args := c.RemainingArgs()
switch len(args) {
case 0:
for c.NextBlock() {
switch c.Val() {
case "url":
if !c.NextArg() {
return handler, c.ArgErr()
}
handler.URL = c.Val()
if c.NextArg() {
return handler, c.ArgErr()
}
case "filePath":
if !c.NextArg() {
return handler, c.ArgErr()
}
handler.FilePath = c.Val()
if c.NextArg() {
return handler, c.ArgErr()
}
default:
return handler, c.ArgErr()
}
}
default:
return handler, c.ArgErr()
}
}
if c.Next() {
return handler, c.ArgErr()
}
handler.Handler = http.StripPrefix(handler.URL, http.FileServer(http.Dir(handler.FilePath)))
return handler, nil
}

45
pkg/apigateway/caddy-plugin/swagger/swagger.go
View File

@@ -1,45 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"net/http"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
type Swagger struct {
Handler Handler
Next httpserver.Handler
}
type Handler struct {
URL string
FilePath string
Handler http.Handler
}
func (h Swagger) ServeHTTP(resp http.ResponseWriter, req *http.Request) (int, error) {
if httpserver.Path(req.URL.Path).Matches(h.Handler.URL) {
h.Handler.Handler.ServeHTTP(resp, req)
return http.StatusOK, nil
}
return h.Next.ServeHTTP(resp, req)
}

26
pkg/apigateway/plugins.go
View File

@@ -1,26 +0,0 @@
package apigateway
import (
"github.com/mholt/caddy"
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/authenticate"
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/authentication"
swagger "kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/swagger"
)
func RegisterPlugins() {
caddy.RegisterPlugin("swagger", caddy.Plugin{
ServerType: "http",
Action: swagger.Setup,
})
caddy.RegisterPlugin("authenticate", caddy.Plugin{
ServerType: "http",
Action: authenticate.Setup,
})
caddy.RegisterPlugin("authentication", caddy.Plugin{
ServerType: "http",
Action: authentication.Setup,
})
}

9
pkg/apis/addtoscheme_cluster_v1alpha1.go Normal file
View File

@@ -0,0 +1,9 @@
package apis
import (
"kubesphere.io/kubesphere/pkg/apis/cluster/v1alpha1"
)
func init() {
AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme)
}

26
pkg/apis/addtoscheme_devops_v1alpha3.go Normal file
View File

@@ -0,0 +1,26 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package apis
import (
api "kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3"
)
func init() {
// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
AddToSchemes = append(AddToSchemes, api.SchemeBuilder.AddToScheme)
}

26
pkg/apis/addtoscheme_iam_v1alpha2.go Normal file
View File

@@ -0,0 +1,26 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package apis
import (
iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
)
func init() {
// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
AddToSchemes = append(AddToSchemes, iamv1alpha2.SchemeBuilder.AddToScheme)
}

1
pkg/apis/cluster/group.go Normal file
View File

@@ -0,0 +1 @@
package cluster

162
pkg/apis/cluster/v1alpha1/cluster_types.go Normal file
View File

@@ -0,0 +1,162 @@
package v1alpha1
import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
ResourceKindCluster = "Cluster"
ResourcesSingularCluster = "cluster"
ResourcesPluralCluster = "clusters"
IsHostCluster = "cluster.kubesphere.io/is-host-cluster"
// Description of which region the cluster been placed
ClusterRegion = "cluster.kubesphere.io/region"
// Name of the cluster group
ClusterGroup = "cluster.kubesphere.io/group"
Finalizer = "finalizer.cluster.kubesphere.io"
)
type ClusterSpec struct {
// Join cluster as a kubefed cluster
JoinFederation bool `json:"joinFederation,omitempty"`
// Desired state of the cluster
Enable bool `json:"enable,omitempty"`
// Provider of the cluster, this field is just for description
Provider string `json:"provider,omitempty"`
// Connection holds info to connect to the member cluster
Connection Connection `json:"connection,omitempty"`
}
type ConnectionType string
const (
ConnectionTypeDirect ConnectionType = "direct"
ConnectionTypeProxy ConnectionType = "proxy"
)
type Connection struct {
// type defines how host cluster will connect to host cluster
// ConnectionTypeDirect means direct connection, this requires
// kubeconfig and kubesphere apiserver endpoint provided
// ConnectionTypeProxy means using kubesphere proxy, no kubeconfig
// or kubesphere apiserver endpoint required
Type ConnectionType `json:"type,omitempty"`
// KubeSphere API Server endpoint. Example: http://10.10.0.11:8080
// Should provide this field explicitly if connection type is direct.
// Will be populated by ks-apiserver if connection type is proxy.
KubeSphereAPIEndpoint string `json:"kubesphereAPIEndpoint,omitempty"`
// Kubernetes API Server endpoint. Example: https://10.10.0.1:6443
// Should provide this field explicitly if connection type is direct.
// Will be populated by ks-apiserver if connection type is proxy.
KubernetesAPIEndpoint string `json:"kubernetesAPIEndpoint,omitempty"`
// KubeConfig content used to connect to cluster api server
// Should provide this field explicitly if connection type is direct.
// Will be populated by ks-proxy if connection type is proxy.
KubeConfig []byte `json:"kubeconfig,omitempty"`
// Token used by agents of member cluster to connect to host cluster proxy.
// This field is populated by apiserver only if connection type is proxy.
Token string `json:"token,omitempty"`
// KubeAPIServerPort is the port which listens for forwarding kube-apiserver traffic
// Only applicable when connection type is proxy.
KubernetesAPIServerPort uint16 `json:"kubernetesAPIServerPort,omitempty"`
// KubeSphereAPIServerPort is the port which listens for forwarding kubesphere apigateway traffic
// Only applicable when connection type is proxy.
KubeSphereAPIServerPort uint16 `json:"kubesphereAPIServerPort,omitempty"`
}
type ClusterConditionType string
const (
// Cluster agent is initialized and waiting for connecting
ClusterInitialized ClusterConditionType = "Initialized"
// Cluster agent is available
ClusterAgentAvailable ClusterConditionType = "AgentAvailable"
// Cluster has been one of federated clusters
ClusterFederated ClusterConditionType = "Federated"
// Cluster is all available for requests
ClusterReady ClusterConditionType = "Ready"
)
type ClusterCondition struct {
// Type of the condition
Type ClusterConditionType `json:"type"`
// Status of the condition, one of True, False, Unknown.
Status v1.ConditionStatus `json:"status"`
// The last time this condition was updated.
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
// Last time the condition transitioned from one status to another.
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// The reason for the condition's last transition.
Reason string `json:"reason,omitempty"`
// A human readable message indicating details about the transition.
Message string `json:"message,omitempty"`
}
type ClusterStatus struct {
// Represents the latest available observations of a cluster's current state.
Conditions []ClusterCondition `json:"conditions,omitempty"`
// GitVersion of the kubernetes cluster, this field is populated by cluster controller
KubernetesVersion string `json:"kubernetesVersion,omitempty"`
// Count of the kubernetes cluster nodes
// This field may not reflect the instant status of the cluster.
NodeCount int `json:"nodeCount,omitempty"`
// Zones are the names of availability zones in which the nodes of the cluster exist, e.g. 'us-east1-a'.
// +optional
Zones []string `json:"zones,omitempty"`
// Region is the name of the region in which all of the nodes in the cluster exist. e.g. 'us-east1'.
// +optional
Region *string `json:"region,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:openapi-gen=true
// +genclient:nonNamespaced
// +kubebuilder:printcolumn:name="Federated",type="boolean",JSONPath=".spec.joinFederation"
// +kubebuilder:printcolumn:name="Provider",type="string",JSONPath=".spec.provider"
// +kubebuilder:printcolumn:name="Active",type="boolean",JSONPath=".spec.enable"
// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.kubernetesVersion"
// +kubebuilder:resource:scope=Cluster
// Cluster is the schema for the clusters API
type Cluster struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterSpec `json:"spec,omitempty"`
Status ClusterStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ClusterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Cluster `json:"items"`
}
func init() {
SchemeBuilder.Register(&Cluster{}, &ClusterList{})
}

8
pkg/apis/cluster/v1alpha1/doc.go Normal file
View File

@@ -0,0 +1,8 @@
// Package v1alpha1 contains API Schema definitions for the tower v1alpha1 API group
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=kubesphere.io/kubesphere/pkg/apis/cluster
// +k8s:defaulter-gen=TypeMeta
// +groupName=cluster.kubesphere.io
package v1alpha1

Some files were not shown because too many files have changed in this diff Show More