blob: 1413a48caa4e03c2883f6a7f3297c04d6eaba390 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
type Proxy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds user-settable values for the proxy configuration
// +kubebuilder:validation:Required
// +required
Spec ProxySpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ProxyStatus `json:"status"`
}
// ProxySpec contains cluster proxy creation configuration.
type ProxySpec struct {
// httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
// +optional
HTTPProxy string `json:"httpProxy,omitempty"`
// httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
// +optional
HTTPSProxy string `json:"httpsProxy,omitempty"`
// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
// Empty means unset and will not result in an env var.
// +optional
NoProxy string `json:"noProxy,omitempty"`
// readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
// +optional
ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"`
// trustedCA is a reference to a ConfigMap containing a CA certificate bundle used
// for client egress HTTPS connections. The certificate bundle must be from the CA
// that signed the proxy's certificate and be signed for everything. The trustedCA
// field should only be consumed by a proxy validator. The validator is responsible
// for reading the certificate bundle from required key "ca-bundle.crt" and copying
// it to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed"
// namespace. The namespace for the ConfigMap referenced by trustedCA is
// "openshift-config". Here is an example ConfigMap (in yaml):
//
// apiVersion: v1
// kind: ConfigMap
// metadata:
// name: user-ca-bundle
// namespace: openshift-config
// data:
// ca-bundle.crt: |
// -----BEGIN CERTIFICATE-----
// Custom CA certificate bundle.
// -----END CERTIFICATE-----
//
// +optional
TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"`
}
// ProxyStatus shows current known state of the cluster proxy.
type ProxyStatus struct {
// httpProxy is the URL of the proxy for HTTP requests.
// +optional
HTTPProxy string `json:"httpProxy,omitempty"`
// httpsProxy is the URL of the proxy for HTTPS requests.
// +optional
HTTPSProxy string `json:"httpsProxy,omitempty"`
// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
// +optional
NoProxy string `json:"noProxy,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ProxyList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
metav1.ListMeta `json:"metadata"`
Items []Proxy `json:"items"`
}
|
