Matteo Scandolo | a428586 | 2020-12-01 18:10:10 -0800 | [diff] [blame^] | 1 | /* |
| 2 | Copyright 2019 The Kubernetes Authors. |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package v1alpha1 |
| 18 | |
| 19 | import ( |
| 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| 21 | ) |
| 22 | |
| 23 | // These are valid wildcards. |
| 24 | const ( |
| 25 | APIGroupAll = "*" |
| 26 | ResourceAll = "*" |
| 27 | VerbAll = "*" |
| 28 | NonResourceAll = "*" |
| 29 | NameAll = "*" |
| 30 | |
| 31 | NamespaceEvery = "*" // matches every particular namespace |
| 32 | ) |
| 33 | |
| 34 | // System preset priority level names |
| 35 | const ( |
| 36 | PriorityLevelConfigurationNameExempt = "exempt" |
| 37 | PriorityLevelConfigurationNameCatchAll = "catch-all" |
| 38 | FlowSchemaNameExempt = "exempt" |
| 39 | FlowSchemaNameCatchAll = "catch-all" |
| 40 | ) |
| 41 | |
| 42 | // Conditions |
| 43 | const ( |
| 44 | FlowSchemaConditionDangling = "Dangling" |
| 45 | |
| 46 | PriorityLevelConfigurationConditionConcurrencyShared = "ConcurrencyShared" |
| 47 | ) |
| 48 | |
| 49 | // Constants used by api validation. |
| 50 | const ( |
| 51 | FlowSchemaMaxMatchingPrecedence int32 = 10000 |
| 52 | ) |
| 53 | |
| 54 | // +genclient |
| 55 | // +genclient:nonNamespaced |
| 56 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 57 | |
| 58 | // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with |
| 59 | // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". |
| 60 | type FlowSchema struct { |
| 61 | metav1.TypeMeta `json:",inline"` |
| 62 | // `metadata` is the standard object's metadata. |
| 63 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
| 64 | // +optional |
| 65 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 66 | // `spec` is the specification of the desired behavior of a FlowSchema. |
| 67 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
| 68 | // +optional |
| 69 | Spec FlowSchemaSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 70 | // `status` is the current status of a FlowSchema. |
| 71 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
| 72 | // +optional |
| 73 | Status FlowSchemaStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 74 | } |
| 75 | |
| 76 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 77 | |
| 78 | // FlowSchemaList is a list of FlowSchema objects. |
| 79 | type FlowSchemaList struct { |
| 80 | metav1.TypeMeta `json:",inline"` |
| 81 | // `metadata` is the standard list metadata. |
| 82 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
| 83 | // +optional |
| 84 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 85 | |
| 86 | // `items` is a list of FlowSchemas. |
| 87 | Items []FlowSchema `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 88 | } |
| 89 | |
| 90 | // FlowSchemaSpec describes how the FlowSchema's specification looks like. |
| 91 | type FlowSchemaSpec struct { |
| 92 | // `priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot |
| 93 | // be resolved, the FlowSchema will be ignored and marked as invalid in its status. |
| 94 | // Required. |
| 95 | PriorityLevelConfiguration PriorityLevelConfigurationReference `json:"priorityLevelConfiguration" protobuf:"bytes,1,opt,name=priorityLevelConfiguration"` |
| 96 | // `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen |
| 97 | // FlowSchema is among those with the numerically lowest (which we take to be logically highest) |
| 98 | // MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. |
| 99 | // Note that if the precedence is not specified, it will be set to 1000 as default. |
| 100 | // +optional |
| 101 | MatchingPrecedence int32 `json:"matchingPrecedence" protobuf:"varint,2,opt,name=matchingPrecedence"` |
| 102 | // `distinguisherMethod` defines how to compute the flow distinguisher for requests that match this schema. |
| 103 | // `nil` specifies that the distinguisher is disabled and thus will always be the empty string. |
| 104 | // +optional |
| 105 | DistinguisherMethod *FlowDistinguisherMethod `json:"distinguisherMethod,omitempty" protobuf:"bytes,3,opt,name=distinguisherMethod"` |
| 106 | // `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if |
| 107 | // at least one member of rules matches the request. |
| 108 | // if it is an empty slice, there will be no requests matching the FlowSchema. |
| 109 | // +listType=atomic |
| 110 | // +optional |
| 111 | Rules []PolicyRulesWithSubjects `json:"rules,omitempty" protobuf:"bytes,4,rep,name=rules"` |
| 112 | } |
| 113 | |
| 114 | // FlowDistinguisherMethodType is the type of flow distinguisher method |
| 115 | type FlowDistinguisherMethodType string |
| 116 | |
| 117 | // These are valid flow-distinguisher methods. |
| 118 | const ( |
| 119 | // FlowDistinguisherMethodByUserType specifies that the flow distinguisher is the username in the request. |
| 120 | // This type is used to provide some insulation between users. |
| 121 | FlowDistinguisherMethodByUserType FlowDistinguisherMethodType = "ByUser" |
| 122 | |
| 123 | // FlowDistinguisherMethodByNamespaceType specifies that the flow distinguisher is the namespace of the |
| 124 | // object that the request acts upon. If the object is not namespaced, or if the request is a non-resource |
| 125 | // request, then the distinguisher will be the empty string. An example usage of this type is to provide |
| 126 | // some insulation between tenants in a situation where there are multiple tenants and each namespace |
| 127 | // is dedicated to a tenant. |
| 128 | FlowDistinguisherMethodByNamespaceType FlowDistinguisherMethodType = "ByNamespace" |
| 129 | ) |
| 130 | |
| 131 | // FlowDistinguisherMethod specifies the method of a flow distinguisher. |
| 132 | type FlowDistinguisherMethod struct { |
| 133 | // `type` is the type of flow distinguisher method |
| 134 | // The supported types are "ByUser" and "ByNamespace". |
| 135 | // Required. |
| 136 | Type FlowDistinguisherMethodType `json:"type" protobuf:"bytes,1,opt,name=type"` |
| 137 | } |
| 138 | |
| 139 | // PriorityLevelConfigurationReference contains information that points to the "request-priority" being used. |
| 140 | type PriorityLevelConfigurationReference struct { |
| 141 | // `name` is the name of the priority level configuration being referenced |
| 142 | // Required. |
| 143 | Name string `json:"name" protobuf:"bytes,1,opt,name=name"` |
| 144 | } |
| 145 | |
| 146 | // PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject |
| 147 | // making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches |
| 148 | // a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member |
| 149 | // of resourceRules or nonResourceRules matches the request. |
| 150 | type PolicyRulesWithSubjects struct { |
| 151 | // subjects is the list of normal user, serviceaccount, or group that this rule cares about. |
| 152 | // There must be at least one member in this slice. |
| 153 | // A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. |
| 154 | // +listType=atomic |
| 155 | // Required. |
| 156 | Subjects []Subject `json:"subjects" protobuf:"bytes,1,rep,name=subjects"` |
| 157 | // `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the |
| 158 | // target resource. |
| 159 | // At least one of `resourceRules` and `nonResourceRules` has to be non-empty. |
| 160 | // +listType=atomic |
| 161 | // +optional |
| 162 | ResourceRules []ResourcePolicyRule `json:"resourceRules,omitempty" protobuf:"bytes,2,opt,name=resourceRules"` |
| 163 | // `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb |
| 164 | // and the target non-resource URL. |
| 165 | // +listType=atomic |
| 166 | // +optional |
| 167 | NonResourceRules []NonResourcePolicyRule `json:"nonResourceRules,omitempty" protobuf:"bytes,3,opt,name=nonResourceRules"` |
| 168 | } |
| 169 | |
| 170 | // Subject matches the originator of a request, as identified by the request authentication system. There are three |
| 171 | // ways of matching an originator; by user, group, or service account. |
| 172 | // +union |
| 173 | type Subject struct { |
| 174 | // Required |
| 175 | // +unionDiscriminator |
| 176 | Kind SubjectKind `json:"kind" protobuf:"bytes,1,opt,name=kind"` |
| 177 | // +optional |
| 178 | User *UserSubject `json:"user,omitempty" protobuf:"bytes,2,opt,name=user"` |
| 179 | // +optional |
| 180 | Group *GroupSubject `json:"group,omitempty" protobuf:"bytes,3,opt,name=group"` |
| 181 | // +optional |
| 182 | ServiceAccount *ServiceAccountSubject `json:"serviceAccount,omitempty" protobuf:"bytes,4,opt,name=serviceAccount"` |
| 183 | } |
| 184 | |
| 185 | // SubjectKind is the kind of subject. |
| 186 | type SubjectKind string |
| 187 | |
| 188 | // Supported subject's kinds. |
| 189 | const ( |
| 190 | SubjectKindUser SubjectKind = "User" |
| 191 | SubjectKindGroup SubjectKind = "Group" |
| 192 | SubjectKindServiceAccount SubjectKind = "ServiceAccount" |
| 193 | ) |
| 194 | |
| 195 | // UserSubject holds detailed information for user-kind subject. |
| 196 | type UserSubject struct { |
| 197 | // `name` is the username that matches, or "*" to match all usernames. |
| 198 | // Required. |
| 199 | Name string `json:"name" protobuf:"bytes,1,opt,name=name"` |
| 200 | } |
| 201 | |
| 202 | // GroupSubject holds detailed information for group-kind subject. |
| 203 | type GroupSubject struct { |
| 204 | // name is the user group that matches, or "*" to match all user groups. |
| 205 | // See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some |
| 206 | // well-known group names. |
| 207 | // Required. |
| 208 | Name string `json:"name" protobuf:"bytes,1,opt,name=name"` |
| 209 | } |
| 210 | |
| 211 | // ServiceAccountSubject holds detailed information for service-account-kind subject. |
| 212 | type ServiceAccountSubject struct { |
| 213 | // `namespace` is the namespace of matching ServiceAccount objects. |
| 214 | // Required. |
| 215 | Namespace string `json:"namespace" protobuf:"bytes,1,opt,name=namespace"` |
| 216 | // `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. |
| 217 | // Required. |
| 218 | Name string `json:"name" protobuf:"bytes,2,opt,name=name"` |
| 219 | } |
| 220 | |
| 221 | // ResourcePolicyRule is a predicate that matches some resource |
| 222 | // requests, testing the request's verb and the target resource. A |
| 223 | // ResourcePolicyRule matches a resource request if and only if: (a) |
| 224 | // at least one member of verbs matches the request, (b) at least one |
| 225 | // member of apiGroups matches the request, (c) at least one member of |
| 226 | // resources matches the request, and (d) least one member of |
| 227 | // namespaces matches the request. |
| 228 | type ResourcePolicyRule struct { |
| 229 | // `verbs` is a list of matching verbs and may not be empty. |
| 230 | // "*" matches all verbs and, if present, must be the only entry. |
| 231 | // +listType=set |
| 232 | // Required. |
| 233 | Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"` |
| 234 | |
| 235 | // `apiGroups` is a list of matching API groups and may not be empty. |
| 236 | // "*" matches all API groups and, if present, must be the only entry. |
| 237 | // +listType=set |
| 238 | // Required. |
| 239 | APIGroups []string `json:"apiGroups" protobuf:"bytes,2,rep,name=apiGroups"` |
| 240 | |
| 241 | // `resources` is a list of matching resources (i.e., lowercase |
| 242 | // and plural) with, if desired, subresource. For example, [ |
| 243 | // "services", "nodes/status" ]. This list may not be empty. |
| 244 | // "*" matches all resources and, if present, must be the only entry. |
| 245 | // Required. |
| 246 | // +listType=set |
| 247 | Resources []string `json:"resources" protobuf:"bytes,3,rep,name=resources"` |
| 248 | |
| 249 | // `clusterScope` indicates whether to match requests that do not |
| 250 | // specify a namespace (which happens either because the resource |
| 251 | // is not namespaced or the request targets all namespaces). |
| 252 | // If this field is omitted or false then the `namespaces` field |
| 253 | // must contain a non-empty list. |
| 254 | // +optional |
| 255 | ClusterScope bool `json:"clusterScope,omitempty" protobuf:"varint,4,opt,name=clusterScope"` |
| 256 | |
| 257 | // `namespaces` is a list of target namespaces that restricts |
| 258 | // matches. A request that specifies a target namespace matches |
| 259 | // only if either (a) this list contains that target namespace or |
| 260 | // (b) this list contains "*". Note that "*" matches any |
| 261 | // specified namespace but does not match a request that _does |
| 262 | // not specify_ a namespace (see the `clusterScope` field for |
| 263 | // that). |
| 264 | // This list may be empty, but only if `clusterScope` is true. |
| 265 | // +optional |
| 266 | // +listType=set |
| 267 | Namespaces []string `json:"namespaces" protobuf:"bytes,5,rep,name=namespaces"` |
| 268 | } |
| 269 | |
| 270 | // NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the |
| 271 | // target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member |
| 272 | // of verbs matches the request and (b) at least one member of nonResourceURLs matches the request. |
| 273 | type NonResourcePolicyRule struct { |
| 274 | // `verbs` is a list of matching verbs and may not be empty. |
| 275 | // "*" matches all verbs. If it is present, it must be the only entry. |
| 276 | // +listType=set |
| 277 | // Required. |
| 278 | Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"` |
| 279 | // `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. |
| 280 | // For example: |
| 281 | // - "/healthz" is legal |
| 282 | // - "/hea*" is illegal |
| 283 | // - "/hea" is legal but matches nothing |
| 284 | // - "/hea/*" also matches nothing |
| 285 | // - "/healthz/*" matches all per-component health checks. |
| 286 | // "*" matches all non-resource urls. if it is present, it must be the only entry. |
| 287 | // +listType=set |
| 288 | // Required. |
| 289 | NonResourceURLs []string `json:"nonResourceURLs" protobuf:"bytes,6,rep,name=nonResourceURLs"` |
| 290 | } |
| 291 | |
| 292 | // FlowSchemaStatus represents the current state of a FlowSchema. |
| 293 | type FlowSchemaStatus struct { |
| 294 | // `conditions` is a list of the current states of FlowSchema. |
| 295 | // +listType=map |
| 296 | // +listMapKey=type |
| 297 | // +optional |
| 298 | Conditions []FlowSchemaCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"` |
| 299 | } |
| 300 | |
| 301 | // FlowSchemaCondition describes conditions for a FlowSchema. |
| 302 | type FlowSchemaCondition struct { |
| 303 | // `type` is the type of the condition. |
| 304 | // Required. |
| 305 | Type FlowSchemaConditionType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"` |
| 306 | // `status` is the status of the condition. |
| 307 | // Can be True, False, Unknown. |
| 308 | // Required. |
| 309 | Status ConditionStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"` |
| 310 | // `lastTransitionTime` is the last time the condition transitioned from one status to another. |
| 311 | LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` |
| 312 | // `reason` is a unique, one-word, CamelCase reason for the condition's last transition. |
| 313 | Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` |
| 314 | // `message` is a human-readable message indicating details about last transition. |
| 315 | Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` |
| 316 | } |
| 317 | |
| 318 | // FlowSchemaConditionType is a valid value for FlowSchemaStatusCondition.Type |
| 319 | type FlowSchemaConditionType string |
| 320 | |
| 321 | // +genclient |
| 322 | // +genclient:nonNamespaced |
| 323 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 324 | |
| 325 | // PriorityLevelConfiguration represents the configuration of a priority level. |
| 326 | type PriorityLevelConfiguration struct { |
| 327 | metav1.TypeMeta `json:",inline"` |
| 328 | // `metadata` is the standard object's metadata. |
| 329 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
| 330 | // +optional |
| 331 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 332 | // `spec` is the specification of the desired behavior of a "request-priority". |
| 333 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
| 334 | // +optional |
| 335 | Spec PriorityLevelConfigurationSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 336 | // `status` is the current status of a "request-priority". |
| 337 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
| 338 | // +optional |
| 339 | Status PriorityLevelConfigurationStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 340 | } |
| 341 | |
| 342 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 343 | |
| 344 | // PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects. |
| 345 | type PriorityLevelConfigurationList struct { |
| 346 | metav1.TypeMeta `json:",inline"` |
| 347 | // `metadata` is the standard object's metadata. |
| 348 | // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
| 349 | // +optional |
| 350 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 351 | // `items` is a list of request-priorities. |
| 352 | Items []PriorityLevelConfiguration `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 353 | } |
| 354 | |
| 355 | // PriorityLevelConfigurationSpec specifies the configuration of a priority level. |
| 356 | // +union |
| 357 | type PriorityLevelConfigurationSpec struct { |
| 358 | // `type` indicates whether this priority level is subject to |
| 359 | // limitation on request execution. A value of `"Exempt"` means |
| 360 | // that requests of this priority level are not subject to a limit |
| 361 | // (and thus are never queued) and do not detract from the |
| 362 | // capacity made available to other priority levels. A value of |
| 363 | // `"Limited"` means that (a) requests of this priority level |
| 364 | // _are_ subject to limits and (b) some of the server's limited |
| 365 | // capacity is made available exclusively to this priority level. |
| 366 | // Required. |
| 367 | // +unionDiscriminator |
| 368 | Type PriorityLevelEnablement `json:"type" protobuf:"bytes,1,opt,name=type"` |
| 369 | |
| 370 | // `limited` specifies how requests are handled for a Limited priority level. |
| 371 | // This field must be non-empty if and only if `type` is `"Limited"`. |
| 372 | // +optional |
| 373 | Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"` |
| 374 | } |
| 375 | |
| 376 | // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level |
| 377 | type PriorityLevelEnablement string |
| 378 | |
| 379 | // Supported priority level enablement values. |
| 380 | const ( |
| 381 | // PriorityLevelEnablementExempt means that requests are not subject to limits |
| 382 | PriorityLevelEnablementExempt PriorityLevelEnablement = "Exempt" |
| 383 | |
| 384 | // PriorityLevelEnablementLimited means that requests are subject to limits |
| 385 | PriorityLevelEnablementLimited PriorityLevelEnablement = "Limited" |
| 386 | ) |
| 387 | |
| 388 | // LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. |
| 389 | // It addresses two issues: |
| 390 | // * How are requests for this priority level limited? |
| 391 | // * What should be done with requests that exceed the limit? |
| 392 | type LimitedPriorityLevelConfiguration struct { |
| 393 | // `assuredConcurrencyShares` (ACS) configures the execution |
| 394 | // limit, which is a limit on the number of requests of this |
| 395 | // priority level that may be exeucting at a given time. ACS must |
| 396 | // be a positive number. The server's concurrency limit (SCL) is |
| 397 | // divided among the concurrency-controlled priority levels in |
| 398 | // proportion to their assured concurrency shares. This produces |
| 399 | // the assured concurrency value (ACV) --- the number of requests |
| 400 | // that may be executing at a time --- for each such priority |
| 401 | // level: |
| 402 | // |
| 403 | // ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) ) |
| 404 | // |
| 405 | // bigger numbers of ACS mean more reserved concurrent requests (at the |
| 406 | // expense of every other PL). |
| 407 | // This field has a default value of 30. |
| 408 | // +optional |
| 409 | AssuredConcurrencyShares int32 `json:"assuredConcurrencyShares" protobuf:"varint,1,opt,name=assuredConcurrencyShares"` |
| 410 | |
| 411 | // `limitResponse` indicates what to do with requests that can not be executed right now |
| 412 | LimitResponse LimitResponse `json:"limitResponse,omitempty" protobuf:"bytes,2,opt,name=limitResponse"` |
| 413 | } |
| 414 | |
| 415 | // LimitResponse defines how to handle requests that can not be executed right now. |
| 416 | // +union |
| 417 | type LimitResponse struct { |
| 418 | // `type` is "Queue" or "Reject". |
| 419 | // "Queue" means that requests that can not be executed upon arrival |
| 420 | // are held in a queue until they can be executed or a queuing limit |
| 421 | // is reached. |
| 422 | // "Reject" means that requests that can not be executed upon arrival |
| 423 | // are rejected. |
| 424 | // Required. |
| 425 | // +unionDiscriminator |
| 426 | Type LimitResponseType `json:"type" protobuf:"bytes,1,opt,name=type"` |
| 427 | |
| 428 | // `queuing` holds the configuration parameters for queuing. |
| 429 | // This field may be non-empty only if `type` is `"Queue"`. |
| 430 | // +optional |
| 431 | Queuing *QueuingConfiguration `json:"queuing,omitempty" protobuf:"bytes,2,opt,name=queuing"` |
| 432 | } |
| 433 | |
| 434 | // LimitResponseType identifies how a Limited priority level handles a request that can not be executed right now |
| 435 | type LimitResponseType string |
| 436 | |
| 437 | // Supported limit responses. |
| 438 | const ( |
| 439 | // LimitResponseTypeQueue means that requests that can not be executed right now are queued until they can be executed or a queuing limit is hit |
| 440 | LimitResponseTypeQueue LimitResponseType = "Queue" |
| 441 | |
| 442 | // LimitResponseTypeReject means that requests that can not be executed right now are rejected |
| 443 | LimitResponseTypeReject LimitResponseType = "Reject" |
| 444 | ) |
| 445 | |
| 446 | // QueuingConfiguration holds the configuration parameters for queuing |
| 447 | type QueuingConfiguration struct { |
| 448 | // `queues` is the number of queues for this priority level. The |
| 449 | // queues exist independently at each apiserver. The value must be |
| 450 | // positive. Setting it to 1 effectively precludes |
| 451 | // shufflesharding and thus makes the distinguisher method of |
| 452 | // associated flow schemas irrelevant. This field has a default |
| 453 | // value of 64. |
| 454 | // +optional |
| 455 | Queues int32 `json:"queues" protobuf:"varint,1,opt,name=queues"` |
| 456 | |
| 457 | // `handSize` is a small positive number that configures the |
| 458 | // shuffle sharding of requests into queues. When enqueuing a request |
| 459 | // at this priority level the request's flow identifier (a string |
| 460 | // pair) is hashed and the hash value is used to shuffle the list |
| 461 | // of queues and deal a hand of the size specified here. The |
| 462 | // request is put into one of the shortest queues in that hand. |
| 463 | // `handSize` must be no larger than `queues`, and should be |
| 464 | // significantly smaller (so that a few heavy flows do not |
| 465 | // saturate most of the queues). See the user-facing |
| 466 | // documentation for more extensive guidance on setting this |
| 467 | // field. This field has a default value of 8. |
| 468 | // +optional |
| 469 | HandSize int32 `json:"handSize" protobuf:"varint,2,opt,name=handSize"` |
| 470 | |
| 471 | // `queueLengthLimit` is the maximum number of requests allowed to |
| 472 | // be waiting in a given queue of this priority level at a time; |
| 473 | // excess requests are rejected. This value must be positive. If |
| 474 | // not specified, it will be defaulted to 50. |
| 475 | // +optional |
| 476 | QueueLengthLimit int32 `json:"queueLengthLimit" protobuf:"varint,3,opt,name=queueLengthLimit"` |
| 477 | } |
| 478 | |
| 479 | // PriorityLevelConfigurationConditionType is a valid value for PriorityLevelConfigurationStatusCondition.Type |
| 480 | type PriorityLevelConfigurationConditionType string |
| 481 | |
| 482 | // PriorityLevelConfigurationStatus represents the current state of a "request-priority". |
| 483 | type PriorityLevelConfigurationStatus struct { |
| 484 | // `conditions` is the current state of "request-priority". |
| 485 | // +listType=map |
| 486 | // +listMapKey=type |
| 487 | // +optional |
| 488 | Conditions []PriorityLevelConfigurationCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"` |
| 489 | } |
| 490 | |
| 491 | // PriorityLevelConfigurationCondition defines the condition of priority level. |
| 492 | type PriorityLevelConfigurationCondition struct { |
| 493 | // `type` is the type of the condition. |
| 494 | // Required. |
| 495 | Type PriorityLevelConfigurationConditionType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"` |
| 496 | // `status` is the status of the condition. |
| 497 | // Can be True, False, Unknown. |
| 498 | // Required. |
| 499 | Status ConditionStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"` |
| 500 | // `lastTransitionTime` is the last time the condition transitioned from one status to another. |
| 501 | LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` |
| 502 | // `reason` is a unique, one-word, CamelCase reason for the condition's last transition. |
| 503 | Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` |
| 504 | // `message` is a human-readable message indicating details about last transition. |
| 505 | Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` |
| 506 | } |
| 507 | |
| 508 | // ConditionStatus is the status of the condition. |
| 509 | type ConditionStatus string |
| 510 | |
| 511 | // These are valid condition statuses. "ConditionTrue" means a resource is in the condition. |
| 512 | // "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes |
| 513 | // can't decide if a resource is in the condition or not. In the future, we could add other |
| 514 | // intermediate conditions, e.g. ConditionDegraded. |
| 515 | const ( |
| 516 | ConditionTrue ConditionStatus = "True" |
| 517 | ConditionFalse ConditionStatus = "False" |
| 518 | ConditionUnknown ConditionStatus = "Unknown" |
| 519 | ) |