github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enabled discrimination on target namespace

Browse Source 
Generalized ResourcePolicyRule in API Priority and Fairness to be able
to discriminate on the target namespace (if any) specified in the
request.
This commit is contained in:
Mike Spreitzer
2019-11-06 22:14:15 -05:00
parent 85bc79d81f
commit 3b77bc8054
11 changed files with 526 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
api/openapi-spec/swagger.json generated
View File

@@ -14264,10 +14264,18 @@
"type": "object"
},
"io.k8s.api.flowcontrol.v1alpha1.ResourcePolicyRule": {
"description": "ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member of resources matches the request.",
"description": "ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) least one member of namespaces matches the request.",
"properties": {
"apiGroups": {
"description": "`apiGroups` is a list of matching API groups and may not be empty. \"*\" matches all api-groups. if it is present, it must be the only entry. Required.",
"description": "`apiGroups` is a list of matching API groups and may not be empty. \"*\" matches all API groups and, if present, must be the only entry. Required.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "set"
},
"namespaces": {
"description": "`namespaces` is a list of target namespaces that restricts matches. A request that does not specify a target namespace (which happens both when the resource is not namespaced and when the resource is namespaced and the request is for all namespaces) matches only if this list includes \"Cluster Scope\" (this string is not a valid namespace and thus can not be confused with an actual namespace). A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains \"*\".\n\nThis list may not be omitted or empty. If the list contains \"*\" then the only other allowed member is \"Cluster Scope\". Without \"*\", it is allowed to list \"Cluster Scope\" along with particular namespaces.\n\nRequests will match only if the values in this list are appropriate for the resource(s) involved. For example: for a cluster scoped resource (i.e., one not namespaced) a request can match only if this list contains \"Cluster Scope\". It is entirely up to the client to populate this list with appropriate values; the server-performed validation does not (at least in this alpha) address this issue.",
"items": {
"type": "string"
},
@@ -14275,7 +14283,7 @@
"x-kubernetes-list-type": "set"
},
"resources": {
"description": "`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ \"services\", \"nodes/status\" ]. This list may not be empty. \"*\" matches all resources. if it is present, it must be the only entry. Required.",
"description": "`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ \"services\", \"nodes/status\" ]. This list may not be empty. \"*\" matches all resources and, if present, must be the only entry. Required.",
"items": {
"type": "string"
},
@@ -14283,7 +14291,7 @@
"x-kubernetes-list-type": "set"
},
"verbs": {
"description": "`verbs` is a list of matching verbs and may not be empty. \"*\" matches all verbs. if it is present, it must be the only entry. Required.",
"description": "`verbs` is a list of matching verbs and may not be empty. \"*\" matches all verbs and, if present, must be the only entry. Required.",
"items": {
"type": "string"
},
@@ -14294,7 +14302,8 @@
"required": [
"verbs",
"apiGroups",
"resources"
"resources",
"namespaces"
],
"type": "object"
},