Module auditregistration/v1alpha1

@pulumi/kubernetes > auditregistration > v1alpha1

Index

• function isAuditSink
• function isAuditSinkList
• interface AuditSink
• interface AuditSinkList
• interface AuditSinkSpec
• interface Policy
• interface ServiceReference
• interface Webhook
• interface WebhookClientConfig
• interface WebhookThrottleConfig

types/input.ts types/output.ts

function isAuditSink

isAuditSink(o: any): boolean

function isAuditSinkList

isAuditSinkList(o: any): boolean

interface AuditSink

AuditSink represents a cluster level audit sink

property apiVersion

apiVersion: string;

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

property kind

kind: string;

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

property metadata

metadata: ObjectMeta;

property spec

spec: AuditSinkSpec;

Spec defines the audit configuration spec

interface AuditSinkList

AuditSinkList is a list of AuditSink items.

property apiVersion

apiVersion: string;

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

property items

items: AuditSink[];

List of audit configurations.

property kind

kind: string;

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

property metadata

metadata: ListMeta;

interface AuditSinkSpec

AuditSinkSpec holds the spec for the audit sink

property policy

policy: Policy;

Policy defines the policy for selecting which events should be sent to the webhook required

property webhook

webhook: Webhook;

Webhook to send events required

interface Policy

Policy defines the configuration of how audit events are logged

property level

level: string;

The Level that all requests are recorded at. available options: None, Metadata, Request, RequestResponse required

property stages

stages: string[];

Stages is a list of stages for which events are created.

interface ServiceReference

ServiceReference holds a reference to Service.legacy.k8s.io

property name

name: string;

name is the name of the service. Required

property namespace

namespace: string;

namespace is the namespace of the service. Required

property path

path: string;

path is an optional URL path which will be sent in any request to this service.

interface Webhook

Webhook holds the configuration of the webhook

property clientConfig

clientConfig: WebhookClientConfig;

ClientConfig holds the connection parameters for the webhook required

property throttle

throttle: WebhookThrottleConfig;

Throttle holds the options for throttling the webhook

interface WebhookClientConfig

WebhookClientConfig contains the information to make a connection with the webhook

property caBundle

caBundle: string;

caBundle is a PEM encoded CA bundle which will be used to validate the webhook’s server certificate. If unspecified, system trust roots on the apiserver are used.

property service

service: ServiceReference;

service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

Port 443 will be used if it is open, otherwise it is an error.

property url

url: string;

url gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

The host should not refer to a service running in the cluster; use the service field instead. The host might be resolved via external DNS in some apiservers (e.g., kube-apiserver cannot resolve in-cluster DNS as that would be a layering violation). host may also be an IP address.

Please note that using localhost or 127.0.0.1 as a host is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be “https”; the URL must begin with “https://”.

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. “user:password@” is not allowed. Fragments (“#…”) and query parameters (“?…”) are not allowed, either.

interface WebhookThrottleConfig

WebhookThrottleConfig holds the configuration for throttling events

property burst

burst: number;

ThrottleBurst is the maximum number of events sent at the same moment default 15 QPS

property qps

qps: number;

ThrottleQPS maximum number of batches per second default 10 QPS