Module auditregistration/v1alpha1
@pulumi/kubernetes > auditregistration > v1alpha1
Index ▹
function isAuditSink
function isAuditSinkList
interface AuditSink
AuditSink represents a cluster level audit sink
property apiVersion
apiVersion: string;
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
property kind
kind: string;
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
property metadata
metadata: ObjectMeta;
property spec
spec: AuditSinkSpec;
Spec defines the audit configuration spec
interface AuditSinkList
AuditSinkList is a list of AuditSink items.
property apiVersion
apiVersion: string;
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
property items
items: AuditSink[];
List of audit configurations.
property kind
kind: string;
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
property metadata
metadata: ListMeta;
interface AuditSinkSpec
AuditSinkSpec holds the spec for the audit sink
property policy
policy: Policy;
Policy defines the policy for selecting which events should be sent to the webhook required
property webhook
webhook: Webhook;
Webhook to send events required
interface Policy
Policy defines the configuration of how audit events are logged
property level
level: string;
The Level that all requests are recorded at. available options: None, Metadata, Request, RequestResponse required
property stages
stages: string[];
Stages is a list of stages for which events are created.
interface ServiceReference
ServiceReference holds a reference to Service.legacy.k8s.io
property name
name: string;
name
is the name of the service. Required
property namespace
namespace: string;
namespace
is the namespace of the service. Required
property path
path: string;
path
is an optional URL path which will be sent in any request to this service.
interface Webhook
Webhook holds the configuration of the webhook
property clientConfig
clientConfig: WebhookClientConfig;
ClientConfig holds the connection parameters for the webhook required
property throttle
throttle: WebhookThrottleConfig;
Throttle holds the options for throttling the webhook
interface WebhookClientConfig
WebhookClientConfig contains the information to make a connection with the webhook
property caBundle
caBundle: string;
caBundle
is a PEM encoded CA bundle which will be used to validate the webhook’s server
certificate. If unspecified, system trust roots on the apiserver are used.
property service
service: ServiceReference;
service
is a reference to the service for this webhook. Either service
or url
must be
specified.
If the webhook is running within the cluster, then you should use service
.
Port 443 will be used if it is open, otherwise it is an error.
property url
url: string;
url
gives the location of the webhook, in standard URL form (scheme://host:port/path
).
Exactly one of url
or service
must be specified.
The host
should not refer to a service running in the cluster; use the service
field
instead. The host might be resolved via external DNS in some apiservers (e.g.,
kube-apiserver
cannot resolve in-cluster DNS as that would be a layering violation).
host
may also be an IP address.
Please note that using localhost
or 127.0.0.1
as a host
is risky unless you take
great care to run this webhook on all hosts which run an apiserver which might need to make
calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn
up in a new cluster.
The scheme must be “https”; the URL must begin with “https://”.
A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
Attempting to use a user or basic auth e.g. “user:password@” is not allowed. Fragments (“#…”) and query parameters (“?…”) are not allowed, either.
interface WebhookThrottleConfig
WebhookThrottleConfig holds the configuration for throttling events
property burst
burst: number;
ThrottleBurst is the maximum number of events sent at the same moment default 15 QPS
property qps
qps: number;
ThrottleQPS maximum number of batches per second default 10 QPS