vendor/k8s.io/apiserver/pkg/apis/config/types.go - cloudstack-kubernetes-provider - Git at Google

 /*
 Copyright 2018 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */

 package config

 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

 // LeaderElectionConfiguration defines the configuration of leader election
 // clients for components that can run with leader election enabled.
 type LeaderElectionConfiguration struct {
 	// leaderElect enables a leader election client to gain leadership
 	// before executing the main loop. Enable this when running replicated
 	// components for high availability.
 	LeaderElect bool
 	// leaseDuration is the duration that non-leader candidates will wait
 	// after observing a leadership renewal until attempting to acquire
 	// leadership of a led but unrenewed leader slot. This is effectively the
 	// maximum duration that a leader can be stopped before it is replaced
 	// by another candidate. This is only applicable if leader election is
 	// enabled.
 	LeaseDuration metav1.Duration
 	// renewDeadline is the interval between attempts by the acting master to
 	// renew a leadership slot before it stops leading. This must be less
 	// than or equal to the lease duration. This is only applicable if leader
 	// election is enabled.
 	RenewDeadline metav1.Duration
 	// retryPeriod is the duration the clients should wait between attempting
 	// acquisition and renewal of a leadership. This is only applicable if
 	// leader election is enabled.
 	RetryPeriod metav1.Duration
 	// resourceLock indicates the resource object type that will be used to lock
 	// during leader election cycles.
 	ResourceLock string
 }

 // DebuggingConfiguration holds configuration for Debugging related features.
 type DebuggingConfiguration struct {
 	// enableProfiling enables profiling via web interface host:port/debug/pprof/
 	EnableProfiling bool
 	// enableContentionProfiling enables lock contention profiling, if
 	// enableProfiling is true.
 	EnableContentionProfiling bool
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // EncryptionConfiguration stores the complete configuration for encryption providers.
 type EncryptionConfiguration struct {
 	metav1.TypeMeta
 	// resources is a list containing resources, and their corresponding encryption providers.
 	Resources []ResourceConfiguration
 }

 // ResourceConfiguration stores per resource configuration.
 type ResourceConfiguration struct {
 	// resources is a list of kubernetes resources which have to be encrypted.
 	Resources []string
 	// providers is a list of transformers to be used for reading and writing the resources to disk.
 	// eg: aesgcm, aescbc, secretbox, identity.
 	Providers []ProviderConfiguration
 }

 // ProviderConfiguration stores the provided configuration for an encryption provider.
 type ProviderConfiguration struct {
 	// aesgcm is the configuration for the AES-GCM transformer.
 	AESGCM *AESConfiguration
 	// aescbc is the configuration for the AES-CBC transformer.
 	AESCBC *AESConfiguration
 	// secretbox is the configuration for the Secretbox based transformer.
 	Secretbox *SecretboxConfiguration
 	// identity is the (empty) configuration for the identity transformer.
 	Identity *IdentityConfiguration
 	// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
 	KMS *KMSConfiguration
 }

 // AESConfiguration contains the API configuration for an AES transformer.
 type AESConfiguration struct {
 	// keys is a list of keys to be used for creating the AES transformer.
 	// Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM.
 	Keys []Key
 }

 // SecretboxConfiguration contains the API configuration for an Secretbox transformer.
 type SecretboxConfiguration struct {
 	// keys is a list of keys to be used for creating the Secretbox transformer.
 	// Each key has to be 32 bytes long.
 	Keys []Key
 }

 // Key contains name and secret of the provided key for a transformer.
 type Key struct {
 	// name is the name of the key to be used while storing data to disk.
 	Name string
 	// secret is the actual key, encoded in base64.
 	Secret string
 }

 // IdentityConfiguration is an empty struct to allow identity transformer in provider configuration.
 type IdentityConfiguration struct{}

 // KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer.
 type KMSConfiguration struct {
 	// name is the name of the KMS plugin to be used.
 	Name string
 	// cacheSize is the maximum number of secrets which are cached in memory. The default value is 1000.
 	// +optional
 	CacheSize int32
 	// endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock".
 	Endpoint string
 }
	/*
	Copyright 2018 The Kubernetes Authors.

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	*/

	package config

	import (
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	)

	// LeaderElectionConfiguration defines the configuration of leader election
	// clients for components that can run with leader election enabled.
	type LeaderElectionConfiguration struct {
	// leaderElect enables a leader election client to gain leadership
	// before executing the main loop. Enable this when running replicated
	// components for high availability.
	LeaderElect bool
	// leaseDuration is the duration that non-leader candidates will wait
	// after observing a leadership renewal until attempting to acquire
	// leadership of a led but unrenewed leader slot. This is effectively the
	// maximum duration that a leader can be stopped before it is replaced
	// by another candidate. This is only applicable if leader election is
	// enabled.
	LeaseDuration metav1.Duration
	// renewDeadline is the interval between attempts by the acting master to
	// renew a leadership slot before it stops leading. This must be less
	// than or equal to the lease duration. This is only applicable if leader
	// election is enabled.
	RenewDeadline metav1.Duration
	// retryPeriod is the duration the clients should wait between attempting
	// acquisition and renewal of a leadership. This is only applicable if
	// leader election is enabled.
	RetryPeriod metav1.Duration
	// resourceLock indicates the resource object type that will be used to lock
	// during leader election cycles.
	ResourceLock string
	}

	// DebuggingConfiguration holds configuration for Debugging related features.
	type DebuggingConfiguration struct {
	// enableProfiling enables profiling via web interface host:port/debug/pprof/
	EnableProfiling bool
	// enableContentionProfiling enables lock contention profiling, if
	// enableProfiling is true.
	EnableContentionProfiling bool
	}

	// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

	// EncryptionConfiguration stores the complete configuration for encryption providers.
	type EncryptionConfiguration struct {
	metav1.TypeMeta
	// resources is a list containing resources, and their corresponding encryption providers.
	Resources []ResourceConfiguration
	}

	// ResourceConfiguration stores per resource configuration.
	type ResourceConfiguration struct {
	// resources is a list of kubernetes resources which have to be encrypted.
	Resources []string
	// providers is a list of transformers to be used for reading and writing the resources to disk.
	// eg: aesgcm, aescbc, secretbox, identity.
	Providers []ProviderConfiguration
	}

	// ProviderConfiguration stores the provided configuration for an encryption provider.
	type ProviderConfiguration struct {
	// aesgcm is the configuration for the AES-GCM transformer.
	AESGCM *AESConfiguration
	// aescbc is the configuration for the AES-CBC transformer.
	AESCBC *AESConfiguration
	// secretbox is the configuration for the Secretbox based transformer.
	Secretbox *SecretboxConfiguration
	// identity is the (empty) configuration for the identity transformer.
	Identity *IdentityConfiguration
	// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
	KMS *KMSConfiguration
	}

	// AESConfiguration contains the API configuration for an AES transformer.
	type AESConfiguration struct {
	// keys is a list of keys to be used for creating the AES transformer.
	// Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM.
	Keys []Key
	}

	// SecretboxConfiguration contains the API configuration for an Secretbox transformer.
	type SecretboxConfiguration struct {
	// keys is a list of keys to be used for creating the Secretbox transformer.
	// Each key has to be 32 bytes long.
	Keys []Key
	}

	// Key contains name and secret of the provided key for a transformer.
	type Key struct {
	// name is the name of the key to be used while storing data to disk.
	Name string
	// secret is the actual key, encoded in base64.
	Secret string
	}

	// IdentityConfiguration is an empty struct to allow identity transformer in provider configuration.
	type IdentityConfiguration struct{}

	// KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer.
	type KMSConfiguration struct {
	// name is the name of the KMS plugin to be used.
	Name string
	// cacheSize is the maximum number of secrets which are cached in memory. The default value is 1000.
	// +optional
	CacheSize int32
	// endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock".
	Endpoint string
	}