package k8s.io.api.flowcontrol.v1alpha1

Get desktop application:
View/edit binary Protocol Buffers messages

FlowDistinguisherMethod specifies the method of a flow distinguisher.

Used in: FlowSchemaSpec

• optional string type = 1

  `type` is the type of flow distinguisher method The supported types are "ByUser" and "ByNamespace". Required.

FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".

Used in: FlowSchemaList

• optional apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1

  `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional

• optional FlowSchemaSpec spec = 2

  `spec` is the specification of the desired behavior of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional

• optional FlowSchemaStatus status = 3

  `status` is the current status of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional

FlowSchemaCondition describes conditions for a FlowSchema.

Used in: FlowSchemaStatus

• optional string type = 1

  `type` is the type of the condition. Required.

• optional string status = 2

  `status` is the status of the condition. Can be True, False, Unknown. Required.

• optional apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3

  `lastTransitionTime` is the last time the condition transitioned from one status to another.

• optional string reason = 4

  `reason` is a unique, one-word, CamelCase reason for the condition's last transition.

• optional string message = 5

  `message` is a human-readable message indicating details about last transition.

FlowSchemaList is a list of FlowSchema objects.

• optional apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1

  `metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional

• repeated FlowSchema items = 2

  `items` is a list of FlowSchemas.

FlowSchemaSpec describes how the FlowSchema's specification looks like.

Used in: FlowSchema

• optional PriorityLevelConfigurationReference priorityLevelConfiguration = 1

  `priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot be resolved, the FlowSchema will be ignored and marked as invalid in its status. Required.

• optional int32 matchingPrecedence = 2

  `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default. +optional

• optional FlowDistinguisherMethod distinguisherMethod = 3

  `distinguisherMethod` defines how to compute the flow distinguisher for requests that match this schema. `nil` specifies that the distinguisher is disabled and thus will always be the empty string. +optional

• repeated PolicyRulesWithSubjects rules = 4

  `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema. +listType=atomic +optional

FlowSchemaStatus represents the current state of a FlowSchema.

Used in: FlowSchema

• repeated FlowSchemaCondition conditions = 1

  `conditions` is a list of the current states of FlowSchema. +listType=map +listMapKey=type +optional

GroupSubject holds detailed information for group-kind subject.

Used in: Subject

• optional string name = 1

  name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.

LimitResponse defines how to handle requests that can not be executed right now. +union

Used in: LimitedPriorityLevelConfiguration

• optional string type = 1

  `type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required. +unionDiscriminator

• optional QueuingConfiguration queuing = 2

  `queuing` holds the configuration parameters for queuing. This field may be non-empty only if `type` is `"Queue"`. +optional

LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues: * How are requests for this priority level limited? * What should be done with requests that exceed the limit?

Used in: PriorityLevelConfigurationSpec

• optional int32 assuredConcurrencyShares = 1

  `assuredConcurrencyShares` (ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level: ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) ) bigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30. +optional

• optional LimitResponse limitResponse = 2

  `limitResponse` indicates what to do with requests that can not be executed right now

NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.

Used in: PolicyRulesWithSubjects

• repeated string verbs = 1

  `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. +listType=set Required.

• repeated string nonResourceURLs = 6

  `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. For example: - "/healthz" is legal - "/hea*" is illegal - "/hea" is legal but matches nothing - "/hea/*" also matches nothing - "/healthz/*" matches all per-component health checks. "*" matches all non-resource urls. if it is present, it must be the only entry. +listType=set Required.

PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.

Used in: FlowSchemaSpec

• repeated Subject subjects = 1

  subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. +listType=atomic Required.

• repeated ResourcePolicyRule resourceRules = 2

  `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty. +listType=atomic +optional

• repeated NonResourcePolicyRule nonResourceRules = 3

  `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL. +listType=atomic +optional

PriorityLevelConfiguration represents the configuration of a priority level.

Used in: PriorityLevelConfigurationList

• optional apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1

  `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional

• optional PriorityLevelConfigurationSpec spec = 2

  `spec` is the specification of the desired behavior of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional

• optional PriorityLevelConfigurationStatus status = 3

  `status` is the current status of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional

PriorityLevelConfigurationCondition defines the condition of priority level.

Used in: PriorityLevelConfigurationStatus

• optional string type = 1

  `type` is the type of the condition. Required.

• optional string status = 2

  `status` is the status of the condition. Can be True, False, Unknown. Required.

• optional apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3

  `lastTransitionTime` is the last time the condition transitioned from one status to another.

• optional string reason = 4

  `reason` is a unique, one-word, CamelCase reason for the condition's last transition.

• optional string message = 5

  `message` is a human-readable message indicating details about last transition.

PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects.

• optional apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1

  `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional

• repeated PriorityLevelConfiguration items = 2

  `items` is a list of request-priorities.

PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.

Used in: FlowSchemaSpec

• optional string name = 1

  `name` is the name of the priority level configuration being referenced Required.

PriorityLevelConfigurationSpec specifies the configuration of a priority level. +union

Used in: PriorityLevelConfiguration

• optional string type = 1

  `type` indicates whether this priority level is subject to limitation on request execution. A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required. +unionDiscriminator

• optional LimitedPriorityLevelConfiguration limited = 2

  `limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `"Limited"`. +optional

PriorityLevelConfigurationStatus represents the current state of a "request-priority".

Used in: PriorityLevelConfiguration

• repeated PriorityLevelConfigurationCondition conditions = 1

  `conditions` is the current state of "request-priority". +listType=map +listMapKey=type +optional

QueuingConfiguration holds the configuration parameters for queuing

Used in: LimitResponse

• optional int32 queues = 1

  `queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive. Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant. This field has a default value of 64. +optional

• optional int32 handSize = 2

  `handSize` is a small positive number that configures the shuffle sharding of requests into queues. When enqueuing a request at this priority level the request's flow identifier (a string pair) is hashed and the hash value is used to shuffle the list of queues and deal a hand of the size specified here. The request is put into one of the shortest queues in that hand. `handSize` must be no larger than `queues`, and should be significantly smaller (so that a few heavy flows do not saturate most of the queues). See the user-facing documentation for more extensive guidance on setting this field. This field has a default value of 8. +optional

• optional int32 queueLengthLimit = 3

  `queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected. This value must be positive. If not specified, it will be defaulted to 50. +optional

ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace.

Used in: PolicyRulesWithSubjects

• repeated string verbs = 1

  `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. +listType=set Required.

• repeated string apiGroups = 2

  `apiGroups` is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. +listType=set Required.

• repeated string resources = 3

  `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ "services", "nodes/status" ]. This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required. +listType=set

• optional bool clusterScope = 4

  `clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list. +optional

• repeated string namespaces = 5

  `namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*". Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true. +optional +listType=set

ServiceAccountSubject holds detailed information for service-account-kind subject.

Used in: Subject

• optional string namespace = 1

  `namespace` is the namespace of matching ServiceAccount objects. Required.

• optional string name = 2

  `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.

Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account. +union

Used in: PolicyRulesWithSubjects

• optional string kind = 1

  `kind` indicates which one of the other fields is non-empty. Required +unionDiscriminator

• optional UserSubject user = 2

  `user` matches based on username. +optional

• optional GroupSubject group = 3

  `group` matches based on user group name. +optional

• optional ServiceAccountSubject serviceAccount = 4

  `serviceAccount` matches ServiceAccounts. +optional

UserSubject holds detailed information for user-kind subject.

Used in: Subject

• optional string name = 1

  `name` is the username that matches, or "*" to match all usernames. Required.