API documentation (v1alpha1)
API Documentation (v1alpha1)
This document is automatically generated from the API definition in the code.
Page Contents
CertificateSpec
CertificateSpec holds settings for the TunnelProxy's ingress exposed Certificate.
Field | Description | Scheme | Required |
---|---|---|---|
issuerRef | IssuerRef is a reference to an | false | |
certificateSecretRef | CertificateSecretRef is a reference to a secret of type TLS that holds a TLS certificate, private key and CA certificate. The certificate must be valid for the Ingress hostname. The secret must be located in the same namespace of the TunnelProxy. | v1.LocalObjectReference | false |
IngressSpec
IngressSpec holds settings for the TunnelProxy managed Ingress.
Field | Description | Scheme | Required |
---|---|---|---|
annotations | Annotations allows to set-up important metadata to configure DNS records and certificate generation | map[string]string | false |
certificate | Certificate holds settings for the cluster's TunnelProxy exposed Certificate. | false |
IssuerReference
IssuerReference is a reference to an issuer with a given name, kind and group.
Field | Description | Scheme | Required |
---|---|---|---|
name | Name of the issuer being referred to. | string | true |
kind | Kind of the issuer being referred to. | string | false |
group | Group of the issuer being referred to. | string | false |
TunnelProxy
Describes the local endpoint for the tunnel. A remote cluster will connect to this endpoint to create a tunnel.
Field | Description | Scheme | Required |
---|---|---|---|
metadata | false | ||
spec | false | ||
status | false |
TunnelProxyList
Contains a list of TunnelProxy
.
Field | Description | Scheme | Required |
---|---|---|---|
metadata | false | ||
items | true |
TunnelProxySpec
TunnelProxy describes the exposition of an remote KommanderCluster through the Management cluster.
Field | Description | Scheme | Required |
---|---|---|---|
clusterProxyDomain | ClusterProxyDomain sets the desired domain to expose the remote cluster. It expects a domain name without scheme and without port. Ex. "traefik.kommander.cluster", "traefik.kommander.cluster" "10.0.0.1" | string | true |
caBundle | CABundle is a PEM encoded CA bundle which should be used to verify the TLS connection for the Ingress-served end-entity certificate. | []byte | false |
remoteClusterEndpoint | RemoteClusterEndpoint points to the remote cluster Endpoint (i.e. Traefik instance). It expects a URL without scheme and (optionally) a port. Ex. "traefik.kommander.cluster", "traefik.kommander.cluster:8080" "10.0.0.1" | string | false |
ingress | Ingress holds settings for the TunnelProxy managed Ingress for the proxied cluster. | false | |
tunnelConnectorRef | TunnelConnectorRef points to the TunnelConnector object to be used by the ReverseProxy | v1.LocalObjectReference | true |
TunnelProxyStatus
Field | Description | Scheme | Required |
---|---|---|---|
conditions | Conditions contains the status conditions of the object. | []metav1.Condition | false |
clusterProxyDomain | ClusterProxyDomain returns the actual domain to reach the remote cluster. | string | true |
clientAuthSecretName | ClientAuthSecretName returns the name of the secret containing the mTLS client-auth Certificate Authority. | string | true |
reverseProxyReleaseName | ReverseProxyReleaseName returns the name of the Helm release for the ReverseProxy. | string | true |
TunnelGateway
Provides an endpoint for remote clusters to connect to the management cluster.
Field | Description | Scheme | Required |
---|---|---|---|
metadata | false | ||
spec | false |
TunnelGatewayIngressSpec
Field | Description | Scheme | Required |
---|---|---|---|
loadBalancer | Ingress point for the load-balancer. Traffic intended for the service should be sent to these ingress points. If not specified, the controller will derive from the Ingress record status field. | corev1.LoadBalancerIngress | false |
host | Restrict access to requests addressed to a specific host or domain using the | string | false |
urlPathPrefix | URL path prefix to prepend to all endpoints. For example, if this field is set to | string | false |
caSecretRef | A secret reference to the root CA required to verify the ingress endpoints. The secret should have type | corev1.ObjectReference | false |
extraAnnotations | Extra annotations to set on the Ingress object. | map[string]string | false |
TunnelGatewayList
Contains a list of TunnelGateway
.
Field | Description | Scheme | Required |
---|---|---|---|
metadata | false | ||
items | []TunnelGateway | true |
TunnelGatewaySpec
If no ingress is set, the services will only be accessible on localhost
.
Field | Description | Scheme | Required |
---|---|---|---|
ingress | Expose services using an Ingress as specified in the | false |
KubeconfigWebhookStatus
Status of the kubeconfig webhook.
Field | Description | Scheme | Required |
---|---|---|---|
deploymentRef | A reference to the deployment for the kubeconfig webhook. | corev1.LocalObjectReference | false |
serviceRef | A reference to the service for the kubeconfig webhook. | corev1.LocalObjectReference | false |
ingressRef | A reference to the ingress for the kubeconfig webhook. | corev1.LocalObjectReference | false |
TunnelAgentStatus
Status of the tunnel agent.
Field | Description | Scheme | Required |
---|---|---|---|
manifestsRef | A reference to a secret holding YAML manifests for launching the tunnel agent on the target cluster. The secret is a generic typed secret with filenames as the keys. There might be multiple files in the secret. | corev1.LocalObjectReference | false |
TunnelConnector
Describes the local endpoint for the tunnel. A remote cluster will connect to this endpoint to create a tunnel.
Field | Description | Scheme | Required |
---|---|---|---|
metadata | false | ||
spec | false | ||
status | false |
TunnelConnectorList
Contains a list of TunnelConnector
.
Field | Description | Scheme | Required |
---|---|---|---|
metadata | false | ||
items | true |
TunnelConnectorSpec
Field | Description | Scheme | Required |
---|---|---|---|
gatewayRef | A reference to the | corev1.LocalObjectReference | false |
proxyPort | The port for the tunnel proxy. | int32 | false |
TunnelConnectorStatus
Field | Description | Scheme | Required |
---|---|---|---|
state | State of the tunnel connector: | TunnelConnectorState | false |
tunnelServer | Status of the tunnel server. | false | |
kubeconfigWebhook | Status of the kubeconfig webhook. | false | |
tunnelAgent | Status of the tunnel agent. | false | |
serviceAccountRef | A reference to the service account that will be used for registration (of the tunnel agent) and authentication purpose. | corev1.LocalObjectReference | false |
roleRef | A reference to the role that will be bound to the service account for authorization purpose. | corev1.LocalObjectReference | false |
roleBindingRef | A reference to the rolebinding that will be created to bind the service account and the role. | corev1.LocalObjectReference | false |
kubeconfigRef | A reference to the secret holding the KUBECONFIG that the clients can use to talk to the API server of the target cluster when it becomes available. | corev1.LocalObjectReference | false |
gatewayObservedGeneration | The generation of the linked TunnelGateway object associated with this object. When the linked TunnelGateway object is updated, a controller will update this status field which will in turn trigger a reconciliation of this object. | int64 | false |
TunnelServerStatus
Status of the tunnel server.
Field | Description | Scheme | Required |
---|---|---|---|
deploymentRef | A reference to the deployment for the tunnel server. | corev1.LocalObjectReference | false |
serviceRef | A reference to the service for the tunnel server. | corev1.LocalObjectReference | false |
ingressRef | A reference to the ingress for the tunnel server. | corev1.LocalObjectReference | false |