API documentation (v1alpha1)

issuerRef

IssuerRef is a reference to an Issuer or ClusterIssuer on the target cluster to be used to create a Certificate for the cluster's Ingress. If the type is an Issuer, it must be located in the namespace of the TunnelProxy.

IssuerReference

false

certificateSecretRef

CertificateSecretRef is a reference to a secret of type TLS that holds a TLS certificate, private key and CA certificate. The certificate must be valid for the Ingress hostname. The secret must be located in the same namespace of the TunnelProxy.

v1.LocalObjectReference

false

annotations

Annotations allows to set-up important metadata to configure DNS records and certificate generation

map[string]string

false

certificate

Certificate holds settings for the cluster's TunnelProxy exposed Certificate.

CertificateSpec

false

name

Name of the issuer being referred to.

string

true

kind

Kind of the issuer being referred to.

string

false

group

Group of the issuer being referred to.

string

false

metadata

metav1.ObjectMeta

false

spec

TunnelProxySpec

false

status

TunnelProxyStatus

false

metadata

metav1.ListMeta

false

items

[]TunnelProxy

true

clusterProxyDomain

ClusterProxyDomain sets the desired domain to expose the remote cluster. It expects a domain name without scheme and without port. Ex. "traefik.kommander.cluster", "traefik.kommander.cluster" "10.0.0.1"

string

true

caBundle

CABundle is a PEM encoded CA bundle which should be used to verify the TLS connection for the Ingress-served end-entity certificate.

[]byte

false

remoteClusterEndpoint

RemoteClusterEndpoint points to the remote cluster Endpoint (i.e. Traefik instance). It expects a URL without scheme and (optionally) a port. Ex. "traefik.kommander.cluster", "traefik.kommander.cluster:8080" "10.0.0.1"

string

false

ingress

Ingress holds settings for the TunnelProxy managed Ingress for the proxied cluster.

IngressSpec

false

tunnelConnectorRef

TunnelConnectorRef points to the TunnelConnector object to be used by the ReverseProxy

v1.LocalObjectReference

true

conditions

Conditions contains the status conditions of the object.

[]metav1.Condition

false

clusterProxyDomain

ClusterProxyDomain returns the actual domain to reach the remote cluster.

string

true

clientAuthSecretName

ClientAuthSecretName returns the name of the secret containing the mTLS client-auth Certificate Authority.

string

true

reverseProxyReleaseName

ReverseProxyReleaseName returns the name of the Helm release for the ReverseProxy.

string

true

metadata

metav1.ObjectMeta

false

spec

TunnelGatewaySpec

false

loadBalancer

Ingress point for the load-balancer. Traffic intended for the service should be sent to these ingress points. If not specified, the controller will derive from the Ingress record status field.

corev1.LoadBalancerIngress

false

host

Restrict access to requests addressed to a specific host or domain using the IngressRule format. Defaults to allow all hosts.

string

false

urlPathPrefix

URL path prefix to prepend to all endpoints. For example, if this field is set to /ops/portal/kt, the ingresses created will have URL paths like /ops/portal/kt/default/cluster1/tunnel-server and /ops/portal/kt/default/cluster1/kubeconfig. Defaults to root path (/).

string

false

caSecretRef

A secret reference to the root CA required to verify the ingress endpoints. The secret should have type Opaque and contain the key ca.crt. If not specified, remote hosts will use their system root CA’s to verify the endpoints.

corev1.ObjectReference

false

extraAnnotations

Extra annotations to set on the Ingress object.

map[string]string

false

metadata

metav1.ListMeta

false

items

[]TunnelGateway

true

ingress

Expose services using an Ingress as specified in the TunnelGatewayIngressSpec.

TunnelGatewayIngressSpec

false

deploymentRef

A reference to the deployment for the kubeconfig webhook.

corev1.LocalObjectReference

false

serviceRef

A reference to the service for the kubeconfig webhook.

corev1.LocalObjectReference

false

ingressRef

A reference to the ingress for the kubeconfig webhook.

corev1.LocalObjectReference

false

manifestsRef

A reference to a secret holding YAML manifests for launching the tunnel agent on the target cluster. The secret is a generic typed secret with filenames as the keys. There might be multiple files in the secret.

corev1.LocalObjectReference

false

metadata

metav1.ObjectMeta

false

spec

TunnelConnectorSpec

false

status

TunnelConnectorStatus

false

metadata

metav1.ListMeta

false

items

[]TunnelConnector

true

gatewayRef

A reference to the TunnelGateway object which describes how tunnel services will be exposed outside the current cluster.

corev1.LocalObjectReference

false

proxyPort

The port for the tunnel proxy.

int32

false

state

State of the tunnel connector: Starting - the initial state; Listening - the local tunnel server is waiting for the remote agent to connect; Pending - the remote agent has connected but the local proxy is not ready; Connected - the tunnel is configured and contact to the remote API server succeeded; Disconnected - the tunnel is configured but contact to the remote API server failed; Failed - an unexpected error occurred, such as not being able to parse the kubeconfig.

TunnelConnectorState

false

tunnelServer

Status of the tunnel server.

TunnelServerStatus

false

kubeconfigWebhook

Status of the kubeconfig webhook.

KubeconfigWebhookStatus

false

tunnelAgent

Status of the tunnel agent.

TunnelAgentStatus

false

serviceAccountRef

A reference to the service account that will be used for registration (of the tunnel agent) and authentication purpose.

corev1.LocalObjectReference

false

roleRef

A reference to the role that will be bound to the service account for authorization purpose.

corev1.LocalObjectReference

false

roleBindingRef

A reference to the rolebinding that will be created to bind the service account and the role.

corev1.LocalObjectReference

false

kubeconfigRef

A reference to the secret holding the KUBECONFIG that the clients can use to talk to the API server of the target cluster when it becomes available.

corev1.LocalObjectReference

false

gatewayObservedGeneration

The generation of the linked TunnelGateway object associated with this object. When the linked TunnelGateway object is updated, a controller will update this status field which will in turn trigger a reconciliation of this object.

int64

false

deploymentRef

A reference to the deployment for the tunnel server.

corev1.LocalObjectReference

false

serviceRef

A reference to the service for the tunnel server.

corev1.LocalObjectReference

false

ingressRef

A reference to the ingress for the tunnel server.

corev1.LocalObjectReference

false