ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
object
metadata
spec
| Property | Type | Description |
|---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
|
spec contains the desired configuration for the console plugin. |
spec contains the desired configuration for the console plugin.
object
backend
displayName
| Property | Type | Description |
|---|---|---|
|
|
backend holds the configuration of backend which is serving console’s plugin . |
|
|
contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser’s console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console’s backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy The OpenShift web console server aggregates the CSP directives and values across
its own default values and all enabled ConsolePlugin CRs, merging them into a single
policy string that is sent to the browser via Example: ConsolePlugin A directives: script-src: https://script1.com/, https://script2.com/ font-src: https://font1.com/ ConsolePlugin B directives: script-src: https://script2.com/, https://script3.com/ font-src: https://font2.com/ img-src: https://img1.com/ Unified set of CSP directives, passed to the OpenShift web console server: script-src: https://script1.com/, https://script2.com/, https://script3.com/ font-src: https://font1.com/, https://font2.com/ img-src: https://img1.com/ OpenShift web console server CSP response header: Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none' |
|
|
ConsolePluginCSP holds configuration for a specific CSP directive |
|
|
displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters. |
|
|
i18n is the configuration of plugin’s localization resources. |
|
|
proxy is a list of proxies that describe various service type to which the plugin needs to connect to. |
|
|
ConsolePluginproxy holds information on various service types to which console’s backend will proxy the plugin’s requests. |
backend holds the configuration of backend which is serving console’s plugin .
object
type
| Property | Type | Description |
|---|---|---|
|
|
service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle. |
|
|
type is the backend type which servers the console’s plugin. Currently only "Service" is supported. |
service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.
object
name
namespace
port
| Property | Type | Description |
|---|---|---|
|
|
basePath is the path to the plugin’s assets. The primary asset it the
manifest file called |
|
|
name of Service that is serving the plugin assets. |
|
|
namespace of Service that is serving the plugin assets. |
|
|
port on which the Service that is serving the plugin is listening to. |
contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser’s console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console’s backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
The OpenShift web console server aggregates the CSP directives and values across
its own default values and all enabled ConsolePlugin CRs, merging them into a single
policy string that is sent to the browser via Content-Security-Policy HTTP response header.
Example: ConsolePlugin A directives: script-src: https://script1.com/, https://script2.com/ font-src: https://font1.com/
ConsolePlugin B directives: script-src: https://script2.com/, https://script3.com/ font-src: https://font2.com/ img-src: https://img1.com/
Unified set of CSP directives, passed to the OpenShift web console server: script-src: https://script1.com/, https://script2.com/, https://script3.com/ font-src: https://font1.com/, https://font2.com/ img-src: https://img1.com/
OpenShift web console server CSP response header: Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'
array
ConsolePluginCSP holds configuration for a specific CSP directive
object
directive
values
| Property | Type | Description |
|---|---|---|
|
|
directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src |
|
|
values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console’s backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique. |
i18n is the configuration of plugin’s localization resources.
object
loadType
| Property | Type | Description |
|---|---|---|
|
|
loadType indicates how the plugin’s localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type. |
proxy is a list of proxies that describe various service type to which the plugin needs to connect to.
array
ConsolePluginproxy holds information on various service types to which console’s backend will proxy the plugin’s requests.
object
alias
endpoint
| Property | Type | Description |
|---|---|---|
|
|
alias is a proxy name that identifies the plugin’s proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint: /api/proxy/plugin/<plugin-name>/<proxy-alias>/<request-path>?<optional-query-parameters> Request example path: /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver |
|
|
authorization provides information about authorization type, which the proxied request should contain |
|
|
caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used. |
|
|
endpoint provides information about endpoint to which the request is proxied to. |
endpoint provides information about endpoint to which the request is proxied to.
object
type
| Property | Type | Description |
|---|---|---|
|
|
service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only "Service" type is supported. |
|
|
type is the type of the console plugin’s proxy. Currently only "Service" is supported. |
service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only "Service" type is supported.
object
name
namespace
port
| Property | Type | Description |
|---|---|---|
|
|
name of Service that the plugin needs to connect to. |
|
|
namespace of Service that the plugin needs to connect to |
|
|
port on which the Service that the plugin needs to connect to is listening on. |
The following API endpoints are available:
/apis/console.openshift.io/v1/consoleplugins
DELETE: delete collection of ConsolePlugin
GET: list objects of kind ConsolePlugin
POST: create a ConsolePlugin
/apis/console.openshift.io/v1/consoleplugins/{name}
DELETE: delete a ConsolePlugin
GET: read the specified ConsolePlugin
PATCH: partially update the specified ConsolePlugin
PUT: replace the specified ConsolePlugin
DELETE
delete collection of ConsolePlugin
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
GET
list objects of kind ConsolePlugin
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
POST
create a ConsolePlugin
| Parameter | Type | Description |
|---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
| Parameter | Type | Description |
|---|---|---|
|
|
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
| Parameter | Type | Description |
|---|---|---|
|
|
name of the ConsolePlugin |
DELETE
delete a ConsolePlugin
| Parameter | Type | Description |
|---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
GET
read the specified ConsolePlugin
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update the specified ConsolePlugin
| Parameter | Type | Description |
|---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PUT
replace the specified ConsolePlugin
| Parameter | Type | Description |
|---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
| Parameter | Type | Description |
|---|---|---|
|
|
| HTTP code | Reponse body |
|---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |
