FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound api requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound api requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
object
Property | Type | Description |
---|---|---|
|
|
apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
|
|
|
|
FlowSchemaSpec describes how the FlowSchema’s specification looks like. |
|
|
FlowSchemaStatus represents the current state of a FlowSchema. |
FlowSchemaSpec describes how the FlowSchema’s specification looks like.
object
priorityLevelConfiguration
Property | Type | Description |
---|---|---|
|
|
FlowDistinguisherMethod specifies the method of a flow distinguisher. |
|
|
|
|
|
PriorityLevelConfigurationReference contains information that points to the "request-priority" being used. |
|
|
|
|
|
PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request. |
FlowDistinguisherMethod specifies the method of a flow distinguisher.
object
type
Property | Type | Description |
---|---|---|
|
|
|
PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
object
name
Property | Type | Description |
---|---|---|
|
|
|
rules
describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
array
PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
object
subjects
Property | Type | Description |
---|---|---|
|
|
|
|
|
NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request. |
|
|
|
|
|
ResourcePolicyRule is a predicate that matches some resource requests, testing the request’s verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., |
|
|
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required. |
|
|
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account. |
nonResourceRules
is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
array
NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
object
verbs
nonResourceURLs
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
resourceRules
is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of resourceRules
and nonResourceRules
has to be non-empty.
array
ResourcePolicyRule is a predicate that matches some resource requests, testing the request’s verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., Namespace==""
) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request’s namespace.
object
verbs
apiGroups
resources
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
array
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
object
kind
Property | Type | Description |
---|---|---|
|
|
GroupSubject holds detailed information for group-kind subject. |
|
|
|
|
|
ServiceAccountSubject holds detailed information for service-account-kind subject. |
|
|
UserSubject holds detailed information for user-kind subject. |
GroupSubject holds detailed information for group-kind subject.
object
name
Property | Type | Description |
---|---|---|
|
|
name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required. |
ServiceAccountSubject holds detailed information for service-account-kind subject.
object
namespace
name
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
UserSubject holds detailed information for user-kind subject.
object
name
Property | Type | Description |
---|---|---|
|
|
|
FlowSchemaStatus represents the current state of a FlowSchema.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
FlowSchemaCondition describes conditions for a FlowSchema. |
FlowSchemaCondition describes conditions for a FlowSchema.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The following api endpoints are available:
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
DELETE
: delete collection of FlowSchema
GET
: list or watch objects of kind FlowSchema
POST
: create a FlowSchema
/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas
GET
: watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead.
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}
DELETE
: delete a FlowSchema
GET
: read the specified FlowSchema
PATCH
: partially update the specified FlowSchema
PUT
: replace the specified FlowSchema
/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}
GET
: watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status
GET
: read status of the specified FlowSchema
PATCH
: partially update status of the specified FlowSchema
PUT
: replace status of the specified FlowSchema
DELETE
delete collection of FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
GET
list or watch objects of kind FlowSchema
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
POST
create a FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
GET
watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead.
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the FlowSchema |
DELETE
delete a FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
GET
read the specified FlowSchema
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |
PUT
replace the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the FlowSchema |
GET
watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the FlowSchema |
GET
read status of the specified FlowSchema
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update status of the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |
PUT
replace status of the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |