- FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
- Specification
- .spec
- .spec.distinguisherMethod
- .spec.priorityLevelConfiguration
- .spec.rules
- .spec.rules[]
- .spec.rules[].nonResourceRules
- .spec.rules[].nonResourceRules[]
- .spec.rules[].resourceRules
- .spec.rules[].resourceRules[]
- .spec.rules[].subjects
- .spec.rules[].subjects[]
- .spec.rules[].subjects[].group
- .spec.rules[].subjects[].serviceAccount
- .spec.rules[].subjects[].user
- .status
- .status.conditions
- .status.conditions[]
- API endpoints
- /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
- /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas
- /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}
- /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}
- /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status
- Specification
FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
Description
FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a “flow distinguisher”.
Type
object
Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
| |
|
| FlowSchemaSpec describes how the FlowSchema’s specification looks like. |
|
| FlowSchemaStatus represents the current state of a FlowSchema. |
.spec
Description
FlowSchemaSpec describes how the FlowSchema’s specification looks like.
Type
object
Required
priorityLevelConfiguration
Property | Type | Description |
---|---|---|
|
| FlowDistinguisherMethod specifies the method of a flow distinguisher. |
|
|
|
|
| PriorityLevelConfigurationReference contains information that points to the “request-priority” being used. |
|
|
|
|
| PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request. |
.spec.distinguisherMethod
Description
FlowDistinguisherMethod specifies the method of a flow distinguisher.
Type
object
Required
type
Property | Type | Description |
---|---|---|
|
|
|
.spec.priorityLevelConfiguration
Description
PriorityLevelConfigurationReference contains information that points to the “request-priority” being used.
Type
object
Required
name
Property | Type | Description |
---|---|---|
|
|
|
.spec.rules
Description
rules
describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
Type
array
.spec.rules[]
Description
PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
Type
object
Required
subjects
Property | Type | Description |
---|---|---|
|
|
|
|
| NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request. |
|
|
|
|
| ResourcePolicyRule is a predicate that matches some resource requests, testing the request’s verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., |
|
| subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required. |
|
| Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account. |
.spec.rules[].nonResourceRules
Description
nonResourceRules
is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
Type
array
.spec.rules[].nonResourceRules[]
Description
NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
Type
object
Required
verbs
nonResourceURLs
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
.spec.rules[].resourceRules
Description
resourceRules
is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of resourceRules
and nonResourceRules
has to be non-empty.
Type
array
.spec.rules[].resourceRules[]
Description
ResourcePolicyRule is a predicate that matches some resource requests, testing the request’s verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., Namespace==""
) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request’s namespace.
Type
object
Required
verbs
apiGroups
resources
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.spec.rules[].subjects
Description
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
Type
array
.spec.rules[].subjects[]
Description
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
Type
object
Required
kind
Property | Type | Description |
---|---|---|
|
| GroupSubject holds detailed information for group-kind subject. |
|
|
|
|
| ServiceAccountSubject holds detailed information for service-account-kind subject. |
|
| UserSubject holds detailed information for user-kind subject. |
.spec.rules[].subjects[].group
Description
GroupSubject holds detailed information for group-kind subject.
Type
object
Required
name
Property | Type | Description |
---|---|---|
|
| name is the user group that matches, or “*” to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required. |
.spec.rules[].subjects[].serviceAccount
Description
ServiceAccountSubject holds detailed information for service-account-kind subject.
Type
object
Required
namespace
name
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
.spec.rules[].subjects[].user
Description
UserSubject holds detailed information for user-kind subject.
Type
object
Required
name
Property | Type | Description |
---|---|---|
|
|
|
.status
Description
FlowSchemaStatus represents the current state of a FlowSchema.
Type
object
Property | Type | Description |
---|---|---|
|
|
|
|
| FlowSchemaCondition describes conditions for a FlowSchema. |
.status.conditions
Description
conditions
is a list of the current states of FlowSchema.
Type
array
.status.conditions[]
Description
FlowSchemaCondition describes conditions for a FlowSchema.
Type
object
Property | Type | Description |
---|---|---|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
API endpoints
The following API endpoints are available:
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
DELETE
: delete collection of FlowSchemaGET
: list or watch objects of kind FlowSchemaPOST
: create a FlowSchema
/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas
GET
: watch individual changes to a list of FlowSchema. deprecated: use the ‘watch’ parameter with a list operation instead.
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}
DELETE
: delete a FlowSchemaGET
: read the specified FlowSchemaPATCH
: partially update the specified FlowSchemaPUT
: replace the specified FlowSchema
/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}
GET
: watch changes to an object of kind FlowSchema. deprecated: use the ‘watch’ parameter with a list operation instead, filtered to a single item with the ‘fieldSelector’ parameter.
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status
GET
: read status of the specified FlowSchemaPATCH
: partially update status of the specified FlowSchemaPUT
: replace status of the specified FlowSchema
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
HTTP method
DELETE
Description
delete collection of FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK | Status schema |
401 - Unauthorized | Empty |
HTTP method
GET
Description
list or watch objects of kind FlowSchema
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchemaList schema |
401 - Unauthorized | Empty |
HTTP method
POST
Description
create a FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
| FlowSchema schema |
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
201 - Created | FlowSchema schema |
202 - Accepted | FlowSchema schema |
401 - Unauthorized | Empty |
/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas
HTTP method
GET
Description
watch individual changes to a list of FlowSchema. deprecated: use the ‘watch’ parameter with a list operation instead.
HTTP code | Reponse body |
---|---|
200 - OK | WatchEvent schema |
401 - Unauthorized | Empty |
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the FlowSchema |
HTTP method
DELETE
Description
delete a FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK | Status schema |
202 - Accepted | Status schema |
401 - Unauthorized | Empty |
HTTP method
GET
Description
read the specified FlowSchema
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
401 - Unauthorized | Empty |
HTTP method
PATCH
Description
partially update the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
201 - Created | FlowSchema schema |
401 - Unauthorized | Empty |
HTTP method
PUT
Description
replace the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
| FlowSchema schema |
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
201 - Created | FlowSchema schema |
401 - Unauthorized | Empty |
/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the FlowSchema |
HTTP method
GET
Description
watch changes to an object of kind FlowSchema. deprecated: use the ‘watch’ parameter with a list operation instead, filtered to a single item with the ‘fieldSelector’ parameter.
HTTP code | Reponse body |
---|---|
200 - OK | WatchEvent schema |
401 - Unauthorized | Empty |
/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the FlowSchema |
HTTP method
GET
Description
read status of the specified FlowSchema
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
401 - Unauthorized | Empty |
HTTP method
PATCH
Description
partially update status of the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
201 - Created | FlowSchema schema |
401 - Unauthorized | Empty |
HTTP method
PUT
Description
replace status of the specified FlowSchema
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
| FlowSchema schema |
HTTP code | Reponse body |
---|---|
200 - OK | FlowSchema schema |
201 - Created | FlowSchema schema |
401 - Unauthorized | Empty |