pub struct ApplyConfiguration {
pub expression: Option<String>,
}
Expand description
ApplyConfiguration defines the desired configuration values of an object.
Fields§
§expression: Option<String>
expression will be evaluated by CEL to create an apply configuration. ref: https://github.com/google/cel-spec
Apply configurations are declared in CEL using object initialization. For example, this CEL expression returns an apply configuration to set a single field:
Object{ spec: Object.spec{ serviceAccountName: “example” } }
Apply configurations may not modify atomic structs, maps or arrays due to the risk of accidental deletion of values not included in the apply configuration.
CEL expressions have access to the object types needed to create apply configurations:
- ‘Object’ - CEL type of the resource object. - ‘Object.<fieldName>’ - CEL type of object field (such as ‘Object.spec’) - ’Object.<fieldName1>.<fieldName2>…<fieldNameN>` - CEL type of nested field (such as ‘Object.spec.containers’)
CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:
- ‘object’ - The object from the incoming request. The value is null for DELETE requests. - ‘oldObject’ - The existing object. The value is null for CREATE requests. - ‘request’ - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - ‘params’ - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - ‘namespaceObject’ - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - ‘variables’ - Map of composited variables, from its name to its lazily evaluated value. For example, a variable named ‘foo’ can be accessed as ‘variables.foo’.
- ‘authorizer’ - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
- ‘authorizer.requestResource’ - A CEL ResourceCheck constructed from the ‘authorizer’ and configured with the request resource.
The apiVersion
, kind
, metadata.name
and metadata.generateName
are always accessible from the root of the object. No other metadata properties are accessible.
Only property names of the form \[a-zA-Z_.-/\]\[a-zA-Z0-9_.-/\]*
are accessible. Required.
Trait Implementations§
Source§impl Clone for ApplyConfiguration
impl Clone for ApplyConfiguration
Source§fn clone(&self) -> ApplyConfiguration
fn clone(&self) -> ApplyConfiguration
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreSource§impl Debug for ApplyConfiguration
impl Debug for ApplyConfiguration
Source§impl DeepMerge for ApplyConfiguration
impl DeepMerge for ApplyConfiguration
Source§fn merge_from(&mut self, other: Self)
fn merge_from(&mut self, other: Self)
other
into self
.