k8s.io/apiserver@v0.31.1/pkg/apis/cel/config.go

k8s.io/apiserver@v0.31.1/pkg/apis/cel/config.go (about)

     1  /*
     2  Copyright 2023 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package cel
    18  
    19  const (
    20  	// PerCallLimit specify the actual cost limit per CEL validation call
    21  	// current PerCallLimit gives roughly 0.1 second for each expression validation call
    22  	PerCallLimit = 1000000
    23  
    24  	// RuntimeCELCostBudget is the overall cost budget for runtime CEL validation cost per ValidatingAdmissionPolicyBinding or CustomResource
    25  	// current RuntimeCELCostBudget gives roughly 1 seconds for the validation
    26  	RuntimeCELCostBudget = 10000000
    27  
    28  	// RuntimeCELCostBudgetMatchConditions is the overall cost budget for runtime CEL validation cost on matchConditions per object with matchConditions
    29  	// this is per webhook for validatingwebhookconfigurations and mutatingwebhookconfigurations or per ValidatingAdmissionPolicyBinding
    30  	// current RuntimeCELCostBudgetMatchConditions gives roughly 1/4 seconds for the validation
    31  	RuntimeCELCostBudgetMatchConditions = 2500000
    32  
    33  	// CheckFrequency configures the number of iterations within a comprehension to evaluate
    34  	// before checking whether the function evaluation has been interrupted
    35  	CheckFrequency = 100
    36  
    37  	// MaxRequestSizeBytes is the maximum size of a request to the API server
    38  	// TODO(DangerOnTheRanger): wire in MaxRequestBodyBytes from apiserver/pkg/server/options/server_run_options.go to make this configurable
    39  	// Note that even if server_run_options.go becomes configurable in the future, this cost constant should be fixed and it should be the max allowed request size for the server
    40  	MaxRequestSizeBytes = int64(3 * 1024 * 1024)
    41  
    42  	// MaxEvaluatedMessageExpressionSizeBytes represents the largest-allowable string generated
    43  	// by a messageExpression field
    44  	MaxEvaluatedMessageExpressionSizeBytes = 5 * 1024
    45  )