v1beta1

package
v0.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the capsule v1beta1 API group +kubebuilder:object:generate=true +groupName=capsule.clastix.io

Index

Constants

View Source
const (
	ResourceQuotaAnnotationPrefix = "quota.resources.capsule.clastix.io"
	ResourceUsedAnnotationPrefix  = "used.resources.capsule.clastix.io"
)
View Source
const (
	NodesProxy           ProxyServiceKind = "Nodes"
	StorageClassesProxy  ProxyServiceKind = "StorageClasses"
	IngressClassesProxy  ProxyServiceKind = "IngressClasses"
	PriorityClassesProxy ProxyServiceKind = "PriorityClasses"

	ListOperation   ProxyOperation = "List"
	UpdateOperation ProxyOperation = "Update"
	DeleteOperation ProxyOperation = "Delete"

	UserOwner           OwnerKind = "User"
	GroupOwner          OwnerKind = "Group"
	ServiceAccountOwner OwnerKind = "ServiceAccount"
)
View Source
const (
	TenantStateActive   tenantState = "Active"
	TenantStateCordoned tenantState = "Cordoned"
)
View Source
const (
	ClusterRoleNamesAnnotation = "clusterrolenames.capsule.clastix.io"
)
View Source
const (
	DenyWildcard = "capsule.clastix.io/deny-wildcard"
)

Variables

View Source
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "capsule.clastix.io", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func GetLimitResourceFromTenant added in v0.1.1

func GetLimitResourceFromTenant(tenant Tenant, kindGroup string) (int64, error)

func GetUsedResourceFromTenant added in v0.1.1

func GetUsedResourceFromTenant(tenant Tenant, kindGroup string) (int64, error)

func LimitAnnotationForResource added in v0.1.1

func LimitAnnotationForResource(kindGroup string) string

func UsedAnnotationForResource added in v0.1.1

func UsedAnnotationForResource(kindGroup string) string

Types

type AllowedServices

type AllowedServices struct {
	// +kubebuilder:default=true
	// Specifies if NodePort service type resources are allowed for the Tenant. Default is true. Optional.
	NodePort *bool `json:"nodePort,omitempty"`
	// +kubebuilder:default=true
	// Specifies if ExternalName service type resources are allowed for the Tenant. Default is true. Optional.
	ExternalName *bool `json:"externalName,omitempty"`
	// +kubebuilder:default=true
	// Specifies if LoadBalancer service type resources are allowed for the Tenant. Default is true. Optional.
	LoadBalancer *bool `json:"loadBalancer,omitempty"`
}

func (*AllowedServices) DeepCopy

func (in *AllowedServices) DeepCopy() *AllowedServices

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedServices.

func (*AllowedServices) DeepCopyInto

func (in *AllowedServices) DeepCopyInto(out *AllowedServices)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ByKindAndName

type ByKindAndName OwnerListSpec

func (ByKindAndName) DeepCopy

func (in ByKindAndName) DeepCopy() ByKindAndName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByKindAndName.

func (ByKindAndName) DeepCopyInto

func (in ByKindAndName) DeepCopyInto(out *ByKindAndName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ByKindAndName) Len

func (in ByKindAndName) Len() int

func (ByKindAndName) Less

func (in ByKindAndName) Less(i, j int) bool

func (ByKindAndName) Swap

func (in ByKindAndName) Swap(i, j int)

type IngressOptions

type IngressOptions struct {
	// Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. Optional.
	AllowedClasses *api.AllowedListSpec `json:"allowedClasses,omitempty"`
	// Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.
	//
	//
	// - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.
	//
	// - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.
	//
	// - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.
	//
	//
	// Optional.
	// +kubebuilder:default=Disabled
	HostnameCollisionScope api.HostnameCollisionScope `json:"hostnameCollisionScope,omitempty"`
	// Specifies the allowed hostnames in Ingresses for the given Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed hostnames. Optional.
	AllowedHostnames *api.AllowedListSpec `json:"allowedHostnames,omitempty"`
}

func (*IngressOptions) DeepCopy

func (in *IngressOptions) DeepCopy() *IngressOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressOptions.

func (*IngressOptions) DeepCopyInto

func (in *IngressOptions) DeepCopyInto(out *IngressOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamespaceOptions

type NamespaceOptions struct {
	// +kubebuilder:validation:Minimum=1
	// Specifies the maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional.
	Quota *int32 `json:"quota,omitempty"`
	// Specifies additional labels and annotations the Capsule operator places on any Namespace resource in the Tenant. Optional.
	AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
}

func (*NamespaceOptions) DeepCopy

func (in *NamespaceOptions) DeepCopy() *NamespaceOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceOptions.

func (*NamespaceOptions) DeepCopyInto

func (in *NamespaceOptions) DeepCopyInto(out *NamespaceOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NonLimitedResourceError added in v0.1.2

type NonLimitedResourceError struct {
	// contains filtered or unexported fields
}

func NewNonLimitedResourceError added in v0.1.2

func NewNonLimitedResourceError(kindGroup string) *NonLimitedResourceError

func (*NonLimitedResourceError) DeepCopy added in v0.1.2

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonLimitedResourceError.

func (*NonLimitedResourceError) DeepCopyInto added in v0.1.2

func (in *NonLimitedResourceError) DeepCopyInto(out *NonLimitedResourceError)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (NonLimitedResourceError) Error added in v0.1.2

func (n NonLimitedResourceError) Error() string

type OwnerKind

type OwnerKind string

+kubebuilder:validation:Enum=User;Group;ServiceAccount

func (OwnerKind) String

func (k OwnerKind) String() string

type OwnerListSpec

type OwnerListSpec []OwnerSpec

func (OwnerListSpec) DeepCopy

func (in OwnerListSpec) DeepCopy() OwnerListSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OwnerListSpec.

func (OwnerListSpec) DeepCopyInto

func (in OwnerListSpec) DeepCopyInto(out *OwnerListSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (OwnerListSpec) FindOwner

func (in OwnerListSpec) FindOwner(name string, kind OwnerKind) (owner OwnerSpec)

type OwnerSpec

type OwnerSpec struct {
	// Kind of tenant owner. Possible values are "User", "Group", and "ServiceAccount"
	Kind OwnerKind `json:"kind"`
	// Name of tenant owner.
	Name string `json:"name"`
	// Proxy settings for tenant owner.
	ProxyOperations []ProxySettings `json:"proxySettings,omitempty"`
}

func (*OwnerSpec) DeepCopy

func (in *OwnerSpec) DeepCopy() *OwnerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OwnerSpec.

func (*OwnerSpec) DeepCopyInto

func (in *OwnerSpec) DeepCopyInto(out *OwnerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OwnerSpec) GetRoles added in v0.1.2

func (in *OwnerSpec) GetRoles(tenant Tenant, index int) []string

GetRoles read the annotation available in the Tenant specification and if it matches the pattern clusterrolenames.capsule.clastix.io/${KIND}.${NAME} returns the associated roles. Kubernetes annotations and labels must respect RFC 1123 about DNS names and this could be cumbersome in two cases: 1. identifying users based on their email address 2. the overall length of the annotation key that is exceeding 63 characters For emails, the symbol @ can be replaced with the placeholder __AT__. For the latter one, the index of the owner can be used to force the retrieval.

type ProxyOperation

type ProxyOperation string

+kubebuilder:validation:Enum=List;Update;Delete

func (ProxyOperation) String

func (p ProxyOperation) String() string

type ProxyServiceKind

type ProxyServiceKind string

+kubebuilder:validation:Enum=Nodes;StorageClasses;IngressClasses;PriorityClasses

func (ProxyServiceKind) String

func (p ProxyServiceKind) String() string

type ProxySettings

type ProxySettings struct {
	Kind       ProxyServiceKind `json:"kind"`
	Operations []ProxyOperation `json:"operations"`
}

func (*ProxySettings) DeepCopy

func (in *ProxySettings) DeepCopy() *ProxySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxySettings.

func (*ProxySettings) DeepCopyInto

func (in *ProxySettings) DeepCopyInto(out *ProxySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceOptions

type ServiceOptions struct {
	// Specifies additional labels and annotations the Capsule operator places on any Service resource in the Tenant. Optional.
	AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
	// Block or deny certain type of Services. Optional.
	AllowedServices *api.AllowedServices `json:"allowedServices,omitempty"`
	// Specifies the external IPs that can be used in Services with type ClusterIP. An empty list means no IPs are allowed. Optional.
	ExternalServiceIPs *api.ExternalServiceIPsSpec `json:"externalIPs,omitempty"`
}

func (*ServiceOptions) DeepCopy

func (in *ServiceOptions) DeepCopy() *ServiceOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOptions.

func (*ServiceOptions) DeepCopyInto

func (in *ServiceOptions) DeepCopyInto(out *ServiceOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Tenant

type Tenant struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TenantSpec   `json:"spec,omitempty"`
	Status TenantStatus `json:"status,omitempty"`
}

Tenant is the Schema for the tenants API.

func (*Tenant) AssignNamespaces

func (in *Tenant) AssignNamespaces(namespaces []corev1.Namespace)

func (*Tenant) DeepCopy

func (in *Tenant) DeepCopy() *Tenant

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tenant.

func (*Tenant) DeepCopyInto

func (in *Tenant) DeepCopyInto(out *Tenant)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Tenant) DeepCopyObject

func (in *Tenant) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Tenant) ForbiddenUserNamespaceAnnotations added in v0.1.1

func (in *Tenant) ForbiddenUserNamespaceAnnotations() *api.ForbiddenListSpec

func (*Tenant) ForbiddenUserNamespaceLabels added in v0.1.1

func (in *Tenant) ForbiddenUserNamespaceLabels() *api.ForbiddenListSpec

func (*Tenant) GetNamespaces added in v0.2.0

func (in *Tenant) GetNamespaces() (res []string)

func (*Tenant) GetOwnerProxySettings

func (in *Tenant) GetOwnerProxySettings(name string, kind OwnerKind) []ProxySettings

func (*Tenant) Hub

func (in *Tenant) Hub()

func (*Tenant) IsCordoned

func (in *Tenant) IsCordoned() bool

func (*Tenant) IsFull

func (in *Tenant) IsFull() bool

func (*Tenant) IsWildcardDenied added in v0.1.1

func (in *Tenant) IsWildcardDenied() bool

func (*Tenant) SetupWebhookWithManager added in v0.2.0

func (in *Tenant) SetupWebhookWithManager(mgr ctrl.Manager) error

type TenantList

type TenantList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Tenant `json:"items"`
}

TenantList contains a list of Tenant.

func (*TenantList) DeepCopy

func (in *TenantList) DeepCopy() *TenantList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantList.

func (*TenantList) DeepCopyInto

func (in *TenantList) DeepCopyInto(out *TenantList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TenantList) DeepCopyObject

func (in *TenantList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TenantSpec

type TenantSpec struct {
	// Specifies the owners of the Tenant. Mandatory.
	Owners OwnerListSpec `json:"owners"`
	// Specifies options for the Namespaces, such as additional metadata or maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional.
	NamespaceOptions *NamespaceOptions `json:"namespaceOptions,omitempty"`
	// Specifies options for the Service, such as additional metadata or block of certain type of Services. Optional.
	ServiceOptions *api.ServiceOptions `json:"serviceOptions,omitempty"`
	// Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. Optional.
	StorageClasses *api.AllowedListSpec `json:"storageClasses,omitempty"`
	// Specifies options for the Ingress resources, such as allowed hostnames and IngressClass. Optional.
	IngressOptions IngressOptions `json:"ingressOptions,omitempty"`
	// Specifies the trusted Image Registries assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed trusted registries. Optional.
	ContainerRegistries *api.AllowedListSpec `json:"containerRegistries,omitempty"`
	// Specifies the label to control the placement of pods on a given pool of worker nodes. All namespaces created within the Tenant will have the node selector annotation. This annotation tells the Kubernetes scheduler to place pods on the nodes having the selector label. Optional.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Specifies the NetworkPolicies assigned to the Tenant. The assigned NetworkPolicies are inherited by any namespace created in the Tenant. Optional.
	NetworkPolicies api.NetworkPolicySpec `json:"networkPolicies,omitempty"`
	// Specifies the resource min/max usage restrictions to the Tenant. The assigned values are inherited by any namespace created in the Tenant. Optional.
	LimitRanges api.LimitRangesSpec `json:"limitRanges,omitempty"`
	// Specifies a list of ResourceQuota resources assigned to the Tenant. The assigned values are inherited by any namespace created in the Tenant. The Capsule operator aggregates ResourceQuota at Tenant level, so that the hard quota is never crossed for the given Tenant. This permits the Tenant owner to consume resources in the Tenant regardless of the namespace. Optional.
	ResourceQuota api.ResourceQuotaSpec `json:"resourceQuotas,omitempty"`
	// Specifies additional RoleBindings assigned to the Tenant. Capsule will ensure that all namespaces in the Tenant always contain the RoleBinding for the given ClusterRole. Optional.
	AdditionalRoleBindings []api.AdditionalRoleBindingsSpec `json:"additionalRoleBindings,omitempty"`
	// Specify the allowed values for the imagePullPolicies option in Pod resources. Capsule assures that all Pod resources created in the Tenant can use only one of the allowed policy. Optional.
	ImagePullPolicies []api.ImagePullPolicySpec `json:"imagePullPolicies,omitempty"`
	// Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. Optional.
	PriorityClasses *api.AllowedListSpec `json:"priorityClasses,omitempty"`
}

TenantSpec defines the desired state of Tenant.

func (*TenantSpec) DeepCopy

func (in *TenantSpec) DeepCopy() *TenantSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSpec.

func (*TenantSpec) DeepCopyInto

func (in *TenantSpec) DeepCopyInto(out *TenantSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TenantStatus

type TenantStatus struct {
	// +kubebuilder:default=Active
	// The operational state of the Tenant. Possible values are "Active", "Cordoned".
	State tenantState `json:"state"`
	// How many namespaces are assigned to the Tenant.
	Size uint `json:"size"`
	// List of namespaces assigned to the Tenant.
	Namespaces []string `json:"namespaces,omitempty"`
}

Returns the observed state of the Tenant.

func (*TenantStatus) DeepCopy

func (in *TenantStatus) DeepCopy() *TenantStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantStatus.

func (*TenantStatus) DeepCopyInto

func (in *TenantStatus) DeepCopyInto(out *TenantStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL