Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the capsule v1beta1 API group +kubebuilder:object:generate=true +groupName=capsule.clastix.io
Index ¶
- Constants
- Variables
- func GetLimitResourceFromTenant(tenant Tenant, kindGroup string) (int64, error)
- func GetUsedResourceFromTenant(tenant Tenant, kindGroup string) (int64, error)
- func LimitAnnotationForResource(kindGroup string) string
- func UsedAnnotationForResource(kindGroup string) string
- type AllowedServices
- type ByKindAndName
- type IngressOptions
- type NamespaceOptions
- type NonLimitedResourceError
- type OwnerKind
- type OwnerListSpec
- type OwnerSpec
- type ProxyOperation
- type ProxyServiceKind
- type ProxySettings
- type ServiceOptions
- type Tenant
- func (in *Tenant) AssignNamespaces(namespaces []corev1.Namespace)
- func (in *Tenant) DeepCopy() *Tenant
- func (in *Tenant) DeepCopyInto(out *Tenant)
- func (in *Tenant) DeepCopyObject() runtime.Object
- func (in *Tenant) ForbiddenUserNamespaceAnnotations() *api.ForbiddenListSpec
- func (in *Tenant) ForbiddenUserNamespaceLabels() *api.ForbiddenListSpec
- func (in *Tenant) GetNamespaces() (res []string)
- func (in *Tenant) GetOwnerProxySettings(name string, kind OwnerKind) []ProxySettings
- func (in *Tenant) Hub()
- func (in *Tenant) IsCordoned() bool
- func (in *Tenant) IsFull() bool
- func (in *Tenant) IsWildcardDenied() bool
- func (in *Tenant) SetupWebhookWithManager(mgr ctrl.Manager) error
- type TenantList
- type TenantSpec
- type TenantStatus
Constants ¶
const ( ResourceQuotaAnnotationPrefix = "quota.resources.capsule.clastix.io" ResourceUsedAnnotationPrefix = "used.resources.capsule.clastix.io" )
const ( NodesProxy ProxyServiceKind = "Nodes" StorageClassesProxy ProxyServiceKind = "StorageClasses" IngressClassesProxy ProxyServiceKind = "IngressClasses" PriorityClassesProxy ProxyServiceKind = "PriorityClasses" ListOperation ProxyOperation = "List" UpdateOperation ProxyOperation = "Update" DeleteOperation ProxyOperation = "Delete" UserOwner OwnerKind = "User" GroupOwner OwnerKind = "Group" ServiceAccountOwner OwnerKind = "ServiceAccount" )
const ( TenantStateActive tenantState = "Active" TenantStateCordoned tenantState = "Cordoned" )
const (
ClusterRoleNamesAnnotation = "clusterrolenames.capsule.clastix.io"
)
const (
DenyWildcard = "capsule.clastix.io/deny-wildcard"
)
Variables ¶
var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "capsule.clastix.io", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func GetLimitResourceFromTenant ¶ added in v0.1.1
func GetUsedResourceFromTenant ¶ added in v0.1.1
func LimitAnnotationForResource ¶ added in v0.1.1
func UsedAnnotationForResource ¶ added in v0.1.1
Types ¶
type AllowedServices ¶
type AllowedServices struct { // +kubebuilder:default=true // Specifies if NodePort service type resources are allowed for the Tenant. Default is true. Optional. NodePort *bool `json:"nodePort,omitempty"` // +kubebuilder:default=true // Specifies if ExternalName service type resources are allowed for the Tenant. Default is true. Optional. ExternalName *bool `json:"externalName,omitempty"` // +kubebuilder:default=true // Specifies if LoadBalancer service type resources are allowed for the Tenant. Default is true. Optional. LoadBalancer *bool `json:"loadBalancer,omitempty"` }
func (*AllowedServices) DeepCopy ¶
func (in *AllowedServices) DeepCopy() *AllowedServices
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedServices.
func (*AllowedServices) DeepCopyInto ¶
func (in *AllowedServices) DeepCopyInto(out *AllowedServices)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ByKindAndName ¶
type ByKindAndName OwnerListSpec
func (ByKindAndName) DeepCopy ¶
func (in ByKindAndName) DeepCopy() ByKindAndName
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByKindAndName.
func (ByKindAndName) DeepCopyInto ¶
func (in ByKindAndName) DeepCopyInto(out *ByKindAndName)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ByKindAndName) Len ¶
func (in ByKindAndName) Len() int
func (ByKindAndName) Less ¶
func (in ByKindAndName) Less(i, j int) bool
func (ByKindAndName) Swap ¶
func (in ByKindAndName) Swap(i, j int)
type IngressOptions ¶
type IngressOptions struct { // Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. Optional. AllowedClasses *api.AllowedListSpec `json:"allowedClasses,omitempty"` // Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. // // // - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. // // - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. // // - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. // // // Optional. // +kubebuilder:default=Disabled HostnameCollisionScope api.HostnameCollisionScope `json:"hostnameCollisionScope,omitempty"` // Specifies the allowed hostnames in Ingresses for the given Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed hostnames. Optional. AllowedHostnames *api.AllowedListSpec `json:"allowedHostnames,omitempty"` }
func (*IngressOptions) DeepCopy ¶
func (in *IngressOptions) DeepCopy() *IngressOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressOptions.
func (*IngressOptions) DeepCopyInto ¶
func (in *IngressOptions) DeepCopyInto(out *IngressOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamespaceOptions ¶
type NamespaceOptions struct { // +kubebuilder:validation:Minimum=1 // Specifies the maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional. Quota *int32 `json:"quota,omitempty"` // Specifies additional labels and annotations the Capsule operator places on any Namespace resource in the Tenant. Optional. AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"` }
func (*NamespaceOptions) DeepCopy ¶
func (in *NamespaceOptions) DeepCopy() *NamespaceOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceOptions.
func (*NamespaceOptions) DeepCopyInto ¶
func (in *NamespaceOptions) DeepCopyInto(out *NamespaceOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NonLimitedResourceError ¶ added in v0.1.2
type NonLimitedResourceError struct {
// contains filtered or unexported fields
}
func NewNonLimitedResourceError ¶ added in v0.1.2
func NewNonLimitedResourceError(kindGroup string) *NonLimitedResourceError
func (*NonLimitedResourceError) DeepCopy ¶ added in v0.1.2
func (in *NonLimitedResourceError) DeepCopy() *NonLimitedResourceError
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonLimitedResourceError.
func (*NonLimitedResourceError) DeepCopyInto ¶ added in v0.1.2
func (in *NonLimitedResourceError) DeepCopyInto(out *NonLimitedResourceError)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (NonLimitedResourceError) Error ¶ added in v0.1.2
func (n NonLimitedResourceError) Error() string
type OwnerListSpec ¶
type OwnerListSpec []OwnerSpec
func (OwnerListSpec) DeepCopy ¶
func (in OwnerListSpec) DeepCopy() OwnerListSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OwnerListSpec.
func (OwnerListSpec) DeepCopyInto ¶
func (in OwnerListSpec) DeepCopyInto(out *OwnerListSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OwnerSpec ¶
type OwnerSpec struct { // Kind of tenant owner. Possible values are "User", "Group", and "ServiceAccount" Kind OwnerKind `json:"kind"` // Name of tenant owner. Name string `json:"name"` // Proxy settings for tenant owner. ProxyOperations []ProxySettings `json:"proxySettings,omitempty"` }
func (*OwnerSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OwnerSpec.
func (*OwnerSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OwnerSpec) GetRoles ¶ added in v0.1.2
GetRoles read the annotation available in the Tenant specification and if it matches the pattern clusterrolenames.capsule.clastix.io/${KIND}.${NAME} returns the associated roles. Kubernetes annotations and labels must respect RFC 1123 about DNS names and this could be cumbersome in two cases: 1. identifying users based on their email address 2. the overall length of the annotation key that is exceeding 63 characters For emails, the symbol @ can be replaced with the placeholder __AT__. For the latter one, the index of the owner can be used to force the retrieval.
type ProxyOperation ¶
type ProxyOperation string
+kubebuilder:validation:Enum=List;Update;Delete
func (ProxyOperation) String ¶
func (p ProxyOperation) String() string
type ProxyServiceKind ¶
type ProxyServiceKind string
+kubebuilder:validation:Enum=Nodes;StorageClasses;IngressClasses;PriorityClasses
func (ProxyServiceKind) String ¶
func (p ProxyServiceKind) String() string
type ProxySettings ¶
type ProxySettings struct { Kind ProxyServiceKind `json:"kind"` Operations []ProxyOperation `json:"operations"` }
func (*ProxySettings) DeepCopy ¶
func (in *ProxySettings) DeepCopy() *ProxySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxySettings.
func (*ProxySettings) DeepCopyInto ¶
func (in *ProxySettings) DeepCopyInto(out *ProxySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceOptions ¶
type ServiceOptions struct { // Specifies additional labels and annotations the Capsule operator places on any Service resource in the Tenant. Optional. AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"` // Block or deny certain type of Services. Optional. AllowedServices *api.AllowedServices `json:"allowedServices,omitempty"` // Specifies the external IPs that can be used in Services with type ClusterIP. An empty list means no IPs are allowed. Optional. ExternalServiceIPs *api.ExternalServiceIPsSpec `json:"externalIPs,omitempty"` }
func (*ServiceOptions) DeepCopy ¶
func (in *ServiceOptions) DeepCopy() *ServiceOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOptions.
func (*ServiceOptions) DeepCopyInto ¶
func (in *ServiceOptions) DeepCopyInto(out *ServiceOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Tenant ¶
type Tenant struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec TenantSpec `json:"spec,omitempty"` Status TenantStatus `json:"status,omitempty"` }
Tenant is the Schema for the tenants API.
func (*Tenant) AssignNamespaces ¶
func (*Tenant) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tenant.
func (*Tenant) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Tenant) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Tenant) ForbiddenUserNamespaceAnnotations ¶ added in v0.1.1
func (in *Tenant) ForbiddenUserNamespaceAnnotations() *api.ForbiddenListSpec
func (*Tenant) ForbiddenUserNamespaceLabels ¶ added in v0.1.1
func (in *Tenant) ForbiddenUserNamespaceLabels() *api.ForbiddenListSpec
func (*Tenant) GetNamespaces ¶ added in v0.2.0
func (*Tenant) GetOwnerProxySettings ¶
func (in *Tenant) GetOwnerProxySettings(name string, kind OwnerKind) []ProxySettings
func (*Tenant) IsCordoned ¶
func (*Tenant) IsWildcardDenied ¶ added in v0.1.1
type TenantList ¶
type TenantList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Tenant `json:"items"` }
TenantList contains a list of Tenant.
func (*TenantList) DeepCopy ¶
func (in *TenantList) DeepCopy() *TenantList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantList.
func (*TenantList) DeepCopyInto ¶
func (in *TenantList) DeepCopyInto(out *TenantList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TenantList) DeepCopyObject ¶
func (in *TenantList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TenantSpec ¶
type TenantSpec struct { // Specifies the owners of the Tenant. Mandatory. Owners OwnerListSpec `json:"owners"` // Specifies options for the Namespaces, such as additional metadata or maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional. NamespaceOptions *NamespaceOptions `json:"namespaceOptions,omitempty"` // Specifies options for the Service, such as additional metadata or block of certain type of Services. Optional. ServiceOptions *api.ServiceOptions `json:"serviceOptions,omitempty"` // Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. Optional. StorageClasses *api.AllowedListSpec `json:"storageClasses,omitempty"` // Specifies options for the Ingress resources, such as allowed hostnames and IngressClass. Optional. IngressOptions IngressOptions `json:"ingressOptions,omitempty"` // Specifies the trusted Image Registries assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed trusted registries. Optional. ContainerRegistries *api.AllowedListSpec `json:"containerRegistries,omitempty"` // Specifies the label to control the placement of pods on a given pool of worker nodes. All namespaces created within the Tenant will have the node selector annotation. This annotation tells the Kubernetes scheduler to place pods on the nodes having the selector label. Optional. NodeSelector map[string]string `json:"nodeSelector,omitempty"` // Specifies the NetworkPolicies assigned to the Tenant. The assigned NetworkPolicies are inherited by any namespace created in the Tenant. Optional. NetworkPolicies api.NetworkPolicySpec `json:"networkPolicies,omitempty"` // Specifies the resource min/max usage restrictions to the Tenant. The assigned values are inherited by any namespace created in the Tenant. Optional. LimitRanges api.LimitRangesSpec `json:"limitRanges,omitempty"` // Specifies a list of ResourceQuota resources assigned to the Tenant. The assigned values are inherited by any namespace created in the Tenant. The Capsule operator aggregates ResourceQuota at Tenant level, so that the hard quota is never crossed for the given Tenant. This permits the Tenant owner to consume resources in the Tenant regardless of the namespace. Optional. ResourceQuota api.ResourceQuotaSpec `json:"resourceQuotas,omitempty"` // Specifies additional RoleBindings assigned to the Tenant. Capsule will ensure that all namespaces in the Tenant always contain the RoleBinding for the given ClusterRole. Optional. AdditionalRoleBindings []api.AdditionalRoleBindingsSpec `json:"additionalRoleBindings,omitempty"` // Specify the allowed values for the imagePullPolicies option in Pod resources. Capsule assures that all Pod resources created in the Tenant can use only one of the allowed policy. Optional. ImagePullPolicies []api.ImagePullPolicySpec `json:"imagePullPolicies,omitempty"` // Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. Optional. PriorityClasses *api.AllowedListSpec `json:"priorityClasses,omitempty"` }
TenantSpec defines the desired state of Tenant.
func (*TenantSpec) DeepCopy ¶
func (in *TenantSpec) DeepCopy() *TenantSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSpec.
func (*TenantSpec) DeepCopyInto ¶
func (in *TenantSpec) DeepCopyInto(out *TenantSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TenantStatus ¶
type TenantStatus struct { // +kubebuilder:default=Active // The operational state of the Tenant. Possible values are "Active", "Cordoned". State tenantState `json:"state"` // How many namespaces are assigned to the Tenant. Size uint `json:"size"` // List of namespaces assigned to the Tenant. Namespaces []string `json:"namespaces,omitempty"` }
Returns the observed state of the Tenant.
func (*TenantStatus) DeepCopy ¶
func (in *TenantStatus) DeepCopy() *TenantStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantStatus.
func (*TenantStatus) DeepCopyInto ¶
func (in *TenantStatus) DeepCopyInto(out *TenantStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.