v1beta2

package
v0.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2024 License: Apache-2.0 Imports: 18 Imported by: 4

Documentation

Overview

Package v1beta2 contains API Schema definitions for the capsule v1beta2 API group +kubebuilder:object:generate=true +groupName=capsule.clastix.io

Index

Constants

View Source 
const (
	ResourceQuotaAnnotationPrefix = "quota.resources.capsule.clastix.io"
	ResourceUsedAnnotationPrefix  = "used.resources.capsule.clastix.io"
)
View Source 
const (
	NodesProxy             ProxyServiceKind = "Nodes"
	StorageClassesProxy    ProxyServiceKind = "StorageClasses"
	IngressClassesProxy    ProxyServiceKind = "IngressClasses"
	PriorityClassesProxy   ProxyServiceKind = "PriorityClasses"
	RuntimeClassesProxy    ProxyServiceKind = "RuntimeClasses"
	PersistentVolumesProxy ProxyServiceKind = "PersistentVolumes"
	TenantProxy            ProxyServiceKind = "Tenant"

	ListOperation   ProxyOperation = "List"
	UpdateOperation ProxyOperation = "Update"
	DeleteOperation ProxyOperation = "Delete"

	UserOwner           OwnerKind = "User"
	GroupOwner          OwnerKind = "Group"
	ServiceAccountOwner OwnerKind = "ServiceAccount"
)
View Source 
const (
	HardCapsuleQuotaAnnotation = "quota.capsule.clastix.io/hard-"
	UsedCapsuleQuotaAnnotation = "quota.capsule.clastix.io/used-"
)
View Source 
const (
	TenantStateActive   tenantState = "Active"
	TenantStateCordoned tenantState = "Cordoned"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "capsule.clastix.io", Version: "v1beta2"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func GetLimitResourceFromTenant 

func GetLimitResourceFromTenant(tenant Tenant, kindGroup string) (int64, error)

func GetTypeLabel 

func GetTypeLabel(t metav1.Object) (label string, err error)

func GetUsedResourceFromTenant 

func GetUsedResourceFromTenant(tenant Tenant, kindGroup string) (int64, error)

func HardQuotaFor 

func HardQuotaFor(resource fmt.Stringer) (string, error)

func LimitAnnotationForResource 

func LimitAnnotationForResource(kindGroup string) string

func UsedAnnotationForResource 

func UsedAnnotationForResource(kindGroup string) string

func UsedQuotaFor 

func UsedQuotaFor(resource fmt.Stringer) (string, error)

Types

type AdditionalRoleBindingsSpec 

type AdditionalRoleBindingsSpec struct {
	ClusterRoleName string `json:"clusterRoleName"`
	// kubebuilder:validation:Minimum=1
	Subjects []rbacv1.Subject `json:"subjects"`
}

func (*AdditionalRoleBindingsSpec) DeepCopy 

func (in *AdditionalRoleBindingsSpec) DeepCopy() *AdditionalRoleBindingsSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalRoleBindingsSpec.

func (*AdditionalRoleBindingsSpec) DeepCopyInto 

func (in *AdditionalRoleBindingsSpec) DeepCopyInto(out *AdditionalRoleBindingsSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ByKindAndName 

type ByKindAndName OwnerListSpec

func (ByKindAndName) DeepCopy 

func (in ByKindAndName) DeepCopy() ByKindAndName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByKindAndName.

func (ByKindAndName) DeepCopyInto 

func (in ByKindAndName) DeepCopyInto(out *ByKindAndName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ByKindAndName) Len 

func (b ByKindAndName) Len() int

func (ByKindAndName) Less 

func (b ByKindAndName) Less(i, j int) bool

func (ByKindAndName) Swap 

func (b ByKindAndName) Swap(i, j int)

type CapsuleConfiguration 

type CapsuleConfiguration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec CapsuleConfigurationSpec `json:"spec,omitempty"`
}

CapsuleConfiguration is the Schema for the Capsule configuration API.

func (*CapsuleConfiguration) DeepCopy 

func (in *CapsuleConfiguration) DeepCopy() *CapsuleConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapsuleConfiguration.

func (*CapsuleConfiguration) DeepCopyInto 

func (in *CapsuleConfiguration) DeepCopyInto(out *CapsuleConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CapsuleConfiguration) DeepCopyObject 

func (in *CapsuleConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CapsuleConfigurationList 

type CapsuleConfigurationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CapsuleConfiguration `json:"items"`
}

CapsuleConfigurationList contains a list of CapsuleConfiguration.

func (*CapsuleConfigurationList) DeepCopy 

func (in *CapsuleConfigurationList) DeepCopy() *CapsuleConfigurationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapsuleConfigurationList.

func (*CapsuleConfigurationList) DeepCopyInto 

func (in *CapsuleConfigurationList) DeepCopyInto(out *CapsuleConfigurationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CapsuleConfigurationList) DeepCopyObject 

func (in *CapsuleConfigurationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CapsuleConfigurationSpec 

type CapsuleConfigurationSpec struct {
	// Names of the groups for Capsule users.
	// +kubebuilder:default={capsule.clastix.io}
	UserGroups []string `json:"userGroups,omitempty"`
	// Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix,
	// separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment.
	// +kubebuilder:default=false
	ForceTenantPrefix bool `json:"forceTenantPrefix,omitempty"`
	// Disallow creation of namespaces, whose name matches this regexp
	ProtectedNamespaceRegexpString string `json:"protectedNamespaceRegex,omitempty"`
	// Allows to set different name rather than the canonical one for the Capsule configuration objects,
	// such as webhook secret or configurations.
	// +kubebuilder:default={TLSSecretName:"capsule-tls",mutatingWebhookConfigurationName:"capsule-mutating-webhook-configuration",validatingWebhookConfigurationName:"capsule-validating-webhook-configuration"}
	CapsuleResources CapsuleResources `json:"overrides,omitempty"`
	// Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant.
	// This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes.
	NodeMetadata *NodeMetadata `json:"nodeMetadata,omitempty"`
	// Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhooks
	// when not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager.
	// +kubebuilder:default=true
	EnableTLSReconciler bool `json:"enableTLSReconciler"` //nolint:tagliatelle
}

CapsuleConfigurationSpec defines the Capsule configuration.

func (*CapsuleConfigurationSpec) DeepCopy 

func (in *CapsuleConfigurationSpec) DeepCopy() *CapsuleConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapsuleConfigurationSpec.

func (*CapsuleConfigurationSpec) DeepCopyInto 

func (in *CapsuleConfigurationSpec) DeepCopyInto(out *CapsuleConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CapsuleResources 

type CapsuleResources struct {
	// Defines the Secret name used for the webhook server.
	// Must be in the same Namespace where the Capsule Deployment is deployed.
	// +kubebuilder:default=capsule-tls
	TLSSecretName string `json:"TLSSecretName"` //nolint:tagliatelle
	// Name of the MutatingWebhookConfiguration which contains the dynamic admission controller paths and resources.
	// +kubebuilder:default=capsule-mutating-webhook-configuration
	MutatingWebhookConfigurationName string `json:"mutatingWebhookConfigurationName"`
	// Name of the ValidatingWebhookConfiguration which contains the dynamic admission controller paths and resources.
	// +kubebuilder:default=capsule-validating-webhook-configuration
	ValidatingWebhookConfigurationName string `json:"validatingWebhookConfigurationName"`
}

func (*CapsuleResources) DeepCopy 

func (in *CapsuleResources) DeepCopy() *CapsuleResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapsuleResources.

func (*CapsuleResources) DeepCopyInto 

func (in *CapsuleResources) DeepCopyInto(out *CapsuleResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GlobalTenantResource 

type GlobalTenantResource struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GlobalTenantResourceSpec   `json:"spec,omitempty"`
	Status GlobalTenantResourceStatus `json:"status,omitempty"`
}

GlobalTenantResource allows to propagate resource replications to a specific subset of Tenant resources.

func (*GlobalTenantResource) DeepCopy 

func (in *GlobalTenantResource) DeepCopy() *GlobalTenantResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalTenantResource.

func (*GlobalTenantResource) DeepCopyInto 

func (in *GlobalTenantResource) DeepCopyInto(out *GlobalTenantResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GlobalTenantResource) DeepCopyObject 

func (in *GlobalTenantResource) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GlobalTenantResourceList 

type GlobalTenantResourceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GlobalTenantResource `json:"items"`
}

GlobalTenantResourceList contains a list of GlobalTenantResource.

func (*GlobalTenantResourceList) DeepCopy 

func (in *GlobalTenantResourceList) DeepCopy() *GlobalTenantResourceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalTenantResourceList.

func (*GlobalTenantResourceList) DeepCopyInto 

func (in *GlobalTenantResourceList) DeepCopyInto(out *GlobalTenantResourceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GlobalTenantResourceList) DeepCopyObject 

func (in *GlobalTenantResourceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GlobalTenantResourceSpec 

type GlobalTenantResourceSpec struct {
	// Defines the Tenant selector used target the tenants on which resources must be propagated.
	TenantSelector     metav1.LabelSelector `json:"tenantSelector,omitempty"`
	TenantResourceSpec `json:",inline"`
}

GlobalTenantResourceSpec defines the desired state of GlobalTenantResource.

func (*GlobalTenantResourceSpec) DeepCopy 

func (in *GlobalTenantResourceSpec) DeepCopy() *GlobalTenantResourceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalTenantResourceSpec.

func (*GlobalTenantResourceSpec) DeepCopyInto 

func (in *GlobalTenantResourceSpec) DeepCopyInto(out *GlobalTenantResourceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GlobalTenantResourceStatus 

type GlobalTenantResourceStatus struct {
	// List of Tenants addressed by the GlobalTenantResource.
	SelectedTenants []string `json:"selectedTenants"`
	// List of the replicated resources for the given TenantResource.
	ProcessedItems ProcessedItems `json:"processedItems"`
}

GlobalTenantResourceStatus defines the observed state of GlobalTenantResource.

func (*GlobalTenantResourceStatus) DeepCopy 

func (in *GlobalTenantResourceStatus) DeepCopy() *GlobalTenantResourceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalTenantResourceStatus.

func (*GlobalTenantResourceStatus) DeepCopyInto 

func (in *GlobalTenantResourceStatus) DeepCopyInto(out *GlobalTenantResourceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressOptions 

type IngressOptions struct {
	// Specifies the allowed IngressClasses assigned to the Tenant.
	// Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses.
	// A default value can be specified, and all the Ingress resources created will inherit the declared class.
	// Optional.
	AllowedClasses *api.DefaultAllowedListSpec `json:"allowedClasses,omitempty"`
	// Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.
	//
	//
	// - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.
	//
	// - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.
	//
	// - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.
	//
	//
	// Optional.
	// +kubebuilder:default=Disabled
	HostnameCollisionScope api.HostnameCollisionScope `json:"hostnameCollisionScope,omitempty"`
	// Specifies the allowed hostnames in Ingresses for the given Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed hostnames. Optional.
	AllowedHostnames *api.AllowedListSpec `json:"allowedHostnames,omitempty"`
	// Toggles the ability for Ingress resources created in a Tenant to have a hostname wildcard.
	AllowWildcardHostnames bool `json:"allowWildcardHostnames,omitempty"`
}

func (*IngressOptions) DeepCopy 

func (in *IngressOptions) DeepCopy() *IngressOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressOptions.

func (*IngressOptions) DeepCopyInto 

func (in *IngressOptions) DeepCopyInto(out *IngressOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamespaceOptions 

type NamespaceOptions struct {
	// +kubebuilder:validation:Minimum=1
	// Specifies the maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional.
	Quota *int32 `json:"quota,omitempty"`
	// Specifies additional labels and annotations the Capsule operator places on any Namespace resource in the Tenant. Optional.
	AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
	// Define the labels that a Tenant Owner cannot set for their Namespace resources.
	ForbiddenLabels api.ForbiddenListSpec `json:"forbiddenLabels,omitempty"`
	// Define the annotations that a Tenant Owner cannot set for their Namespace resources.
	ForbiddenAnnotations api.ForbiddenListSpec `json:"forbiddenAnnotations,omitempty"`
}

func (*NamespaceOptions) DeepCopy 

func (in *NamespaceOptions) DeepCopy() *NamespaceOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceOptions.

func (*NamespaceOptions) DeepCopyInto 

func (in *NamespaceOptions) DeepCopyInto(out *NamespaceOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NodeMetadata 

type NodeMetadata struct {
	// Define the labels that a Tenant Owner cannot set for their nodes.
	ForbiddenLabels api.ForbiddenListSpec `json:"forbiddenLabels"`
	// Define the annotations that a Tenant Owner cannot set for their nodes.
	ForbiddenAnnotations api.ForbiddenListSpec `json:"forbiddenAnnotations"`
}

func (*NodeMetadata) DeepCopy 

func (in *NodeMetadata) DeepCopy() *NodeMetadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeMetadata.

func (*NodeMetadata) DeepCopyInto 

func (in *NodeMetadata) DeepCopyInto(out *NodeMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NonLimitedResourceError 

type NonLimitedResourceError struct {
	// contains filtered or unexported fields
}

func NewNonLimitedResourceError 

func NewNonLimitedResourceError(kindGroup string) *NonLimitedResourceError

func (*NonLimitedResourceError) DeepCopy 

func (in *NonLimitedResourceError) DeepCopy() *NonLimitedResourceError

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonLimitedResourceError.

func (*NonLimitedResourceError) DeepCopyInto 

func (in *NonLimitedResourceError) DeepCopyInto(out *NonLimitedResourceError)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (NonLimitedResourceError) Error 

func (n NonLimitedResourceError) Error() string

type ObjectReference 

type ObjectReference struct {
	ObjectReferenceAbstract `json:",inline"`
	// Label selector used to select the given resources in the given Namespace.
	Selector metav1.LabelSelector `json:"selector"`
}

func (*ObjectReference) DeepCopy 

func (in *ObjectReference) DeepCopy() *ObjectReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.

func (*ObjectReference) DeepCopyInto 

func (in *ObjectReference) DeepCopyInto(out *ObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObjectReferenceAbstract 

type ObjectReferenceAbstract struct {
	// Kind of the referent.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind string `json:"kind"`
	// Namespace of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
	Namespace string `json:"namespace"`
	// API version of the referent.
	APIVersion string `json:"apiVersion,omitempty"`
}

func (*ObjectReferenceAbstract) DeepCopy 

func (in *ObjectReferenceAbstract) DeepCopy() *ObjectReferenceAbstract

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReferenceAbstract.

func (*ObjectReferenceAbstract) DeepCopyInto 

func (in *ObjectReferenceAbstract) DeepCopyInto(out *ObjectReferenceAbstract)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObjectReferenceStatus 

type ObjectReferenceStatus struct {
	ObjectReferenceAbstract `json:",inline"`
	// Name of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	Name string `json:"name"`
}

func (*ObjectReferenceStatus) DeepCopy 

func (in *ObjectReferenceStatus) DeepCopy() *ObjectReferenceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReferenceStatus.

func (*ObjectReferenceStatus) DeepCopyInto 

func (in *ObjectReferenceStatus) DeepCopyInto(out *ObjectReferenceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ObjectReferenceStatus) ParseFromString 

func (in *ObjectReferenceStatus) ParseFromString(value string) error

func (*ObjectReferenceStatus) String 

func (in *ObjectReferenceStatus) String() string

type OwnerKind 

type OwnerKind string

+kubebuilder:validation:Enum=User;Group;ServiceAccount

func (OwnerKind) String 

func (k OwnerKind) String() string

type OwnerListSpec 

type OwnerListSpec []OwnerSpec

func (OwnerListSpec) DeepCopy 

func (in OwnerListSpec) DeepCopy() OwnerListSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OwnerListSpec.

func (OwnerListSpec) DeepCopyInto 

func (in OwnerListSpec) DeepCopyInto(out *OwnerListSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (OwnerListSpec) FindOwner 

func (o OwnerListSpec) FindOwner(name string, kind OwnerKind) (owner OwnerSpec)

type OwnerSpec 

type OwnerSpec struct {
	// Kind of tenant owner. Possible values are "User", "Group", and "ServiceAccount"
	Kind OwnerKind `json:"kind"`
	// Name of tenant owner.
	Name string `json:"name"`
	// Defines additional cluster-roles for the specific Owner.
	// +kubebuilder:default={admin,capsule-namespace-deleter}
	ClusterRoles []string `json:"clusterRoles,omitempty"`
	// Proxy settings for tenant owner.
	ProxyOperations []ProxySettings `json:"proxySettings,omitempty"`
}

func (*OwnerSpec) DeepCopy 

func (in *OwnerSpec) DeepCopy() *OwnerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OwnerSpec.

func (*OwnerSpec) DeepCopyInto 

func (in *OwnerSpec) DeepCopyInto(out *OwnerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProcessedItems 

type ProcessedItems []ObjectReferenceStatus

func (*ProcessedItems) AsSet 

func (p *ProcessedItems) AsSet() sets.Set[string]

func (ProcessedItems) DeepCopy 

func (in ProcessedItems) DeepCopy() ProcessedItems

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessedItems.

func (ProcessedItems) DeepCopyInto 

func (in ProcessedItems) DeepCopyInto(out *ProcessedItems)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyOperation 

type ProxyOperation string

+kubebuilder:validation:Enum=List;Update;Delete

func (ProxyOperation) String 

func (p ProxyOperation) String() string

type ProxyServiceKind 

type ProxyServiceKind string

+kubebuilder:validation:Enum=Nodes;StorageClasses;IngressClasses;PriorityClasses;RuntimeClasses;PersistentVolumes

func (ProxyServiceKind) String 

func (p ProxyServiceKind) String() string

type ProxySettings 

type ProxySettings struct {
	Kind       ProxyServiceKind `json:"kind"`
	Operations []ProxyOperation `json:"operations"`
}

func (*ProxySettings) DeepCopy 

func (in *ProxySettings) DeepCopy() *ProxySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxySettings.

func (*ProxySettings) DeepCopyInto 

func (in *ProxySettings) DeepCopyInto(out *ProxySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RawExtension 

type RawExtension struct {
	runtime.RawExtension `json:",inline"`
}

+kubebuilder:validation:XEmbeddedResource +kubebuilder:validation:XPreserveUnknownFields

func (*RawExtension) DeepCopy 

func (in *RawExtension) DeepCopy() *RawExtension

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawExtension.

func (*RawExtension) DeepCopyInto 

func (in *RawExtension) DeepCopyInto(out *RawExtension)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceSpec 

type ResourceSpec struct {
	// Defines the Namespace selector to select the Tenant Namespaces on which the resources must be propagated.
	// In case of nil value, all the Tenant Namespaces are targeted.
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
	// List of the resources already existing in other Namespaces that must be replicated.
	NamespacedItems []ObjectReference `json:"namespacedItems,omitempty"`
	// List of raw resources that must be replicated.
	RawItems []RawExtension `json:"rawItems,omitempty"`
	// Besides the Capsule metadata required by TenantResource controller, defines additional metadata that must be
	// added to the replicated resources.
	AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
}

func (*ResourceSpec) DeepCopy 

func (in *ResourceSpec) DeepCopy() *ResourceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec.

func (*ResourceSpec) DeepCopyInto 

func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Tenant 

type Tenant struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TenantSpec   `json:"spec,omitempty"`
	Status TenantStatus `json:"status,omitempty"`
}

Tenant is the Schema for the tenants API.

func (*Tenant) AssignNamespaces 

func (in *Tenant) AssignNamespaces(namespaces []corev1.Namespace)

func (*Tenant) ConvertFrom 

func (in *Tenant) ConvertFrom(raw conversion.Hub) error

func (*Tenant) ConvertTo 

func (in *Tenant) ConvertTo(raw conversion.Hub) error

func (*Tenant) DeepCopy 

func (in *Tenant) DeepCopy() *Tenant

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tenant.

func (*Tenant) DeepCopyInto 

func (in *Tenant) DeepCopyInto(out *Tenant)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Tenant) DeepCopyObject 

func (in *Tenant) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Tenant) GetClusterRolesBySubject added in v0.7.2 

func (in *Tenant) GetClusterRolesBySubject(ignoreOwnerKind []OwnerKind) (maps map[string]map[string]api.TenantSubjectRoles)

Get the permissions for a tenant ordered by groups and users.

func (*Tenant) GetNamespaces 

func (in *Tenant) GetNamespaces() (res []string)

func (*Tenant) GetOwnerProxySettings 

func (in *Tenant) GetOwnerProxySettings(name string, kind OwnerKind) []ProxySettings

func (*Tenant) GetSubjectsByClusterRoles added in v0.7.2 

func (in *Tenant) GetSubjectsByClusterRoles(ignoreOwnerKind []OwnerKind) (rolePerms map[string][]rbacv1.Subject)

GetClusterRolePermissions returns a map where the clusterRole is the key and the value is a list of permission subjects (kind and name) that reference that role. These mappings are gathered from the owners and additionalRolebindings spec.

func (*Tenant) IsFull 

func (in *Tenant) IsFull() bool

type TenantList 

type TenantList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Tenant `json:"items"`
}

TenantList contains a list of Tenant.

func (*TenantList) DeepCopy 

func (in *TenantList) DeepCopy() *TenantList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantList.

func (*TenantList) DeepCopyInto 

func (in *TenantList) DeepCopyInto(out *TenantList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TenantList) DeepCopyObject 

func (in *TenantList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TenantResource 

type TenantResource struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TenantResourceSpec   `json:"spec,omitempty"`
	Status TenantResourceStatus `json:"status,omitempty"`
}

TenantResource allows a Tenant Owner, if enabled with proper RBAC, to propagate resources in its Namespace. The object must be deployed in a Tenant Namespace, and cannot reference object living in non-Tenant namespaces. For such cases, the GlobalTenantResource must be used.

func (*TenantResource) DeepCopy 

func (in *TenantResource) DeepCopy() *TenantResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantResource.

func (*TenantResource) DeepCopyInto 

func (in *TenantResource) DeepCopyInto(out *TenantResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TenantResource) DeepCopyObject 

func (in *TenantResource) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TenantResourceList 

type TenantResourceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TenantResource `json:"items"`
}

TenantResourceList contains a list of TenantResource.

func (*TenantResourceList) DeepCopy 

func (in *TenantResourceList) DeepCopy() *TenantResourceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantResourceList.

func (*TenantResourceList) DeepCopyInto 

func (in *TenantResourceList) DeepCopyInto(out *TenantResourceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TenantResourceList) DeepCopyObject 

func (in *TenantResourceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TenantResourceSpec 

type TenantResourceSpec struct {
	// Define the period of time upon a second reconciliation must be invoked.
	// Keep in mind that any change to the manifests will trigger a new reconciliation.
	// +kubebuilder:default="60s"
	ResyncPeriod metav1.Duration `json:"resyncPeriod"`
	// When the replicated resource manifest is deleted, all the objects replicated so far will be automatically deleted.
	// Disable this to keep replicated resources although the deletion of the replication manifest.
	// +kubebuilder:default=true
	PruningOnDelete *bool `json:"pruningOnDelete,omitempty"`
	// Defines the rules to select targeting Namespace, along with the objects that must be replicated.
	Resources []ResourceSpec `json:"resources"`
}

TenantResourceSpec defines the desired state of TenantResource.

func (*TenantResourceSpec) DeepCopy 

func (in *TenantResourceSpec) DeepCopy() *TenantResourceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantResourceSpec.

func (*TenantResourceSpec) DeepCopyInto 

func (in *TenantResourceSpec) DeepCopyInto(out *TenantResourceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TenantResourceStatus 

type TenantResourceStatus struct {
	// List of the replicated resources for the given TenantResource.
	ProcessedItems ProcessedItems `json:"processedItems"`
}

TenantResourceStatus defines the observed state of TenantResource.

func (*TenantResourceStatus) DeepCopy 

func (in *TenantResourceStatus) DeepCopy() *TenantResourceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantResourceStatus.

func (*TenantResourceStatus) DeepCopyInto 

func (in *TenantResourceStatus) DeepCopyInto(out *TenantResourceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TenantSpec 

type TenantSpec struct {
	// Specifies the owners of the Tenant. Mandatory.
	Owners OwnerListSpec `json:"owners"`
	// Specifies options for the Namespaces, such as additional metadata or maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional.
	NamespaceOptions *NamespaceOptions `json:"namespaceOptions,omitempty"`
	// Specifies options for the Service, such as additional metadata or block of certain type of Services. Optional.
	ServiceOptions *api.ServiceOptions `json:"serviceOptions,omitempty"`
	// Specifies options for the Pods deployed in the Tenant namespaces, such as additional metadata.
	PodOptions *api.PodOptions `json:"podOptions,omitempty"`
	// Specifies the allowed StorageClasses assigned to the Tenant.
	// Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses.
	// A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class.
	// Optional.
	StorageClasses *api.DefaultAllowedListSpec `json:"storageClasses,omitempty"`
	// Specifies options for the Ingress resources, such as allowed hostnames and IngressClass. Optional.
	IngressOptions IngressOptions `json:"ingressOptions,omitempty"`
	// Specifies the trusted Image Registries assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed trusted registries. Optional.
	ContainerRegistries *api.AllowedListSpec `json:"containerRegistries,omitempty"`
	// Specifies the label to control the placement of pods on a given pool of worker nodes. All namespaces created within the Tenant will have the node selector annotation. This annotation tells the Kubernetes scheduler to place pods on the nodes having the selector label. Optional.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Specifies the NetworkPolicies assigned to the Tenant. The assigned NetworkPolicies are inherited by any namespace created in the Tenant. Optional.
	NetworkPolicies api.NetworkPolicySpec `json:"networkPolicies,omitempty"`
	// Specifies the resource min/max usage restrictions to the Tenant. The assigned values are inherited by any namespace created in the Tenant. Optional.
	LimitRanges api.LimitRangesSpec `json:"limitRanges,omitempty"`
	// Specifies a list of ResourceQuota resources assigned to the Tenant. The assigned values are inherited by any namespace created in the Tenant. The Capsule operator aggregates ResourceQuota at Tenant level, so that the hard quota is never crossed for the given Tenant. This permits the Tenant owner to consume resources in the Tenant regardless of the namespace. Optional.
	ResourceQuota api.ResourceQuotaSpec `json:"resourceQuotas,omitempty"`
	// Specifies additional RoleBindings assigned to the Tenant. Capsule will ensure that all namespaces in the Tenant always contain the RoleBinding for the given ClusterRole. Optional.
	AdditionalRoleBindings []api.AdditionalRoleBindingsSpec `json:"additionalRoleBindings,omitempty"`
	// Specify the allowed values for the imagePullPolicies option in Pod resources. Capsule assures that all Pod resources created in the Tenant can use only one of the allowed policy. Optional.
	ImagePullPolicies []api.ImagePullPolicySpec `json:"imagePullPolicies,omitempty"`
	// Specifies the allowed RuntimeClasses assigned to the Tenant.
	// Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses.
	// Optional.
	RuntimeClasses *api.DefaultAllowedListSpec `json:"runtimeClasses,omitempty"`
	// Specifies the allowed priorityClasses assigned to the Tenant.
	// Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses.
	// A default value can be specified, and all the Pod resources created will inherit the declared class.
	// Optional.
	PriorityClasses *api.DefaultAllowedListSpec `json:"priorityClasses,omitempty"`
	// Toggling the Tenant resources cordoning, when enable resources cannot be deleted.
	//+kubebuilder:default:=false
	Cordoned bool `json:"cordoned,omitempty"`
	// Prevent accidental deletion of the Tenant.
	// When enabled, the deletion request will be declined.
	//+kubebuilder:default:=false
	PreventDeletion bool `json:"preventDeletion,omitempty"`
}

TenantSpec defines the desired state of Tenant.

func (*TenantSpec) DeepCopy 

func (in *TenantSpec) DeepCopy() *TenantSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantSpec.

func (*TenantSpec) DeepCopyInto 

func (in *TenantSpec) DeepCopyInto(out *TenantSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TenantStatus 

type TenantStatus struct {
	// +kubebuilder:default=Active
	// The operational state of the Tenant. Possible values are "Active", "Cordoned".
	State tenantState `json:"state"`
	// How many namespaces are assigned to the Tenant.
	Size uint `json:"size"`
	// List of namespaces assigned to the Tenant.
	Namespaces []string `json:"namespaces,omitempty"`
}

Returns the observed state of the Tenant.

func (*TenantStatus) DeepCopy 

func (in *TenantStatus) DeepCopy() *TenantStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TenantStatus.

func (*TenantStatus) DeepCopyInto 

func (in *TenantStatus) DeepCopyInto(out *TenantStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.