-
Notifications
You must be signed in to change notification settings - Fork 377
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4cb7736
commit 98a7778
Showing
25 changed files
with
2,136 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,192 @@ | ||
--- | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.10.0 | ||
creationTimestamp: null | ||
name: apilifecycles.apis.kcp.io | ||
spec: | ||
group: apis.kcp.io | ||
names: | ||
categories: | ||
- kcp | ||
kind: APILifecycle | ||
listKind: APILifecycleList | ||
plural: apilifecycles | ||
singular: apilifecycle | ||
scope: Cluster | ||
versions: | ||
- additionalPrinterColumns: | ||
- jsonPath: .metadata.creationTimestamp | ||
name: Age | ||
type: date | ||
name: v1alpha1 | ||
schema: | ||
openAPIV3Schema: | ||
description: APILifecycle | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: Spec holds the desired state. | ||
properties: | ||
hooks: | ||
description: hooks hold all possible lifecycle hooks | ||
properties: | ||
bind: | ||
description: bind is invoked when a binding is created and updated | ||
properties: | ||
url: | ||
description: url where the hook is located | ||
type: string | ||
required: | ||
- url | ||
type: object | ||
type: object | ||
permissionClaims: | ||
description: permissionClaims records decisions about permission claims | ||
requested by the API service provider. Individual claims can be | ||
accepted or rejected. If accepted, the API service provider gets | ||
the requested access to the specified resources in this workspace. | ||
Access is granted per GroupResource, identity, and other properties. | ||
items: | ||
description: PermissionClaim identifies an object by GR and identity | ||
hash. Its purpose is to determine the added permissions that a | ||
service provider may request and that a consumer may accept and | ||
allow the service provider access to. | ||
properties: | ||
all: | ||
description: all claims all resources for the given group/resource. | ||
This is mutually exclusive with resourceSelector. | ||
type: boolean | ||
group: | ||
description: group is the name of an API group. For core groups | ||
this is the empty string '""'. | ||
pattern: ^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$ | ||
type: string | ||
identityHash: | ||
description: This is the identity for a given APIExport that | ||
the APIResourceSchema belongs to. The hash can be found on | ||
APIExport and APIResourceSchema's status. It will be empty | ||
for core types. Note that one must look this up for a particular | ||
KCP instance. | ||
type: string | ||
resource: | ||
description: 'resource is the name of the resource. Note: it | ||
is worth noting that you can not ask for permissions for resource | ||
provided by a CRD not provided by an api export.' | ||
pattern: ^[a-z][-a-z0-9]*[a-z0-9]$ | ||
type: string | ||
resourceSelector: | ||
description: resourceSelector is a list of claimed resource | ||
selectors. | ||
items: | ||
properties: | ||
name: | ||
description: name of an object within a claimed group/resource. | ||
It matches the metadata.name field of the underlying | ||
object. If namespace is unset, all objects matching | ||
that name will be claimed. | ||
maxLength: 253 | ||
minLength: 1 | ||
pattern: ^([a-z0-9][-a-z0-9_.]*)?[a-z0-9]$ | ||
type: string | ||
namespace: | ||
description: namespace containing the named object. Matches | ||
metadata.namespace field. If "name" is unset, all objects | ||
from the namespace are being claimed. | ||
minLength: 1 | ||
type: string | ||
type: object | ||
x-kubernetes-validations: | ||
- message: at least one field must be set | ||
rule: has(self.__namespace__) || has(self.name) | ||
type: array | ||
required: | ||
- resource | ||
type: object | ||
x-kubernetes-validations: | ||
- message: either "all" or "resourceSelector" must be set | ||
rule: (has(self.all) && self.all) != (has(self.resourceSelector) | ||
&& size(self.resourceSelector) > 0) | ||
- message: logicalclusters cannot be claimed | ||
rule: '!has(self.group) || self.group != "core.kcp.io" || self.resource | ||
!= "logicalclusters" || (has(self.identityHash) && self.identityHash | ||
!= "")' | ||
type: array | ||
reference: | ||
description: reference uniquely identifies an APIExport | ||
type: string | ||
x-kubernetes-validations: | ||
- message: APIExport reference must not be changed | ||
rule: self == oldSelf | ||
required: | ||
- hooks | ||
- reference | ||
type: object | ||
status: | ||
description: Status communicates the observed state. | ||
properties: | ||
conditions: | ||
description: conditions is a list of conditions that apply to the | ||
APIBinding. | ||
items: | ||
description: Condition defines an observation of a object operational | ||
state. | ||
properties: | ||
lastTransitionTime: | ||
description: Last time the condition transitioned from one status | ||
to another. This should be when the underlying condition changed. | ||
If that is not known, then using the time when the API field | ||
changed is acceptable. | ||
format: date-time | ||
type: string | ||
message: | ||
description: A human readable message indicating details about | ||
the transition. This field may be empty. | ||
type: string | ||
reason: | ||
description: The reason for the condition's last transition | ||
in CamelCase. The specific API may choose whether or not this | ||
field is considered a guaranteed API. This field may not be | ||
empty. | ||
type: string | ||
severity: | ||
description: Severity provides an explicit classification of | ||
Reason code, so the users or machines can immediately understand | ||
the current situation and act accordingly. The Severity field | ||
MUST be set only when Status=False. | ||
type: string | ||
status: | ||
description: Status of the condition, one of True, False, Unknown. | ||
type: string | ||
type: | ||
description: Type of condition in CamelCase or in foo.example.com/CamelCase. | ||
Many .condition.type values are consistent across resources | ||
like Available, but because arbitrary conditions can be useful | ||
(see .node.status.conditions), the ability to deconflict is | ||
important. | ||
type: string | ||
required: | ||
- lastTransitionTime | ||
- status | ||
- type | ||
type: object | ||
type: array | ||
type: object | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
/* | ||
Copyright 2022 The KCP Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1alpha1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
||
conditionsv1alpha1 "github.com/kcp-dev/kcp/pkg/apis/third_party/conditions/apis/conditions/v1alpha1" | ||
) | ||
|
||
// APILifecycle | ||
// | ||
// +crd | ||
// +genclient | ||
// +genclient:nonNamespaced | ||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | ||
// +kubebuilder:subresource:status | ||
// +kubebuilder:resource:scope=Cluster,categories=kcp | ||
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" | ||
type APILifecycle struct { | ||
metav1.TypeMeta `json:",inline"` | ||
// +optional | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
// Spec holds the desired state. | ||
// +required | ||
// +kubebuilder:validation:Required | ||
Spec APILifecycleSpec `json:"spec,omitempty"` | ||
|
||
// Status communicates the observed state. | ||
// +optional | ||
Status APILifecycleStatus `json:"status,omitempty"` | ||
} | ||
|
||
func (in *APILifecycle) GetConditions() conditionsv1alpha1.Conditions { | ||
return in.Status.Conditions | ||
} | ||
|
||
func (in *APILifecycle) SetConditions(conditions conditionsv1alpha1.Conditions) { | ||
in.Status.Conditions = conditions | ||
} | ||
|
||
// APILifecycleSpec records the APIs and implementations that are to be bound. | ||
type APILifecycleSpec struct { | ||
// reference uniquely identifies an APIExport | ||
// | ||
// +required | ||
// +kubebuilder:validation:Required | ||
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="APIExport reference must not be changed" | ||
Reference string `json:"reference"` | ||
|
||
// hooks hold all possible lifecycle hooks | ||
// | ||
// +required | ||
// +kubebuilder:validation:Required | ||
Hooks APILifecycleHooks `json:"hooks"` | ||
|
||
// permissionClaims records decisions about permission claims requested by the API service provider. | ||
// Individual claims can be accepted or rejected. If accepted, the API service provider gets the | ||
// requested access to the specified resources in this workspace. Access is granted per | ||
// GroupResource, identity, and other properties. | ||
// | ||
// +optional | ||
PermissionClaims []PermissionClaim `json:"permissionClaims,omitempty"` | ||
} | ||
|
||
// APILifecycleHooks defines the lifecycle hooks | ||
type APILifecycleHooks struct { | ||
// bind is invoked when a binding is created and updated | ||
// +optional | ||
Bind *APILifecycleHook `json:"bind"` | ||
} | ||
|
||
type APILifecycleHook struct { | ||
// url where the hook is located | ||
URL string `json:"url"` | ||
} | ||
|
||
// APIBindingStatus records which schemas are bound. | ||
type APILifecycleStatus struct { | ||
|
||
// conditions is a list of conditions that apply to the APIBinding. | ||
// | ||
// +optional | ||
Conditions conditionsv1alpha1.Conditions `json:"conditions,omitempty"` | ||
} | ||
|
||
// These are valid conditions of APIBinding. | ||
const ( | ||
// APILifecycleValid is a condition for APIBinding that reflects the validity of the referenced APIExport. | ||
APILifecycleValid conditionsv1alpha1.ConditionType = "APIExportValid" | ||
) | ||
|
||
// APILifecyleList is a list of APIBinding resources | ||
// | ||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | ||
type APILifecycleList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata"` | ||
|
||
Items []APILifecycle `json:"items"` | ||
} |
Oops, something went wrong.