feat(config): add combined users property as successor for usergroups (#1767)

* feat(config): add combined users property as successor for usergroups and usernames configuration Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(crds): add proper deprecation notices on properties and via admission warnings Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: add local monitoring environment Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
2026-02-14 09:59:57 +00:00 · 2025-12-04 12:18:07 +01:00
parent dd39e1a6d5
commit 584d372521
54 changed files with 6700 additions and 126 deletions
--- a/api/v1beta2/capsuleconfiguration_types.go
+++ b/api/v1beta2/capsuleconfiguration_types.go
@@ -11,8 +11,15 @@ import (

 // CapsuleConfigurationSpec defines the Capsule configuration.
 type CapsuleConfigurationSpec struct {
+	// Define entities which are considered part of the Capsule construct
+	// Users not mentioned here will be ignored by Capsule
+	Users api.UserListSpec `json:"users,omitempty"`
+	// Deprecated: use users property instead (https://projectcapsule.dev/docs/operating/setup/configuration/#users)
+	//
 	// Names of the users considered as Capsule users.
 	UserNames []string `json:"userNames,omitempty"`
+	// Deprecated: use users property instead (https://projectcapsule.dev/docs/operating/setup/configuration/#users)
+	//
 	// Names of the groups considered as Capsule users.
 	// +kubebuilder:default={capsule.clastix.io}
 	UserGroups []string `json:"userGroups,omitempty"`
--- a/api/v1beta2/namespace_options.go
+++ b/api/v1beta2/namespace_options.go
@@ -11,8 +11,9 @@ type NamespaceOptions struct {
 	// +kubebuilder:validation:Minimum=1
 	// Specifies the maximum number of namespaces allowed for that Tenant. Once the namespace quota assigned to the Tenant has been reached, the Tenant owner cannot create further namespaces. Optional.
 	Quota *int32 `json:"quota,omitempty"`
+	// Deprecated: Use additionalMetadataList instead (https://projectcapsule.dev/docs/tenants/metadata/#additionalmetadatalist)
+	//
 	// Specifies additional labels and annotations the Capsule operator places on any Namespace resource in the Tenant. Optional.
-	// Deprecated: Use additionalMetadataList instead
 	AdditionalMetadata *api.AdditionalMetadataSpec `json:"additionalMetadata,omitempty"`
 	// Specifies additional labels and annotations the Capsule operator places on any Namespace resource in the Tenant via a list. Optional.
 	AdditionalMetadataList []api.AdditionalMetadataSelectorSpec `json:"additionalMetadataList,omitempty"`
--- a/api/v1beta2/tenant_types.go
+++ b/api/v1beta2/tenant_types.go
@@ -37,11 +37,13 @@ type TenantSpec struct {
 	ContainerRegistries *api.AllowedListSpec `json:"containerRegistries,omitempty"`
 	// Specifies the label to control the placement of pods on a given pool of worker nodes. All namespaces created within the Tenant will have the node selector annotation. This annotation tells the Kubernetes scheduler to place pods on the nodes having the selector label. Optional.
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+	// Deprecated: Use Tenant Replications instead (https://projectcapsule.dev/docs/replications/)
+	//
 	// Specifies the NetworkPolicies assigned to the Tenant. The assigned NetworkPolicies are inherited by any namespace created in the Tenant. Optional.
-	// Deprecated: Use Tenant Replications instead (https://projectcapsule.dev/docs/replications/)
 	NetworkPolicies api.NetworkPolicySpec `json:"networkPolicies,omitempty"`
-	// Specifies the resource min/max usage restrictions to the Tenant. The assigned values are inherited by any namespace created in the Tenant. Optional.
 	// Deprecated: Use Tenant Replications instead (https://projectcapsule.dev/docs/replications/)
+	//
+	// Specifies the resource min/max usage restrictions to the Tenant. The assigned values are inherited by any namespace created in the Tenant. Optional.
 	LimitRanges api.LimitRangesSpec `json:"limitRanges,omitempty"`
 	// Specifies a list of ResourceQuota resources assigned to the Tenant. The assigned values are inherited by any namespace created in the Tenant. The Capsule operator aggregates ResourceQuota at Tenant level, so that the hard quota is never crossed for the given Tenant. This permits the Tenant owner to consume resources in the Tenant regardless of the namespace. Optional.
 	ResourceQuota api.ResourceQuotaSpec `json:"resourceQuotas,omitempty"`
--- a/api/v1beta2/zz_generated.deepcopy.go
+++ b/api/v1beta2/zz_generated.deepcopy.go
@@ -98,6 +98,11 @@ func (in *CapsuleConfigurationList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CapsuleConfigurationSpec) DeepCopyInto(out *CapsuleConfigurationSpec) {
 	*out = *in
+	if in.Users != nil {
+		in, out := &in.Users, &out.Users
+		*out = make(api.UserListSpec, len(*in))
+		copy(*out, *in)
+	}
 	if in.UserNames != nil {
 		in, out := &in.UserNames, &out.UserNames
 		*out = make([]string, len(*in))