mirror of
https://github.com/projectcapsule/capsule.git
synced 2026-02-14 09:59:57 +00:00
711 lines
41 KiB
YAML
711 lines
41 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: tenants.capsule.clastix.io
|
|
spec:
|
|
group: capsule.clastix.io
|
|
names:
|
|
kind: Tenant
|
|
listKind: TenantList
|
|
plural: tenants
|
|
singular: tenant
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The max amount of Namespaces can be created
|
|
jsonPath: .spec.namespaceQuota
|
|
name: Namespace quota
|
|
type: integer
|
|
- description: The total amount of Namespaces in use
|
|
jsonPath: .status.size
|
|
name: Namespace count
|
|
type: integer
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Tenant is the Schema for the tenants API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: TenantSpec defines the desired state of Tenant
|
|
properties:
|
|
ingressClasses:
|
|
items:
|
|
type: string
|
|
type: array
|
|
limitRanges:
|
|
items:
|
|
description: LimitRangeSpec defines a min/max usage limit for resources
|
|
that match on kind.
|
|
properties:
|
|
limits:
|
|
description: Limits is the list of LimitRangeItem objects that
|
|
are enforced.
|
|
items:
|
|
description: LimitRangeItem defines a min/max usage limit
|
|
for any resource that matches on kind.
|
|
properties:
|
|
default:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: Default resource requirement limit value
|
|
by resource name if resource limit is omitted.
|
|
type: object
|
|
defaultRequest:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: DefaultRequest is the default resource requirement
|
|
request value by resource name if resource request is
|
|
omitted.
|
|
type: object
|
|
max:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: Max usage constraints on this kind by resource
|
|
name.
|
|
type: object
|
|
maxLimitRequestRatio:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: MaxLimitRequestRatio if specified, the named
|
|
resource must have a request and limit that are both
|
|
non-zero where limit divided by request is less than
|
|
or equal to the enumerated value; this represents the
|
|
max burst for the named resource.
|
|
type: object
|
|
min:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: Min usage constraints on this kind by resource
|
|
name.
|
|
type: object
|
|
type:
|
|
description: Type of resource that this limit applies
|
|
to.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
type: array
|
|
required:
|
|
- limits
|
|
type: object
|
|
type: array
|
|
namespaceQuota:
|
|
minimum: 1
|
|
type: integer
|
|
networkPolicies:
|
|
items:
|
|
description: NetworkPolicySpec provides the specification of a NetworkPolicy
|
|
properties:
|
|
egress:
|
|
description: List of egress rules to be applied to the selected
|
|
pods. Outgoing traffic is allowed if there are no NetworkPolicies
|
|
selecting the pod (and cluster policy otherwise allows the
|
|
traffic), OR if the traffic matches at least one egress rule
|
|
across all of the NetworkPolicy objects whose podSelector
|
|
matches the pod. If this field is empty then this NetworkPolicy
|
|
limits all outgoing traffic (and serves solely to ensure that
|
|
the pods it selects are isolated by default). This field is
|
|
beta-level in 1.8
|
|
items:
|
|
description: NetworkPolicyEgressRule describes a particular
|
|
set of traffic that is allowed out of pods matched by a
|
|
NetworkPolicySpec's podSelector. The traffic must match
|
|
both ports and to. This type is beta-level in 1.8
|
|
properties:
|
|
ports:
|
|
description: List of destination ports for outgoing traffic.
|
|
Each item in this list is combined using a logical OR.
|
|
If this field is empty or missing, this rule matches
|
|
all ports (traffic not restricted by port). If this
|
|
field is present and contains at least one item, then
|
|
this rule allows traffic only if the traffic matches
|
|
at least one port in the list.
|
|
items:
|
|
description: NetworkPolicyPort describes a port to allow
|
|
traffic on
|
|
properties:
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: The port on the given protocol. This
|
|
can either be a numerical or named port on a pod.
|
|
If this field is not provided, this matches all
|
|
port names and numbers.
|
|
x-kubernetes-int-or-string: true
|
|
protocol:
|
|
description: The protocol (TCP, UDP, or SCTP) which
|
|
traffic must match. If not specified, this field
|
|
defaults to TCP.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
to:
|
|
description: List of destinations for outgoing traffic
|
|
of pods selected for this rule. Items in this list are
|
|
combined using a logical OR operation. If this field
|
|
is empty or missing, this rule matches all destinations
|
|
(traffic not restricted by destination). If this field
|
|
is present and contains at least one item, this rule
|
|
allows traffic only if the traffic matches at least
|
|
one item in the to list.
|
|
items:
|
|
description: NetworkPolicyPeer describes a peer to allow
|
|
traffic from. Only certain combinations of fields
|
|
are allowed
|
|
properties:
|
|
ipBlock:
|
|
description: IPBlock defines policy on a particular
|
|
IPBlock. If this field is set then neither of
|
|
the other fields can be.
|
|
properties:
|
|
cidr:
|
|
description: CIDR is a string representing the
|
|
IP Block Valid examples are "192.168.1.1/24"
|
|
or "2001:db9::/64"
|
|
type: string
|
|
except:
|
|
description: Except is a slice of CIDRs that
|
|
should not be included within an IP Block
|
|
Valid examples are "192.168.1.1/24" or "2001:db9::/64"
|
|
Except values will be rejected if they are
|
|
outside the CIDR range
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- cidr
|
|
type: object
|
|
namespaceSelector:
|
|
description: "Selects Namespaces using cluster-scoped
|
|
labels. This field follows standard label selector
|
|
semantics; if present but empty, it selects all
|
|
namespaces. \n If PodSelector is also set, then
|
|
the NetworkPolicyPeer as a whole selects the Pods
|
|
matching PodSelector in the Namespaces selected
|
|
by NamespaceSelector. Otherwise it selects all
|
|
Pods in the Namespaces selected by NamespaceSelector."
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
podSelector:
|
|
description: "This is a label selector which selects
|
|
Pods. This field follows standard label selector
|
|
semantics; if present but empty, it selects all
|
|
pods. \n If NamespaceSelector is also set, then
|
|
the NetworkPolicyPeer as a whole selects the Pods
|
|
matching PodSelector in the Namespaces selected
|
|
by NamespaceSelector. Otherwise it selects the
|
|
Pods matching PodSelector in the policy's own
|
|
Namespace."
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
ingress:
|
|
description: List of ingress rules to be applied to the selected
|
|
pods. Traffic is allowed to a pod if there are no NetworkPolicies
|
|
selecting the pod (and cluster policy otherwise allows the
|
|
traffic), OR if the traffic source is the pod's local node,
|
|
OR if the traffic matches at least one ingress rule across
|
|
all of the NetworkPolicy objects whose podSelector matches
|
|
the pod. If this field is empty then this NetworkPolicy does
|
|
not allow any traffic (and serves solely to ensure that the
|
|
pods it selects are isolated by default)
|
|
items:
|
|
description: NetworkPolicyIngressRule describes a particular
|
|
set of traffic that is allowed to the pods matched by a
|
|
NetworkPolicySpec's podSelector. The traffic must match
|
|
both ports and from.
|
|
properties:
|
|
from:
|
|
description: List of sources which should be able to access
|
|
the pods selected for this rule. Items in this list
|
|
are combined using a logical OR operation. If this field
|
|
is empty or missing, this rule matches all sources (traffic
|
|
not restricted by source). If this field is present
|
|
and contains at least one item, this rule allows traffic
|
|
only if the traffic matches at least one item in the
|
|
from list.
|
|
items:
|
|
description: NetworkPolicyPeer describes a peer to allow
|
|
traffic from. Only certain combinations of fields
|
|
are allowed
|
|
properties:
|
|
ipBlock:
|
|
description: IPBlock defines policy on a particular
|
|
IPBlock. If this field is set then neither of
|
|
the other fields can be.
|
|
properties:
|
|
cidr:
|
|
description: CIDR is a string representing the
|
|
IP Block Valid examples are "192.168.1.1/24"
|
|
or "2001:db9::/64"
|
|
type: string
|
|
except:
|
|
description: Except is a slice of CIDRs that
|
|
should not be included within an IP Block
|
|
Valid examples are "192.168.1.1/24" or "2001:db9::/64"
|
|
Except values will be rejected if they are
|
|
outside the CIDR range
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- cidr
|
|
type: object
|
|
namespaceSelector:
|
|
description: "Selects Namespaces using cluster-scoped
|
|
labels. This field follows standard label selector
|
|
semantics; if present but empty, it selects all
|
|
namespaces. \n If PodSelector is also set, then
|
|
the NetworkPolicyPeer as a whole selects the Pods
|
|
matching PodSelector in the Namespaces selected
|
|
by NamespaceSelector. Otherwise it selects all
|
|
Pods in the Namespaces selected by NamespaceSelector."
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
podSelector:
|
|
description: "This is a label selector which selects
|
|
Pods. This field follows standard label selector
|
|
semantics; if present but empty, it selects all
|
|
pods. \n If NamespaceSelector is also set, then
|
|
the NetworkPolicyPeer as a whole selects the Pods
|
|
matching PodSelector in the Namespaces selected
|
|
by NamespaceSelector. Otherwise it selects the
|
|
Pods matching PodSelector in the policy's own
|
|
Namespace."
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
ports:
|
|
description: List of ports which should be made accessible
|
|
on the pods selected for this rule. Each item in this
|
|
list is combined using a logical OR. If this field is
|
|
empty or missing, this rule matches all ports (traffic
|
|
not restricted by port). If this field is present and
|
|
contains at least one item, then this rule allows traffic
|
|
only if the traffic matches at least one port in the
|
|
list.
|
|
items:
|
|
description: NetworkPolicyPort describes a port to allow
|
|
traffic on
|
|
properties:
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: The port on the given protocol. This
|
|
can either be a numerical or named port on a pod.
|
|
If this field is not provided, this matches all
|
|
port names and numbers.
|
|
x-kubernetes-int-or-string: true
|
|
protocol:
|
|
description: The protocol (TCP, UDP, or SCTP) which
|
|
traffic must match. If not specified, this field
|
|
defaults to TCP.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
podSelector:
|
|
description: Selects the pods to which this NetworkPolicy object
|
|
applies. The array of ingress rules is applied to any pods
|
|
selected by this field. Multiple network policies can select
|
|
the same set of pods. In this case, the ingress rules for
|
|
each are combined additively. This field is NOT optional and
|
|
follows standard label selector semantics. An empty podSelector
|
|
matches all pods in this namespace.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector
|
|
requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector
|
|
that contains values, a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship
|
|
to a set of values. Valid operators are In, NotIn,
|
|
Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values.
|
|
If the operator is In or NotIn, the values array
|
|
must be non-empty. If the operator is Exists or
|
|
DoesNotExist, the values array must be empty. This
|
|
array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
policyTypes:
|
|
description: List of rule types that the NetworkPolicy relates
|
|
to. Valid options are "Ingress", "Egress", or "Ingress,Egress".
|
|
If this field is not specified, it will default based on the
|
|
existence of Ingress or Egress rules; policies that contain
|
|
an Egress section are assumed to affect Egress, and all policies
|
|
(whether or not they contain an Ingress section) are assumed
|
|
to affect Ingress. If you want to write an egress-only policy,
|
|
you must explicitly specify policyTypes [ "Egress" ]. Likewise,
|
|
if you want to write a policy that specifies that no egress
|
|
is allowed, you must specify a policyTypes value that include
|
|
"Egress" (since such a policy would not include an Egress
|
|
section and would otherwise default to just [ "Ingress" ]).
|
|
This field is beta-level in 1.8
|
|
items:
|
|
description: Policy Type string describes the NetworkPolicy
|
|
type This type is beta-level in 1.8
|
|
type: string
|
|
type: array
|
|
required:
|
|
- podSelector
|
|
type: object
|
|
type: array
|
|
nodeSelector:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
owner:
|
|
type: string
|
|
resourceQuotas:
|
|
items:
|
|
description: ResourceQuotaSpec defines the desired hard limits to
|
|
enforce for Quota.
|
|
properties:
|
|
hard:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'hard is the set of desired hard limits for each
|
|
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
|
|
type: object
|
|
scopeSelector:
|
|
description: scopeSelector is also a collection of filters like
|
|
scopes that must match each object tracked by a quota but
|
|
expressed using ScopeSelectorOperator in combination with
|
|
possible values. For a resource to match, both scopes AND
|
|
scopeSelector (if specified in spec), must be matched.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of scope selector requirements by scope
|
|
of the resources.
|
|
items:
|
|
description: A scoped-resource selector requirement is
|
|
a selector that contains values, a scope name, and an
|
|
operator that relates the scope name and values.
|
|
properties:
|
|
operator:
|
|
description: Represents a scope's relationship to
|
|
a set of values. Valid operators are In, NotIn,
|
|
Exists, DoesNotExist.
|
|
type: string
|
|
scopeName:
|
|
description: The name of the scope that the selector
|
|
applies to.
|
|
type: string
|
|
values:
|
|
description: An array of string values. If the operator
|
|
is In or NotIn, the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist, the values
|
|
array must be empty. This array is replaced during
|
|
a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- operator
|
|
- scopeName
|
|
type: object
|
|
type: array
|
|
type: object
|
|
scopes:
|
|
description: A collection of filters that must match each object
|
|
tracked by a quota. If not specified, the quota matches all
|
|
objects.
|
|
items:
|
|
description: A ResourceQuotaScope defines a filter that must
|
|
match each object tracked by a quota
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: array
|
|
storageClasses:
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- ingressClasses
|
|
- limitRanges
|
|
- namespaceQuota
|
|
- owner
|
|
- storageClasses
|
|
type: object
|
|
status:
|
|
description: TenantStatus defines the observed state of Tenant
|
|
properties:
|
|
groups:
|
|
items:
|
|
type: string
|
|
type: array
|
|
namespaces:
|
|
items:
|
|
type: string
|
|
type: array
|
|
size:
|
|
type: integer
|
|
users:
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- size
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|