diff --git a/charts/k3k/templates/crds/k3k.io_clusters.yaml b/charts/k3k/templates/crds/k3k.io_clusters.yaml index 5646564..0e3212d 100644 --- a/charts/k3k/templates/crds/k3k.io_clusters.yaml +++ b/charts/k3k/templates/crds/k3k.io_clusters.yaml @@ -15,1073 +15,1073 @@ spec: singular: cluster scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.mode - name: Mode - type: string - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .status.policyName - name: Policy - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - Cluster defines a virtual Kubernetes cluster managed by k3k. - It specifies the desired state of a virtual cluster, including version, node configuration, and networking. - k3k uses this to provision and manage these virtual clusters. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - default: {} - description: Spec defines the desired state of the Cluster. - properties: - addons: - description: Addons specifies secrets containing raw YAML to deploy on cluster startup. - items: - description: Addon specifies a Secret containing YAML to be deployed on cluster startup. - properties: - secretNamespace: - description: SecretNamespace is the namespace of the Secret. - type: string - secretRef: - description: SecretRef is the name of the Secret. - type: string - type: object - type: array - agentArgs: - description: |- - AgentArgs specifies ordered key-value pairs for K3s agent pods. - Example: ["--node-name=my-agent-node"] - items: - type: string - type: array - agentEnvs: - description: AgentEnvs specifies list of environment variables to set in the agent pod. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - agents: - default: 0 - description: |- - Agents specifies the number of K3s pods to run in agent (worker) mode. - Must be 0 or greater. Defaults to 0. - This field is ignored in "shared" mode. - format: int32 - type: integer - x-kubernetes-validations: - - message: invalid value for agents - rule: self >= 0 - clusterCIDR: - description: |- - ClusterCIDR is the CIDR range for pod IPs. - Defaults to 10.42.0.0/16 in shared mode and 10.52.0.0/16 in virtual mode. - This field is immutable. - type: string - x-kubernetes-validations: - - message: clusterCIDR is immutable - rule: self == oldSelf - clusterDNS: - description: |- - ClusterDNS is the IP address for the CoreDNS service. - Must be within the ServiceCIDR range. Defaults to 10.43.0.10. - This field is immutable. - type: string - x-kubernetes-validations: - - message: clusterDNS is immutable - rule: self == oldSelf - customCAs: - description: CustomCAs specifies the cert/key pairs for custom CA certificates. + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .status.policyName + name: Policy + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + Cluster defines a virtual Kubernetes cluster managed by k3k. + It specifies the desired state of a virtual cluster, including version, node configuration, and networking. + k3k uses this to provision and manage these virtual clusters. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: Spec defines the desired state of the Cluster. + properties: + addons: + description: Addons specifies secrets containing raw YAML to deploy on cluster startup. + items: + description: Addon specifies a Secret containing YAML to be deployed on cluster startup. properties: - enabled: - default: true - description: Enabled toggles this feature on or off. - type: boolean - sources: - description: Sources defines the sources for all required custom CA certificates. - properties: - clientCA: - description: ClientCA specifies the client-ca cert/key pair. - properties: - secretName: - description: |- - The secret must contain specific keys based on the credential type: - - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. - - For the ServiceAccountToken signing key: `tls.key`. - type: string - required: - - secretName - type: object - etcdPeerCA: - description: ETCDPeerCA specifies the etcd-peer-ca cert/key pair. - properties: - secretName: - description: |- - The secret must contain specific keys based on the credential type: - - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. - - For the ServiceAccountToken signing key: `tls.key`. - type: string - required: - - secretName - type: object - etcdServerCA: - description: ETCDServerCA specifies the etcd-server-ca cert/key pair. - properties: - secretName: - description: |- - The secret must contain specific keys based on the credential type: - - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. - - For the ServiceAccountToken signing key: `tls.key`. - type: string - required: - - secretName - type: object - requestHeaderCA: - description: RequestHeaderCA specifies the request-header-ca cert/key pair. - properties: - secretName: - description: |- - The secret must contain specific keys based on the credential type: - - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. - - For the ServiceAccountToken signing key: `tls.key`. - type: string - required: - - secretName - type: object - serverCA: - description: ServerCA specifies the server-ca cert/key pair. - properties: - secretName: - description: |- - The secret must contain specific keys based on the credential type: - - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. - - For the ServiceAccountToken signing key: `tls.key`. - type: string - required: - - secretName - type: object - serviceAccountToken: - description: ServiceAccountToken specifies the service-account-token key. - properties: - secretName: - description: |- - The secret must contain specific keys based on the credential type: - - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. - - For the ServiceAccountToken signing key: `tls.key`. - type: string - required: - - secretName - type: object - required: - - clientCA - - etcdPeerCA - - etcdServerCA - - requestHeaderCA - - serverCA - - serviceAccountToken - type: object - required: - - enabled - - sources - type: object - expose: - description: |- - Expose specifies options for exposing the API server. - By default, it's only exposed as a ClusterIP. - properties: - ingress: - description: Ingress specifies options for exposing the API server through an Ingress. - properties: - annotations: - additionalProperties: - type: string - description: Annotations specifies annotations to add to the Ingress. - type: object - ingressClassName: - description: IngressClassName specifies the IngressClass to use for the Ingress. - type: string - type: object - loadBalancer: - description: LoadBalancer specifies options for exposing the API server through a LoadBalancer service. - properties: - etcdPort: - description: |- - ETCDPort is the port on which the ETCD service is exposed when type is LoadBalancer. - If not specified, the default etcd 2379 port will be allocated. - If 0 or negative, the port will not be exposed. - format: int32 - type: integer - serverPort: - description: |- - ServerPort is the port on which the K3s server is exposed when type is LoadBalancer. - If not specified, the default https 443 port will be allocated. - If 0 or negative, the port will not be exposed. - format: int32 - type: integer - type: object - nodePort: - description: NodePort specifies options for exposing the API server through NodePort. - properties: - etcdPort: - description: |- - ETCDPort is the port on each node on which the ETCD service is exposed when type is NodePort. - If not specified, a random port between 30000-32767 will be allocated. - If out of range, the port will not be exposed. - format: int32 - type: integer - serverPort: - description: |- - ServerPort is the port on each node on which the K3s server is exposed when type is NodePort. - If not specified, a random port between 30000-32767 will be allocated. - If out of range, the port will not be exposed. - format: int32 - type: integer - type: object - type: object - x-kubernetes-validations: - - message: ingress, loadbalancer and nodePort are mutually exclusive; only one can be set - rule: '[has(self.ingress), has(self.loadBalancer), has(self.nodePort)].filter(x, x).size() <= 1' - mirrorHostNodes: - description: |- - MirrorHostNodes controls whether node objects from the host cluster - are mirrored into the virtual cluster. - type: boolean - mode: - allOf: - - enum: - - shared - - virtual - - enum: - - shared - - virtual - default: shared - description: |- - Mode specifies the cluster provisioning mode: "shared" or "virtual". - Defaults to "shared". This field is immutable. - type: string - x-kubernetes-validations: - - message: mode is immutable - rule: self == oldSelf - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector specifies node labels to constrain where server/agent pods are scheduled. - In "shared" mode, this also applies to workloads. - type: object - persistence: - description: |- - Persistence specifies options for persisting etcd data. - Defaults to dynamic persistence, which uses a PersistentVolumeClaim to provide data persistence. - A default StorageClass is required for dynamic persistence. - properties: - storageClassName: - description: |- - StorageClassName is the name of the StorageClass to use for the PVC. - This field is only relevant in "dynamic" mode. + secretNamespace: + description: SecretNamespace is the namespace of the Secret. type: string - storageRequestSize: - anyOf: - - type: integer - - type: string - default: 2G - description: |- - StorageRequestSize is the requested size for the PVC. - This field is only relevant in "dynamic" mode. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - x-kubernetes-validations: - - message: storageRequestSize is immutable - rule: self == oldSelf - type: - default: dynamic - description: Type specifies the persistence mode. + secretRef: + description: SecretRef is the name of the Secret. type: string type: object - priorityClass: - description: |- - PriorityClass specifies the priorityClassName for server/agent pods. - In "shared" mode, this also applies to workloads. + type: array + agentArgs: + description: |- + AgentArgs specifies ordered key-value pairs for K3s agent pods. + Example: ["--node-name=my-agent-node"] + items: type: string - secretMounts: - description: |- - SecretMounts specifies a list of secrets to mount into server and agent pods. - Each entry defines a secret and its mount path within the pods. - items: - description: |- - SecretMount defines a secret to be mounted into server or agent pods, - allowing for custom configurations, certificates, or other sensitive data. - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. + type: array + agentEnvs: + description: AgentEnvs specifies list of environment variables to set in the agent pod. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: - description: key is the key to project. + description: The key to select. type: string - mode: + name: + default: "" description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. type: string required: - - key - - path + - fieldPath type: object - type: array - x-kubernetes-list-type: atomic - mountPath: - description: |- - MountPath is the path within server and agent pods where the - secret contents will be mounted. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - role: - description: |- - Role is the type of the k3k pod that will be used to mount the secret. - This can be 'server', 'agent', or 'all' (for both). - enum: - - server - - agent - - all - type: string - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - subPath: - description: |- - SubPath is an optional path within the secret to mount instead of the root. - When specified, only the specified key from the secret will be mounted as a file - at MountPath, keeping the parent directory writable. - type: string - type: object - type: array - serverArgs: - description: |- - ServerArgs specifies ordered key-value pairs for K3s server pods. - Example: ["--tls-san=example.com"] - items: - type: string - type: array - serverEnvs: - description: ServerEnvs specifies list of environment variables to set in the server pod. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - serverLimit: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: ServerLimit specifies resource limits for server nodes. - type: object - servers: - default: 1 - description: |- - Servers specifies the number of K3s pods to run in server (control plane) mode. - Must be at least 1. Defaults to 1. - format: int32 - type: integer - x-kubernetes-validations: - - message: cluster must have at least one server - rule: self >= 1 - serviceCIDR: - description: |- - ServiceCIDR is the CIDR range for service IPs. - Defaults to 10.43.0.0/16 in shared mode and 10.53.0.0/16 in virtual mode. - This field is immutable. - type: string - x-kubernetes-validations: - - message: serviceCIDR is immutable - rule: self == oldSelf - sync: - default: {} - description: Sync specifies the resources types that will be synced from virtual cluster to host cluster. - properties: - configMaps: - default: - enabled: true - description: ConfigMaps resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string + x-kubernetes-map-type: atomic + resourceFieldRef: description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - ingresses: - default: - enabled: false - description: Ingresses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - persistentVolumeClaims: - default: - enabled: true - description: PersistentVolumeClaims resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - priorityClasses: - default: - enabled: false - description: PriorityClasses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - secrets: - default: - enabled: true - description: Secrets resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - type: object - services: - default: - enabled: true - description: Services resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - storageClasses: - default: - enabled: false - description: StorageClasses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - type: object - tlsSANs: - description: TLSSANs specifies subject alternative names for the K3s server certificate. - items: - type: string - type: array - tokenSecretRef: - description: |- - TokenSecretRef is a Secret reference containing the token used by worker nodes to join the cluster. - The Secret must have a "token" field in its data. - properties: - name: - description: name is unique within a namespace to reference a secret resource. - type: string - namespace: - description: namespace defines the space within which the secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - version: - description: |- - Version is the K3s version to use for the virtual nodes. - It should follow the K3s versioning convention (e.g., v1.28.2-k3s1). - If not specified, the Kubernetes version of the host node will be used. - type: string - workerLimit: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: WorkerLimit specifies resource limits for agent nodes. - type: object - type: object - status: - default: {} - description: Status reflects the observed state of the Cluster. - properties: - clusterCIDR: - description: ClusterCIDR is the CIDR range for pod IPs. - type: string - clusterDNS: - description: ClusterDNS is the IP address for the CoreDNS service. - type: string - conditions: - description: Conditions are the individual conditions for the cluster set. - items: - description: Condition contains details for one aspect of the current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - hostVersion: - description: HostVersion is the Kubernetes version of the host node. - type: string - kubeletPort: - description: KubeletPort specefies the port used by k3k-kubelet in shared mode. - type: integer - phase: - default: Unknown - description: Phase is a high-level summary of the cluster's current lifecycle state. - enum: - - Pending - - Provisioning - - Ready - - Failed - - Terminating - - Unknown - type: string - policy: - description: |- - policy represents the status of the policy applied to this cluster. - This field is set by the VirtualClusterPolicy controller. - properties: - name: - description: name is the name of the VirtualClusterPolicy currently applied to this cluster. - minLength: 1 - type: string - nodeSelector: - additionalProperties: - type: string - description: nodeSelector is a node selector enforced by the active VirtualClusterPolicy. - type: object - priorityClass: - description: priorityClass is the priority class enforced by the active VirtualClusterPolicy. - type: string - sync: - description: sync is the SyncConfig enforced by the active VirtualClusterPolicy. - properties: - configMaps: - default: - enabled: true - description: ConfigMaps resources sync configuration. + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string required: - - enabled + - resource type: object - ingresses: - default: - enabled: false - description: Ingresses resources sync configuration. + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean required: - - enabled - type: object - persistentVolumeClaims: - default: - enabled: true - description: PersistentVolumeClaims resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - priorityClasses: - default: - enabled: false - description: PriorityClasses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - secrets: - default: - enabled: true - description: Secrets resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - type: object - services: - default: - enabled: true - description: Services resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - storageClasses: - default: - enabled: false - description: StorageClasses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled + - key type: object + x-kubernetes-map-type: atomic type: object required: - - name + - name type: object - policyName: - description: PolicyName specifies the virtual cluster policy name bound to the virtual cluster. + type: array + agents: + default: 0 + description: |- + Agents specifies the number of K3s pods to run in agent (worker) mode. + Must be 0 or greater. Defaults to 0. + This field is ignored in "shared" mode. + format: int32 + type: integer + x-kubernetes-validations: + - message: invalid value for agents + rule: self >= 0 + clusterCIDR: + description: |- + ClusterCIDR is the CIDR range for pod IPs. + Defaults to 10.42.0.0/16 in shared mode and 10.52.0.0/16 in virtual mode. + This field is immutable. + type: string + x-kubernetes-validations: + - message: clusterCIDR is immutable + rule: self == oldSelf + clusterDNS: + description: |- + ClusterDNS is the IP address for the CoreDNS service. + Must be within the ServiceCIDR range. Defaults to 10.43.0.10. + This field is immutable. + type: string + x-kubernetes-validations: + - message: clusterDNS is immutable + rule: self == oldSelf + customCAs: + description: CustomCAs specifies the cert/key pairs for custom CA certificates. + properties: + enabled: + default: true + description: Enabled toggles this feature on or off. + type: boolean + sources: + description: Sources defines the sources for all required custom CA certificates. + properties: + clientCA: + description: ClientCA specifies the client-ca cert/key pair. + properties: + secretName: + description: |- + The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + type: string + required: + - secretName + type: object + etcdPeerCA: + description: ETCDPeerCA specifies the etcd-peer-ca cert/key pair. + properties: + secretName: + description: |- + The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + type: string + required: + - secretName + type: object + etcdServerCA: + description: ETCDServerCA specifies the etcd-server-ca cert/key pair. + properties: + secretName: + description: |- + The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + type: string + required: + - secretName + type: object + requestHeaderCA: + description: RequestHeaderCA specifies the request-header-ca cert/key pair. + properties: + secretName: + description: |- + The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + type: string + required: + - secretName + type: object + serverCA: + description: ServerCA specifies the server-ca cert/key pair. + properties: + secretName: + description: |- + The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + type: string + required: + - secretName + type: object + serviceAccountToken: + description: ServiceAccountToken specifies the service-account-token key. + properties: + secretName: + description: |- + The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + type: string + required: + - secretName + type: object + required: + - clientCA + - etcdPeerCA + - etcdServerCA + - requestHeaderCA + - serverCA + - serviceAccountToken + type: object + required: + - enabled + - sources + type: object + expose: + description: |- + Expose specifies options for exposing the API server. + By default, it's only exposed as a ClusterIP. + properties: + ingress: + description: Ingress specifies options for exposing the API server through an Ingress. + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies annotations to add to the Ingress. + type: object + ingressClassName: + description: IngressClassName specifies the IngressClass to use for the Ingress. + type: string + type: object + loadBalancer: + description: LoadBalancer specifies options for exposing the API server through a LoadBalancer service. + properties: + etcdPort: + description: |- + ETCDPort is the port on which the ETCD service is exposed when type is LoadBalancer. + If not specified, the default etcd 2379 port will be allocated. + If 0 or negative, the port will not be exposed. + format: int32 + type: integer + serverPort: + description: |- + ServerPort is the port on which the K3s server is exposed when type is LoadBalancer. + If not specified, the default https 443 port will be allocated. + If 0 or negative, the port will not be exposed. + format: int32 + type: integer + type: object + nodePort: + description: NodePort specifies options for exposing the API server through NodePort. + properties: + etcdPort: + description: |- + ETCDPort is the port on each node on which the ETCD service is exposed when type is NodePort. + If not specified, a random port between 30000-32767 will be allocated. + If out of range, the port will not be exposed. + format: int32 + type: integer + serverPort: + description: |- + ServerPort is the port on each node on which the K3s server is exposed when type is NodePort. + If not specified, a random port between 30000-32767 will be allocated. + If out of range, the port will not be exposed. + format: int32 + type: integer + type: object + type: object + x-kubernetes-validations: + - message: ingress, loadbalancer and nodePort are mutually exclusive; only one can be set + rule: '[has(self.ingress), has(self.loadBalancer), has(self.nodePort)].filter(x, x).size() <= 1' + mirrorHostNodes: + description: |- + MirrorHostNodes controls whether node objects from the host cluster + are mirrored into the virtual cluster. + type: boolean + mode: + allOf: + - enum: + - shared + - virtual + - enum: + - shared + - virtual + default: shared + description: |- + Mode specifies the cluster provisioning mode: "shared" or "virtual". + Defaults to "shared". This field is immutable. + type: string + x-kubernetes-validations: + - message: mode is immutable + rule: self == oldSelf + nodeSelector: + additionalProperties: type: string - serviceCIDR: - description: ServiceCIDR is the CIDR range for service IPs. - type: string - tlsSANs: - description: TLSSANs specifies subject alternative names for the K3s server certificate. - items: + description: |- + NodeSelector specifies node labels to constrain where server/agent pods are scheduled. + In "shared" mode, this also applies to workloads. + type: object + persistence: + description: |- + Persistence specifies options for persisting etcd data. + Defaults to dynamic persistence, which uses a PersistentVolumeClaim to provide data persistence. + A default StorageClass is required for dynamic persistence. + properties: + storageClassName: + description: |- + StorageClassName is the name of the StorageClass to use for the PVC. + This field is only relevant in "dynamic" mode. type: string - type: array - webhookPort: - description: WebhookPort specefies the port used by webhook in k3k-kubelet in shared mode. - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} + storageRequestSize: + anyOf: + - type: integer + - type: string + default: 2G + description: |- + StorageRequestSize is the requested size for the PVC. + This field is only relevant in "dynamic" mode. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: storageRequestSize is immutable + rule: self == oldSelf + type: + default: dynamic + description: Type specifies the persistence mode. + type: string + type: object + priorityClass: + description: |- + PriorityClass specifies the priorityClassName for server/agent pods. + In "shared" mode, this also applies to workloads. + type: string + secretMounts: + description: |- + SecretMounts specifies a list of secrets to mount into server and agent pods. + Each entry defines a secret and its mount path within the pods. + items: + description: |- + SecretMount defines a secret to be mounted into server or agent pods, + allowing for custom configurations, certificates, or other sensitive data. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + mountPath: + description: |- + MountPath is the path within server and agent pods where the + secret contents will be mounted. + type: string + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + role: + description: |- + Role is the type of the k3k pod that will be used to mount the secret. + This can be 'server', 'agent', or 'all' (for both). + enum: + - server + - agent + - all + type: string + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + subPath: + description: |- + SubPath is an optional path within the secret to mount instead of the root. + When specified, only the specified key from the secret will be mounted as a file + at MountPath, keeping the parent directory writable. + type: string + type: object + type: array + serverArgs: + description: |- + ServerArgs specifies ordered key-value pairs for K3s server pods. + Example: ["--tls-san=example.com"] + items: + type: string + type: array + serverEnvs: + description: ServerEnvs specifies list of environment variables to set in the server pod. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + serverLimit: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ServerLimit specifies resource limits for server nodes. + type: object + servers: + default: 1 + description: |- + Servers specifies the number of K3s pods to run in server (control plane) mode. + Must be at least 1. Defaults to 1. + format: int32 + type: integer + x-kubernetes-validations: + - message: cluster must have at least one server + rule: self >= 1 + serviceCIDR: + description: |- + ServiceCIDR is the CIDR range for service IPs. + Defaults to 10.43.0.0/16 in shared mode and 10.53.0.0/16 in virtual mode. + This field is immutable. + type: string + x-kubernetes-validations: + - message: serviceCIDR is immutable + rule: self == oldSelf + sync: + default: {} + description: Sync specifies the resources types that will be synced from virtual cluster to host cluster. + properties: + configMaps: + default: + enabled: true + description: ConfigMaps resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + ingresses: + default: + enabled: false + description: Ingresses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + persistentVolumeClaims: + default: + enabled: true + description: PersistentVolumeClaims resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + priorityClasses: + default: + enabled: false + description: PriorityClasses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + secrets: + default: + enabled: true + description: Secrets resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + type: object + services: + default: + enabled: true + description: Services resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + storageClasses: + default: + enabled: false + description: StorageClasses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + type: object + tlsSANs: + description: TLSSANs specifies subject alternative names for the K3s server certificate. + items: + type: string + type: array + tokenSecretRef: + description: |- + TokenSecretRef is a Secret reference containing the token used by worker nodes to join the cluster. + The Secret must have a "token" field in its data. + properties: + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: |- + Version is the K3s version to use for the virtual nodes. + It should follow the K3s versioning convention (e.g., v1.28.2-k3s1). + If not specified, the Kubernetes version of the host node will be used. + type: string + workerLimit: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: WorkerLimit specifies resource limits for agent nodes. + type: object + type: object + status: + default: {} + description: Status reflects the observed state of the Cluster. + properties: + clusterCIDR: + description: ClusterCIDR is the CIDR range for pod IPs. + type: string + clusterDNS: + description: ClusterDNS is the IP address for the CoreDNS service. + type: string + conditions: + description: Conditions are the individual conditions for the cluster set. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + hostVersion: + description: HostVersion is the Kubernetes version of the host node. + type: string + kubeletPort: + description: KubeletPort specefies the port used by k3k-kubelet in shared mode. + type: integer + phase: + default: Unknown + description: Phase is a high-level summary of the cluster's current lifecycle state. + enum: + - Pending + - Provisioning + - Ready + - Failed + - Terminating + - Unknown + type: string + policy: + description: |- + policy represents the status of the policy applied to this cluster. + This field is set by the VirtualClusterPolicy controller. + properties: + name: + description: name is the name of the VirtualClusterPolicy currently applied to this cluster. + minLength: 1 + type: string + nodeSelector: + additionalProperties: + type: string + description: nodeSelector is a node selector enforced by the active VirtualClusterPolicy. + type: object + priorityClass: + description: priorityClass is the priority class enforced by the active VirtualClusterPolicy. + type: string + sync: + description: sync is the SyncConfig enforced by the active VirtualClusterPolicy. + properties: + configMaps: + default: + enabled: true + description: ConfigMaps resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + ingresses: + default: + enabled: false + description: Ingresses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + persistentVolumeClaims: + default: + enabled: true + description: PersistentVolumeClaims resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + priorityClasses: + default: + enabled: false + description: PriorityClasses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + secrets: + default: + enabled: true + description: Secrets resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + type: object + services: + default: + enabled: true + description: Services resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + storageClasses: + default: + enabled: false + description: StorageClasses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + type: object + required: + - name + type: object + policyName: + description: PolicyName specifies the virtual cluster policy name bound to the virtual cluster. + type: string + serviceCIDR: + description: ServiceCIDR is the CIDR range for service IPs. + type: string + tlsSANs: + description: TLSSANs specifies subject alternative names for the K3s server certificate. + items: + type: string + type: array + webhookPort: + description: WebhookPort specefies the port used by webhook in k3k-kubelet in shared mode. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/k3k/templates/crds/k3k.io_virtualclusterpolicies.yaml b/charts/k3k/templates/crds/k3k.io_virtualclusterpolicies.yaml index 713d938..c064bea 100644 --- a/charts/k3k/templates/crds/k3k.io_virtualclusterpolicies.yaml +++ b/charts/k3k/templates/crds/k3k.io_virtualclusterpolicies.yaml @@ -13,411 +13,411 @@ spec: listKind: VirtualClusterPolicyList plural: virtualclusterpolicies shortNames: - - vcp + - vcp singular: virtualclusterpolicy scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .spec.allowedMode - name: Mode - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - VirtualClusterPolicy allows defining common configurations and constraints - for clusters within a clusterpolicy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - default: {} - description: Spec defines the desired state of the VirtualClusterPolicy. - properties: - allowedMode: - default: shared - description: AllowedMode specifies the allowed cluster provisioning mode. Defaults to "shared". - enum: - - shared - - virtual + - additionalPrinterColumns: + - jsonPath: .spec.allowedMode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + VirtualClusterPolicy allows defining common configurations and constraints + for clusters within a clusterpolicy. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: Spec defines the desired state of the VirtualClusterPolicy. + properties: + allowedMode: + default: shared + description: AllowedMode specifies the allowed cluster provisioning mode. Defaults to "shared". + enum: + - shared + - virtual + type: string + x-kubernetes-validations: + - message: mode is immutable + rule: self == oldSelf + defaultNodeSelector: + additionalProperties: type: string - x-kubernetes-validations: - - message: mode is immutable - rule: self == oldSelf - defaultNodeSelector: - additionalProperties: - type: string - description: DefaultNodeSelector specifies the node selector that applies to all clusters (server + agent) in the target Namespace. - type: object - defaultPriorityClass: - description: DefaultPriorityClass specifies the priorityClassName applied to all pods of all clusters in the target Namespace. - type: string - disableNetworkPolicy: - description: DisableNetworkPolicy indicates whether to disable the creation of a default network policy for cluster isolation. - type: boolean - limit: - description: |- - Limit specifies the LimitRange that will be applied to all pods within the VirtualClusterPolicy - to set defaults and constraints (min/max) - properties: - limits: - description: Limits is the list of LimitRangeItem objects that are enforced. - items: - description: LimitRangeItem defines a min/max usage limit for any resource that matches on kind. - properties: - default: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Default resource requirement limit value by resource name if resource limit is omitted. - type: object - defaultRequest: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - type: object - max: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Max usage constraints on this kind by resource name. - type: object - maxLimitRequestRatio: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - type: object - min: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Min usage constraints on this kind by resource name. - type: object - type: - description: Type of resource that this limit applies to. - type: string - required: - - type - type: object - type: array - x-kubernetes-list-type: atomic - required: - - limits - type: object - podSecurityAdmissionLevel: - description: PodSecurityAdmissionLevel specifies the pod security admission level applied to the pods in the namespace. - enum: - - privileged - - baseline - - restricted - type: string - quota: - description: Quota specifies the resource limits for clusters within a clusterpolicy. - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - hard is the set of desired hard limits for each named resource. - More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - type: object - scopeSelector: - description: |- - scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - but expressed using ScopeSelectorOperator in combination with possible values. - For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + description: DefaultNodeSelector specifies the node selector that applies to all clusters (server + agent) in the target Namespace. + type: object + defaultPriorityClass: + description: DefaultPriorityClass specifies the priorityClassName applied to all pods of all clusters in the target Namespace. + type: string + disableNetworkPolicy: + description: DisableNetworkPolicy indicates whether to disable the creation of a default network policy for cluster isolation. + type: boolean + limit: + description: |- + Limit specifies the LimitRange that will be applied to all pods within the VirtualClusterPolicy + to set defaults and constraints (min/max) + properties: + limits: + description: Limits is the list of LimitRangeItem objects that are enforced. + items: + description: LimitRangeItem defines a min/max usage limit for any resource that matches on kind. properties: - matchExpressions: - description: A list of scope selector requirements by scope of the resources. - items: - description: |- - A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator - that relates the scope name and values. - properties: - operator: - description: |- - Represents a scope's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. - type: string - scopeName: - description: The name of the scope that the selector applies to. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - operator - - scopeName - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - scopes: - description: |- - A collection of filters that must match each object tracked by a quota. - If not specified, the quota matches all objects. - items: - description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota - type: string - type: array - x-kubernetes-list-type: atomic - type: object - sync: - default: {} - description: Sync specifies the resources types that will be synced from virtual cluster to host cluster. - properties: - configMaps: - default: - enabled: true - description: ConfigMaps resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: + default: additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Default resource requirement limit value by resource name if resource limit is omitted. type: object + defaultRequest: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. + type: object + max: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Max usage constraints on this kind by resource name. + type: object + maxLimitRequestRatio: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. + type: object + min: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Min usage constraints on this kind by resource name. + type: object + type: + description: Type of resource that this limit applies to. + type: string required: - - enabled - type: object - ingresses: - default: - enabled: false - description: Ingresses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - persistentVolumeClaims: - default: - enabled: true - description: PersistentVolumeClaims resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - priorityClasses: - default: - enabled: false - description: PriorityClasses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - secrets: - default: - enabled: true - description: Secrets resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - type: object - services: - default: - enabled: true - description: Services resources sync configuration. - properties: - enabled: - default: true - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - storageClasses: - default: - enabled: false - description: StorageClasses resources sync configuration. - properties: - enabled: - default: false - description: Enabled is an on/off switch for syncing resources. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Selector specifies set of labels of the resources that will be synced, if empty - then all resources of the given type will be synced. - type: object - required: - - enabled - type: object - type: object - type: object - status: - description: Status reflects the observed state of the VirtualClusterPolicy. - properties: - conditions: - description: Conditions are the individual conditions for the cluster set. - items: - description: Condition contains details for one aspect of the current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - limits + type: object + podSecurityAdmissionLevel: + description: PodSecurityAdmissionLevel specifies the pod security admission level applied to the pods in the namespace. + enum: + - privileged + - baseline + - restricted + type: string + quota: + description: Quota specifies the resource limits for clusters within a clusterpolicy. + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + hard is the set of desired hard limits for each named resource. + More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ type: object - type: array - lastUpdateTime: - description: LastUpdate is the timestamp when the status was last updated. - type: string - observedGeneration: - description: ObservedGeneration was the generation at the time the status was updated. - format: int64 - type: integer - summary: - description: Summary is a summary of the status. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} + scopeSelector: + description: |- + scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota + but expressed using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope of the resources. + items: + description: |- + A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator + that relates the scope name and values. + properties: + operator: + description: |- + Represents a scope's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies to. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - operator + - scopeName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + scopes: + description: |- + A collection of filters that must match each object tracked by a quota. + If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota + type: string + type: array + x-kubernetes-list-type: atomic + type: object + sync: + default: {} + description: Sync specifies the resources types that will be synced from virtual cluster to host cluster. + properties: + configMaps: + default: + enabled: true + description: ConfigMaps resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + ingresses: + default: + enabled: false + description: Ingresses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + persistentVolumeClaims: + default: + enabled: true + description: PersistentVolumeClaims resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + priorityClasses: + default: + enabled: false + description: PriorityClasses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + secrets: + default: + enabled: true + description: Secrets resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + type: object + services: + default: + enabled: true + description: Services resources sync configuration. + properties: + enabled: + default: true + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + storageClasses: + default: + enabled: false + description: StorageClasses resources sync configuration. + properties: + enabled: + default: false + description: Enabled is an on/off switch for syncing resources. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + type: object + required: + - enabled + type: object + type: object + type: object + status: + description: Status reflects the observed state of the VirtualClusterPolicy. + properties: + conditions: + description: Conditions are the individual conditions for the cluster set. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastUpdateTime: + description: LastUpdate is the timestamp when the status was last updated. + type: string + observedGeneration: + description: ObservedGeneration was the generation at the time the status was updated. + format: int64 + type: integer + summary: + description: Summary is a summary of the status. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/scripts/generate b/scripts/generate index 1cdbfbb..820d958 100755 --- a/scripts/generate +++ b/scripts/generate @@ -15,5 +15,5 @@ go run sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_TOOLS_VERSIO # add the 'helm.sh/resource-policy: keep' annotation to the CRDs for f in ./charts/k3k/templates/crds/*.yaml; do echo "Annotating $f" - yq -i '.metadata.annotations["helm.sh/resource-policy"] = "keep"' "$f" + yq -c -i '.metadata.annotations["helm.sh/resource-policy"] = "keep"' "$f" done