github/kamaji
1
0
Fork 0
mirror of https://github.com/clastix/kamaji.git synced 2026-02-14 10:00:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat!: write permissions (#937)

Browse Source 
* fix: decoding object only if requested

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(api): limiting write permissions

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: write permissions handlers, routes, and controller

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: write permissions

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
This commit is contained in:
Dario Tranchitella
2025-10-03 14:30:58 +02:00
committed by GitHub
parent 2b707423ff
commit de459fb5da
16 changed files with 561 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
charts/kamaji-crds/hack/kamaji.clastix.io_tenantcontrolplanes_spec.yaml
View File

@@ -6955,6 +6955,22 @@ versions:
description: 'CIDR for Kubernetes Services: if empty, defaulted to 10.96.0.0/16.'
type: string
type: object
writePermissions:
description: |-
WritePermissions allows to select which operations (create, delete, update) must be blocked:
by default, all actions are allowed, and API Server can write to its Datastore.
By blocking all actions, the Tenant Control Plane can enter in a Read Only mode:
this phase can be used to prevent Datastore quota exhaustion or for your own business logic
(e.g.: blocking creation and update, but allowing deletion to "clean up" space).
properties:
blockCreation:
type: boolean
blockDeletion:
type: boolean
blockUpdate:
type: boolean
type: object
required:
- controlPlane
- kubernetes
@@ -7703,6 +7719,7 @@ versions:
default: Provisioning
description: Status returns the current status of the Kubernetes version, such as its provisioning state, or completed upgrade.
enum:
- Unknown
- Provisioning
- CertificateAuthorityRotating
- Upgrading
@@ -7710,6 +7727,7 @@ versions:
- Ready
- NotReady
- Sleeping
- WriteLimited
type: string
version:
description: Version is the running Kubernetes version of the Tenant Control Plane.

18
charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml
View File

@@ -6963,6 +6963,22 @@ spec:
description: 'CIDR for Kubernetes Services: if empty, defaulted to 10.96.0.0/16.'
type: string
type: object
writePermissions:
description: |-
WritePermissions allows to select which operations (create, delete, update) must be blocked:
by default, all actions are allowed, and API Server can write to its Datastore.
By blocking all actions, the Tenant Control Plane can enter in a Read Only mode:
this phase can be used to prevent Datastore quota exhaustion or for your own business logic
(e.g.: blocking creation and update, but allowing deletion to "clean up" space).
properties:
blockCreation:
type: boolean
blockDeletion:
type: boolean
blockUpdate:
type: boolean
type: object
required:
- controlPlane
- kubernetes
@@ -7711,6 +7727,7 @@ spec:
default: Provisioning
description: Status returns the current status of the Kubernetes version, such as its provisioning state, or completed upgrade.
enum:
- Unknown
- Provisioning
- CertificateAuthorityRotating
- Upgrading
@@ -7718,6 +7735,7 @@ spec:
- Ready
- NotReady
- Sleeping
- WriteLimited
type: string
version:
description: Version is the running Kubernetes version of the Tenant Control Plane.