diff --git a/src/test/ks-core/crds/application.kubesphere.io_applicationreleases.yaml b/src/test/ks-core/crds/application.kubesphere.io_applicationreleases.yaml new file mode 100644 index 000000000..ec1ede4a7 --- /dev/null +++ b/src/test/ks-core/crds/application.kubesphere.io_applicationreleases.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: applicationreleases.application.kubesphere.io +spec: + group: application.kubesphere.io + names: + kind: ApplicationRelease + listKind: ApplicationReleaseList + plural: applicationreleases + shortNames: + - apprls + singular: applicationrelease + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.AppID + name: App Name + type: string + - jsonPath: .metadata.labels.kubesphere\.io/workspace + name: Workspace + type: string + - jsonPath: .metadata.labels.kubesphere\.io/cluster + name: Cluster + type: string + - jsonPath: .metadata.labels.kubesphere\.io/namespace + name: Namespace + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: ApplicationRelease is the Schema for the applicationreleases + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApplicationReleaseSpec defines the desired state of ApplicationRelease + properties: + app_id: + type: string + app_type: + type: string + appVersion_id: + type: string + values: + format: byte + type: string + required: + - appVersion_id + - app_id + type: object + status: + description: ApplicationReleaseStatus defines the observed state of ApplicationRelease + properties: + jobName: + description: JobName for installation and upgrade + type: string + lastDeployed: + description: last deploy time or upgrade time + format: date-time + type: string + lastUpdate: + description: last update time + format: date-time + type: string + message: + description: A human readable message indicating details about why + the release is in this state. + type: string + specHash: + description: current release spec hash This is used to compare whether + the spec has been modified to determine if an upgrade is needed. + type: string + state: + description: current state + type: string + version: + description: current release version + type: integer + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/src/test/ks-core/crds/application.kubesphere.io_applications.yaml b/src/test/ks-core/crds/application.kubesphere.io_applications.yaml new file mode 100644 index 000000000..ddcac48c4 --- /dev/null +++ b/src/test/ks-core/crds/application.kubesphere.io_applications.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: applications.application.kubesphere.io +spec: + group: application.kubesphere.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + singular: application + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.displayName.en + name: application name + type: string + - jsonPath: .metadata.labels.kubesphere\.io/workspace + name: workspace + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: Application is the Schema for the applications API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApplicationSpec defines the desired state of Application + properties: + appHome: + type: string + appType: + type: string + description: + additionalProperties: + type: string + type: object + displayName: + additionalProperties: + type: string + type: object + icon: + type: string + required: + - displayName + type: object + status: + description: ApplicationStatus defines the observed state of Application + properties: + state: + description: 'the state of the helm application: draft, submitted, + passed, rejected, suspended, active' + type: string + updateTime: + format: date-time + type: string + required: + - updateTime + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/src/test/ks-core/crds/application.kubesphere.io_applicationversions.yaml b/src/test/ks-core/crds/application.kubesphere.io_applicationversions.yaml new file mode 100644 index 000000000..1d9092765 --- /dev/null +++ b/src/test/ks-core/crds/application.kubesphere.io_applicationversions.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: applicationversions.application.kubesphere.io +spec: + group: application.kubesphere.io + names: + kind: ApplicationVersion + listKind: ApplicationVersionList + plural: applicationversions + shortNames: + - appver + singular: applicationversion + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.displayName.en + name: application name + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: ApplicationVersion is the Schema for the applicationversions + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApplicationVersionSpec defines the desired state of ApplicationVersion + properties: + appType: + type: string + created: + format: date-time + type: string + description: + additionalProperties: + type: string + type: object + digest: + type: string + displayName: + additionalProperties: + type: string + type: object + home: + type: string + icon: + type: string + sources: + items: + type: string + type: array + version: + type: string + required: + - displayName + - version + type: object + status: + description: ApplicationVersionStatus defines the observed state of ApplicationVersion + properties: + message: + type: string + state: + type: string + user_name: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/src/test/ks-core/crds/appstore.kubesphere.io_applicationclasses.yaml b/src/test/ks-core/crds/application.kubesphere.io_categories.yaml similarity index 52% rename from src/test/ks-core/crds/appstore.kubesphere.io_applicationclasses.yaml rename to src/test/ks-core/crds/application.kubesphere.io_categories.yaml index 467cd12d6..89a423b87 100644 --- a/src/test/ks-core/crds/appstore.kubesphere.io_applicationclasses.yaml +++ b/src/test/ks-core/crds/application.kubesphere.io_categories.yaml @@ -4,20 +4,32 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null - name: applicationclasses.appstore.kubesphere.io + name: categories.application.kubesphere.io spec: - group: appstore.kubesphere.io + group: application.kubesphere.io names: - kind: ApplicationClass - listKind: ApplicationClassList - plural: applicationclasses - singular: applicationclass + kind: Category + listKind: CategoryList + plural: categories + shortNames: + - appctg + singular: category scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.DisplayName.en + name: name + type: string + - jsonPath: .status.total + name: total + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 schema: openAPIV3Schema: + description: Category is the Schema for the categories API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -31,41 +43,34 @@ spec: type: string metadata: type: object - parameters: - additionalProperties: - type: string - type: object - provisioner: - type: string spec: + description: CategorySpec defines the desired state of HelmRepo properties: - appVersion: - type: string description: - type: string + additionalProperties: + type: string + type: object + displayName: + additionalProperties: + type: string + type: object icon: type: string - maintainers: - items: - properties: - email: - description: Email is an optional email address to contact the - named maintainer - type: string - name: - description: Name is a username or organization name - type: string - url: - description: URL is an optional URL to an address for the named - maintainer - type: string - type: object - type: array - packageVersion: + locale: type: string + required: + - displayName + type: object + status: + properties: + total: + description: total helmapplications belong to this category + type: integer + required: + - total type: object - required: - - provisioner type: object served: true storage: true + subresources: + status: {} diff --git a/src/test/ks-core/crds/application.kubesphere.io_helmrepos.yaml b/src/test/ks-core/crds/application.kubesphere.io_helmrepos.yaml new file mode 100644 index 000000000..84353d60b --- /dev/null +++ b/src/test/ks-core/crds/application.kubesphere.io_helmrepos.yaml @@ -0,0 +1,113 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: helmrepos.application.kubesphere.io +spec: + group: application.kubesphere.io + names: + kind: HelmRepo + listKind: HelmRepoList + plural: helmrepos + shortNames: + - hrepo + singular: helmrepo + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.labels.kubesphere\.io/workspace + name: Workspace + type: string + - jsonPath: .spec.url + name: url + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: HelmRepo is the Schema for the helmrepoes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepoSpec defines the desired state of HelmRepo + properties: + credential: + description: helm repo credential + properties: + caFile: + description: verify certificates of HTTPS-enabled servers using + this CA bundle + type: string + certFile: + description: identify HTTPS client using this SSL certificate + file + type: string + insecureSkipTLSVerify: + description: skip tls certificate checks for the repository, default + is ture + type: boolean + keyFile: + description: identify HTTPS client using this SSL key file + type: string + password: + description: chart repository password + type: string + username: + description: chart repository username + type: string + type: object + description: + description: chart repo description from frontend + type: string + name: + description: name of the repo + type: string + syncPeriod: + description: sync period in seconds, no sync when SyncPeriod=0, the + minimum SyncPeriod is 180s + type: integer + url: + description: helm repo url + type: string + required: + - name + - url + type: object + status: + description: HelmRepoStatus defines the observed state of HelmRepo + properties: + lastUpdateTime: + description: status last update time + format: date-time + type: string + specHash: + description: current release spec hash This is used to compare whether + the spec has been modified to determine sync is needed. + type: string + state: + description: current state of the repo, successful, failed or syncing + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/src/test/ks-core/crds/appstore.kubesphere.io_applicationresources.yaml b/src/test/ks-core/crds/appstore.kubesphere.io_applicationresources.yaml deleted file mode 100644 index 8ed1cf02e..000000000 --- a/src/test/ks-core/crds/appstore.kubesphere.io_applicationresources.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null - name: applicationresources.appstore.kubesphere.io -spec: - group: appstore.kubesphere.io - names: - kind: ApplicationResource - listKind: ApplicationResourceList - plural: applicationresources - singular: applicationresource - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - claimRef: - description: "ObjectReference contains enough information to let you - inspect or modify the referred object. --- New uses of this type - are discouraged because of difficulty describing its usage when - embedded in APIs. 1. Ignored fields. It includes many fields which - are not generally honored. For instance, ResourceVersion and FieldPath - are both very rarely valid in actual usage. 2. Invalid usage help. - \ It is impossible to add specific help for individual usage. In - most embedded usages, there are particular restrictions like, \"must - refer only to types A and B\" or \"UID not honored\" or \"name must - be restricted\". Those cannot be well described when embedded. 3. - Inconsistent validation. Because the usages are different, the - validation rules are different by usage, which makes it hard for - users to predict what will happen. 4. The fields are both imprecise - and overly precise. Kind is not a precise mapping to a URL. This - can produce ambiguity during interpretation and require a REST mapping. - \ In most cases, the dependency is on the group,resource tuple and - the version of the actual struct is irrelevant. 5. We cannot easily - change it. Because this type is embedded in many locations, updates - to this type will affect numerous schemas. Don't make new APIs - embed an underspecified API type they do not control. \n Instead - of using this type, create a locally provided and used type that - is well-focused on your reference. For example, ServiceReferences - for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - className: - type: string - type: object - status: - properties: - message: - type: string - phase: - type: string - reason: - type: string - type: object - type: object - served: true - storage: true diff --git a/src/test/ks-core/crds/appstore.kubesphere.io_applications.yaml b/src/test/ks-core/crds/appstore.kubesphere.io_applications.yaml deleted file mode 100644 index 8247a4618..000000000 --- a/src/test/ks-core/crds/appstore.kubesphere.io_applications.yaml +++ /dev/null @@ -1,127 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null - name: applications.appstore.kubesphere.io -spec: - group: appstore.kubesphere.io - names: - kind: Application - listKind: ApplicationList - plural: applications - singular: application - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - className: - type: string - parameters: - type: string - required: - - className - - parameters - type: object - status: - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - message: - type: string - parameters: - additionalProperties: - type: string - type: object - resourceName: - type: string - state: - type: string - type: object - type: object - served: true - storage: true diff --git a/src/test/ks-core/crds/auditing.kubesphere.io_rules.yaml b/src/test/ks-core/crds/auditing.kubesphere.io_rules.yaml deleted file mode 100644 index 9a974d8d0..000000000 --- a/src/test/ks-core/crds/auditing.kubesphere.io_rules.yaml +++ /dev/null @@ -1,84 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null - name: rules.auditing.kubesphere.io -spec: - group: auditing.kubesphere.io - names: - kind: Rule - listKind: RuleList - plural: rules - singular: rule - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Rule is the Schema for the rules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AuditRuleSpec defines the desired state of Rule - properties: - rules: - items: - properties: - alias: - description: This effective When the rule type is alias - type: string - condition: - description: Rule condition This effective When the rule type - is rule - type: string - desc: - description: Rule describe - type: string - enable: - description: Is the rule enable - type: boolean - list: - description: This effective When the rule type is list - items: - type: string - type: array - macro: - description: This effective When the rule type is macro - type: string - name: - description: Rule name - type: string - output: - description: The output formater of message which send to user - type: string - priority: - description: Rule priority, DEBUG, INFO, WARNING - type: string - type: - description: Rule type, rule, macro,list,alias - type: string - required: - - enable - type: object - type: array - type: object - status: - description: RuleStatus defines the observed state of Rule - type: object - type: object - served: true - storage: true diff --git a/src/test/ks-core/crds/auditing.kubesphere.io_webhooks.yaml b/src/test/ks-core/crds/auditing.kubesphere.io_webhooks.yaml deleted file mode 100644 index eb7ed2526..000000000 --- a/src/test/ks-core/crds/auditing.kubesphere.io_webhooks.yaml +++ /dev/null @@ -1,1195 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null - name: webhooks.auditing.kubesphere.io -spec: - group: auditing.kubesphere.io - names: - kind: Webhook - listKind: WebhookList - plural: webhooks - singular: webhook - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Webhook is the Schema for the webhooks API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: WebhookSpec defines the desired state of Webhook - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - args: - description: Arguments to the entrypoint.. It will be appended to - the args and replace the default value. - items: - type: string - type: array - auditLevel: - description: 'The Level that all requests are recorded at. available - options: None, Metadata, Request, RequestResponse default: Metadata' - type: string - auditSinkPolicy: - description: AuditSinkPolicy is a rule selector, only the rule matched - this selector will be taked effect. - properties: - alertingRuleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An - empty label selector matches all objects. A null label selector - matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - archivingRuleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An - empty label selector matches all objects. A null label selector - matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - auditType: - description: Audit type, static or dynamic. - type: string - image: - description: The webhook docker image name. - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to - secrets in the same namespace to use for pulling any of the images - used by this PodSpec. If specified, these secrets will be passed - to individual puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - k8sAuditingEnabled: - description: K8s auditing is enabled or not. - type: boolean - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which must be true for the - pod to fit on a node. Selector which must match a node''s labels - for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priority: - description: Rule priority, DEBUG < INFO < WARNING Audit events will - be stored only when the priority of the audit rule matching the - audit event is greater than this. - type: string - receivers: - description: Receiver contains the information to make a connection - with the alertmanager - items: - description: Receiver config which received the audit alert - properties: - config: - description: ClientConfig holds the connection parameters for - the webhook - properties: - caBundle: - description: '`caBundle` is a PEM encoded CA bundle which - will be used to validate the webhook''s server certificate. - If unspecified, system trust roots on the apiserver are - used.' - format: byte - type: string - service: - description: "`service` is a reference to the service for - this webhook. Either `service` or `url` must be specified. - \n If the webhook is running within the cluster, then - you should use `service`." - properties: - name: - description: '`name` is the name of the service. Required' - type: string - namespace: - description: '`namespace` is the namespace of the service. - Required' - type: string - path: - description: '`path` is an optional URL path which will - be sent in any request to this service.' - type: string - port: - description: If specified, the port on the service that - hosting webhook. Default to 443 for backward compatibility. - `port` should be a valid port number (1-65535, inclusive). - format: int32 - type: integer - required: - - name - - namespace - type: object - url: - description: "`url` gives the location of the webhook, in - standard URL form (`scheme://host:port/path`). Exactly - one of `url` or `service` must be specified. \n The `host` - should not refer to a service running in the cluster; - use the `service` field instead. The host might be resolved - via external DNS in some apiservers (e.g., `kube-apiserver` - cannot resolve in-cluster DNS as that would be a layering - violation). `host` may also be an IP address. \n Please - note that using `localhost` or `127.0.0.1` as a `host` - is risky unless you take great care to run this webhook - on all hosts which run an apiserver which might need to - make calls to this webhook. Such installs are likely to - be non-portable, i.e., not easy to turn up in a new cluster. - \n The scheme must be \"https\"; the URL must begin with - \"https://\". \n A path is optional, and if present may - be any string permissible in a URL. You may use the path - to pass an arbitrary string to the webhook, for example, - a cluster identifier. \n Attempting to use a user or basic - auth e.g. \"user:password@\" is not allowed. Fragments - (\"#...\") and query parameters (\"?...\") are not allowed, - either." - type: string - type: object - name: - description: Receiver name - type: string - type: - description: Receiver type, alertmanager or webhook - type: string - type: object - type: array - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - format: int32 - type: integer - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - status: - description: WebhookStatus defines the observed state of Webhook - type: object - type: object - served: true - storage: true diff --git a/src/test/ks-core/crds/cluster.kubesphere.io_clusters.yaml b/src/test/ks-core/crds/cluster.kubesphere.io_clusters.yaml index 863a3cb11..52e68fdfe 100644 --- a/src/test/ks-core/crds/cluster.kubesphere.io_clusters.yaml +++ b/src/test/ks-core/crds/cluster.kubesphere.io_clusters.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: clusters.cluster.kubesphere.io spec: group: cluster.kubesphere.io diff --git a/src/test/ks-core/crds/extensions.kubesphere.io_apiservices.yaml b/src/test/ks-core/crds/extensions.kubesphere.io_apiservices.yaml index fc530ce11..d2b1f05db 100644 --- a/src/test/ks-core/crds/extensions.kubesphere.io_apiservices.yaml +++ b/src/test/ks-core/crds/extensions.kubesphere.io_apiservices.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: apiservices.extensions.kubesphere.io spec: group: extensions.kubesphere.io diff --git a/src/test/ks-core/crds/extensions.kubesphere.io_jsbundles.yaml b/src/test/ks-core/crds/extensions.kubesphere.io_jsbundles.yaml index 262db21dc..7ade63c15 100644 --- a/src/test/ks-core/crds/extensions.kubesphere.io_jsbundles.yaml +++ b/src/test/ks-core/crds/extensions.kubesphere.io_jsbundles.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: jsbundles.extensions.kubesphere.io spec: group: extensions.kubesphere.io diff --git a/src/test/ks-core/crds/extensions.kubesphere.io_reverseproxies.yaml b/src/test/ks-core/crds/extensions.kubesphere.io_reverseproxies.yaml index 97c509ac7..e277f1978 100644 --- a/src/test/ks-core/crds/extensions.kubesphere.io_reverseproxies.yaml +++ b/src/test/ks-core/crds/extensions.kubesphere.io_reverseproxies.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: reverseproxies.extensions.kubesphere.io spec: group: extensions.kubesphere.io @@ -66,6 +65,18 @@ spec: method: description: Changes the request's HTTP verb. type: string + pathRegexp: + items: + type: string + type: array + replace: + items: + type: string + type: array + rewrite: + items: + type: string + type: array stripPathPrefix: description: Strips the given prefix from the beginning of the URI path. diff --git a/src/test/ks-core/crds/gateway.kubesphere.io_ingressclassscopes.yaml b/src/test/ks-core/crds/gateway.kubesphere.io_ingressclassscopes.yaml index b35e82507..82352c9f7 100644 --- a/src/test/ks-core/crds/gateway.kubesphere.io_ingressclassscopes.yaml +++ b/src/test/ks-core/crds/gateway.kubesphere.io_ingressclassscopes.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: ingressclassscopes.gateway.kubesphere.io spec: group: gateway.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_builtinroles.yaml b/src/test/ks-core/crds/iam.kubesphere.io_builtinroles.yaml index 221f2ad41..66a7d0c9c 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_builtinroles.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_builtinroles.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: builtinroles.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_categories.yaml b/src/test/ks-core/crds/iam.kubesphere.io_categories.yaml index 3a11de956..29fb49292 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_categories.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_categories.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: categories.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_clusterrolebindings.yaml b/src/test/ks-core/crds/iam.kubesphere.io_clusterrolebindings.yaml index a39e30c1e..6ec664fe2 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_clusterrolebindings.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_clusterrolebindings.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: clusterrolebindings.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_clusterroles.yaml b/src/test/ks-core/crds/iam.kubesphere.io_clusterroles.yaml index a139bc0b8..bf3d46383 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_clusterroles.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_clusterroles.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: clusterroles.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_globalrolebindings.yaml b/src/test/ks-core/crds/iam.kubesphere.io_globalrolebindings.yaml index 49a35ba53..48a88478f 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_globalrolebindings.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_globalrolebindings.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: globalrolebindings.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_globalroles.yaml b/src/test/ks-core/crds/iam.kubesphere.io_globalroles.yaml index a1ebcfcc8..3a531d779 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_globalroles.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_globalroles.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: globalroles.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_groupbindings.yaml b/src/test/ks-core/crds/iam.kubesphere.io_groupbindings.yaml index 2ad5b5c9f..77215159f 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_groupbindings.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_groupbindings.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: groupbindings.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_groups.yaml b/src/test/ks-core/crds/iam.kubesphere.io_groups.yaml index 4cc15d164..5d72ea432 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_groups.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_groups.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: groups.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_loginrecords.yaml b/src/test/ks-core/crds/iam.kubesphere.io_loginrecords.yaml index 9261d22ad..944ea10a8 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_loginrecords.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_loginrecords.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: loginrecords.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_rolebindings.yaml b/src/test/ks-core/crds/iam.kubesphere.io_rolebindings.yaml index 78097df5e..975284f68 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_rolebindings.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_rolebindings.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: rolebindings.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_roles.yaml b/src/test/ks-core/crds/iam.kubesphere.io_roles.yaml index 6d19c68e2..61e8a370f 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_roles.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_roles.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: roles.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_roletemplates.yaml b/src/test/ks-core/crds/iam.kubesphere.io_roletemplates.yaml index d9e1306df..886239044 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_roletemplates.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_roletemplates.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: roletemplates.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_users.yaml b/src/test/ks-core/crds/iam.kubesphere.io_users.yaml index be11ed752..87a423484 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_users.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_users.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: users.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_workspacerolebindings.yaml b/src/test/ks-core/crds/iam.kubesphere.io_workspacerolebindings.yaml index 41d7df56d..ae4941d67 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_workspacerolebindings.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_workspacerolebindings.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: workspacerolebindings.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/iam.kubesphere.io_workspaceroles.yaml b/src/test/ks-core/crds/iam.kubesphere.io_workspaceroles.yaml index fe32b18d3..433c330d3 100644 --- a/src/test/ks-core/crds/iam.kubesphere.io_workspaceroles.yaml +++ b/src/test/ks-core/crds/iam.kubesphere.io_workspaceroles.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: workspaceroles.iam.kubesphere.io spec: group: iam.kubesphere.io diff --git a/src/test/ks-core/crds/kubesphere.io_categories.yaml b/src/test/ks-core/crds/kubesphere.io_categories.yaml index 80e157b89..720cc7413 100644 --- a/src/test/ks-core/crds/kubesphere.io_categories.yaml +++ b/src/test/ks-core/crds/kubesphere.io_categories.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: categories.kubesphere.io spec: group: kubesphere.io diff --git a/src/test/ks-core/crds/kubesphere.io_extensions.yaml b/src/test/ks-core/crds/kubesphere.io_extensions.yaml index c40616199..e2043a7d2 100644 --- a/src/test/ks-core/crds/kubesphere.io_extensions.yaml +++ b/src/test/ks-core/crds/kubesphere.io_extensions.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: extensions.kubesphere.io spec: group: kubesphere.io diff --git a/src/test/ks-core/crds/kubesphere.io_extensionversions.yaml b/src/test/ks-core/crds/kubesphere.io_extensionversions.yaml index d762ba6c8..0084846de 100644 --- a/src/test/ks-core/crds/kubesphere.io_extensionversions.yaml +++ b/src/test/ks-core/crds/kubesphere.io_extensionversions.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: extensionversions.kubesphere.io spec: group: kubesphere.io diff --git a/src/test/ks-core/crds/kubesphere.io_installplans.yaml b/src/test/ks-core/crds/kubesphere.io_installplans.yaml index 08ea67e00..f489206d8 100644 --- a/src/test/ks-core/crds/kubesphere.io_installplans.yaml +++ b/src/test/ks-core/crds/kubesphere.io_installplans.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: installplans.kubesphere.io spec: group: kubesphere.io diff --git a/src/test/ks-core/crds/kubesphere.io_repositories.yaml b/src/test/ks-core/crds/kubesphere.io_repositories.yaml index 59bb2de0f..b3724221c 100644 --- a/src/test/ks-core/crds/kubesphere.io_repositories.yaml +++ b/src/test/ks-core/crds/kubesphere.io_repositories.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: repositories.kubesphere.io spec: group: kubesphere.io diff --git a/src/test/ks-core/crds/kubesphere.io_serviceaccounts.yaml b/src/test/ks-core/crds/kubesphere.io_serviceaccounts.yaml index 737e7a948..54f4b973f 100644 --- a/src/test/ks-core/crds/kubesphere.io_serviceaccounts.yaml +++ b/src/test/ks-core/crds/kubesphere.io_serviceaccounts.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: serviceaccounts.kubesphere.io spec: group: kubesphere.io diff --git a/src/test/ks-core/crds/marketplace.kubesphere.io_subscriptions.yaml b/src/test/ks-core/crds/marketplace.kubesphere.io_subscriptions.yaml index c5ba2285d..55e35cb56 100644 --- a/src/test/ks-core/crds/marketplace.kubesphere.io_subscriptions.yaml +++ b/src/test/ks-core/crds/marketplace.kubesphere.io_subscriptions.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: subscriptions.marketplace.kubesphere.io spec: group: marketplace.kubesphere.io diff --git a/src/test/ks-core/crds/oauth.kubesphere.io_oauthclients.yaml b/src/test/ks-core/crds/oauth.kubesphere.io_oauthclients.yaml index 799cbe4cb..8b3b3ce76 100644 --- a/src/test/ks-core/crds/oauth.kubesphere.io_oauthclients.yaml +++ b/src/test/ks-core/crds/oauth.kubesphere.io_oauthclients.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: oauthclients.oauth.kubesphere.io spec: group: oauth.kubesphere.io diff --git a/src/test/ks-core/crds/quota.kubesphere.io_resourcequotas.yaml b/src/test/ks-core/crds/quota.kubesphere.io_resourcequotas.yaml index ef3db80d2..3b58f8af0 100644 --- a/src/test/ks-core/crds/quota.kubesphere.io_resourcequotas.yaml +++ b/src/test/ks-core/crds/quota.kubesphere.io_resourcequotas.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: resourcequotas.quota.kubesphere.io spec: group: quota.kubesphere.io diff --git a/src/test/ks-core/crds/storage.kubesphere.io_provisionercapabilities.yaml b/src/test/ks-core/crds/storage.kubesphere.io_provisionercapabilities.yaml index 2dbfe3238..058847216 100644 --- a/src/test/ks-core/crds/storage.kubesphere.io_provisionercapabilities.yaml +++ b/src/test/ks-core/crds/storage.kubesphere.io_provisionercapabilities.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: provisionercapabilities.storage.kubesphere.io spec: group: storage.kubesphere.io diff --git a/src/test/ks-core/crds/storage.kubesphere.io_storageclasscapabilities.yaml b/src/test/ks-core/crds/storage.kubesphere.io_storageclasscapabilities.yaml index 5c4e9ab8c..a8af39289 100644 --- a/src/test/ks-core/crds/storage.kubesphere.io_storageclasscapabilities.yaml +++ b/src/test/ks-core/crds/storage.kubesphere.io_storageclasscapabilities.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: storageclasscapabilities.storage.kubesphere.io spec: group: storage.kubesphere.io diff --git a/src/test/ks-core/crds/telemetry.kubesphere.io_clusterinfoes.yaml b/src/test/ks-core/crds/telemetry.kubesphere.io_clusterinfoes.yaml index 5992eb865..7ad972b14 100644 --- a/src/test/ks-core/crds/telemetry.kubesphere.io_clusterinfoes.yaml +++ b/src/test/ks-core/crds/telemetry.kubesphere.io_clusterinfoes.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: clusterinfoes.telemetry.kubesphere.io spec: group: telemetry.kubesphere.io diff --git a/src/test/ks-core/crds/tenant.kubesphere.io_workspaces.yaml b/src/test/ks-core/crds/tenant.kubesphere.io_workspaces.yaml index 63d541f6a..7d0afc958 100644 --- a/src/test/ks-core/crds/tenant.kubesphere.io_workspaces.yaml +++ b/src/test/ks-core/crds/tenant.kubesphere.io_workspaces.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: workspaces.tenant.kubesphere.io spec: group: tenant.kubesphere.io diff --git a/src/test/ks-core/crds/tenant.kubesphere.io_workspacetemplates.yaml b/src/test/ks-core/crds/tenant.kubesphere.io_workspacetemplates.yaml index cb3553c91..37e07f075 100644 --- a/src/test/ks-core/crds/tenant.kubesphere.io_workspacetemplates.yaml +++ b/src/test/ks-core/crds/tenant.kubesphere.io_workspacetemplates.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) - creationTimestamp: null name: workspacetemplates.tenant.kubesphere.io spec: group: tenant.kubesphere.io diff --git a/src/test/ks-core/templates/NOTES.txt b/src/test/ks-core/templates/NOTES.txt index c79ca1aad..6e7b2f27c 100644 --- a/src/test/ks-core/templates/NOTES.txt +++ b/src/test/ks-core/templates/NOTES.txt @@ -5,8 +5,11 @@ Please wait for several seconds for KubeSphere deployment to complete. kubectl get pods -n {{ .Release.Namespace }} 2. Then you should be able to visit the console NodePort: - + {{- if not .Values.internalTLS }} Console: http://{{ include "getNodeAddress" . }}:{{ .Values.console.nodePort }} + {{- else }} + Console: https://{{ include "getNodeAddress" . }}:{{ .Values.console.nodePort }} + {{- end }} 3. To login to your KubeSphere console: diff --git a/src/test/ks-core/templates/_images.tpl b/src/test/ks-core/templates/_images.tpl index b19595b5f..9c0fc3980 100644 --- a/src/test/ks-core/templates/_images.tpl +++ b/src/test/ks-core/templates/_images.tpl @@ -17,6 +17,14 @@ Return the proper image name {{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }} {{- end -}} +{{- define "nodeShell.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.nodeShell.image "global" .Values.global) }} +{{- end -}} + +{{- define "helm.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.helm.image "global" .Values.global) }} +{{- end -}} + {{- define "common.images.image" -}} {{- $registryName := .global.imageRegistry -}} {{- $repositoryName := .imageRoot.repository -}} @@ -71,4 +79,4 @@ imagePullSecrets: - name: {{ . }} {{- end }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/src/test/ks-core/templates/cert-manager.yaml b/src/test/ks-core/templates/cert-manager.yaml new file mode 100644 index 000000000..8796bc78d --- /dev/null +++ b/src/test/ks-core/templates/cert-manager.yaml @@ -0,0 +1,152 @@ +{{- if or (.Values.internalTLS) (.Values.ingress.tls.enabled) -}} + {{- if eq .Values.ingress.tls.source "letsEncrypt" -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + name: letsencrypt + namespace: {{ .Release.Namespace }} +spec: + acme: + email: {{ .Values.letsEncrypt.email }} + {{- if eq .Values.letsEncrypt.environment "production" }} + server: https://acme-v02.api.letsencrypt.org/directory + {{- else }} + server: https://acme-staging-v02.api.letsencrypt.org/directory + {{- end }} + privateKeySecretRef: + name: letsencrypt-{{ .Values.letsEncrypt.environment }} + {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} + http01: { } + {{- else }} + solvers: + - http01: + ingress: + class: {{ .Values.ingress.ingressClassName }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +--- +{{- if or (.Values.internalTLS) (.Values.ingress.tls.enabled) -}} +{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + name: self-signed + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end }} +{{- end }} + +--- +{{- if .Values.internalTLS -}} + {{- if or (eq .Values.ingress.tls.source "letsEncrypt") (eq .Values.ingress.tls.source "generation") (eq .Values.ingress.tls.source "importation") -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + name: ks-apiserver-certificate + namespace: {{ .Release.Namespace }} +spec: + # Secret names are always required. + secretName: ks-apiserver-tls-certs + duration: {{ .Values.certmanager.duration }} + renewBefore: {{ .Values.certmanager.renewBefore }} + subject: + organizations: + - ks-apiserver + commonName: ks-apiserver + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + dnsNames: + - ks-apiserver + - {{ printf "%s.%s" "ks-apiserver" .Release.Namespace }} + - {{ printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc" }} + - {{ printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc.cluster.local" }} + issuerRef: + name: self-signed + kind: Issuer + group: cert-manager.io + {{- end }} + {{- end }} +{{- end }} + +--- +{{- if .Values.internalTLS -}} + {{- if or (eq .Values.ingress.tls.source "letsEncrypt") (eq .Values.ingress.tls.source "generation") (eq .Values.ingress.tls.source "importation") -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + name: ks-console-certificate + namespace: {{ .Release.Namespace }} +spec: + # Secret names are always required. + secretName: ks-console-tls-certs + duration: {{ .Values.certmanager.duration }} + renewBefore: {{ .Values.certmanager.renewBefore }} + subject: + organizations: + - ks-console + commonName: ks-console + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + dnsNames: + - ks-console + - {{ printf "%s.%s" "ks-console" .Release.Namespace }} + - {{ printf "%s.%s.%s" "ks-console" .Release.Namespace "svc" }} + - {{ printf "%s.%s.%s" "ks-console" .Release.Namespace "svc.cluster.local" }} + issuerRef: + name: self-signed + kind: Issuer + group: cert-manager.io + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/clusterrole-ks-app-helminstaller.yaml b/src/test/ks-core/templates/clusterrole-ks-app-helminstaller.yaml new file mode 100644 index 000000000..6c5d18c30 --- /dev/null +++ b/src/test/ks-core/templates/clusterrole-ks-app-helminstaller.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubesphere:application:helminstaller +rules: +- apiGroups: + - "" + resources: + - '*' + verbs: + - '*' \ No newline at end of file diff --git a/src/test/ks-core/templates/ingress.yaml b/src/test/ks-core/templates/ingress.yaml new file mode 100644 index 000000000..3982ebe5f --- /dev/null +++ b/src/test/ks-core/templates/ingress.yaml @@ -0,0 +1,67 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "ks-core.fullname" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- if .Values.internalTLS }} + {{- if eq .Values.ingress.ingressClassName "nginx" }} + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else if eq .Values.ingress.ingressClassName "traefik" }} + ingress.kubernetes.io/protocol: "https" + {{- end }} + {{- end }} + {{- if .Values.ingress.tls.enabled }} + {{- if eq .Values.ingress.tls.source "letsEncrypt" }} + {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} + certmanager.k8s.io/issuer: letsencrypt + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} + cert-manager.io/issuer: letsencrypt + cert-manager.io/issuer-kind: Issuer + {{- end }} + {{- else if eq .Values.ingress.tls.source "generation" }} + {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} + certmanager.k8s.io/issuer: self-signed + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} + cert-manager.io/issuer: self-signed + cert-manager.io/issuer-kind: Issuer + {{- end }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.hostname }} + http: + paths: + - backend: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + service: + name: ks-console + port: + {{- if .Values.internalTLS }} + number: 443 + {{- else }} + number: 80 + {{- end }} + {{- else }} + serviceName: ks-console + {{- if .Values.internalTLS }} + servicePort: 443 + {{- else }} + servicePort: 80 + {{- end }} + {{- end }} + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: ImplementationSpecific + {{- end }} +{{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.hostname }} + secretName: {{ .Values.ingress.tls.secretName }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/ks-apiserver.yml b/src/test/ks-core/templates/ks-apiserver.yml index cbfe63d6f..7379a02b9 100644 --- a/src/test/ks-core/templates/ks-apiserver.yml +++ b/src/test/ks-core/templates/ks-apiserver.yml @@ -45,6 +45,11 @@ spec: {{- end }} {{- if .Values.apiserver.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.command "context" $) | nindent 12 }} + {{- if .Values.internalTLS }} + - --secure-port=9090 + - --tls-private-key=/etc/kubesphere/pki/tls.key + - --tls-cert-file=/etc/kubesphere/pki/tls.crt + {{- end }} {{- end }} env: {{- if .Values.apiserver.extraEnvVars }} @@ -58,7 +63,11 @@ spec: httpGet: path: /version port: 9090 + {{- if .Values.internalTLS }} + scheme: HTTPS + {{- else }} scheme: HTTP + {{- end }} initialDelaySeconds: 15 timeoutSeconds: 15 volumeMounts: @@ -70,6 +79,10 @@ spec: {{- if .Values.apiserver.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} + {{- if .Values.internalTLS }} + - name: tls-cert + mountPath: /etc/kubesphere/pki/ + {{- end }} volumes: - configMap: defaultMode: 420 @@ -82,4 +95,10 @@ spec: {{- if .Values.apiserver.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumes "context" $) | nindent 8 }} {{- end }} + {{- if .Values.internalTLS }} + - name: tls-cert + secret: + secretName: ks-apiserver-tls-certs + defaultMode: 420 + {{- end }} {{ end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/ks-console-config.yml b/src/test/ks-core/templates/ks-console-config.yml index 54024948e..f1f11b62d 100644 --- a/src/test/ks-core/templates/ks-console-config.yml +++ b/src/test/ks-core/templates/ks-console-config.yml @@ -15,6 +15,14 @@ data: host: redis.kubesphere-system.svc redisTimeout: 5000 sessionTimeout: 7200000 + apiServer: + {{- if .Values.internalTLS }} + url: https://ks-apiserver + wsUrl: wss://ks-apiserver + {{- else }} + url: http://ks-apiserver + wsUrl: ws://ks-apiserver + {{ end }} client: version: kubesphere: {{ .Chart.AppVersion }} diff --git a/src/test/ks-core/templates/ks-console.yml b/src/test/ks-core/templates/ks-console.yml index b3a15da71..e831ebcd1 100644 --- a/src/test/ks-core/templates/ks-console.yml +++ b/src/test/ks-core/templates/ks-console.yml @@ -37,6 +37,22 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} {{- end }} + {{- if .Values.internalTLS }} + initContainers: + - name: init-ca + image: {{ template "kubectl.image" . }} + command: [ "/bin/sh", "-c" ] + args: [ "cp /tmp/ca.crt /usr/local/share/ca-certificates/ \ + && update-ca-certificates && cp /etc/ssl/certs/ca-certificates.crt /certs/"] + volumeMounts: + - name: tls-cert + mountPath: /tmp/ca.crt + subPath: ca.crt + readOnly: false + - name: sys-cert + mountPath: /certs + readOnly: false + {{- end }} containers: - name: ks-console image: {{ template "ks-console.image" . }} @@ -51,6 +67,10 @@ spec: {{- if .Values.console.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.console.extraEnvVars "context" $) | nindent 12 }} {{- end }} + {{- if .Values.internalTLS }} + - name: NODE_EXTRA_CA_CERTS + value: "/etc/ssl/certs/ca-certificates.crt" + {{- end }} {{- if .Values.console.resources }} resources: {{- toYaml .Values.console.resources | nindent 12 }} {{- end }} @@ -72,6 +92,14 @@ spec: {{- if .Values.console.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.console.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} + {{- if .Values.internalTLS }} + - name: tls-cert + mountPath: /etc/kubesphere/pki/ + - name: sys-cert + mountPath: /etc/ssl/certs/ca-certificates.crt + subPath: ca-certificates.crt + readOnly: false + {{- end }} volumes: - configMap: defaultMode: 420 @@ -87,7 +115,14 @@ spec: {{- if .Values.console.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.console.extraVolumes "context" $) | nindent 8 }} {{- end }} - + {{- if .Values.internalTLS }} + - name: tls-cert + secret: + secretName: ks-console-tls-certs + defaultMode: 420 + - name: sys-cert + emptyDir: {} + {{- end }} --- apiVersion: v1 @@ -97,11 +132,21 @@ metadata: app: ks-console tier: frontend version: {{ .Chart.AppVersion }} + annotations: + {{- if .Values.internalTLS }} + {{- if eq .Values.ingress.ingressClassName "traefik" }} + traefik.ingress.kubernetes.io/service.serverstransport: {{ printf "%s-%s@kubernetescrd" .Release.Namespace "ks-console-transport" }} + {{- end }} + {{- end }} name: ks-console spec: ports: - name: nginx + {{- if .Values.internalTLS }} + port: 443 + {{- else }} port: 80 + {{- end }} protocol: TCP targetPort: 8000 {{- with .Values.console.nodePort }} diff --git a/src/test/ks-core/templates/kubesphere-config.yaml b/src/test/ks-core/templates/kubesphere-config.yaml index 8f2f69568..7412ea0d4 100644 --- a/src/test/ks-core/templates/kubesphere-config.yaml +++ b/src/test/ks-core/templates/kubesphere-config.yaml @@ -12,7 +12,6 @@ data: loginHistoryRetentionPeriod: {{ .Values.config.authentication.loginHistoryRetentionPeriod | default "168h" }} maximumClockSkew: {{ .Values.config.authentication.maximumClockSkew | default "10s" }} multipleLogin: {{ .Values.config.authentication.enableMultiLogin | default true }} - kubectlImage: {{ template "kubectl.image" . }} {{- if eq .Values.role "host" }} {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }} jwtSecret: "{{ (fromYaml (index .data "kubesphere.yaml")).authentication.jwtSecret }}" @@ -33,4 +32,10 @@ data: {{- end }} multicluster: clusterRole: {{ .Values.role }} + terminal: + kubectl: + image: {{ template "kubectl.image" . }} + node: + image: {{ template "nodeShell.image" . }} + helmImage: {{ template "helm.image" . }} {{- end }} diff --git a/src/test/ks-core/templates/post-install-job.yaml b/src/test/ks-core/templates/post-install-job.yaml index 07bbb4f3a..8d3166614 100644 --- a/src/test/ks-core/templates/post-install-job.yaml +++ b/src/test/ks-core/templates/post-install-job.yaml @@ -13,7 +13,7 @@ spec: serviceAccountName: {{ include "ks-core.serviceAccountName" . }} containers: - name: post-install-job - image: "kubesphere/kubectl:v1.27.4" + image: {{ template "kubectl.image" . }} command: - /bin/bash - -c diff --git a/src/test/ks-core/templates/pre-delete-job.yaml b/src/test/ks-core/templates/pre-delete-job.yaml index ac1db181e..7523127ca 100644 --- a/src/test/ks-core/templates/pre-delete-job.yaml +++ b/src/test/ks-core/templates/pre-delete-job.yaml @@ -13,7 +13,7 @@ spec: serviceAccountName: {{ include "ks-core.serviceAccountName" . }} containers: - name: pre-delete-job - image: "kubesphere/kubectl:v1.27.4" + image: {{ template "kubectl.image" . }} command: - /bin/bash - -c diff --git a/src/test/ks-core/templates/services.yml b/src/test/ks-core/templates/services.yml index 73c346897..1c19df1c5 100644 --- a/src/test/ks-core/templates/services.yml +++ b/src/test/ks-core/templates/services.yml @@ -11,8 +11,12 @@ metadata: namespace: kubesphere-system spec: ports: - - port: 80 - protocol: TCP + - protocol: TCP + {{- if .Values.internalTLS }} + port: 443 + {{- else }} + port: 80 + {{- end }} targetPort: 9090 {{- with .Values.apiserver.nodePort }} nodePort: diff --git a/src/test/ks-core/templates/tls-secrets.yaml b/src/test/ks-core/templates/tls-secrets.yaml new file mode 100644 index 000000000..63c98b3e0 --- /dev/null +++ b/src/test/ks-core/templates/tls-secrets.yaml @@ -0,0 +1,48 @@ +{{- if ne .Values.ingress.tls.source "letsEncrypt" -}} +{{- if and (not (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2")) (not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1")) }} +{{- $ca := genCA .Values.hostname 3650 -}} +{{- $cert := genSignedCert "ks-apiserver" nil (list "ks-apiserver" (printf "%s.%s" "ks-apiserver" .Release.Namespace) (printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc")) 3650 $ca -}} +{{- if .Values.internalTLS }} +apiVersion: v1 +kind: Secret +metadata: + name: ks-apiserver-tls-certs + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ca.crt: {{ b64enc $ca.Cert }} + tls.crt: {{ b64enc $cert.Cert }} + tls.key: {{ b64enc $cert.Key }} +{{- end }} + +--- +{{- $consolecert := genSignedCert "ks-console" nil (list "ks-console" (printf "%s.%s" "ks-console" .Release.Namespace) (printf "%s.%s.%s" "ks-console" .Release.Namespace "svc")) 3650 $ca -}} +{{- if .Values.internalTLS }} +apiVersion: v1 +kind: Secret +metadata: + name: ks-console-tls-certs + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ca.crt: {{ b64enc $ca.Cert }} + tls.crt: {{ b64enc $consolecert.Cert }} + tls.key: {{ b64enc $consolecert.Key }} +{{- end }} + +--- +{{- $ingresscert := genSignedCert .Values.hostname nil (list .Values.hostname) 3650 $ca -}} +{{- if and ( .Values.ingress.enabled ) ( .Values.ingress.tls.enabled ) (eq .Values.ingress.tls.source "generation") }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.ingress.tls.secretName }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ca.crt: {{ b64enc $ca.Cert }} + tls.crt: {{ b64enc $ingresscert.Cert }} + tls.key: {{ b64enc $ingresscert.Key }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/traefik.yaml b/src/test/ks-core/templates/traefik.yaml new file mode 100644 index 000000000..7a5fbd228 --- /dev/null +++ b/src/test/ks-core/templates/traefik.yaml @@ -0,0 +1,14 @@ +{{- if .Values.internalTLS }} +{{- if eq .Values.ingress.ingressClassName "traefik" }} +apiVersion: traefik.containo.us/v1alpha1 +kind: ServersTransport +metadata: + name: ks-console-transport + namespace: {{ .Release.Namespace }} +spec: + serverName: ks-console + insecureSkipVerify: false + rootCAsSecrets: + - ks-console-tls-certs +{{- end }} +{{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/webhook.yaml b/src/test/ks-core/templates/webhook.yaml index e89533a6f..8a85a83bb 100644 --- a/src/test/ks-core/templates/webhook.yaml +++ b/src/test/ks-core/templates/webhook.yaml @@ -14,7 +14,6 @@ metadata: name: ks-controller-manager-webhook-cert type: Opaque - {{ if eq .Values.role "host" }} --- apiVersion: admissionregistration.k8s.io/v1 @@ -29,7 +28,7 @@ webhooks: service: name: ks-controller-manager namespace: kubesphere-system - path: /validate-email-iam-kubesphere-io-v1beta1 + path: /validate-iam-kubesphere-io-v1beta1-user port: 443 failurePolicy: Fail matchPolicy: Exact @@ -210,4 +209,38 @@ webhooks: - jsbundles scope: '*' sideEffects: None - timeoutSeconds: 30 \ No newline at end of file + timeoutSeconds: 30 + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: applicationreleases.application.kubesphere.io +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: {{ b64enc $ca.Cert | quote }} + service: + name: ks-controller-manager + namespace: kubesphere-system + path: /mutate-application-kubesphere-io-v1alpha2-applicationrelease + port: 443 + failurePolicy: Fail + matchPolicy: Exact + name: applicationreleases.application.kubesphere.io + namespaceSelector: {} + objectSelector: {} + rules: + - apiGroups: + - application.kubesphere.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - applicationreleases + scope: '*' + sideEffects: None + timeoutSeconds: 30 diff --git a/src/test/ks-core/values.yaml b/src/test/ks-core/values.yaml index e6f51f8c8..b1527a125 100644 --- a/src/test/ks-core/values.yaml +++ b/src/test/ks-core/values.yaml @@ -238,9 +238,53 @@ controller: agent: replicaCount: 1 +helm: + image: + registry: "" + repository: kubesphereio/helm + tag: "v3.12.1" + pullPolicy: IfNotPresent + kubectl: image: registry: "" repository: kubesphereio/kubectl - tag: "latest" - pullPolicy: IfNotPresent \ No newline at end of file + tag: "v1.27.4" + pullPolicy: IfNotPresent + +# Set to enable/disable internal tls +# - false (default) +# - true +internalTLS: false + +hostname: example.com + +ingress: + # If set to false, ingress will not be created + # Defaults to true + # options: true, false + enabled: false + + # options: traefik, nginx + ingressClassName: "" + # backend port number + tls: + enabled: true + # options: generation, importation, letsEncrypt + source: generation + secretName: kubesphere-tls-certs + +letsEncrypt: + # email: none@example.com + environment: production + +certmanager: + duration: 2160h + renewBefore: 360h + +nodeShell: + image: + registry: "docker.io" + repository: alpine + tag: "3.18.4" + pullPolicy: IfNotPresent