From dce9e9a7c2d54a0661eacbb08f6c9c2a3ea63f71 Mon Sep 17 00:00:00 2001 From: Maksim Fedotov Date: Thu, 8 Jul 2021 12:54:52 +0300 Subject: [PATCH] chore: fix linting issues --- api/v1alpha1/conversion_hub.go | 1 - t.yaml | 1718 ++++++++++++++++++++++++++++++++ 2 files changed, 1718 insertions(+), 1 deletion(-) create mode 100644 t.yaml diff --git a/api/v1alpha1/conversion_hub.go b/api/v1alpha1/conversion_hub.go index 5b5bcd2ec..51138cafa 100644 --- a/api/v1alpha1/conversion_hub.go +++ b/api/v1alpha1/conversion_hub.go @@ -283,7 +283,6 @@ func (t *Tenant) convertV1Beta1OwnerToV1Alpha1(src *capsulev1beta1.Tenant) { enableIngressClassDeletionAnnotation: nil, } - for i, owner := range src.Spec.Owners { if i == 0 { t.Spec.Owner = OwnerSpec{ diff --git a/t.yaml b/t.yaml new file mode 100644 index 000000000..483e3de38 --- /dev/null +++ b/t.yaml @@ -0,0 +1,1718 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + name: tenants.capsule.clastix.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: system + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 + group: capsule.clastix.io + names: + kind: Tenant + listKind: TenantList + plural: tenants + shortNames: + - tnt + singular: tenant + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The max amount of Namespaces can be created + jsonPath: .spec.namespaceQuota + name: Namespace quota + type: integer + - description: The total amount of Namespaces in use + jsonPath: .status.size + name: Namespace count + type: integer + - description: The assigned Tenant owner + jsonPath: .spec.owner.name + name: Owner name + type: string + - description: The assigned Tenant owner kind + jsonPath: .spec.owner.kind + name: Owner kind + type: string + - description: Node Selector applied to Pods + jsonPath: .spec.nodeSelector + name: Node selector + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Tenant is the Schema for the tenants API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TenantSpec defines the desired state of Tenant + properties: + additionalRoleBindings: + items: + properties: + clusterRoleName: + type: string + subjects: + description: kubebuilder:validation:Minimum=1 + items: + description: Subject contains a reference to the object or + user identities a role binding applies to. This can either + hold a direct API object reference, or a value for non-objects + such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. + Defaults to "rbac.authorization.k8s.io" for User and + Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined + by this API group are "User", "Group", and "ServiceAccount". + If the Authorizer does not recognized the kind value, + the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the + object kind is non-namespace, such as "User" or "Group", + and this value is not empty the Authorizer should report + an error. + type: string + required: + - kind + - name + type: object + type: array + required: + - clusterRoleName + - subjects + type: object + type: array + containerRegistries: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + externalServiceIPs: + properties: + allowed: + items: + pattern: ^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: array + required: + - allowed + type: object + ingressClasses: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + ingressHostnames: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + limitRanges: + items: + description: LimitRangeSpec defines a min/max usage limit for resources + that match on kind. + properties: + limits: + description: Limits is the list of LimitRangeItem objects that + are enforced. + items: + description: LimitRangeItem defines a min/max usage limit + for any resource that matches on kind. + properties: + default: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Default resource requirement limit value + by resource name if resource limit is omitted. + type: object + defaultRequest: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DefaultRequest is the default resource requirement + request value by resource name if resource request is + omitted. + type: object + max: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Max usage constraints on this kind by resource + name. + type: object + maxLimitRequestRatio: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxLimitRequestRatio if specified, the named + resource must have a request and limit that are both + non-zero where limit divided by request is less than + or equal to the enumerated value; this represents the + max burst for the named resource. + type: object + min: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Min usage constraints on this kind by resource + name. + type: object + type: + description: Type of resource that this limit applies + to. + type: string + required: + - type + type: object + type: array + required: + - limits + type: object + type: array + namespaceQuota: + format: int32 + minimum: 1 + type: integer + namespacesMetadata: + properties: + additionalAnnotations: + additionalProperties: + type: string + type: object + additionalLabels: + additionalProperties: + type: string + type: object + type: object + networkPolicies: + items: + description: NetworkPolicySpec provides the specification of a NetworkPolicy + properties: + egress: + description: List of egress rules to be applied to the selected + pods. Outgoing traffic is allowed if there are no NetworkPolicies + selecting the pod (and cluster policy otherwise allows the + traffic), OR if the traffic matches at least one egress rule + across all of the NetworkPolicy objects whose podSelector + matches the pod. If this field is empty then this NetworkPolicy + limits all outgoing traffic (and serves solely to ensure that + the pods it selects are isolated by default). This field is + beta-level in 1.8 + items: + description: NetworkPolicyEgressRule describes a particular + set of traffic that is allowed out of pods matched by a + NetworkPolicySpec's podSelector. The traffic must match + both ports and to. This type is beta-level in 1.8 + properties: + ports: + description: List of destination ports for outgoing traffic. + Each item in this list is combined using a logical OR. + If this field is empty or missing, this rule matches + all ports (traffic not restricted by port). If this + field is present and contains at least one item, then + this rule allows traffic only if the traffic matches + at least one port in the list. + items: + description: NetworkPolicyPort describes a port to allow + traffic on + properties: + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. This + can either be a numerical or named port on a pod. + If this field is not provided, this matches all + port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) which + traffic must match. If not specified, this field + defaults to TCP. + type: string + type: object + type: array + to: + description: List of destinations for outgoing traffic + of pods selected for this rule. Items in this list are + combined using a logical OR operation. If this field + is empty or missing, this rule matches all destinations + (traffic not restricted by destination). If this field + is present and contains at least one item, this rule + allows traffic only if the traffic matches at least + one item in the to list. + items: + description: NetworkPolicyPeer describes a peer to allow + traffic to/from. Only certain combinations of fields + are allowed + properties: + ipBlock: + description: IPBlock defines policy on a particular + IPBlock. If this field is set then neither of + the other fields can be. + properties: + cidr: + description: CIDR is a string representing the + IP Block Valid examples are "192.168.1.1/24" + or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs that + should not be included within an IP Block + Valid examples are "192.168.1.1/24" or "2001:db9::/64" + Except values will be rejected if they are + outside the CIDR range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + description: "Selects Namespaces using cluster-scoped + labels. This field follows standard label selector + semantics; if present but empty, it selects all + namespaces. \n If PodSelector is also set, then + the NetworkPolicyPeer as a whole selects the Pods + matching PodSelector in the Namespaces selected + by NamespaceSelector. Otherwise it selects all + Pods in the Namespaces selected by NamespaceSelector." + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + podSelector: + description: "This is a label selector which selects + Pods. This field follows standard label selector + semantics; if present but empty, it selects all + pods. \n If NamespaceSelector is also set, then + the NetworkPolicyPeer as a whole selects the Pods + matching PodSelector in the Namespaces selected + by NamespaceSelector. Otherwise it selects the + Pods matching PodSelector in the policy's own + Namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + type: object + type: array + type: object + type: array + ingress: + description: List of ingress rules to be applied to the selected + pods. Traffic is allowed to a pod if there are no NetworkPolicies + selecting the pod (and cluster policy otherwise allows the + traffic), OR if the traffic source is the pod's local node, + OR if the traffic matches at least one ingress rule across + all of the NetworkPolicy objects whose podSelector matches + the pod. If this field is empty then this NetworkPolicy does + not allow any traffic (and serves solely to ensure that the + pods it selects are isolated by default) + items: + description: NetworkPolicyIngressRule describes a particular + set of traffic that is allowed to the pods matched by a + NetworkPolicySpec's podSelector. The traffic must match + both ports and from. + properties: + from: + description: List of sources which should be able to access + the pods selected for this rule. Items in this list + are combined using a logical OR operation. If this field + is empty or missing, this rule matches all sources (traffic + not restricted by source). If this field is present + and contains at least one item, this rule allows traffic + only if the traffic matches at least one item in the + from list. + items: + description: NetworkPolicyPeer describes a peer to allow + traffic to/from. Only certain combinations of fields + are allowed + properties: + ipBlock: + description: IPBlock defines policy on a particular + IPBlock. If this field is set then neither of + the other fields can be. + properties: + cidr: + description: CIDR is a string representing the + IP Block Valid examples are "192.168.1.1/24" + or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs that + should not be included within an IP Block + Valid examples are "192.168.1.1/24" or "2001:db9::/64" + Except values will be rejected if they are + outside the CIDR range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + description: "Selects Namespaces using cluster-scoped + labels. This field follows standard label selector + semantics; if present but empty, it selects all + namespaces. \n If PodSelector is also set, then + the NetworkPolicyPeer as a whole selects the Pods + matching PodSelector in the Namespaces selected + by NamespaceSelector. Otherwise it selects all + Pods in the Namespaces selected by NamespaceSelector." + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + podSelector: + description: "This is a label selector which selects + Pods. This field follows standard label selector + semantics; if present but empty, it selects all + pods. \n If NamespaceSelector is also set, then + the NetworkPolicyPeer as a whole selects the Pods + matching PodSelector in the Namespaces selected + by NamespaceSelector. Otherwise it selects the + Pods matching PodSelector in the policy's own + Namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + type: object + type: array + ports: + description: List of ports which should be made accessible + on the pods selected for this rule. Each item in this + list is combined using a logical OR. If this field is + empty or missing, this rule matches all ports (traffic + not restricted by port). If this field is present and + contains at least one item, then this rule allows traffic + only if the traffic matches at least one port in the + list. + items: + description: NetworkPolicyPort describes a port to allow + traffic on + properties: + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. This + can either be a numerical or named port on a pod. + If this field is not provided, this matches all + port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) which + traffic must match. If not specified, this field + defaults to TCP. + type: string + type: object + type: array + type: object + type: array + podSelector: + description: Selects the pods to which this NetworkPolicy object + applies. The array of ingress rules is applied to any pods + selected by this field. Multiple network policies can select + the same set of pods. In this case, the ingress rules for + each are combined additively. This field is NOT optional and + follows standard label selector semantics. An empty podSelector + matches all pods in this namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + policyTypes: + description: List of rule types that the NetworkPolicy relates + to. Valid options are "Ingress", "Egress", or "Ingress,Egress". + If this field is not specified, it will default based on the + existence of Ingress or Egress rules; policies that contain + an Egress section are assumed to affect Egress, and all policies + (whether or not they contain an Ingress section) are assumed + to affect Ingress. If you want to write an egress-only policy, + you must explicitly specify policyTypes [ "Egress" ]. Likewise, + if you want to write a policy that specifies that no egress + is allowed, you must specify a policyTypes value that include + "Egress" (since such a policy would not include an Egress + section and would otherwise default to just [ "Ingress" ]). + This field is beta-level in 1.8 + items: + description: Policy Type string describes the NetworkPolicy + type This type is beta-level in 1.8 + type: string + type: array + required: + - podSelector + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + owner: + description: OwnerSpec defines tenant owner name and kind + properties: + kind: + enum: + - User + - Group + type: string + name: + type: string + required: + - kind + - name + type: object + resourceQuotas: + items: + description: ResourceQuotaSpec defines the desired hard limits to + enforce for Quota. + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but + expressed using ScopeSelectorOperator in combination with + possible values. For a resource to match, both scopes AND + scopeSelector (if specified in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is + a selector that contains values, a scope name, and an + operator that relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector + applies to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. + items: + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota + type: string + type: array + type: object + type: array + servicesMetadata: + properties: + additionalAnnotations: + additionalProperties: + type: string + type: object + additionalLabels: + additionalProperties: + type: string + type: object + type: object + storageClasses: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + required: + - owner + type: object + status: + description: TenantStatus defines the observed state of Tenant + properties: + namespaces: + items: + type: string + type: array + size: + type: integer + required: + - size + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The max amount of Namespaces can be created + jsonPath: .spec.namespaceQuota + name: Namespace quota + type: integer + - description: The total amount of Namespaces in use + jsonPath: .status.size + name: Namespace count + type: integer + - description: The assigned Tenant owner + jsonPath: .spec.owner.name + name: Owner name + type: string + - description: The assigned Tenant owner kind + jsonPath: .spec.owner.kind + name: Owner kind + type: string + - description: Node Selector applied to Pods + jsonPath: .spec.nodeSelector + name: Node selector + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Tenant is the Schema for the tenants API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TenantSpec defines the desired state of Tenant + properties: + additionalRoleBindings: + items: + properties: + clusterRoleName: + type: string + subjects: + description: kubebuilder:validation:Minimum=1 + items: + description: Subject contains a reference to the object or + user identities a role binding applies to. This can either + hold a direct API object reference, or a value for non-objects + such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. + Defaults to "rbac.authorization.k8s.io" for User and + Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined + by this API group are "User", "Group", and "ServiceAccount". + If the Authorizer does not recognized the kind value, + the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the + object kind is non-namespace, such as "User" or "Group", + and this value is not empty the Authorizer should report + an error. + type: string + required: + - kind + - name + type: object + type: array + required: + - clusterRoleName + - subjects + type: object + type: array + containerRegistries: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + enableNodePorts: + default: true + type: boolean + externalServiceIPs: + properties: + allowed: + items: + pattern: ^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: array + required: + - allowed + type: object + imagePullPolicies: + items: + enum: + - Always + - Never + - IfNotPresent + type: string + type: array + ingressClasses: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + ingressHostnames: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + limitRanges: + properties: + items: + items: + description: LimitRangeSpec defines a min/max usage limit for + resources that match on kind. + properties: + limits: + description: Limits is the list of LimitRangeItem objects + that are enforced. + items: + description: LimitRangeItem defines a min/max usage limit + for any resource that matches on kind. + properties: + default: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Default resource requirement limit value + by resource name if resource limit is omitted. + type: object + defaultRequest: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DefaultRequest is the default resource + requirement request value by resource name if resource + request is omitted. + type: object + max: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Max usage constraints on this kind by + resource name. + type: object + maxLimitRequestRatio: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxLimitRequestRatio if specified, the + named resource must have a request and limit that + are both non-zero where limit divided by request + is less than or equal to the enumerated value; this + represents the max burst for the named resource. + type: object + min: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Min usage constraints on this kind by + resource name. + type: object + type: + description: Type of resource that this limit applies + to. + type: string + required: + - type + type: object + type: array + required: + - limits + type: object + type: array + type: object + namespaceQuota: + format: int32 + minimum: 1 + type: integer + namespacesMetadata: + properties: + additionalAnnotations: + additionalProperties: + type: string + type: object + additionalLabels: + additionalProperties: + type: string + type: object + type: object + networkPolicies: + properties: + items: + items: + description: NetworkPolicySpec provides the specification of + a NetworkPolicy + properties: + egress: + description: List of egress rules to be applied to the selected + pods. Outgoing traffic is allowed if there are no NetworkPolicies + selecting the pod (and cluster policy otherwise allows + the traffic), OR if the traffic matches at least one egress + rule across all of the NetworkPolicy objects whose podSelector + matches the pod. If this field is empty then this NetworkPolicy + limits all outgoing traffic (and serves solely to ensure + that the pods it selects are isolated by default). This + field is beta-level in 1.8 + items: + description: NetworkPolicyEgressRule describes a particular + set of traffic that is allowed out of pods matched by + a NetworkPolicySpec's podSelector. The traffic must + match both ports and to. This type is beta-level in + 1.8 + properties: + ports: + description: List of destination ports for outgoing + traffic. Each item in this list is combined using + a logical OR. If this field is empty or missing, + this rule matches all ports (traffic not restricted + by port). If this field is present and contains + at least one item, then this rule allows traffic + only if the traffic matches at least one port in + the list. + items: + description: NetworkPolicyPort describes a port + to allow traffic on + properties: + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. + This can either be a numerical or named port + on a pod. If this field is not provided, this + matches all port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) + which traffic must match. If not specified, + this field defaults to TCP. + type: string + type: object + type: array + to: + description: List of destinations for outgoing traffic + of pods selected for this rule. Items in this list + are combined using a logical OR operation. If this + field is empty or missing, this rule matches all + destinations (traffic not restricted by destination). + If this field is present and contains at least one + item, this rule allows traffic only if the traffic + matches at least one item in the to list. + items: + description: NetworkPolicyPeer describes a peer + to allow traffic to/from. Only certain combinations + of fields are allowed + properties: + ipBlock: + description: IPBlock defines policy on a particular + IPBlock. If this field is set then neither + of the other fields can be. + properties: + cidr: + description: CIDR is a string representing + the IP Block Valid examples are "192.168.1.1/24" + or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs + that should not be included within an + IP Block Valid examples are "192.168.1.1/24" + or "2001:db9::/64" Except values will + be rejected if they are outside the CIDR + range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + description: "Selects Namespaces using cluster-scoped + labels. This field follows standard label + selector semantics; if present but empty, + it selects all namespaces. \n If PodSelector + is also set, then the NetworkPolicyPeer as + a whole selects the Pods matching PodSelector + in the Namespaces selected by NamespaceSelector. + Otherwise it selects all Pods in the Namespaces + selected by NamespaceSelector." + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + podSelector: + description: "This is a label selector which + selects Pods. This field follows standard + label selector semantics; if present but empty, + it selects all pods. \n If NamespaceSelector + is also set, then the NetworkPolicyPeer as + a whole selects the Pods matching PodSelector + in the Namespaces selected by NamespaceSelector. + Otherwise it selects the Pods matching PodSelector + in the policy's own Namespace." + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + type: array + type: object + type: array + ingress: + description: List of ingress rules to be applied to the + selected pods. Traffic is allowed to a pod if there are + no NetworkPolicies selecting the pod (and cluster policy + otherwise allows the traffic), OR if the traffic source + is the pod's local node, OR if the traffic matches at + least one ingress rule across all of the NetworkPolicy + objects whose podSelector matches the pod. If this field + is empty then this NetworkPolicy does not allow any traffic + (and serves solely to ensure that the pods it selects + are isolated by default) + items: + description: NetworkPolicyIngressRule describes a particular + set of traffic that is allowed to the pods matched by + a NetworkPolicySpec's podSelector. The traffic must + match both ports and from. + properties: + from: + description: List of sources which should be able + to access the pods selected for this rule. Items + in this list are combined using a logical OR operation. + If this field is empty or missing, this rule matches + all sources (traffic not restricted by source). + If this field is present and contains at least one + item, this rule allows traffic only if the traffic + matches at least one item in the from list. + items: + description: NetworkPolicyPeer describes a peer + to allow traffic to/from. Only certain combinations + of fields are allowed + properties: + ipBlock: + description: IPBlock defines policy on a particular + IPBlock. If this field is set then neither + of the other fields can be. + properties: + cidr: + description: CIDR is a string representing + the IP Block Valid examples are "192.168.1.1/24" + or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs + that should not be included within an + IP Block Valid examples are "192.168.1.1/24" + or "2001:db9::/64" Except values will + be rejected if they are outside the CIDR + range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + description: "Selects Namespaces using cluster-scoped + labels. This field follows standard label + selector semantics; if present but empty, + it selects all namespaces. \n If PodSelector + is also set, then the NetworkPolicyPeer as + a whole selects the Pods matching PodSelector + in the Namespaces selected by NamespaceSelector. + Otherwise it selects all Pods in the Namespaces + selected by NamespaceSelector." + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + podSelector: + description: "This is a label selector which + selects Pods. This field follows standard + label selector semantics; if present but empty, + it selects all pods. \n If NamespaceSelector + is also set, then the NetworkPolicyPeer as + a whole selects the Pods matching PodSelector + in the Namespaces selected by NamespaceSelector. + Otherwise it selects the Pods matching PodSelector + in the policy's own Namespace." + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + type: array + ports: + description: List of ports which should be made accessible + on the pods selected for this rule. Each item in + this list is combined using a logical OR. If this + field is empty or missing, this rule matches all + ports (traffic not restricted by port). If this + field is present and contains at least one item, + then this rule allows traffic only if the traffic + matches at least one port in the list. + items: + description: NetworkPolicyPort describes a port + to allow traffic on + properties: + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. + This can either be a numerical or named port + on a pod. If this field is not provided, this + matches all port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) + which traffic must match. If not specified, + this field defaults to TCP. + type: string + type: object + type: array + type: object + type: array + podSelector: + description: Selects the pods to which this NetworkPolicy + object applies. The array of ingress rules is applied + to any pods selected by this field. Multiple network policies + can select the same set of pods. In this case, the ingress + rules for each are combined additively. This field is + NOT optional and follows standard label selector semantics. + An empty podSelector matches all pods in this namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + policyTypes: + description: List of rule types that the NetworkPolicy relates + to. Valid options are "Ingress", "Egress", or "Ingress,Egress". + If this field is not specified, it will default based + on the existence of Ingress or Egress rules; policies + that contain an Egress section are assumed to affect Egress, + and all policies (whether or not they contain an Ingress + section) are assumed to affect Ingress. If you want to + write an egress-only policy, you must explicitly specify + policyTypes [ "Egress" ]. Likewise, if you want to write + a policy that specifies that no egress is allowed, you + must specify a policyTypes value that include "Egress" + (since such a policy would not include an Egress section + and would otherwise default to just [ "Ingress" ]). This + field is beta-level in 1.8 + items: + description: Policy Type string describes the NetworkPolicy + type This type is beta-level in 1.8 + type: string + type: array + required: + - podSelector + type: object + type: array + type: object + nodeSelector: + additionalProperties: + type: string + type: object + owner: + description: OwnerSpec defines tenant owner name and kind + properties: + kind: + enum: + - User + - Group + type: string + name: + type: string + required: + - kind + - name + type: object + priorityClasses: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + resourceQuotas: + properties: + items: + items: + description: ResourceQuotaSpec defines the desired hard limits + to enforce for Quota. + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'hard is the set of desired hard limits for + each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters + like scopes that must match each object tracked by a quota + but expressed using ScopeSelectorOperator in combination + with possible values. For a resource to match, both scopes + AND scopeSelector (if specified in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by + scope of the resources. + items: + description: A scoped-resource selector requirement + is a selector that contains values, a scope name, + and an operator that relates the scope name and + values. + properties: + operator: + description: Represents a scope's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector + applies to. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each + object tracked by a quota. If not specified, the quota + matches all objects. + items: + description: A ResourceQuotaScope defines a filter that + must match each object tracked by a quota + type: string + type: array + type: object + type: array + type: object + servicesMetadata: + properties: + additionalAnnotations: + additionalProperties: + type: string + type: object + additionalLabels: + additionalProperties: + type: string + type: object + type: object + storageClasses: + properties: + allowed: + items: + type: string + type: array + allowedRegex: + type: string + type: object + required: + - owner + type: object + status: + description: TenantStatus defines the observed state of Tenant + properties: + namespaces: + items: + type: string + type: array + size: + type: integer + required: + - size + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: []