209 lines
11 KiB
YAML
209 lines
11 KiB
YAML
|
---
|
||
|
apiVersion: apiextensions.k8s.io/v1
|
||
|
kind: CustomResourceDefinition
|
||
|
metadata:
|
||
|
annotations:
|
||
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||
|
name: zgroups.zelda.io
|
||
|
spec:
|
||
|
group: zelda.io
|
||
|
names:
|
||
|
kind: ZGroup
|
||
|
listKind: ZGroupList
|
||
|
plural: zgroups
|
||
|
singular: zgroup
|
||
|
scope: Namespaced
|
||
|
versions:
|
||
|
- name: v1alpha1
|
||
|
schema:
|
||
|
openAPIV3Schema:
|
||
|
description: ZGroup is the Schema for the zgroups API
|
||
|
properties:
|
||
|
apiVersion:
|
||
|
description: 'APIVersion defines the versioned schema of this representation
|
||
|
of an object. Servers should convert recognized schemas to the latest
|
||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
|
type: string
|
||
|
kind:
|
||
|
description: 'Kind is a string value representing the REST resource this
|
||
|
object represents. Servers may infer this from the endpoint the client
|
||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
|
type: string
|
||
|
metadata:
|
||
|
type: object
|
||
|
spec:
|
||
|
description: ZGroupSpec defines the desired state of ZGroup
|
||
|
properties:
|
||
|
clusterRulers:
|
||
|
items:
|
||
|
description: PolicyRule holds information that describes a policy
|
||
|
rule, but does not contain information about who the rule applies
|
||
|
to or which namespace the rule applies to.
|
||
|
properties:
|
||
|
apiGroups:
|
||
|
description: APIGroups is the name of the APIGroup that contains
|
||
|
the resources. If multiple API groups are specified, any
|
||
|
action requested against one of the enumerated resources in
|
||
|
any API group will be allowed. "" represents the core API
|
||
|
group and "*" represents all API groups.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
nonResourceURLs:
|
||
|
description: NonResourceURLs is a set of partial urls that a
|
||
|
user should have access to. *s are allowed, but only as the
|
||
|
full, final step in the path Since non-resource URLs are not
|
||
|
namespaced, this field is only applicable for ClusterRoles
|
||
|
referenced from a ClusterRoleBinding. Rules can either apply
|
||
|
to API resources (such as "pods" or "secrets") or non-resource
|
||
|
URL paths (such as "/api"), but not both.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
resourceNames:
|
||
|
description: ResourceNames is an optional white list of names
|
||
|
that the rule applies to. An empty set means that everything
|
||
|
is allowed.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
resources:
|
||
|
description: Resources is a list of resources this rule applies
|
||
|
to. '*' represents all resources.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
verbs:
|
||
|
description: Verbs is a list of Verbs that apply to ALL the
|
||
|
ResourceKinds contained in this rule. '*' represents all verbs.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
required:
|
||
|
- verbs
|
||
|
type: object
|
||
|
type: array
|
||
|
rulers:
|
||
|
description: Foo is an example field of ZGroup. Edit zgroup_types.go
|
||
|
to remove/update Foo string `json:"foo,omitempty"`
|
||
|
items:
|
||
|
description: PolicyRule holds information that describes a policy
|
||
|
rule, but does not contain information about who the rule applies
|
||
|
to or which namespace the rule applies to.
|
||
|
properties:
|
||
|
apiGroups:
|
||
|
description: APIGroups is the name of the APIGroup that contains
|
||
|
the resources. If multiple API groups are specified, any
|
||
|
action requested against one of the enumerated resources in
|
||
|
any API group will be allowed. "" represents the core API
|
||
|
group and "*" represents all API groups.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
nonResourceURLs:
|
||
|
description: NonResourceURLs is a set of partial urls that a
|
||
|
user should have access to. *s are allowed, but only as the
|
||
|
full, final step in the path Since non-resource URLs are not
|
||
|
namespaced, this field is only applicable for ClusterRoles
|
||
|
referenced from a ClusterRoleBinding. Rules can either apply
|
||
|
to API resources (such as "pods" or "secrets") or non-resource
|
||
|
URL paths (such as "/api"), but not both.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
resourceNames:
|
||
|
description: ResourceNames is an optional white list of names
|
||
|
that the rule applies to. An empty set means that everything
|
||
|
is allowed.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
resources:
|
||
|
description: Resources is a list of resources this rule applies
|
||
|
to. '*' represents all resources.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
verbs:
|
||
|
description: Verbs is a list of Verbs that apply to ALL the
|
||
|
ResourceKinds contained in this rule. '*' represents all verbs.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
required:
|
||
|
- verbs
|
||
|
type: object
|
||
|
type: array
|
||
|
secrets:
|
||
|
items:
|
||
|
description: "ObjectReference contains enough information to let
|
||
|
you inspect or modify the referred object. --- New uses of this
|
||
|
type are discouraged because of difficulty describing its usage
|
||
|
when embedded in APIs. 1. Ignored fields. It includes many fields
|
||
|
which are not generally honored. For instance, ResourceVersion
|
||
|
and FieldPath are both very rarely valid in actual usage. 2. Invalid
|
||
|
usage help. It is impossible to add specific help for individual
|
||
|
usage. In most embedded usages, there are particular restrictions
|
||
|
like, \"must refer only to types A and B\" or \"UID not honored\"
|
||
|
or \"name must be restricted\". Those cannot be well described
|
||
|
when embedded. 3. Inconsistent validation. Because the usages
|
||
|
are different, the validation rules are different by usage, which
|
||
|
makes it hard for users to predict what will happen. 4. The fields
|
||
|
are both imprecise and overly precise. Kind is not a precise
|
||
|
mapping to a URL. This can produce ambiguity during interpretation
|
||
|
and require a REST mapping. In most cases, the dependency is
|
||
|
on the group,resource tuple and the version of the actual struct
|
||
|
is irrelevant. 5. We cannot easily change it. Because this type
|
||
|
is embedded in many locations, updates to this type will affect
|
||
|
numerous schemas. Don't make new APIs embed an underspecified
|
||
|
API type they do not control. \n Instead of using this type, create
|
||
|
a locally provided and used type that is well-focused on your
|
||
|
reference. For example, ServiceReferences for admission registration:
|
||
|
https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
|
||
|
."
|
||
|
properties:
|
||
|
apiVersion:
|
||
|
description: API version of the referent.
|
||
|
type: string
|
||
|
fieldPath:
|
||
|
description: 'If referring to a piece of an object instead of
|
||
|
an entire object, this string should contain a valid JSON/Go
|
||
|
field access statement, such as desiredState.manifest.containers[2].
|
||
|
For example, if the object reference is to a container within
|
||
|
a pod, this would take on a value like: "spec.containers{name}"
|
||
|
(where "name" refers to the name of the container that triggered
|
||
|
the event) or if no container name is specified "spec.containers[2]"
|
||
|
(container with index 2 in this pod). This syntax is chosen
|
||
|
only to have some well-defined way of referencing a part of
|
||
|
an object. TODO: this design is not final and this field is
|
||
|
subject to change in the future.'
|
||
|
type: string
|
||
|
kind:
|
||
|
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||
|
type: string
|
||
|
namespace:
|
||
|
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||
|
type: string
|
||
|
resourceVersion:
|
||
|
description: 'Specific resourceVersion to which this reference
|
||
|
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||
|
type: string
|
||
|
uid:
|
||
|
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||
|
type: string
|
||
|
type: object
|
||
|
x-kubernetes-map-type: atomic
|
||
|
type: array
|
||
|
type: object
|
||
|
status:
|
||
|
description: ZGroupStatus defines the observed state of ZGroup
|
||
|
type: object
|
||
|
type: object
|
||
|
served: true
|
||
|
storage: true
|
||
|
subresources:
|
||
|
status: {}
|